set up builder pipe

.github/CODEOWNERS

@@ -1,15 +0,0 @@
-# Pull requests concerning the listed files will automatically invite the respective maintainers as reviewers.
-# This file is not used for denoting any kind of ownership, but is merely a tool for handling notifications.
-#
-# Merge permissions are required for maintaining an entry in this file.
-# For documentation on this mechanism, see https://help.github.com/articles/about-codeowners/
-
-# Default reviewers if nothing else matches
-* @edolstra @thufschmitt
-
-# This file
-.github/CODEOWNERS @edolstra
-
-# Public documentation
-/doc @fricklerhandwerk
-*.md @fricklerhandwerk

.github/ISSUE_TEMPLATE/bug_report.md

@@ -30,7 +30,3 @@ A clear and concise description of what you expected to happen.
 **Additional context**
 
 Add any other context about the problem here.
-
-**Priorities**
-
-Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/feature_request.md

@@ -2,7 +2,7 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: feature
+labels: improvement
 assignees: ''
 
 ---
@@ -18,7 +18,3 @@ A clear and concise description of any alternative solutions or features you've
 
 **Additional context**
 Add any other context or screenshots about the feature request here.
-
-**Priorities**
-
-Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/installer.md

@@ -1,36 +0,0 @@
----
-name: Installer issue
-about: Report problems with installation
-title: ''
-labels: installer
-assignees: ''
-
----
-
-## Platform
-
-<!-- select the platform on which you tried to install Nix -->
-
-- [ ] Linux: <!-- state your distribution, e.g. Arch Linux, Ubuntu, ... -->
-- [ ] macOS
-- [ ] WSL
-
-## Additional information
-
-<!-- state special circumstances on your system or additional steps you have taken prior to installation -->
-
-## Output
-
-<details><summary>Output</summary>
-
-```log
-
-<!-- paste console output here and remove this comment -->
-
-```
-
-</details>
-
-## Priorities
-
-Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/missing_documentation.md

@@ -1,31 +0,0 @@
----
-name: Missing or incorrect documentation
-about: Help us improve the reference manual
-title: ''
-labels: documentation
-assignees: ''
-
----
-
-## Problem
-
-<!-- describe your problem -->
-
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open documentation issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nixos.org/manual/nix/unstable/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/src
-[open documentation issues and pull requests]: https://github.com/NixOS/nix/labels/documentation
-
-## Proposal
-
-<!-- propose a solution -->
-
-## Priorities
-
-Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/PULL_REQUEST_TEMPLATE/pull_request_template.md

@@ -1,11 +0,0 @@
-**Release Notes**
-Please include relevant [release notes](https://github.com/NixOS/nix/blob/master/doc/manual/src/release-notes/rl-next.md) as needed.
-
-
-**Testing**
-
-If this issue is a regression or something that should block release, please consider including a test either in the [testsuite](https://github.com/NixOS/nix/tree/master/tests) or as a [hydraJob]( https://github.com/NixOS/nix/blob/master/flake.nix#L396) so that it can be part of the [automatic checks](https://hydra.nixos.org/jobset/nix/master).
-
-**Priorities**
-
-Add :+1: to [pull requests you find important](https://github.com/NixOS/nix/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc).

.github/stale.yml

@@ -1,9 +1,10 @@
 # Configuration for probot-stale - https://github.com/probot/stale
 daysUntilStale: 180
-daysUntilClose: false
+daysUntilClose: 365
 exemptLabels:
   - "critical"
-  - "never-stale"
 staleLabel: "stale"
-markComment: false
-closeComment: false
+markComment: |
+  I marked this as stale due to inactivity. → [More info](https://github.com/NixOS/nix/blob/master/.github/STALE-BOT.md)
+closeComment: |
+  I closed this issue due to inactivity. → [More info](https://github.com/NixOS/nix/blob/master/.github/STALE-BOT.md)

.github/workflows/backport.yml

@@ -1,32 +0,0 @@
-name: Backport
-on:
-  pull_request_target:
-    types: [closed, labeled]
-permissions:
-  contents: read
-jobs:
-  backport:
-    name: Backport Pull Request
-    permissions:
-      # for zeebe-io/backport-action
-      contents: write
-      pull-requests: write
-    if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          # required to find all branches
-          fetch-depth: 0
-      - name: Create backport PRs
-        # should be kept in sync with `version`
-        uses: zeebe-io/backport-action@v1.0.1
-        with:
-          # Config README: https://github.com/zeebe-io/backport-action#backport-action
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          github_workspace: ${{ github.workspace }}
-          pull_description: |-
-            Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.
-          # should be kept in sync with `uses`
-          version: v0.0.5

.github/workflows/ci.yml

@@ -1,124 +0,0 @@
-name: "CI"
-
-on:
-  pull_request:
-  push:
-
-permissions: read-all
-
-jobs:
-
-  tests:
-    needs: [check_secrets]
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-    - uses: cachix/install-nix-action@v18
-    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
-    - uses: cachix/cachix-action@v12
-      if: needs.check_secrets.outputs.cachix == 'true'
-      with:
-        name: '${{ env.CACHIX_NAME }}'
-        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
-        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-    - run: nix --experimental-features 'nix-command flakes' flake check -L
-
-  check_secrets:
-    permissions:
-      contents: none
-    name: Check Cachix and Docker secrets present for installer tests
-    runs-on: ubuntu-latest
-    outputs:
-      cachix: ${{ steps.secret.outputs.cachix }}
-      docker: ${{ steps.secret.outputs.docker }}
-    steps:
-      - name: Check for secrets
-        id: secret
-        env:
-          _CACHIX_SECRETS: ${{ secrets.CACHIX_SIGNING_KEY }}${{ secrets.CACHIX_AUTH_TOKEN }}
-          _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
-        run: |
-          echo "::set-output name=cachix::${{ env._CACHIX_SECRETS != '' }}"
-          echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
-
-  installer:
-    needs: [tests, check_secrets]
-    if: github.event_name == 'push' && needs.check_secrets.outputs.cachix == 'true'
-    runs-on: ubuntu-latest
-    outputs:
-      installerURL: ${{ steps.prepare-installer.outputs.installerURL }}
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
-    - uses: cachix/install-nix-action@v18
-    - uses: cachix/cachix-action@v12
-      with:
-        name: '${{ env.CACHIX_NAME }}'
-        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
-        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-    - id: prepare-installer
-      run: scripts/prepare-installer-for-github-actions
-
-  installer_test:
-    needs: [installer, check_secrets]
-    if: github.event_name == 'push' && needs.check_secrets.outputs.cachix == 'true'
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v3
-    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
-    - uses: cachix/install-nix-action@v18
-      with:
-        install_url: '${{needs.installer.outputs.installerURL}}'
-        install_options: "--tarball-url-prefix https://${{ env.CACHIX_NAME }}.cachix.org/serve"
-    - run: sudo apt install fish zsh
-      if: matrix.os == 'ubuntu-latest'
-    - run: brew install fish
-      if: matrix.os == 'macos-latest'
-    - run: exec bash -c "nix-instantiate -E 'builtins.currentTime' --eval"
-    - run: exec sh -c "nix-instantiate -E 'builtins.currentTime' --eval"
-    - run: exec zsh -c "nix-instantiate -E 'builtins.currentTime' --eval"
-    - run: exec fish -c "nix-instantiate -E 'builtins.currentTime' --eval"
-
-  docker_push_image:
-    needs: [check_secrets, tests]
-    if: >-
-      github.event_name == 'push' &&
-      github.ref_name == 'master' &&
-      needs.check_secrets.outputs.cachix == 'true' &&
-      needs.check_secrets.outputs.docker == 'true'
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-    - uses: cachix/install-nix-action@v18
-    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
-    - run: echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#default.version | tr -d \")" >> $GITHUB_ENV
-    - uses: cachix/cachix-action@v12
-      if: needs.check_secrets.outputs.cachix == 'true'
-      with:
-        name: '${{ env.CACHIX_NAME }}'
-        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
-        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-    - run: nix --experimental-features 'nix-command flakes' build .#dockerImage -L
-    - run: docker load -i ./result/image.tar.gz
-    - run: docker tag nix:$NIX_VERSION nixos/nix:$NIX_VERSION
-    - run: docker tag nix:$NIX_VERSION nixos/nix:master
-    - name: Login to Docker Hub
-      uses: docker/login-action@v2
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-    - run: docker push nixos/nix:$NIX_VERSION
-    - run: docker push nixos/nix:master

.github/workflows/hydra_status.yml

@@ -1,20 +0,0 @@
-name: Hydra status
-
-permissions: read-all
-
-on:
-  schedule:
-    - cron: "12,42 * * * *"
-  workflow_dispatch:
-
-jobs:
-  check_hydra_status:
-    name: Check Hydra status
-    if: github.repository_owner == 'NixOS'
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-    - run: bash scripts/check-hydra-status.sh
-

.github/workflows/test.yml

@@ -0,0 +1,68 @@
+name: "Test"
+on:
+  pull_request:
+  push:
+jobs:
+  tests:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v2.3.4
+      with:
+        fetch-depth: 0
+    - uses: cachix/install-nix-action@v13
+    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
+    - uses: cachix/cachix-action@v10
+      with:
+        name: '${{ env.CACHIX_NAME }}'
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    - run: nix-build -A checks.$(nix-instantiate --eval -E '(builtins.currentSystem)')
+  check_cachix:
+    name: Cachix secret present for installer tests
+    runs-on: ubuntu-latest
+    outputs:
+      secret: ${{ steps.secret.outputs.secret }}
+    steps:
+      - name: Check for Cachix secret
+        id: secret
+        env:
+          _CACHIX_SECRETS: ${{ secrets.CACHIX_SIGNING_KEY }}${{ secrets.CACHIX_AUTH_TOKEN }}
+        run: echo "::set-output name=secret::${{ env._CACHIX_SECRETS != '' }}"
+  installer:
+    needs: [tests, check_cachix]
+    if: github.event_name == 'push' && needs.check_cachix.outputs.secret == 'true'
+    runs-on: ubuntu-latest
+    outputs:
+      installerURL: ${{ steps.prepare-installer.outputs.installerURL }}
+    steps:
+    - uses: actions/checkout@v2.3.4
+      with:
+        fetch-depth: 0
+    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
+    - uses: cachix/install-nix-action@v13
+    - uses: cachix/cachix-action@v10
+      with:
+        name: '${{ env.CACHIX_NAME }}'
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    - id: prepare-installer
+      run: scripts/prepare-installer-for-github-actions
+  installer_test:
+    needs: [installer, check_cachix]
+    if: github.event_name == 'push' && needs.check_cachix.outputs.secret == 'true'
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2.3.4
+    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
+    - uses: cachix/install-nix-action@v13
+      with:
+        install_url: '${{needs.installer.outputs.installerURL}}'
+        install_options: "--tarball-url-prefix https://${{ env.CACHIX_NAME }}.cachix.org/serve"
+    - run: nix-instantiate -E 'builtins.currentTime' --eval

.gitignore

@@ -15,20 +15,19 @@ perl/Makefile.config
 /doc/manual/*.1
 /doc/manual/*.5
 /doc/manual/*.8
-/doc/manual/generated/*
 /doc/manual/nix.json
 /doc/manual/conf-file.json
 /doc/manual/builtins.json
 /doc/manual/src/SUMMARY.md
 /doc/manual/src/command-ref/new-cli
 /doc/manual/src/command-ref/conf-file.md
-/doc/manual/src/language/builtins.md
+/doc/manual/src/expressions/builtins.md
 
 # /scripts/
 /scripts/nix-profile.sh
+/scripts/nix-reduce-build
+/scripts/nix-http-export.cgi
 /scripts/nix-profile-daemon.sh
-/scripts/nix-profile.fish
-/scripts/nix-profile-daemon.fish
 
 # /src/libexpr/
 /src/libexpr/lexer-tab.cc
@@ -37,11 +36,9 @@ perl/Makefile.config
 /src/libexpr/parser-tab.hh
 /src/libexpr/parser-tab.output
 /src/libexpr/nix.tbl
-/src/libexpr/tests/libexpr-tests
 
 # /src/libstore/
 *.gen.*
-/src/libstore/tests/libstore-tests
 
 # /src/libutil/
 /src/libutil/tests/libutil-tests
@@ -59,6 +56,9 @@ perl/Makefile.config
 
 /src/nix-prefetch-url/nix-prefetch-url
 
+# /src/nix-daemon/
+/src/nix-daemon/nix-daemon
+
 /src/nix-collect-garbage/nix-collect-garbage
 
 # /src/nix-channel/
@@ -76,13 +76,13 @@ perl/Makefile.config
 # /tests/
 /tests/test-tmp
 /tests/common.sh
+/tests/dummy
 /tests/result*
 /tests/restricted-innocent
 /tests/shell
 /tests/shell.drv
 /tests/config.nix
 /tests/ca/config.nix
-/tests/repl-result-out
 
 # /tests/lang/
 /tests/lang/*.out
@@ -94,7 +94,6 @@ perl/Makefile.config
 
 /misc/systemd/nix-daemon.service
 /misc/systemd/nix-daemon.socket
-/misc/systemd/nix-daemon.conf
 /misc/upstart/nix-daemon.conf
 
 /src/resolve-system-dependencies/resolve-system-dependencies
@@ -125,7 +124,3 @@ GTAGS
 compile_commands.json
 
 nix-rust/target
-
-result
-
-.vscode/

.version

@@ -1 +1 @@
-2.13.3
+2.4

Makefile

@@ -4,17 +4,14 @@ makefiles = \
   src/libutil/local.mk \
   src/libutil/tests/local.mk \
   src/libstore/local.mk \
-  src/libstore/tests/local.mk \
   src/libfetchers/local.mk \
   src/libmain/local.mk \
   src/libexpr/local.mk \
-  src/libexpr/tests/local.mk \
   src/libcmd/local.mk \
   src/nix/local.mk \
   src/resolve-system-dependencies/local.mk \
   scripts/local.mk \
   misc/bash/local.mk \
-  misc/fish/local.mk \
   misc/zsh/local.mk \
   misc/systemd/local.mk \
   misc/launchd/local.mk \
@@ -28,12 +25,11 @@ makefiles = \
 OPTIMIZE = 1
 
 ifeq ($(OPTIMIZE), 1)
-  GLOBAL_CXXFLAGS += -O3 $(CXXLTO)
-  GLOBAL_LDFLAGS += $(CXXLTO)
+  GLOBAL_CXXFLAGS += -O3
 else
   GLOBAL_CXXFLAGS += -O0 -U_FORTIFY_SOURCE
 endif
 
 include mk/lib.mk
 
-GLOBAL_CXXFLAGS += -g -Wall -include config.h -std=c++17 -I src
+GLOBAL_CXXFLAGS += -g -Wall -include config.h -std=c++17

Makefile.config.in

@@ -6,20 +6,17 @@ CC = @CC@
 CFLAGS = @CFLAGS@
 CXX = @CXX@
 CXXFLAGS = @CXXFLAGS@
-CXXLTO = @CXXLTO@
 EDITLINE_LIBS = @EDITLINE_LIBS@
 ENABLE_S3 = @ENABLE_S3@
 GTEST_LIBS = @GTEST_LIBS@
 HAVE_LIBCPUID = @HAVE_LIBCPUID@
 HAVE_SECCOMP = @HAVE_SECCOMP@
-HOST_OS = @host_os@
 LDFLAGS = @LDFLAGS@
 LIBARCHIVE_LIBS = @LIBARCHIVE_LIBS@
 LIBBROTLI_LIBS = @LIBBROTLI_LIBS@
 LIBCURL_LIBS = @LIBCURL_LIBS@
-LIBSECCOMP_LIBS = @LIBSECCOMP_LIBS@
-LOWDOWN_LIBS = @LOWDOWN_LIBS@
 OPENSSL_LIBS = @OPENSSL_LIBS@
+LIBSECCOMP_LIBS = @LIBSECCOMP_LIBS@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 SHELL = @bash@
@@ -31,7 +28,6 @@ datadir = @datadir@
 datarootdir = @datarootdir@
 doc_generate = @doc_generate@
 docdir = @docdir@
-embedded_sandbox_shell = @embedded_sandbox_shell@
 exec_prefix = @exec_prefix@
 includedir = @includedir@
 libdir = @libdir@

README.md

@@ -20,7 +20,7 @@ Information on additional installation methods is available on the [Nix download
 
 ## Building And Developing
 
-See our [Hacking guide](https://nixos.org/manual/nix/stable/contributing/hacking.html) in our manual for instruction on how to
+See our [Hacking guide](https://hydra.nixos.org/job/nix/master/build.x86_64-linux/latest/download-by-type/doc/manual/contributing/hacking.html) in our manual for instruction on how to
 build nix from source with nix-build or how to get a development environment.
 
 ## Additional Resources

boehmgc-coroutine-sp-fallback.diff

@@ -1,77 +0,0 @@
-diff --git a/darwin_stop_world.c b/darwin_stop_world.c
-index 3dbaa3fb..36a1d1f7 100644
---- a/darwin_stop_world.c
-+++ b/darwin_stop_world.c
-@@ -352,6 +352,7 @@ GC_INNER void GC_push_all_stacks(void)
-   int nthreads = 0;
-   word total_size = 0;
-   mach_msg_type_number_t listcount = (mach_msg_type_number_t)THREAD_TABLE_SZ;
-+  size_t stack_limit;
-   if (!EXPECT(GC_thr_initialized, TRUE))
-     GC_thr_init();
- 
-@@ -407,6 +408,19 @@ GC_INNER void GC_push_all_stacks(void)
-             GC_push_all_stack_sections(lo, hi, p->traced_stack_sect);
-           }
-           if (altstack_lo) {
-+            // When a thread goes into a coroutine, we lose its original sp until
-+            // control flow returns to the thread.
-+            // While in the coroutine, the sp points outside the thread stack,
-+            // so we can detect this and push the entire thread stack instead,
-+            // as an approximation.
-+            // We assume that the coroutine has similarly added its entire stack.
-+            // This could be made accurate by cooperating with the application
-+            // via new functions and/or callbacks.
-+            stack_limit = pthread_get_stacksize_np(p->id);
-+            if (altstack_lo >= altstack_hi || altstack_lo < altstack_hi - stack_limit) { // sp outside stack
-+              altstack_lo = altstack_hi - stack_limit;
-+            }
-+
-             total_size += altstack_hi - altstack_lo;
-             GC_push_all_stack(altstack_lo, altstack_hi);
-           }
-diff --git a/pthread_stop_world.c b/pthread_stop_world.c
-index b5d71e62..aed7b0bf 100644
---- a/pthread_stop_world.c
-+++ b/pthread_stop_world.c
-@@ -768,6 +768,8 @@ STATIC void GC_restart_handler(int sig)
- /* world is stopped.  Should not fail if it isn't.                      */
- GC_INNER void GC_push_all_stacks(void)
- {
-+    size_t stack_limit;
-+    pthread_attr_t pattr;
-     GC_bool found_me = FALSE;
-     size_t nthreads = 0;
-     int i;
-@@ -851,6 +853,31 @@ GC_INNER void GC_push_all_stacks(void)
-           hi = p->altstack + p->altstack_size;
-           /* FIXME: Need to scan the normal stack too, but how ? */
-           /* FIXME: Assume stack grows down */
-+        } else {
-+          if (pthread_getattr_np(p->id, &pattr)) {
-+            ABORT("GC_push_all_stacks: pthread_getattr_np failed!");
-+          }
-+          if (pthread_attr_getstacksize(&pattr, &stack_limit)) {
-+            ABORT("GC_push_all_stacks: pthread_attr_getstacksize failed!");
-+          }
-+          if (pthread_attr_destroy(&pattr)) {
-+            ABORT("GC_push_all_stacks: pthread_attr_destroy failed!");
-+          }
-+          // When a thread goes into a coroutine, we lose its original sp until
-+          // control flow returns to the thread.
-+          // While in the coroutine, the sp points outside the thread stack,
-+          // so we can detect this and push the entire thread stack instead,
-+          // as an approximation.
-+          // We assume that the coroutine has similarly added its entire stack.
-+          // This could be made accurate by cooperating with the application
-+          // via new functions and/or callbacks.
-+          #ifndef STACK_GROWS_UP
-+            if (lo >= hi || lo < hi - stack_limit) { // sp outside stack
-+              lo = hi - stack_limit;
-+            }
-+          #else
-+          #error "STACK_GROWS_UP not supported in boost_coroutine2 (as of june 2021), so we don't support it in Nix."
-+          #endif
-         }
-         GC_push_all_stack_sections(lo, hi, traced_stack_sect);
- #       ifdef STACK_GROWS_UP

configure.ac

@@ -32,6 +32,14 @@ AC_ARG_WITH(system, AS_HELP_STRING([--with-system=SYSTEM],[Platform identifier (
         system="$machine_name-`echo $host_os | "$SED" -e's/@<:@0-9.@:>@*$//g'`";;
    esac])
 
+sys_name=$(uname -s | tr 'A-Z ' 'a-z_')
+
+case $sys_name in
+    cygwin*)
+        sys_name=cygwin
+        ;;
+esac
+
 AC_MSG_RESULT($system)
 AC_SUBST(system)
 AC_DEFINE_UNQUOTED(SYSTEM, ["$system"], [platform identifier ('cpu-os')])
@@ -41,6 +49,8 @@ AC_DEFINE_UNQUOTED(SYSTEM, ["$system"], [platform identifier ('cpu-os')])
 test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var
 
 
+CFLAGS=
+CXXFLAGS=
 AC_PROG_CC
 AC_PROG_CXX
 AC_PROG_CPP
@@ -53,12 +63,10 @@ AC_SYS_LARGEFILE
 
 # Solaris-specific stuff.
 AC_STRUCT_DIRENT_D_TYPE
-case "$host_os" in
-  solaris*)
+if test "$sys_name" = sunos; then
     # Solaris requires -lsocket -lnsl for network functions
     LDFLAGS="-lsocket -lnsl $LDFLAGS"
-    ;;
-esac
+fi
 
 
 # Check for pubsetbuf.
@@ -145,20 +153,6 @@ if test "x$GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC" = xyes; then
     LDFLAGS="-latomic $LDFLAGS"
 fi
 
-# LTO is currently broken with clang for unknown reasons; ld segfaults in the llvm plugin
-AC_ARG_ENABLE(lto, AS_HELP_STRING([--enable-lto],[Enable LTO (only supported with GCC) [default=no]]),
-  lto=$enableval, lto=no)
-if test "$lto" = yes; then
-    if $CXX --version | grep -q GCC; then
-        AC_SUBST(CXXLTO, [-flto=jobserver])
-    else
-        echo "error: LTO is only supported with GCC at the moment" >&2
-        exit 1
-    fi
-else
-    AC_SUBST(CXXLTO, [""])
-fi
-
 PKG_PROG_PKG_CONFIG
 
 AC_ARG_ENABLE(shared, AS_HELP_STRING([--enable-shared],[Build shared libraries for Nix [default=yes]]),
@@ -175,7 +169,7 @@ fi
 PKG_CHECK_MODULES([OPENSSL], [libcrypto], [CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"])
 
 
-# Look for libarchive.
+# Checks for libarchive
 PKG_CHECK_MODULES([LIBARCHIVE], [libarchive >= 3.1.2], [CXXFLAGS="$LIBARCHIVE_CFLAGS $CXXFLAGS"])
 # Workaround until https://github.com/libarchive/libarchive/issues/1446 is fixed
 if test "$shared" != yes; then
@@ -200,54 +194,44 @@ PKG_CHECK_MODULES([EDITLINE], [libeditline], [CXXFLAGS="$EDITLINE_CFLAGS $CXXFLA
     [AC_MSG_ERROR([Nix requires libeditline; it was not found via pkg-config, but via its header, but required functions do not work. Maybe it is too old? >= 1.14 is required.])])
 ])
 
-# Look for libsodium.
+# Look for libsodium, an optional dependency.
 PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"])
 
 # Look for libbrotli{enc,dec}.
 PKG_CHECK_MODULES([LIBBROTLI], [libbrotlienc libbrotlidec], [CXXFLAGS="$LIBBROTLI_CFLAGS $CXXFLAGS"])
 
 # Look for libcpuid.
-have_libcpuid=
 if test "$machine_name" = "x86_64"; then
-    AC_ARG_ENABLE([cpuid],
-                  AS_HELP_STRING([--disable-cpuid], [Do not determine microarchitecture levels with libcpuid (relevant to x86_64 only)]))
-    if test "x$enable_cpuid" != "xno"; then
-      PKG_CHECK_MODULES([LIBCPUID], [libcpuid],
-        [CXXFLAGS="$LIBCPUID_CFLAGS $CXXFLAGS"
-         have_libcpuid=1
-         AC_DEFINE([HAVE_LIBCPUID], [1], [Use libcpuid])]
-      )
-    fi
+  PKG_CHECK_MODULES([LIBCPUID], [libcpuid], [CXXFLAGS="$LIBCPUID_CFLAGS $CXXFLAGS"])
+  have_libcpuid=1
+  AC_DEFINE([HAVE_LIBCPUID], [1], [Use libcpuid])
 fi
 AC_SUBST(HAVE_LIBCPUID, [$have_libcpuid])
 
 
 # Look for libseccomp, required for Linux sandboxing.
-case "$host_os" in
-  linux*)
-    AC_ARG_ENABLE([seccomp-sandboxing],
-                  AS_HELP_STRING([--disable-seccomp-sandboxing],[Don't build support for seccomp sandboxing (only recommended if your arch doesn't support libseccomp yet!)
-                                ]))
-    if test "x$enable_seccomp_sandboxing" != "xno"; then
-      PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
-                        [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
-      have_seccomp=1
-      AC_DEFINE([HAVE_SECCOMP], [1], [Whether seccomp is available and should be used for sandboxing.])
-    else
-      have_seccomp=
-    fi
-    ;;
-  *)
+if test "$sys_name" = linux; then
+  AC_ARG_ENABLE([seccomp-sandboxing],
+                AS_HELP_STRING([--disable-seccomp-sandboxing],[Don't build support for seccomp sandboxing (only recommended if your arch doesn't support libseccomp yet!)
+                              ]))
+  if test "x$enable_seccomp_sandboxing" != "xno"; then
+    PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
+                      [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
+    have_seccomp=1
+    AC_DEFINE([HAVE_SECCOMP], [1], [Whether seccomp is available and should be used for sandboxing.])
+  else
     have_seccomp=
-    ;;
-esac
+  fi
+else
+  have_seccomp=
+fi
 AC_SUBST(HAVE_SECCOMP, [$have_seccomp])
 
 
 # Look for aws-cpp-sdk-s3.
 AC_LANG_PUSH(C++)
 AC_CHECK_HEADERS([aws/s3/S3Client.h],
-  [AC_DEFINE([ENABLE_S3], [1], [Whether to enable S3 support via aws-sdk-cpp.]) enable_s3=1],
+  [AC_DEFINE([ENABLE_S3], [1], [Whether to enable S3 support via aws-sdk-cpp.]) enable_s3=1], 
   [AC_DEFINE([ENABLE_S3], [0], [Whether to enable S3 support via aws-sdk-cpp.]) enable_s3=])
 AC_SUBST(ENABLE_S3, [$enable_s3])
 AC_LANG_POP(C++)
@@ -274,17 +258,11 @@ fi
 PKG_CHECK_MODULES([GTEST], [gtest_main])
 
 
-# Look for nlohmann/json.
-PKG_CHECK_MODULES([NLOHMANN_JSON], [nlohmann_json >= 3.9])
-
-
 # documentation generation switch
 AC_ARG_ENABLE(doc-gen, AS_HELP_STRING([--disable-doc-gen],[disable documentation generation]),
   doc_generate=$enableval, doc_generate=yes)
 AC_SUBST(doc_generate)
 
-# Look for lowdown library.
-PKG_CHECK_MODULES([LOWDOWN], [lowdown >= 0.9.0], [CXXFLAGS="$LOWDOWN_CFLAGS $CXXFLAGS"])
 
 # Setuid installations.
 AC_CHECK_FUNCS([setresuid setreuid lchown])
@@ -294,28 +272,16 @@ AC_CHECK_FUNCS([setresuid setreuid lchown])
 AC_CHECK_FUNCS([strsignal posix_fallocate sysconf])
 
 
+# This is needed if bzip2 is a static library, and the Nix libraries
+# are dynamic.
+if test "$(uname)" = "Darwin"; then
+    LDFLAGS="-all_load $LDFLAGS"
+fi
+
+
 AC_ARG_WITH(sandbox-shell, AS_HELP_STRING([--with-sandbox-shell=PATH],[path of a statically-linked shell to use as /bin/sh in sandboxes]),
   sandbox_shell=$withval)
 AC_SUBST(sandbox_shell)
-if test ${cross_compiling:-no} = no && ! test -z ${sandbox_shell+x}; then
-  AC_MSG_CHECKING([whether sandbox-shell has the standalone feature])
-  # busybox shell sometimes allows executing other busybox applets,
-  # even if they are not in the path, breaking our sandbox
-  if PATH= $sandbox_shell -c "busybox" 2>&1 | grep -qv "not found"; then
-    AC_MSG_RESULT(enabled)
-    AC_MSG_ERROR([Please disable busybox FEATURE_SH_STANDALONE])
-  else
-    AC_MSG_RESULT(disabled)
-  fi
-fi
-
-AC_ARG_ENABLE(embedded-sandbox-shell, AS_HELP_STRING([--enable-embedded-sandbox-shell],[include the sandbox shell in the Nix binary [default=no]]),
-  embedded_sandbox_shell=$enableval, embedded_sandbox_shell=no)
-AC_SUBST(embedded_sandbox_shell)
-if test "$embedded_sandbox_shell" = yes; then
-  AC_DEFINE(HAVE_EMBEDDED_SANDBOX_SHELL, 1, [Include the sandbox shell in the Nix binary.])
-fi
-
 
 # Expand all variables in config.status.
 test "$prefix" = NONE && prefix=$ac_default_prefix

default.nix

@@ -1,3 +1,3 @@
-(import (fetchTarball "https://github.com/edolstra/flake-compat/archive/master.tar.gz") {
+(import (fetchTarball https://github.com/edolstra/flake-compat/archive/master.tar.gz) {
   src = ./.;
 }).defaultNix

doc/manual/anchors.jq

@@ -1,31 +0,0 @@
-"\\[\\]\\{#(?<anchor>[^\\}]+?)\\}" as $empty_anchor_regex |
-"\\[(?<text>[^\\]]+?)\\]\\{#(?<anchor>[^\\}]+?)\\}" as $anchor_regex |
-
-
-def transform_anchors_html:
-    . | gsub($empty_anchor_regex; "<a name=\"" + .anchor + "\"></a>")
-      | gsub($anchor_regex; "<a href=\"#" + .anchor + "\" id=\"" + .anchor + "\">" + .text + "</a>");
-
-
-def transform_anchors_strip:
-    . | gsub($empty_anchor_regex; "")
-      | gsub($anchor_regex; .text);
-
-
-def map_contents_recursively(transformer):
-    . + {
-        Chapter: (.Chapter + {
-            content: .Chapter.content | transformer,
-            sub_items: .Chapter.sub_items | map(map_contents_recursively(transformer)),
-        }),
-    };
-
-
-def process_command:
-    .[0] as $context |
-    .[1] as $body |
-    $body + {
-        sections: $body.sections | map(map_contents_recursively(if $context.renderer == "html" then transform_anchors_html else transform_anchors_strip end)),
-    };
-
-process_command

doc/manual/book.toml

@@ -1,21 +1,2 @@
-[book]
-title = "Nix Reference Manual"
-
 [output.html]
 additional-css = ["custom.css"]
-additional-js = ["redirects.js"]
-edit-url-template = "https://github.com/NixOS/nix/tree/master/doc/manual/{path}"
-git-repository-url = "https://github.com/NixOS/nix"
-
-[preprocessor.anchors]
-renderers = ["html"]
-command = "jq --from-file doc/manual/anchors.jq"
-
-[output.linkcheck]
-# no Internet during the build (in the sandbox)
-follow-web-links = false
-
-# mdbook-linkcheck does not understand [foo]{#bar} style links, resulting in
-# excessive "Potential incomplete link" warnings. No other kind of warning was
-# produced at the time of writing.
-warning-policy = "ignore"

doc/manual/generate-builtins.nix

@@ -1,20 +1,14 @@
-builtinsDump:
-let
-  showBuiltin = name:
-    let
-      inherit (builtinsDump.${name}) doc args;
-    in
-    ''
-      <dt id="builtins-${name}">
-        <a href="#builtins-${name}"><code>${name} ${listArgs args}</code></a>
-      </dt>
-      <dd>
+with builtins;
+with import ./utils.nix;
 
-        ${doc}
+builtins:
 
-      </dd>
-    '';
-  listArgs = args: builtins.concatStringsSep " " (map (s: "<var>${s}</var>") args);
-in
-with builtins; concatStringsSep "\n" (map showBuiltin (attrNames builtinsDump))
+concatStrings (map
+  (name:
+    let builtin = builtins.${name}; in
+    "  - `builtins.${name}` " + concatStringsSep " " (map (s: "*${s}*") builtin.args)
+    + "  \n\n"
+    + concatStrings (map (s: "    ${s}\n") (splitLines builtin.doc)) + "\n\n"
+  )
+  (attrNames builtins))
 

doc/manual/generate-manpage.nix

@@ -1,115 +1,95 @@
-{ toplevel }:
+command:
 
 with builtins;
 with import ./utils.nix;
 
 let
 
-  showCommand = { command, details, filename, toplevel }:
-    let
-      result = ''
-        > **Warning** \
-        > This program is **experimental** and its interface is subject to change.
-
-        # Name
-
-        `${command}` - ${details.description}
-
-        # Synopsis
-
-        ${showSynopsis command details.args}
-
-        ${maybeSubcommands}
-
-        ${maybeDocumentation}
-
-        ${maybeOptions}
-      '';
-      showSynopsis = command: args:
-        let
-          showArgument = arg: "*${arg.label}*" + (if arg ? arity then "" else "...");
-          arguments = concatStringsSep " " (map showArgument args);
-        in ''
-         `${command}` [*option*...] ${arguments}
-        '';
-      maybeSubcommands = if details ? commands && details.commands != {}
-        then ''
-           where *subcommand* is one of the following:
-
-           ${subcommands}
-         ''
-        else "";
-      subcommands = if length categories > 1
-        then listCategories
-        else listSubcommands details.commands;
-      categories = sort (x: y: x.id < y.id) (unique (map (cmd: cmd.category) (attrValues details.commands)));
-      listCategories = concatStrings (map showCategory categories);
-      showCategory = cat: ''
-        **${toString cat.description}:**
-
-        ${listSubcommands (filterAttrs (n: v: v.category == cat) details.commands)}
-      '';
-      listSubcommands = cmds: concatStrings (attrValues (mapAttrs showSubcommand cmds));
-      showSubcommand = name: subcmd: ''
-        * [`${command} ${name}`](./${appendName filename name}.md) - ${subcmd.description}
-      '';
-      maybeDocumentation = if details ? doc then details.doc else "";
-      maybeOptions = if details.flags == {} then "" else ''
-        # Options
-
-        ${showOptions details.flags toplevel.flags}
-      '';
-      showOptions = options: commonOptions:
-        let
-          allOptions = options // commonOptions;
-          showCategory = cat: ''
-            ${if cat != "" then "**${cat}:**" else ""}
-
-            ${listOptions (filterAttrs (n: v: v.category == cat) allOptions)}
-            '';
-          listOptions = opts: concatStringsSep "\n" (attrValues (mapAttrs showOption opts));
-          showOption = name: option:
-            let
-              shortName = if option ? shortName then "/ `-${option.shortName}`" else "";
-              labels = if option ? labels then (concatStringsSep " " (map (s: "*${s}*") option.labels)) else "";
-            in trim ''
-              - `--${name}` ${shortName} ${labels}
-
-                ${option.description}
-            '';
-          categories = sort builtins.lessThan (unique (map (cmd: cmd.category) (attrValues allOptions)));
-        in concatStrings (map showCategory categories);
-    in squash result;
+  showCommand =
+    { command, def, filename }:
+    ''
+      **Warning**: This program is **experimental** and its interface is subject to change.
+    ''
+    + "# Name\n\n"
+    + "`${command}` - ${def.description}\n\n"
+    + "# Synopsis\n\n"
+    + showSynopsis { inherit command; args = def.args; }
+    + (if def.commands or {} != {}
+       then
+         let
+           categories = sort (x: y: x.id < y.id) (unique (map (cmd: cmd.category) (attrValues def.commands)));
+           listCommands = cmds:
+             concatStrings (map (name:
+               "* [`${command} ${name}`](./${appendName filename name}.md) - ${cmds.${name}.description}\n")
+               (attrNames cmds));
+         in
+         "where *subcommand* is one of the following:\n\n"
+         # FIXME: group by category
+         + (if length categories > 1
+            then
+              concatStrings (map
+                (cat:
+                  "**${toString cat.description}:**\n\n"
+                  + listCommands (filterAttrs (n: v: v.category == cat) def.commands)
+                  + "\n"
+                ) categories)
+              + "\n"
+            else
+              listCommands def.commands
+              + "\n")
+       else "")
+    + (if def ? doc
+       then def.doc + "\n\n"
+       else "")
+    + (let s = showOptions def.flags; in
+       if s != ""
+       then "# Options\n\n${s}"
+       else "")
+  ;
 
   appendName = filename: name: (if filename == "nix" then "nix3" else filename) + "-" + name;
 
-  processCommand = { command, details, filename, toplevel }:
+  showOptions = flags:
     let
-      cmd = {
-        inherit command;
-        name = filename + ".md";
-        value = showCommand { inherit command details filename toplevel; };
-      };
-      subcommand = subCmd: processCommand {
-        command = command + " " + subCmd;
-        details = details.commands.${subCmd};
-        filename = appendName filename subCmd;
-        inherit toplevel;
-      };
-    in [ cmd ] ++ concatMap subcommand (attrNames details.commands or {});
+      categories = sort builtins.lessThan (unique (map (cmd: cmd.category) (attrValues flags)));
+    in
+      concatStrings (map
+        (cat:
+          (if cat != ""
+           then "**${cat}:**\n\n"
+           else "")
+          + concatStrings
+            (map (longName:
+              let
+                flag = flags.${longName};
+              in
+                "  - `--${longName}`"
+                + (if flag ? shortName then " / `-${flag.shortName}`" else "")
+                + (if flag ? labels then " " + (concatStringsSep " " (map (s: "*${s}*") flag.labels)) else "")
+                + "  \n"
+                + "    " + flag.description + "\n\n"
+            ) (attrNames (filterAttrs (n: v: v.category == cat) flags))))
+        categories);
 
-  parsedToplevel = builtins.fromJSON toplevel;
-  
-  manpages = processCommand {
-    command = "nix";
-    details = parsedToplevel;
-    filename = "nix";
-    toplevel = parsedToplevel;
-  };
+  showSynopsis =
+    { command, args }:
+    "`${command}` [*option*...] ${concatStringsSep " "
+      (map (arg: "*${arg.label}*" + (if arg ? arity then "" else "...")) args)}\n\n";
 
-  tableOfContents = let
-    showEntry = page:
-      "    - [${page.command}](command-ref/new-cli/${page.name})";
-    in concatStringsSep "\n" (map showEntry manpages) + "\n";
+  processCommand = { command, def, filename }:
+    [ { name = filename + ".md"; value = showCommand { inherit command def filename; }; inherit command; } ]
+    ++ concatMap
+      (name: processCommand {
+        filename = appendName filename name;
+        command = command + " " + name;
+        def = def.commands.${name};
+      })
+      (attrNames def.commands or {});
 
-in (listToAttrs manpages) // { "SUMMARY.md" = tableOfContents; }
+in
+
+let
+  manpages = processCommand { filename = "nix"; command = "nix"; def = command; };
+  summary = concatStrings (map (manpage: "    - [${manpage.command}](command-ref/new-cli/${manpage.name})\n") manpages);
+in
+(listToAttrs manpages) // { "SUMMARY.md" = summary; }

doc/manual/generate-options.nix

@@ -1,41 +1,26 @@
-let
-  inherit (builtins) attrNames concatStringsSep isAttrs isBool;
-  inherit (import ./utils.nix) concatStrings squash splitLines;
-in
+with builtins;
+with import ./utils.nix;
 
-optionsInfo:
-let
-  showOption = name:
-    let
-      inherit (optionsInfo.${name}) description documentDefault defaultValue aliases;
-      result = squash ''
-          - <span id="conf-${name}">[`${name}`](#conf-${name})</span>
+options:
 
-          ${indent "  " body}
-        '';
-      # separate body to cleanly handle indentation
-      body = ''
-          ${description}
-
-          **Default:** ${showDefault documentDefault defaultValue}
-
-          ${showAliases aliases}
-        '';
-      showDefault = documentDefault: defaultValue:
-        if documentDefault then
-          # a StringMap value type is specified as a string, but
-          # this shows the value type. The empty stringmap is `null` in
-          # JSON, but that converts to `{ }` here.
-          if defaultValue == "" || defaultValue == [] || isAttrs defaultValue
-            then "*empty*"
-            else if isBool defaultValue then
-              if defaultValue then "`true`" else "`false`"
-            else "`${toString defaultValue}`"
-        else "*machine-specific*";
-      showAliases = aliases:
-          if aliases == [] then "" else
-            "**Deprecated alias:** ${(concatStringsSep ", " (map (s: "`${s}`") aliases))}";
-      indent = prefix: s:
-        concatStringsSep "\n" (map (x: if x == "" then x else "${prefix}${x}") (splitLines s));
-      in result;
-in concatStrings (map showOption (attrNames optionsInfo))
+concatStrings (map
+  (name:
+    let option = options.${name}; in
+    "  - `${name}`  \n\n"
+    + concatStrings (map (s: "    ${s}\n") (splitLines option.description)) + "\n\n"
+    + "    **Default:** " + (
+      if option.value == "" || option.value == []
+      then "*empty*"
+      else if isBool option.value
+      then (if option.value then "`true`" else "`false`")
+      else
+        # n.b. a StringMap value type is specified as a string, but
+        # this shows the value type.  The empty stringmap is "null" in
+        # JSON, but that converts to "{ }" here.
+        (if isAttrs option.value then "`\"\"`"
+         else "`" + toString option.value + "`")) + "\n\n"
+    + (if option.aliases != []
+       then "    **Deprecated alias:** " + (concatStringsSep ", " (map (s: "`${s}`") option.aliases)) + "\n\n"
+       else "")
+    )
+  (attrNames options))

doc/manual/local.mk

@@ -1,8 +1,6 @@
 ifeq ($(doc_generate),yes)
 
-MANUAL_SRCS := \
-  $(call rwildcard, $(d)/src, *.md) \
-  $(call rwildcard, $(d)/src, */*.md)
+MANUAL_SRCS := $(call rwildcard, $(d)/src, *.md)
 
 # Generate man pages.
 man-pages := $(foreach n, \
@@ -16,32 +14,30 @@ man-pages := $(foreach n, \
 clean-files += $(d)/*.1 $(d)/*.5 $(d)/*.8
 
 # Provide a dummy environment for nix, so that it will not access files outside the macOS sandbox.
-# Set cores to 0 because otherwise nix show-config resolves the cores based on the current machine
 dummy-env = env -i \
 	HOME=/dummy \
 	NIX_CONF_DIR=/dummy \
 	NIX_SSL_CERT_FILE=/dummy/no-ca-bundle.crt \
-	NIX_STATE_DIR=/dummy \
-	NIX_CONFIG='cores = 0'
+	NIX_STATE_DIR=/dummy
 
 nix-eval = $(dummy-env) $(bindir)/nix eval --experimental-features nix-command -I nix/corepkgs=corepkgs --store dummy:// --impure --raw
 
 $(d)/%.1: $(d)/src/command-ref/%.md
 	@printf "Title: %s\n\n" "$$(basename $@ .1)" > $^.tmp
 	@cat $^ >> $^.tmp
-	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=1 $^.tmp -o $@
+	$(trace-gen) lowdown -sT man -M section=1 $^.tmp -o $@
 	@rm $^.tmp
 
 $(d)/%.8: $(d)/src/command-ref/%.md
 	@printf "Title: %s\n\n" "$$(basename $@ .8)" > $^.tmp
 	@cat $^ >> $^.tmp
-	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=8 $^.tmp -o $@
+	$(trace-gen) lowdown -sT man -M section=8 $^.tmp -o $@
 	@rm $^.tmp
 
 $(d)/nix.conf.5: $(d)/src/command-ref/conf-file.md
 	@printf "Title: %s\n\n" "$$(basename $@ .5)" > $^.tmp
 	@cat $^ >> $^.tmp
-	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=5 $^.tmp -o $@
+	$(trace-gen) lowdown -sT man -M section=5 $^.tmp -o $@
 	@rm $^.tmp
 
 $(d)/src/SUMMARY.md: $(d)/src/SUMMARY.md.in $(d)/src/command-ref/new-cli
@@ -50,16 +46,11 @@ $(d)/src/SUMMARY.md: $(d)/src/SUMMARY.md.in $(d)/src/command-ref/new-cli
 
 $(d)/src/command-ref/new-cli: $(d)/nix.json $(d)/generate-manpage.nix $(bindir)/nix
 	@rm -rf $@
-	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-manpage.nix { toplevel = builtins.readFile $<; }'
-	@# @docroot@: https://nixos.org/manual/nix/unstable/contributing/hacking.html#docroot-variable
-	$(trace-gen) sed -i $@.tmp/*.md -e 's^@docroot@^../..^g'
-	@mv $@.tmp $@
+	$(trace-gen) $(nix-eval) --write-to $@ --expr 'import doc/manual/generate-manpage.nix (builtins.fromJSON (builtins.readFile $<))'
 
 $(d)/src/command-ref/conf-file.md: $(d)/conf-file.json $(d)/generate-options.nix $(d)/src/command-ref/conf-file-prefix.md $(bindir)/nix
 	@cat doc/manual/src/command-ref/conf-file-prefix.md > $@.tmp
-	@# @docroot@: https://nixos.org/manual/nix/unstable/contributing/hacking.html#docroot-variable
-	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-options.nix (builtins.fromJSON (builtins.readFile $<))' \
-	  | sed -e 's^@docroot@^..^g'>> $@.tmp
+	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-options.nix (builtins.fromJSON (builtins.readFile $<))' >> $@.tmp
 	@mv $@.tmp $@
 
 $(d)/nix.json: $(bindir)/nix
@@ -70,12 +61,9 @@ $(d)/conf-file.json: $(bindir)/nix
 	$(trace-gen) $(dummy-env) $(bindir)/nix show-config --json --experimental-features nix-command > $@.tmp
 	@mv $@.tmp $@
 
-$(d)/src/language/builtins.md: $(d)/builtins.json $(d)/generate-builtins.nix $(d)/src/language/builtins-prefix.md $(bindir)/nix
-	@cat doc/manual/src/language/builtins-prefix.md > $@.tmp
-	@# @docroot@: https://nixos.org/manual/nix/unstable/contributing/hacking.html#docroot-variable
-	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtins.nix (builtins.fromJSON (builtins.readFile $<))' \
-	  | sed -e 's^@docroot@^..^g' >> $@.tmp
-	@cat doc/manual/src/language/builtins-suffix.md >> $@.tmp
+$(d)/src/expressions/builtins.md: $(d)/builtins.json $(d)/generate-builtins.nix $(d)/src/expressions/builtins-prefix.md $(bindir)/nix
+	@cat doc/manual/src/expressions/builtins-prefix.md > $@.tmp
+	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtins.nix (builtins.fromJSON (builtins.readFile $<))' >> $@.tmp
 	@mv $@.tmp $@
 
 $(d)/builtins.json: $(bindir)/nix
@@ -83,38 +71,20 @@ $(d)/builtins.json: $(bindir)/nix
 	@mv $@.tmp $@
 
 # Generate the HTML manual.
-html: $(docdir)/manual/index.html
 install: $(docdir)/manual/index.html
 
 # Generate 'nix' manpages.
-install: $(mandir)/man1/nix3-manpages
-man: doc/manual/generated/man1/nix3-manpages
-all: doc/manual/generated/man1/nix3-manpages
-
-$(mandir)/man1/nix3-manpages: doc/manual/generated/man1/nix3-manpages
-	@mkdir -p $(DESTDIR)$$(dirname $@)
-	$(trace-install) install -m 0644 $$(dirname $<)/* $(DESTDIR)$$(dirname $@)
-
-doc/manual/generated/man1/nix3-manpages: $(d)/src/command-ref/new-cli
-	@mkdir -p $(DESTDIR)$$(dirname $@)
+install: $(d)/src/command-ref/new-cli
 	$(trace-gen) for i in doc/manual/src/command-ref/new-cli/*.md; do \
 	  name=$$(basename $$i .md); \
-	  tmpFile=$$(mktemp); \
 	  if [[ $$name = SUMMARY ]]; then continue; fi; \
-	  printf "Title: %s\n\n" "$$name" > $$tmpFile; \
-	  cat $$i >> $$tmpFile; \
-	  lowdown -sT man --nroff-nolinks -M section=1 $$tmpFile -o $(DESTDIR)$$(dirname $@)/$$name.1; \
-	  rm $$tmpFile; \
+	  printf "Title: %s\n\n" "$$name" > $$i.tmp; \
+	  cat $$i >> $$i.tmp; \
+	  lowdown -sT man -M section=1 $$i.tmp -o $(mandir)/man1/$$name.1; \
 	done
-	@touch $@
 
-$(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/anchors.jq $(d)/custom.css $(d)/src/SUMMARY.md $(d)/src/command-ref/new-cli $(d)/src/command-ref/conf-file.md $(d)/src/language/builtins.md
-	$(trace-gen) \
-	  set -euo pipefail; \
-	  RUST_LOG=warn mdbook build doc/manual -d $(DESTDIR)$(docdir)/manual.tmp 2>&1 \
-		  | { grep -Fv "because fragment resolution isn't implemented" || :; }
-	@rm -rf $(DESTDIR)$(docdir)/manual
-	@mv $(DESTDIR)$(docdir)/manual.tmp/html $(DESTDIR)$(docdir)/manual
-	@rm -rf $(DESTDIR)$(docdir)/manual.tmp
+$(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/custom.css $(d)/src/SUMMARY.md $(d)/src/command-ref/new-cli $(d)/src/command-ref/conf-file.md $(d)/src/expressions/builtins.md
+	$(trace-gen) RUST_LOG=warn mdbook build doc/manual -d $(docdir)/manual
+	@cp doc/manual/highlight.pack.js $(docdir)/manual/highlight.js
 
 endif

doc/manual/redirects.js

@@ -1,421 +0,0 @@
-// redirect rules for anchors ensure backwards compatibility of URLs.
-// this must be done on the client side, as web servers do not see the anchor part of the URL.
-
-// redirections are declared as follows:
-// each entry has as its key a path matching the requested URL path, relative to the mdBook document root.
-//
-//     IMPORTANT: it must specify the full path with file name and suffix
-//
-// each entry is itself a set of key-value pairs, where
-// - keys are anchors on the matched path.
-// - values are redirection targets relative to the current path.
-
-const redirects = {
- "index.html": {
-    "part-advanced-topics": "advanced-topics/advanced-topics.html",
-    "chap-tuning-cores-and-jobs": "advanced-topics/cores-vs-jobs.html",
-    "chap-diff-hook": "advanced-topics/diff-hook.html",
-    "check-dirs-are-unregistered": "advanced-topics/diff-hook.html#check-dirs-are-unregistered",
-    "chap-distributed-builds": "advanced-topics/distributed-builds.html",
-    "chap-post-build-hook": "advanced-topics/post-build-hook.html",
-    "chap-post-build-hook-caveats": "advanced-topics/post-build-hook.html#implementation-caveats",
-    "part-command-ref": "command-ref/command-ref.html",
-    "conf-allow-import-from-derivation": "command-ref/conf-file.html#conf-allow-import-from-derivation",
-    "conf-allow-new-privileges": "command-ref/conf-file.html#conf-allow-new-privileges",
-    "conf-allowed-uris": "command-ref/conf-file.html#conf-allowed-uris",
-    "conf-allowed-users": "command-ref/conf-file.html#conf-allowed-users",
-    "conf-auto-optimise-store": "command-ref/conf-file.html#conf-auto-optimise-store",
-    "conf-binary-cache-public-keys": "command-ref/conf-file.html#conf-binary-cache-public-keys",
-    "conf-binary-caches": "command-ref/conf-file.html#conf-binary-caches",
-    "conf-build-compress-log": "command-ref/conf-file.html#conf-build-compress-log",
-    "conf-build-cores": "command-ref/conf-file.html#conf-build-cores",
-    "conf-build-extra-chroot-dirs": "command-ref/conf-file.html#conf-build-extra-chroot-dirs",
-    "conf-build-extra-sandbox-paths": "command-ref/conf-file.html#conf-build-extra-sandbox-paths",
-    "conf-build-fallback": "command-ref/conf-file.html#conf-build-fallback",
-    "conf-build-max-jobs": "command-ref/conf-file.html#conf-build-max-jobs",
-    "conf-build-max-log-size": "command-ref/conf-file.html#conf-build-max-log-size",
-    "conf-build-max-silent-time": "command-ref/conf-file.html#conf-build-max-silent-time",
-    "conf-build-timeout": "command-ref/conf-file.html#conf-build-timeout",
-    "conf-build-use-chroot": "command-ref/conf-file.html#conf-build-use-chroot",
-    "conf-build-use-sandbox": "command-ref/conf-file.html#conf-build-use-sandbox",
-    "conf-build-use-substitutes": "command-ref/conf-file.html#conf-build-use-substitutes",
-    "conf-build-users-group": "command-ref/conf-file.html#conf-build-users-group",
-    "conf-builders": "command-ref/conf-file.html#conf-builders",
-    "conf-builders-use-substitutes": "command-ref/conf-file.html#conf-builders-use-substitutes",
-    "conf-compress-build-log": "command-ref/conf-file.html#conf-compress-build-log",
-    "conf-connect-timeout": "command-ref/conf-file.html#conf-connect-timeout",
-    "conf-cores": "command-ref/conf-file.html#conf-cores",
-    "conf-diff-hook": "command-ref/conf-file.html#conf-diff-hook",
-    "conf-env-keep-derivations": "command-ref/conf-file.html#conf-env-keep-derivations",
-    "conf-extra-binary-caches": "command-ref/conf-file.html#conf-extra-binary-caches",
-    "conf-extra-platforms": "command-ref/conf-file.html#conf-extra-platforms",
-    "conf-extra-sandbox-paths": "command-ref/conf-file.html#conf-extra-sandbox-paths",
-    "conf-extra-substituters": "command-ref/conf-file.html#conf-extra-substituters",
-    "conf-fallback": "command-ref/conf-file.html#conf-fallback",
-    "conf-fsync-metadata": "command-ref/conf-file.html#conf-fsync-metadata",
-    "conf-gc-keep-derivations": "command-ref/conf-file.html#conf-gc-keep-derivations",
-    "conf-gc-keep-outputs": "command-ref/conf-file.html#conf-gc-keep-outputs",
-    "conf-hashed-mirrors": "command-ref/conf-file.html#conf-hashed-mirrors",
-    "conf-http-connections": "command-ref/conf-file.html#conf-http-connections",
-    "conf-keep-build-log": "command-ref/conf-file.html#conf-keep-build-log",
-    "conf-keep-derivations": "command-ref/conf-file.html#conf-keep-derivations",
-    "conf-keep-env-derivations": "command-ref/conf-file.html#conf-keep-env-derivations",
-    "conf-keep-outputs": "command-ref/conf-file.html#conf-keep-outputs",
-    "conf-max-build-log-size": "command-ref/conf-file.html#conf-max-build-log-size",
-    "conf-max-free": "command-ref/conf-file.html#conf-max-free",
-    "conf-max-jobs": "command-ref/conf-file.html#conf-max-jobs",
-    "conf-max-silent-time": "command-ref/conf-file.html#conf-max-silent-time",
-    "conf-min-free": "command-ref/conf-file.html#conf-min-free",
-    "conf-narinfo-cache-negative-ttl": "command-ref/conf-file.html#conf-narinfo-cache-negative-ttl",
-    "conf-narinfo-cache-positive-ttl": "command-ref/conf-file.html#conf-narinfo-cache-positive-ttl",
-    "conf-netrc-file": "command-ref/conf-file.html#conf-netrc-file",
-    "conf-plugin-files": "command-ref/conf-file.html#conf-plugin-files",
-    "conf-post-build-hook": "command-ref/conf-file.html#conf-post-build-hook",
-    "conf-pre-build-hook": "command-ref/conf-file.html#conf-pre-build-hook",
-    "conf-require-sigs": "command-ref/conf-file.html#conf-require-sigs",
-    "conf-restrict-eval": "command-ref/conf-file.html#conf-restrict-eval",
-    "conf-run-diff-hook": "command-ref/conf-file.html#conf-run-diff-hook",
-    "conf-sandbox": "command-ref/conf-file.html#conf-sandbox",
-    "conf-sandbox-dev-shm-size": "command-ref/conf-file.html#conf-sandbox-dev-shm-size",
-    "conf-sandbox-paths": "command-ref/conf-file.html#conf-sandbox-paths",
-    "conf-secret-key-files": "command-ref/conf-file.html#conf-secret-key-files",
-    "conf-show-trace": "command-ref/conf-file.html#conf-show-trace",
-    "conf-stalled-download-timeout": "command-ref/conf-file.html#conf-stalled-download-timeout",
-    "conf-substitute": "command-ref/conf-file.html#conf-substitute",
-    "conf-substituters": "command-ref/conf-file.html#conf-substituters",
-    "conf-system": "command-ref/conf-file.html#conf-system",
-    "conf-system-features": "command-ref/conf-file.html#conf-system-features",
-    "conf-tarball-ttl": "command-ref/conf-file.html#conf-tarball-ttl",
-    "conf-timeout": "command-ref/conf-file.html#conf-timeout",
-    "conf-trace-function-calls": "command-ref/conf-file.html#conf-trace-function-calls",
-    "conf-trusted-binary-caches": "command-ref/conf-file.html#conf-trusted-binary-caches",
-    "conf-trusted-public-keys": "command-ref/conf-file.html#conf-trusted-public-keys",
-    "conf-trusted-substituters": "command-ref/conf-file.html#conf-trusted-substituters",
-    "conf-trusted-users": "command-ref/conf-file.html#conf-trusted-users",
-    "extra-sandbox-paths": "command-ref/conf-file.html#extra-sandbox-paths",
-    "sec-conf-file": "command-ref/conf-file.html",
-    "env-NIX_PATH": "command-ref/env-common.html#env-NIX_PATH",
-    "env-common": "command-ref/env-common.html",
-    "envar-remote": "command-ref/env-common.html#env-NIX_REMOTE",
-    "sec-common-env": "command-ref/env-common.html",
-    "ch-files": "command-ref/files.html",
-    "ch-main-commands": "command-ref/main-commands.html",
-    "opt-out-link": "command-ref/nix-build.html#opt-out-link",
-    "sec-nix-build": "command-ref/nix-build.html",
-    "sec-nix-channel": "command-ref/nix-channel.html",
-    "sec-nix-collect-garbage": "command-ref/nix-collect-garbage.html",
-    "sec-nix-copy-closure": "command-ref/nix-copy-closure.html",
-    "sec-nix-daemon": "command-ref/nix-daemon.html",
-    "refsec-nix-env-install-examples": "command-ref/nix-env.html#examples",
-    "rsec-nix-env-install": "command-ref/nix-env.html#operation---install",
-    "rsec-nix-env-set": "command-ref/nix-env.html#operation---set",
-    "rsec-nix-env-set-flag": "command-ref/nix-env.html#operation---set-flag",
-    "rsec-nix-env-upgrade": "command-ref/nix-env.html#operation---upgrade",
-    "sec-nix-env": "command-ref/nix-env.html",
-    "ssec-version-comparisons": "command-ref/nix-env.html#versions",
-    "sec-nix-hash": "command-ref/nix-hash.html",
-    "sec-nix-instantiate": "command-ref/nix-instantiate.html",
-    "sec-nix-prefetch-url": "command-ref/nix-prefetch-url.html",
-    "sec-nix-shell": "command-ref/nix-shell.html",
-    "ssec-nix-shell-shebang": "command-ref/nix-shell.html#use-as-a--interpreter",
-    "nixref-queries": "command-ref/nix-store.html#queries",
-    "opt-add-root": "command-ref/nix-store.html#opt-add-root",
-    "refsec-nix-store-dump": "command-ref/nix-store.html#operation---dump",
-    "refsec-nix-store-export": "command-ref/nix-store.html#operation---export",
-    "refsec-nix-store-import": "command-ref/nix-store.html#operation---import",
-    "refsec-nix-store-query": "command-ref/nix-store.html#operation---query",
-    "refsec-nix-store-verify": "command-ref/nix-store.html#operation---verify",
-    "rsec-nix-store-gc": "command-ref/nix-store.html#operation---gc",
-    "rsec-nix-store-generate-binary-cache-key": "command-ref/nix-store.html#operation---generate-binary-cache-key",
-    "rsec-nix-store-realise": "command-ref/nix-store.html#operation---realise",
-    "rsec-nix-store-serve": "command-ref/nix-store.html#operation---serve",
-    "sec-nix-store": "command-ref/nix-store.html",
-    "opt-I": "command-ref/opt-common.html#opt-I",
-    "opt-attr": "command-ref/opt-common.html#opt-attr",
-    "opt-common": "command-ref/opt-common.html",
-    "opt-cores": "command-ref/opt-common.html#opt-cores",
-    "opt-log-format": "command-ref/opt-common.html#opt-log-format",
-    "opt-max-jobs": "command-ref/opt-common.html#opt-max-jobs",
-    "opt-max-silent-time": "command-ref/opt-common.html#opt-max-silent-time",
-    "opt-timeout": "command-ref/opt-common.html#opt-timeout",
-    "sec-common-options": "command-ref/opt-common.html",
-    "ch-utilities": "command-ref/utilities.html",
-    "chap-hacking": "contributing/hacking.html",
-    "adv-attr-allowSubstitutes": "language/advanced-attributes.html#adv-attr-allowSubstitutes",
-    "adv-attr-allowedReferences": "language/advanced-attributes.html#adv-attr-allowedReferences",
-    "adv-attr-allowedRequisites": "language/advanced-attributes.html#adv-attr-allowedRequisites",
-    "adv-attr-disallowedReferences": "language/advanced-attributes.html#adv-attr-disallowedReferences",
-    "adv-attr-disallowedRequisites": "language/advanced-attributes.html#adv-attr-disallowedRequisites",
-    "adv-attr-exportReferencesGraph": "language/advanced-attributes.html#adv-attr-exportReferencesGraph",
-    "adv-attr-impureEnvVars": "language/advanced-attributes.html#adv-attr-impureEnvVars",
-    "adv-attr-outputHash": "language/advanced-attributes.html#adv-attr-outputHash",
-    "adv-attr-outputHashAlgo": "language/advanced-attributes.html#adv-attr-outputHashAlgo",
-    "adv-attr-outputHashMode": "language/advanced-attributes.html#adv-attr-outputHashMode",
-    "adv-attr-passAsFile": "language/advanced-attributes.html#adv-attr-passAsFile",
-    "adv-attr-preferLocalBuild": "language/advanced-attributes.html#adv-attr-preferLocalBuild",
-    "fixed-output-drvs": "language/advanced-attributes.html#adv-attr-outputHash",
-    "sec-advanced-attributes": "language/advanced-attributes.html",
-    "builtin-abort": "language/builtins.html#builtins-abort",
-    "builtin-add": "language/builtins.html#builtins-add",
-    "builtin-all": "language/builtins.html#builtins-all",
-    "builtin-any": "language/builtins.html#builtins-any",
-    "builtin-attrNames": "language/builtins.html#builtins-attrNames",
-    "builtin-attrValues": "language/builtins.html#builtins-attrValues",
-    "builtin-baseNameOf": "language/builtins.html#builtins-baseNameOf",
-    "builtin-bitAnd": "language/builtins.html#builtins-bitAnd",
-    "builtin-bitOr": "language/builtins.html#builtins-bitOr",
-    "builtin-bitXor": "language/builtins.html#builtins-bitXor",
-    "builtin-builtins": "language/builtins.html#builtins-builtins",
-    "builtin-compareVersions": "language/builtins.html#builtins-compareVersions",
-    "builtin-concatLists": "language/builtins.html#builtins-concatLists",
-    "builtin-concatStringsSep": "language/builtins.html#builtins-concatStringsSep",
-    "builtin-currentSystem": "language/builtins.html#builtins-currentSystem",
-    "builtin-deepSeq": "language/builtins.html#builtins-deepSeq",
-    "builtin-derivation": "language/builtins.html#builtins-derivation",
-    "builtin-dirOf": "language/builtins.html#builtins-dirOf",
-    "builtin-div": "language/builtins.html#builtins-div",
-    "builtin-elem": "language/builtins.html#builtins-elem",
-    "builtin-elemAt": "language/builtins.html#builtins-elemAt",
-    "builtin-fetchGit": "language/builtins.html#builtins-fetchGit",
-    "builtin-fetchTarball": "language/builtins.html#builtins-fetchTarball",
-    "builtin-fetchurl": "language/builtins.html#builtins-fetchurl",
-    "builtin-filterSource": "language/builtins.html#builtins-filterSource",
-    "builtin-foldl-prime": "language/builtins.html#builtins-foldl-prime",
-    "builtin-fromJSON": "language/builtins.html#builtins-fromJSON",
-    "builtin-functionArgs": "language/builtins.html#builtins-functionArgs",
-    "builtin-genList": "language/builtins.html#builtins-genList",
-    "builtin-getAttr": "language/builtins.html#builtins-getAttr",
-    "builtin-getEnv": "language/builtins.html#builtins-getEnv",
-    "builtin-hasAttr": "language/builtins.html#builtins-hasAttr",
-    "builtin-hashFile": "language/builtins.html#builtins-hashFile",
-    "builtin-hashString": "language/builtins.html#builtins-hashString",
-    "builtin-head": "language/builtins.html#builtins-head",
-    "builtin-import": "language/builtins.html#builtins-import",
-    "builtin-intersectAttrs": "language/builtins.html#builtins-intersectAttrs",
-    "builtin-isAttrs": "language/builtins.html#builtins-isAttrs",
-    "builtin-isBool": "language/builtins.html#builtins-isBool",
-    "builtin-isFloat": "language/builtins.html#builtins-isFloat",
-    "builtin-isFunction": "language/builtins.html#builtins-isFunction",
-    "builtin-isInt": "language/builtins.html#builtins-isInt",
-    "builtin-isList": "language/builtins.html#builtins-isList",
-    "builtin-isNull": "language/builtins.html#builtins-isNull",
-    "builtin-isString": "language/builtins.html#builtins-isString",
-    "builtin-length": "language/builtins.html#builtins-length",
-    "builtin-lessThan": "language/builtins.html#builtins-lessThan",
-    "builtin-listToAttrs": "language/builtins.html#builtins-listToAttrs",
-    "builtin-map": "language/builtins.html#builtins-map",
-    "builtin-match": "language/builtins.html#builtins-match",
-    "builtin-mul": "language/builtins.html#builtins-mul",
-    "builtin-parseDrvName": "language/builtins.html#builtins-parseDrvName",
-    "builtin-path": "language/builtins.html#builtins-path",
-    "builtin-pathExists": "language/builtins.html#builtins-pathExists",
-    "builtin-placeholder": "language/builtins.html#builtins-placeholder",
-    "builtin-readDir": "language/builtins.html#builtins-readDir",
-    "builtin-readFile": "language/builtins.html#builtins-readFile",
-    "builtin-removeAttrs": "language/builtins.html#builtins-removeAttrs",
-    "builtin-replaceStrings": "language/builtins.html#builtins-replaceStrings",
-    "builtin-seq": "language/builtins.html#builtins-seq",
-    "builtin-sort": "language/builtins.html#builtins-sort",
-    "builtin-split": "language/builtins.html#builtins-split",
-    "builtin-splitVersion": "language/builtins.html#builtins-splitVersion",
-    "builtin-stringLength": "language/builtins.html#builtins-stringLength",
-    "builtin-sub": "language/builtins.html#builtins-sub",
-    "builtin-substring": "language/builtins.html#builtins-substring",
-    "builtin-tail": "language/builtins.html#builtins-tail",
-    "builtin-throw": "language/builtins.html#builtins-throw",
-    "builtin-toFile": "language/builtins.html#builtins-toFile",
-    "builtin-toJSON": "language/builtins.html#builtins-toJSON",
-    "builtin-toPath": "language/builtins.html#builtins-toPath",
-    "builtin-toString": "language/builtins.html#builtins-toString",
-    "builtin-toXML": "language/builtins.html#builtins-toXML",
-    "builtin-trace": "language/builtins.html#builtins-trace",
-    "builtin-tryEval": "language/builtins.html#builtins-tryEval",
-    "builtin-typeOf": "language/builtins.html#builtins-typeOf",
-    "ssec-builtins": "language/builtins.html",
-    "attr-system": "language/derivations.html#attr-system",
-    "ssec-derivation": "language/derivations.html",
-    "ch-expression-language": "language/index.html",
-    "sec-constructs": "language/constructs.html",
-    "sect-let-language": "language/constructs.html#let-language",
-    "ss-functions": "language/constructs.html#functions",
-    "sec-language-operators": "language/operators.html",
-    "table-operators": "language/operators.html",
-    "ssec-values": "language/values.html",
-    "gloss-closure": "glossary.html#gloss-closure",
-    "gloss-derivation": "glossary.html#gloss-derivation",
-    "gloss-deriver": "glossary.html#gloss-deriver",
-    "gloss-nar": "glossary.html#gloss-nar",
-    "gloss-output-path": "glossary.html#gloss-output-path",
-    "gloss-profile": "glossary.html#gloss-profile",
-    "gloss-reachable": "glossary.html#gloss-reachable",
-    "gloss-reference": "glossary.html#gloss-reference",
-    "gloss-substitute": "glossary.html#gloss-substitute",
-    "gloss-user-env": "glossary.html#gloss-user-env",
-    "gloss-validity": "glossary.html#gloss-validity",
-    "part-glossary": "glossary.html",
-    "sec-building-source": "installation/building-source.html",
-    "ch-env-variables": "installation/env-variables.html",
-    "sec-installer-proxy-settings": "installation/env-variables.html#proxy-environment-variables",
-    "sec-nix-ssl-cert-file": "installation/env-variables.html#nix_ssl_cert_file",
-    "sec-nix-ssl-cert-file-with-nix-daemon-and-macos": "installation/env-variables.html#nix_ssl_cert_file-with-macos-and-the-nix-daemon",
-    "chap-installation": "installation/installation.html",
-    "ch-installing-binary": "installation/installing-binary.html",
-    "sect-macos-installation": "installation/installing-binary.html#macos-installation",
-    "sect-macos-installation-change-store-prefix": "installation/installing-binary.html#macos-installation",
-    "sect-macos-installation-encrypted-volume": "installation/installing-binary.html#macos-installation",
-    "sect-macos-installation-recommended-notes": "installation/installing-binary.html#macos-installation",
-    "sect-macos-installation-symlink": "installation/installing-binary.html#macos-installation",
-    "sect-multi-user-installation": "installation/installing-binary.html#multi-user-installation",
-    "sect-nix-install-binary-tarball": "installation/installing-binary.html#installing-from-a-binary-tarball",
-    "sect-nix-install-pinned-version-url": "installation/installing-binary.html#installing-a-pinned-nix-version-from-a-url",
-    "sect-single-user-installation": "installation/installing-binary.html#single-user-installation",
-    "ch-installing-source": "installation/installing-source.html",
-    "ssec-multi-user": "installation/multi-user.html",
-    "ch-nix-security": "installation/nix-security.html",
-    "sec-obtaining-source": "installation/obtaining-source.html",
-    "sec-prerequisites-source": "installation/prerequisites-source.html",
-    "sec-single-user": "installation/single-user.html",
-    "ch-supported-platforms": "installation/supported-platforms.html",
-    "ch-upgrading-nix": "installation/upgrading.html",
-    "ch-about-nix": "introduction.html",
-    "chap-introduction": "introduction.html",
-    "ch-basic-package-mgmt": "package-management/basic-package-mgmt.html",
-    "ssec-binary-cache-substituter": "package-management/binary-cache-substituter.html",
-    "sec-channels": "package-management/channels.html",
-    "ssec-copy-closure": "package-management/copy-closure.html",
-    "sec-garbage-collection": "package-management/garbage-collection.html",
-    "ssec-gc-roots": "package-management/garbage-collector-roots.html",
-    "chap-package-management": "package-management/package-management.html",
-    "sec-profiles": "package-management/profiles.html",
-    "ssec-s3-substituter": "package-management/s3-substituter.html",
-    "ssec-s3-substituter-anonymous-reads": "package-management/s3-substituter.html#anonymous-reads-to-your-s3-compatible-binary-cache",
-    "ssec-s3-substituter-authenticated-reads": "package-management/s3-substituter.html#authenticated-reads-to-your-s3-binary-cache",
-    "ssec-s3-substituter-authenticated-writes": "package-management/s3-substituter.html#authenticated-writes-to-your-s3-compatible-binary-cache",
-    "sec-sharing-packages": "package-management/sharing-packages.html",
-    "ssec-ssh-substituter": "package-management/ssh-substituter.html",
-    "chap-quick-start": "quick-start.html",
-    "sec-relnotes": "release-notes/release-notes.html",
-    "ch-relnotes-0.10.1": "release-notes/rl-0.10.1.html",
-    "ch-relnotes-0.10": "release-notes/rl-0.10.html",
-    "ssec-relnotes-0.11": "release-notes/rl-0.11.html",
-    "ssec-relnotes-0.12": "release-notes/rl-0.12.html",
-    "ssec-relnotes-0.13": "release-notes/rl-0.13.html",
-    "ssec-relnotes-0.14": "release-notes/rl-0.14.html",
-    "ssec-relnotes-0.15": "release-notes/rl-0.15.html",
-    "ssec-relnotes-0.16": "release-notes/rl-0.16.html",
-    "ch-relnotes-0.5": "release-notes/rl-0.5.html",
-    "ch-relnotes-0.6": "release-notes/rl-0.6.html",
-    "ch-relnotes-0.7": "release-notes/rl-0.7.html",
-    "ch-relnotes-0.8.1": "release-notes/rl-0.8.1.html",
-    "ch-relnotes-0.8": "release-notes/rl-0.8.html",
-    "ch-relnotes-0.9.1": "release-notes/rl-0.9.1.html",
-    "ch-relnotes-0.9.2": "release-notes/rl-0.9.2.html",
-    "ch-relnotes-0.9": "release-notes/rl-0.9.html",
-    "ssec-relnotes-1.0": "release-notes/rl-1.0.html",
-    "ssec-relnotes-1.1": "release-notes/rl-1.1.html",
-    "ssec-relnotes-1.10": "release-notes/rl-1.10.html",
-    "ssec-relnotes-1.11.10": "release-notes/rl-1.11.10.html",
-    "ssec-relnotes-1.11": "release-notes/rl-1.11.html",
-    "ssec-relnotes-1.2": "release-notes/rl-1.2.html",
-    "ssec-relnotes-1.3": "release-notes/rl-1.3.html",
-    "ssec-relnotes-1.4": "release-notes/rl-1.4.html",
-    "ssec-relnotes-1.5.1": "release-notes/rl-1.5.1.html",
-    "ssec-relnotes-1.5.2": "release-notes/rl-1.5.2.html",
-    "ssec-relnotes-1.5": "release-notes/rl-1.5.html",
-    "ssec-relnotes-1.6.1": "release-notes/rl-1.6.1.html",
-    "ssec-relnotes-1.6.0": "release-notes/rl-1.6.html",
-    "ssec-relnotes-1.7": "release-notes/rl-1.7.html",
-    "ssec-relnotes-1.8": "release-notes/rl-1.8.html",
-    "ssec-relnotes-1.9": "release-notes/rl-1.9.html",
-    "ssec-relnotes-2.0": "release-notes/rl-2.0.html",
-    "ssec-relnotes-2.1": "release-notes/rl-2.1.html",
-    "ssec-relnotes-2.2": "release-notes/rl-2.2.html",
-    "ssec-relnotes-2.3": "release-notes/rl-2.3.html"
-  },
-  "language/values.html": {
-    "simple-values": "#primitives",
-    "lists": "#list",
-    "strings": "#string",
-    "lists": "#list",
-    "attribute-sets": "#attribute-set"
-  }
-};
-
-// the following code matches the current page's URL against the set of redirects.
-//
-// it is written to minimize the latency between page load and redirect.
-// therefore we avoid function calls, copying data, and unnecessary loops.
-// IMPORTANT: we use stateful array operations and their order matters!
-//
-// matching URLs is more involved than it should be:
-//
-// 1. `document.location.pathname` can have an arbitrary prefix.
-//
-// 2. `path_to_root` is set by mdBook. it consists only of `../`s and
-//    determines the depth of `<path>` relative to the prefix:
-//
-//          `document.location.pathname`
-//        |------------------------------|
-//        /<prefix>/<path>/[<file>[.html]][#<anchor>]
-//                  |----|
-//              `path_to_root` has same number of path segments
-//
-//    source: https://phaiax.github.io/mdBook/format/theme/index-hbs.html#data
-//
-// 3. the following paths are equivalent:
-//
-//        /foo/bar/
-//        /foo/bar/index.html
-//        /foo/bar/index
-//
-//  4. the following paths are also equivalent:
-//
-//        /foo/bar/baz
-//        /foo/bar/baz.html
-//
-
-let segments = document.location.pathname.split('/');
-
-let file = segments.pop();
-
-// normalize file name
-if (file === '') { file = "index.html"; }
-else if (!file.endsWith('.html')) { file = file + '.html'; }
-
-segments.push(file);
-
-// use `path_to_root` to discern prefix from path.
-const depth = path_to_root.split('/').length;
-
-// remove segments containing prefix. the following works because
-// 1. the original `document.location.pathname` is absolute,
-//    hence first element of `segments` is always empty.
-// 2. last element of splitting `path_to_root` is also always empty.
-// 3. last element of `segments` is the file name.
-//
-// visual example:
-//
-//     '/foo/bar/baz.html'.split('/') -> [ '', 'foo', 'bar', 'baz.html' ]
-//          '../'.split('/')          -> [ '..', '' ]
-//
-// the following operations will then result in
-//
-//     path = 'bar/baz.html'
-//
-segments.splice(0, segments.length - depth);
-const path = segments.join('/');
-
-// anchor starts with the hash character (`#`),
-// but our redirect declarations don't, so we strip it.
-// example:
-//     document.location.hash -> '#foo'
-//     document.location.hash.substring(1) -> 'foo'
-const anchor = document.location.hash.substring(1);
-
-const redirect = redirects[path];
-if (redirect) {
-  const target = redirect[anchor];
-  if (target) {
-    document.location.href = target;
-  }
-}

doc/manual/src/SUMMARY.md.in

@@ -9,7 +9,6 @@
     - [Prerequisites](installation/prerequisites-source.md)
     - [Obtaining a Source Distribution](installation/obtaining-source.md)
     - [Building Nix from Source](installation/building-source.md)
-  - [Using Nix within Docker](installation/installing-docker.md)
   - [Security](installation/nix-security.md)
     - [Single-User Mode](installation/single-user.md)
     - [Multi-User Mode](installation/multi-user.md)
@@ -26,15 +25,21 @@
     - [Copying Closures via SSH](package-management/copy-closure.md)
     - [Serving a Nix store via SSH](package-management/ssh-substituter.md)
     - [Serving a Nix store via S3](package-management/s3-substituter.md)
-- [Nix Language](language/index.md)
-  - [Data Types](language/values.md)
-  - [Language Constructs](language/constructs.md)
-    - [String interpolation](language/string-interpolation.md)
-  - [Operators](language/operators.md)
-  - [Derivations](language/derivations.md)
-    - [Advanced Attributes](language/advanced-attributes.md)
-  - [Built-in Constants](language/builtin-constants.md)
-  - [Built-in Functions](language/builtins.md)
+- [Writing Nix Expressions](expressions/writing-nix-expressions.md)
+  - [A Simple Nix Expression](expressions/simple-expression.md)
+    - [Expression Syntax](expressions/expression-syntax.md)
+    - [Build Script](expressions/build-script.md)
+    - [Arguments and Variables](expressions/arguments-variables.md)
+    - [Building and Testing](expressions/simple-building-testing.md)
+    - [Generic Builder Syntax](expressions/generic-builder.md)
+  - [Writing Nix Expressions](expressions/expression-language.md)
+    - [Values](expressions/language-values.md)
+    - [Language Constructs](expressions/language-constructs.md)
+    - [Operators](expressions/language-operators.md)
+    - [Derivations](expressions/derivations.md)
+      - [Advanced Attributes](expressions/advanced-attributes.md)
+    - [Built-in Constants](expressions/builtin-constants.md)
+    - [Built-in Functions](expressions/builtins.md)
 - [Advanced Topics](advanced-topics/advanced-topics.md)
   - [Remote Builds](advanced-topics/distributed-builds.md)
   - [Tuning Cores and Jobs](advanced-topics/cores-vs-jobs.md)
@@ -60,22 +65,11 @@
 @manpages@
   - [Files](command-ref/files.md)
     - [nix.conf](command-ref/conf-file.md)
-- [Architecture](architecture/architecture.md)
 - [Glossary](glossary.md)
 - [Contributing](contributing/contributing.md)
   - [Hacking](contributing/hacking.md)
   - [CLI guideline](contributing/cli-guideline.md)
 - [Release Notes](release-notes/release-notes.md)
-  - [Release 2.13 (2023-01-17)](release-notes/rl-2.13.md)
-  - [Release 2.12 (2022-12-06)](release-notes/rl-2.12.md)
-  - [Release 2.11 (2022-08-25)](release-notes/rl-2.11.md)
-  - [Release 2.10 (2022-07-11)](release-notes/rl-2.10.md)
-  - [Release 2.9 (2022-05-30)](release-notes/rl-2.9.md)
-  - [Release 2.8 (2022-04-19)](release-notes/rl-2.8.md)
-  - [Release 2.7 (2022-03-07)](release-notes/rl-2.7.md)
-  - [Release 2.6 (2022-01-24)](release-notes/rl-2.6.md)
-  - [Release 2.5 (2021-12-13)](release-notes/rl-2.5.md)
-  - [Release 2.4 (2021-11-01)](release-notes/rl-2.4.md)
   - [Release 2.3 (2019-09-04)](release-notes/rl-2.3.md)
   - [Release 2.2 (2019-01-11)](release-notes/rl-2.2.md)
   - [Release 2.1 (2018-09-02)](release-notes/rl-2.1.md)

doc/manual/src/advanced-topics/diff-hook.md

@@ -101,7 +101,7 @@ In particular, notice the
 `/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable.check` output. Nix
 has copied the build results to that directory where you can examine it.
 
-> []{#check-dirs-are-unregistered} **Note**
+> **Note**
 > 
 > Check paths are not protected against garbage collection, and this
 > path will be deleted on the next garbage collection.
@@ -121,3 +121,37 @@ error:
     are not valid, so checking is not possible
 
 Run the build without `--check`, and then try with `--check` again.
+
+# Automatic and Optionally Enforced Determinism Verification
+
+Automatically verify every build at build time by executing the build
+multiple times.
+
+Setting `repeat` and `enforce-determinism` in your `nix.conf` permits
+the automated verification of every build Nix performs.
+
+The following configuration will run each build three times, and will
+require the build to be deterministic:
+
+    enforce-determinism = true
+    repeat = 2
+
+Setting `enforce-determinism` to false as in the following
+configuration will run the build multiple times, execute the build
+hook, but will allow the build to succeed even if it does not build
+reproducibly:
+
+    enforce-determinism = false
+    repeat = 1
+
+An example output of this configuration:
+
+```console
+$ nix-build ./test.nix -A unstable
+this derivation will be built:
+  /nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv
+building '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' (round 1/2)...
+building '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' (round 2/2)...
+output '/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable' of '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' differs from '/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable.check' from previous round
+/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable
+```

doc/manual/src/advanced-topics/distributed-builds.md

@@ -12,14 +12,14 @@ machine is accessible via SSH and that it has Nix installed. You can
 test whether connecting to the remote Nix instance works, e.g.
 
 ```console
-$ nix store ping --store ssh://mac
+$ nix ping-store --store ssh://mac
 ```
 
 will try to connect to the machine named `mac`. It is possible to
 specify an SSH identity file as part of the remote store URI, e.g.
 
 ```console
-$ nix store ping --store ssh://mac?ssh-key=/home/alice/my-key
+$ nix ping-store --store ssh://mac?ssh-key=/home/alice/my-key
 ```
 
 Since builds should be non-interactive, the key should not have a
@@ -53,8 +53,8 @@ example, the following command allows you to build a derivation for
 $ uname
 Linux
 
-$ nix build --impure \
-  --expr '(with import <nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo" {} "uname > $out")' \
+$ nix build \
+  '(with import <nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo" {} "uname > $out")' \
   --builders 'ssh://mac x86_64-darwin'
 [1/0/1 built, 0.0 MiB DL] building foo on ssh://mac
 
@@ -110,7 +110,7 @@ default, set it to `-`.
 7.  A comma-separated list of *mandatory features*. A machine will only
     be used to build a derivation if all of the machine’s mandatory
     features appear in the derivation’s `requiredSystemFeatures`
-    attribute.
+    attribute..
 
 8.  The (base64-encoded) public host key of the remote machine. If omitted, SSH
     will use its regular known-hosts file. Specifically, the field is calculated

doc/manual/src/advanced-topics/post-build-hook.md

@@ -33,17 +33,12 @@ distribute the public key for verifying the authenticity of the paths.
 example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
 ```
 
-Then update [`nix.conf`](../command-ref/conf-file.md) on any machine that will access the cache.
-Add the cache URL to [`substituters`](../command-ref/conf-file.md#conf-substituters) and the public key to [`trusted-public-keys`](../command-ref/conf-file.md#conf-trusted-public-keys):
+Then, add the public key and the cache URL to your `nix.conf`'s
+`trusted-public-keys` and `substituters` options:
 
     substituters = https://cache.nixos.org/ s3://example-nix-cache
     trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
 
-Machines that build for the cache must sign derivations using the private key.
-On those machines, add the path to the key file to the [`secret-key-files`](../command-ref/conf-file.md#conf-secret-key-files) field in their [`nix.conf`](../command-ref/conf-file.md):
-
-    secret-key-files = /etc/nix/key.private
-
 We will restart the Nix daemon in a later step.
 
 # Implementing the build hook
@@ -57,12 +52,14 @@ set -eu
 set -f # disable globbing
 export IFS=' '
 
+echo "Signing paths" $OUT_PATHS
+nix store sign --key-file /etc/nix/key.private $OUT_PATHS
 echo "Uploading paths" $OUT_PATHS
-exec nix copy --to "s3://example-nix-cache" $OUT_PATHS
+exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
 ```
 
 > **Note**
->
+> 
 > The `$OUT_PATHS` variable is a space-separated list of Nix store
 > paths. In this case, we expect and want the shell to perform word
 > splitting to make each output path its own argument to `nix

doc/manual/src/architecture/architecture.md

@@ -1,115 +0,0 @@
-# Architecture
-
-This chapter describes how Nix works.
-It should help users understand why Nix behaves as it does, and it should help developers understand how to modify Nix and how to write similar tools.
-
-## Overview
-
-Nix consists of [hierarchical layers].
-
-[hierarchical layers]: https://en.m.wikipedia.org/wiki/Multitier_architecture#Layers
-
-The following [concept map] shows its main components (rectangles), the objects they operate on (rounded rectangles), and their interactions (connecting phrases):
-
-[concept map]: https://en.m.wikipedia.org/wiki/Concept_map
-
-```
-
-   .----------------.
-   | Nix expression |----------.
-   '----------------'          |
-           |              passed to
-           |                   |
-+----------|-------------------|--------------------------------+
-| Nix      |                   V                                |
-|          |      +-------------------------+                   |
-|          |      | commmand line interface |------.            |
-|          |      +-------------------------+      |            |
-|          |                   |                   |            |
-|    evaluated by            calls              manages         |
-|          |                   |                   |            |
-|          |                   V                   |            |
-|          |         +--------------------+        |            |
-|          '-------->| language evaluator |        |            |
-|                    +--------------------+        |            |
-|                              |                   |            |
-|                           produces               |            |
-|                              |                   V            |
-| +----------------------------|------------------------------+ |
-| | store                      |                              | |
-| |            referenced by   V       builds                 | |
-| | .-------------.      .------------.      .--------------. | |
-| | | build input |----->| build plan |----->| build result | | |
-| | '-------------'      '------------'      '--------------' | |
-| +-------------------------------------------------|---------+ |
-+---------------------------------------------------|-----------+
-                                                    |
-                                              represented as
-                                                    |
-                                                    V
-                                            .---------------.
-                                            |     file      |
-                                            '---------------'
-```
-
-At the top is the [command line interface](../command-ref/command-ref.md) that drives the underlying layers.
-
-The [Nix language](../language/index.md) evaluator transforms Nix expressions into self-contained *build plans*, which are used to derive *build results* from referenced *build inputs*.
-
-The command line interface and Nix expressions are what users deal with most.
-
-> **Note**
-> The Nix language itself does not have a notion of *packages* or *configurations*.
-> As far as we are concerned here, the inputs and results of a build plan are just data.
-
-Underlying the command line interface and the Nix language evaluator is the [Nix store](../glossary.md#gloss-store), a mechanism to keep track of build plans, data, and references between them.
-It can also execute build plans to produce new data, which are made available to the operating system as files.
-
-A build plan itself is a series of *build tasks*, together with their build inputs.
-
-> **Important**
-> A build task in Nix is called [derivation](../glossary.md#gloss-derivation).
-
-Each build task has a special build input executed as *build instructions* in order to perform the build.
-The result of a build task can be input to another build task.
-
-The following [data flow diagram] shows a build plan for illustration.
-Build inputs used as instructions to a build task are marked accordingly:
-
-[data flow diagram]: https://en.m.wikipedia.org/wiki/Data-flow_diagram
-
-```
-+--------------------------------------------------------------------+
-| build plan                                                         |
-|                                                                    |
-| .-------------.                                                    |
-| | build input |---------.                                          |
-| '-------------'         |                                          |
-|                    instructions                                    |
-|                         |                                          |
-|                         v                                          |
-| .-------------.    .----------.                                    |
-| | build input |-->( build task )-------.                           |
-| '-------------'    '----------'        |                           |
-|                                  instructions                      |
-|                                        |                           |
-|                                        v                           |
-| .-------------.                  .----------.     .--------------. |
-| | build input |---------.       ( build task )--->| build result | |
-| '-------------'         |        '----------'     '--------------' |
-|                    instructions        ^                           |
-|                         |              |                           |
-|                         v              |                           |
-| .-------------.    .----------.        |                           |
-| | build input |-->( build task )-------'                           |
-| '-------------'    '----------'                                    |
-|                         ^                                          |
-|                         |                                          |
-|                         |                                          |
-| .-------------.         |                                          |
-| | build input |---------'                                          |
-| '-------------'                                                    |
-|                                                                    |
-+--------------------------------------------------------------------+
-```
-

doc/manual/src/command-ref/conf-file-prefix.md

@@ -16,9 +16,8 @@ By default Nix reads settings from the following places:
     will be loaded in reverse order.
 
     Otherwise it will look for `nix/nix.conf` files in `XDG_CONFIG_DIRS`
-    and `XDG_CONFIG_HOME`. If unset, `XDG_CONFIG_DIRS` defaults to
-    `/etc/xdg`, and `XDG_CONFIG_HOME` defaults to `$HOME/.config`
-    as per [XDG Base Directory Specification](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html).
+    and `XDG_CONFIG_HOME`. If these are unset, it will look in
+    `$HOME/.config/nix.conf`.
 
   - If `NIX_CONFIG` is set, its contents is treated as the contents of
     a configuration file.

doc/manual/src/command-ref/env-common.md

@@ -2,18 +2,49 @@
 
 Most Nix commands interpret the following environment variables:
 
-  - [`IN_NIX_SHELL`]{#env-IN_NIX_SHELL}\
+  - `IN_NIX_SHELL`\
     Indicator that tells if the current environment was set up by
-    `nix-shell`. It can have the values `pure` or `impure`.
+    `nix-shell`. Since Nix 2.0 the values are `"pure"` and `"impure"`
 
-  - [`NIX_PATH`]{#env-NIX_PATH}\
-    A colon-separated list of directories used to look up the location of Nix
-    expressions using [paths](../language/values.md#type-path)
-    enclosed in angle brackets (i.e., `<path>`),
-    e.g. `/home/eelco/Dev:/etc/nixos`. It can be extended using the
-    [`-I` option](./opt-common.md#opt-I).
+  - `NIX_PATH`\
+    A colon-separated list of directories used to look up Nix
+    expressions enclosed in angle brackets (i.e., `<path>`). For
+    instance, the value
 
-  - [`NIX_IGNORE_SYMLINK_STORE`]{#env-NIX_IGNORE_SYMLINK_STORE}\
+        /home/eelco/Dev:/etc/nixos
+
+    will cause Nix to look for paths relative to `/home/eelco/Dev` and
+    `/etc/nixos`, in this order. It is also possible to match paths
+    against a prefix. For example, the value
+
+        nixpkgs=/home/eelco/Dev/nixpkgs-branch:/etc/nixos
+
+    will cause Nix to search for `<nixpkgs/path>` in
+    `/home/eelco/Dev/nixpkgs-branch/path` and `/etc/nixos/nixpkgs/path`.
+
+    If a path in the Nix search path starts with `http://` or
+    `https://`, it is interpreted as the URL of a tarball that will be
+    downloaded and unpacked to a temporary location. The tarball must
+    consist of a single top-level directory. For example, setting
+    `NIX_PATH` to
+
+        nixpkgs=https://github.com/NixOS/nixpkgs/archive/master.tar.gz
+
+    tells Nix to download and use the current contents of the
+    `master` branch in the `nixpkgs` repository.
+
+    The URLs of the tarballs from the official nixos.org channels (see
+    [the manual for `nix-channel`](nix-channel.md)) can be abbreviated
+    as `channel:<channel-name>`.  For instance, the following two
+    values of `NIX_PATH` are equivalent:
+
+        nixpkgs=channel:nixos-21.05
+        nixpkgs=https://nixos.org/channels/nixos-21.05/nixexprs.tar.xz
+
+    The Nix search path can also be extended using the `-I` option to
+    many Nix commands, which takes precedence over `NIX_PATH`.
+
+  - `NIX_IGNORE_SYMLINK_STORE`\
     Normally, the Nix store directory (typically `/nix/store`) is not
     allowed to contain any symlink components. This is to prevent
     “impure” builds. Builders sometimes “canonicalise” paths by
@@ -35,41 +66,41 @@ Most Nix commands interpret the following environment variables:
 
     Consult the mount 8 manual page for details.
 
-  - [`NIX_STORE_DIR`]{#env-NIX_STORE_DIR}\
+  - `NIX_STORE_DIR`\
     Overrides the location of the Nix store (default `prefix/store`).
 
-  - [`NIX_DATA_DIR`]{#env-NIX_DATA_DIR}\
+  - `NIX_DATA_DIR`\
     Overrides the location of the Nix static data directory (default
     `prefix/share`).
 
-  - [`NIX_LOG_DIR`]{#env-NIX_LOG_DIR}\
+  - `NIX_LOG_DIR`\
     Overrides the location of the Nix log directory (default
     `prefix/var/log/nix`).
 
-  - [`NIX_STATE_DIR`]{#env-NIX_STATE_DIR}\
+  - `NIX_STATE_DIR`\
     Overrides the location of the Nix state directory (default
     `prefix/var/nix`).
 
-  - [`NIX_CONF_DIR`]{#env-NIX_CONF_DIR}\
+  - `NIX_CONF_DIR`\
     Overrides the location of the system Nix configuration directory
     (default `prefix/etc/nix`).
 
-  - [`NIX_CONFIG`]{#env-NIX_CONFIG}\
+  - `NIX_CONFIG`\
     Applies settings from Nix configuration from the environment.
     The content is treated as if it was read from a Nix configuration file.
     Settings are separated by the newline character.
 
-  - [`NIX_USER_CONF_FILES`]{#env-NIX_USER_CONF_FILES}\
+  - `NIX_USER_CONF_FILES`\
     Overrides the location of the user Nix configuration files to load
     from (defaults to the XDG spec locations). The variable is treated
     as a list separated by the `:` token.
 
-  - [`TMPDIR`]{#env-TMPDIR}\
+  - `TMPDIR`\
     Use the specified directory to store temporary files. In particular,
     this includes temporary build directories; these can take up
     substantial amounts of disk space. The default is `/tmp`.
 
-  - [`NIX_REMOTE`]{#env-NIX_REMOTE}\
+  - `NIX_REMOTE`\
     This variable should be set to `daemon` if you want to use the Nix
     daemon to execute Nix operations. This is necessary in [multi-user
     Nix installations](../installation/multi-user.md). If the Nix
@@ -77,16 +108,16 @@ Most Nix commands interpret the following environment variables:
     should be set to `unix://path/to/socket`. Otherwise, it should be
     left unset.
 
-  - [`NIX_SHOW_STATS`]{#env-NIX_SHOW_STATS}\
+  - `NIX_SHOW_STATS`\
     If set to `1`, Nix will print some evaluation statistics, such as
     the number of values allocated.
 
-  - [`NIX_COUNT_CALLS`]{#env-NIX_COUNT_CALLS}\
+  - `NIX_COUNT_CALLS`\
     If set to `1`, Nix will print how often functions were called during
     Nix expression evaluation. This is useful for profiling your Nix
     expressions.
 
-  - [`GC_INITIAL_HEAP_SIZE`]{#env-GC_INITIAL_HEAP_SIZE}\
+  - `GC_INITIAL_HEAP_SIZE`\
     If Nix has been configured to use the Boehm garbage collector, this
     variable sets the initial size of the heap in bytes. It defaults to
     384 MiB. Setting it to a low value reduces memory consumption, but

doc/manual/src/command-ref/nix-build.md

@@ -12,12 +12,6 @@
   [`--dry-run`]
   [{`--out-link` | `-o`} *outlink*]
 
-# Disambiguation
-
-This man page describes the command `nix-build`, which is distinct from `nix
-build`. For documentation on the latter, run `nix build --help` or see `man
-nix3-build`.
-
 # Description
 
 The `nix-build` command builds the derivations described by the Nix
@@ -37,12 +31,10 @@ directory containing at least a file named `default.nix`.
 
 `nix-build` is essentially a wrapper around
 [`nix-instantiate`](nix-instantiate.md) (to translate a high-level Nix
-expression to a low-level [store derivation]) and [`nix-store
+expression to a low-level store derivation) and [`nix-store
 --realise`](nix-store.md#operation---realise) (to build the store
 derivation).
 
-[store derivation]: ../glossary.md#gloss-store-derivation
-
 > **Warning**
 >
 > The result of the build is automatically registered as a root of the
@@ -55,18 +47,16 @@ All options not listed here are passed to `nix-store
 --realise`, except for `--arg` and `--attr` / `-A` which are passed to
 `nix-instantiate`.
 
-  - <span id="opt-no-out-link">[`--no-out-link`](#opt-no-out-link)<span>
-
+  - `--no-out-link`\
     Do not create a symlink to the output path. Note that as a result
     the output does not become a root of the garbage collector, and so
-    might be deleted by `nix-store --gc`.
-
-  - <span id="opt-dry-run">[`--dry-run`](#opt-dry-run)</span>
+    might be deleted by `nix-store
+                    --gc`.
 
+  - `--dry-run`\
     Show what store paths would be built or downloaded.
 
-  - <span id="opt-out-link">[`--out-link`](#opt-out-link)</span> / `-o` *outlink*
-
+  - `--out-link` / `-o` *outlink*\
     Change the name of the symlink to the output path created from
     `result` to *outlink*.
 

doc/manual/src/command-ref/nix-copy-closure.md

@@ -30,8 +30,8 @@ Since `nix-copy-closure` calls `ssh`, you may be asked to type in the
 appropriate password or passphrase.  In fact, you may be asked _twice_
 because `nix-copy-closure` currently connects twice to the remote
 machine, first to get the set of paths missing on the target machine,
-and second to send the dump of those paths.  When using public key
-authentication, you can avoid typing the passphrase with `ssh-agent`.
+and second to send the dump of those paths.  If this bothers you, use
+`ssh-agent`.
 
 # Options
 
@@ -47,9 +47,7 @@ authentication, you can avoid typing the passphrase with `ssh-agent`.
     Enable compression of the SSH connection.
 
   - `--include-outputs`\
-    Also copy the outputs of [store derivation]s included in the closure.
-
-    [store derivation]: ../glossary.md#gloss-store-derivation
+    Also copy the outputs of store derivations included in the closure.
 
   - `--use-substitutes` / `-s`\
     Attempt to download missing paths on the target machine using Nix’s

doc/manual/src/command-ref/nix-daemon.md

@@ -8,6 +8,6 @@
 
 # Description
 
-The Nix daemon is necessary in multi-user Nix installations. It runs
-build tasks and other operations on the Nix store on behalf of
+The Nix daemon is necessary in multi-user Nix installations. It performs
+build actions and other operations on the Nix store on behalf of
 unprivileged users.

doc/manual/src/command-ref/nix-env.md

@@ -31,7 +31,7 @@ subcommand to be performed. These are documented below.
 Several commands, such as `nix-env -q` and `nix-env -i`, take a list of
 arguments that specify the packages on which to operate. These are
 extended regular expressions that must match the entire name of the
-package. (For details on regular expressions, see **regex**(7).) The match is
+package. (For details on regular expressions, see regex7.) The match is
 case-sensitive. The regular expression can optionally be followed by a
 dash and a version number; if omitted, any version of the package will
 match. Here are some examples:
@@ -198,19 +198,17 @@ a number of possible ways:
     another.
 
   - If `--from-expression` is given, *args* are Nix
-    [functions](../language/constructs.md#functions)
+    [functions](../expressions/language-constructs.md#functions)
     that are called with the active Nix expression as their single
     argument. The derivations returned by those function calls are
     installed. This allows derivations to be specified in an
     unambiguous way, which is necessary if there are multiple
     derivations with the same name.
 
-  - If *args* are [store derivation]s, then these are
+  - If *args* are store derivations, then these are
     [realised](nix-store.md#operation---realise), and the resulting output paths
     are installed.
 
-    [store derivation]: ../glossary.md#gloss-store-derivation
-
   - If *args* are store paths that are not store derivations, then these
     are [realised](nix-store.md#operation---realise) and installed.
 
@@ -240,16 +238,7 @@ a number of possible ways:
 
 ## Examples
 
-To install a package using a specific attribute path from the active Nix expression:
-
-```console
-$ nix-env -iA gcc40mips
-installing `gcc-4.0.2'
-$ nix-env -iA xorg.xorgserver
-installing `xorg-server-1.2.0'
-```
-
-To install a specific version of `gcc` using the derivation name:
+To install a specific version of `gcc` from the active Nix expression:
 
 ```console
 $ nix-env --install gcc-3.3.2
@@ -257,9 +246,6 @@ installing `gcc-3.3.2'
 uninstalling `gcc-3.1'
 ```
 
-Using attribute path for selecting a package is preferred,
-as it is much faster and there will not be multiple matches.
-
 Note the previously installed version is removed, since
 `--preserve-installed` was not specified.
 
@@ -270,6 +256,13 @@ $ nix-env --install gcc
 installing `gcc-3.3.2'
 ```
 
+To install using a specific attribute:
+
+```console
+$ nix-env -i -A gcc40mips
+$ nix-env -i -A xorg.xorgserver
+```
+
 To install all derivations in the Nix expression `foo.nix`:
 
 ```console
@@ -282,7 +275,7 @@ To copy the store path with symbolic name `gcc` from another profile:
 $ nix-env -i --from-profile /nix/var/nix/profiles/foo gcc
 ```
 
-To install a specific [store derivation] (typically created by
+To install a specific store derivation (typically created by
 `nix-instantiate`):
 
 ```console
@@ -381,29 +374,22 @@ For the other flags, see `--install`.
 ## Examples
 
 ```console
-$ nix-env --upgrade -A nixpkgs.gcc
+$ nix-env --upgrade gcc
 upgrading `gcc-3.3.1' to `gcc-3.4'
 ```
 
-When there are no updates available, nothing will happen:
-
 ```console
-$ nix-env --upgrade -A nixpkgs.pan
-```
-
-Using `-A` is preferred when possible, as it is faster and unambiguous but
-it is also possible to upgrade to a specific version by matching the derivation name:
-
-```console
-$ nix-env -u gcc-3.3.2 --always
+$ nix-env -u gcc-3.3.2 --always (switch to a specific version)
 upgrading `gcc-3.4' to `gcc-3.3.2'
 ```
 
-To try to upgrade everything
-(matching packages based on the part of the derivation name without version):
+```console
+$ nix-env --upgrade pan
+(no upgrades available, so nothing happens)
+```
 
 ```console
-$ nix-env -u
+$ nix-env -u (try to upgrade everything)
 upgrading `hello-2.1.2' to `hello-2.1.3'
 upgrading `mozilla-1.2' to `mozilla-1.4'
 ```
@@ -414,8 +400,8 @@ The upgrade operation determines whether a derivation `y` is an upgrade
 of a derivation `x` by looking at their respective `name` attributes.
 The names (e.g., `gcc-3.3.1` are split into two parts: the package name
 (`gcc`), and the version (`3.3.1`). The version part starts after the
-first dash not followed by a letter. `y` is considered an upgrade of `x`
-if their package names match, and the version of `y` is higher than that
+first dash not followed by a letter. `x` is considered an upgrade of `y`
+if their package names match, and the version of `y` is higher that that
 of `x`.
 
 The versions are compared by splitting them into contiguous components
@@ -667,7 +653,7 @@ derivation is shown unless `--no-name` is specified.
     Print the `system` attribute of the derivation.
 
   - `--drv-path`\
-    Print the path of the [store derivation].
+    Print the path of the store derivation.
 
   - `--out-path`\
     Print the output path of the derivation.

doc/manual/src/command-ref/nix-instantiate.md

@@ -17,14 +17,13 @@
 
 # Description
 
-The command `nix-instantiate` produces [store derivation]s from (high-level) Nix expressions.
-It evaluates the Nix expressions in each of *files* (which defaults to
+The command `nix-instantiate` generates [store
+derivations](../glossary.md) from (high-level) Nix expressions. It
+evaluates the Nix expressions in each of *files* (which defaults to
 *./default.nix*). Each top-level expression should evaluate to a
 derivation, a list of derivations, or a set of derivations. The paths
 of the resulting store derivations are printed on standard output.
 
-[store derivation]: ../glossary.md#gloss-store-derivation
-
 If *files* is the character `-`, then a Nix expression will be read from
 standard input.
 
@@ -52,7 +51,7 @@ standard input.
   - `--strict`\
     When used with `--eval`, recursively evaluate list elements and
     attributes. Normally, such sub-expressions are left unevaluated
-    (since the Nix language is lazy).
+    (since the Nix expression language is lazy).
 
     > **Warning**
     >
@@ -67,7 +66,7 @@ standard input.
     When used with `--eval`, print the resulting value as an XML
     representation of the abstract syntax tree rather than as an ATerm.
     The schema is the same as that used by the [`toXML`
-    built-in](../language/builtins.md).
+    built-in](../expressions/builtins.md).
 
   - `--read-write-mode`\
     When used with `--eval`, perform evaluation in read/write mode so
@@ -80,7 +79,8 @@ standard input.
 
 # Examples
 
-Instantiate [store derivation]s from a Nix expression, and build them using `nix-store`:
+Instantiating store derivations from a Nix expression, and building them
+using `nix-store`:
 
 ```console
 $ nix-instantiate test.nix (instantiate)

doc/manual/src/command-ref/nix-shell.md

@@ -11,16 +11,10 @@
   [`--command` *cmd*]
   [`--run` *cmd*]
   [`--exclude` *regexp*]
-  [`--pure`]
-  [`--keep` *name*]
+  [--pure]
+  [--keep *name*]
   {{`--packages` | `-p`} {*packages* | *expressions*} … | [*path*]}
 
-# Disambiguation
-
-This man page describes the command `nix-shell`, which is distinct from `nix
-shell`. For documentation on the latter, run `nix shell --help` or see `man
-nix3-shell`.
-
 # Description
 
 The command `nix-shell` will build the dependencies of the specified
@@ -107,8 +101,7 @@ The following common options are supported:
 
   - `NIX_BUILD_SHELL`\
     Shell used to start the interactive environment. Defaults to the
-    `bash` found in `<nixpkgs>`, falling back to the `bash` found in
-    `PATH` if not found.
+    `bash` found in `PATH`.
 
 # Examples
 
@@ -117,19 +110,13 @@ shell in which to build it:
 
 ```console
 $ nix-shell '<nixpkgs>' -A pan
-[nix-shell]$ eval ${unpackPhase:-unpackPhase}
+[nix-shell]$ unpackPhase
 [nix-shell]$ cd pan-*
-[nix-shell]$ eval ${configurePhase:-configurePhase}
-[nix-shell]$ eval ${buildPhase:-buildPhase}
+[nix-shell]$ configurePhase
+[nix-shell]$ buildPhase
 [nix-shell]$ ./pan/gui/pan
 ```
 
-The reason we use form `eval ${configurePhase:-configurePhase}` here is because
-those packages that override these phases do so by exporting the overridden
-values in the environment variable of the same name.
-Here bash is being told to either evaluate the contents of 'configurePhase',
-if it exists as a variable, otherwise evaluate the configurePhase function.
-
 To clear the environment first, and do some additional automatic
 initialisation of the interactive shell:
 

doc/manual/src/command-ref/nix-store.md

@@ -22,8 +22,7 @@ This section lists the options that are common to all operations. These
 options are allowed for every subcommand, though they may not always
 have an effect.
 
-  - <span id="opt-add-root">[`--add-root`](#opt-add-root)</span> *path*
-
+  - `--add-root` *path*\
     Causes the result of a realisation (`--realise` and
     `--force-realise`) to be registered as a root of the garbage
     collector. *path* will be created as a symlink to the resulting
@@ -72,7 +71,7 @@ paths. Realisation is a somewhat overloaded term:
     outputs are already valid, in which case we are done
     immediately. Otherwise, there may be [substitutes](../glossary.md)
     that produce the outputs (e.g., by downloading them). Finally, the
-    outputs can be produced by running the build task described
+    outputs can be produced by performing the build action described
     by the derivation.
 
   - If the store path is not a derivation, realisation ensures that the
@@ -105,6 +104,10 @@ The following flags are available:
     previous build, the new output path is left in
     `/nix/store/name.check.`
 
+    See also the `build-repeat` configuration option, which repeats a
+    derivation a number of times and prevents its outputs from being
+    registered as “valid” in the Nix store unless they are identical.
+
 Special exit codes:
 
   - `100`\
@@ -118,11 +121,11 @@ Special exit codes:
   - `102`\
     Hash mismatch, the build output was rejected because it does not
     match the [`outputHash` attribute of the
-    derivation](../language/advanced-attributes.md).
+    derivation](../expressions/advanced-attributes.md).
 
   - `104`\
     Not deterministic, the build succeeded in check mode but the
-    resulting output is not binary reproducible.
+    resulting output is not binary reproducable.
 
 With the `--keep-going` flag it's possible for multiple failures to
 occur, in this case the 1xx status codes are or combined using binary
@@ -137,10 +140,8 @@ or.
 
 ## Examples
 
-This operation is typically used to build [store derivation]s produced by
-[`nix-instantiate`](./nix-instantiate.md):
-
-[store derivation]: ../glossary.md#gloss-store-derivation
+This operation is typically used to build store derivations produced by
+[`nix-instantiate`](nix-instantiate.md):
 
 ```console
 $ nix-store -r $(nix-instantiate ./test.nix)
@@ -155,12 +156,6 @@ To test whether a previously-built derivation is deterministic:
 $ nix-build '<nixpkgs>' -A hello --check -K
 ```
 
-Use [`--read-log`](#operation---read-log) to show the stderr and stdout of a build:
-
-```console
-$ nix-store --read-log $(nix-instantiate ./test.nix)
-```
-
 # Operation `--serve`
 
 ## Synopsis
@@ -306,7 +301,7 @@ symlink.
 ## Common query options
 
   - `--use-output`; `-u`\
-    For each argument to the query that is a [store derivation], apply the
+    For each argument to the query that is a store derivation, apply the
     query to the output path of the derivation instead.
 
   - `--force-realise`; `-f`\
@@ -326,8 +321,8 @@ symlink.
     This query has one option:
 
       - `--include-outputs`
-        Also include the existing output paths of [store derivation]s,
-        and their closures.
+        Also include the output path of store derivations, and their
+        closures.
 
     This query can be used to implement various kinds of deployment. A
     *source deployment* is obtained by distributing the closure of a
@@ -380,12 +375,12 @@ symlink.
     Prints the references graph of the store paths *paths* in the
     [GraphML](http://graphml.graphdrawing.org/) file format. This can be
     used to visualise dependency graphs. To obtain a build-time
-    dependency graph, apply this to a [store derivation]. To obtain a
+    dependency graph, apply this to a store derivation. To obtain a
     runtime dependency graph, apply it to an output path.
 
   - `--binding` *name*; `-b` *name*\
     Prints the value of the attribute *name* (i.e., environment
-    variable) of the [store derivation]s *paths*. It is an error for a
+    variable) of the store derivations *paths*. It is an error for a
     derivation to not have the specified attribute.
 
   - `--hash`\

doc/manual/src/command-ref/opt-common.md

@@ -2,13 +2,13 @@
 
 Most Nix commands accept the following command-line options:
 
-  - [`--help`]{#opt-help}\
+  - `--help`\
     Prints out a summary of the command syntax and exits.
 
-  - [`--version`]{#opt-version}\
+  - `--version`\
     Prints out the Nix version number on standard output and exits.
 
-  - [`--verbose`]{#opt-verbose} / `-v`\
+  - `--verbose` / `-v`\
     Increases the level of verbosity of diagnostic messages printed on
     standard error. For each Nix operation, the information printed on
     standard output is well-defined; any diagnostic information is
@@ -37,14 +37,14 @@ Most Nix commands accept the following command-line options:
       - 5\
         “Vomit”: print vast amounts of debug information.
 
-  - [`--quiet`]{#opt-quiet}\
+  - `--quiet`\
     Decreases the level of verbosity of diagnostic messages printed on
     standard error. This is the inverse option to `-v` / `--verbose`.
 
     This option may be specified repeatedly. See the previous verbosity
     levels list.
 
-  - [`--log-format`]{#opt-log-format} *format*\
+  - `--log-format` *format*\
     This option can be used to change the output of the log format, with
     *format* being one of:
 
@@ -66,14 +66,14 @@ Most Nix commands accept the following command-line options:
       - bar-with-logs\
         Display the raw logs, with the progress bar at the bottom.
 
-  - [`--no-build-output`]{#opt-no-build-output} / `-Q`\
+  - `--no-build-output` / `-Q`\
     By default, output written by builders to standard output and
     standard error is echoed to the Nix command's standard error. This
     option suppresses this behaviour. Note that the builder's standard
     output and error are always written to a log file in
     `prefix/nix/var/log/nix`.
 
-  - [`--max-jobs`]{#opt-max-jobs} / `-j` *number*\
+  - `--max-jobs` / `-j` *number*\
     Sets the maximum number of build jobs that Nix will perform in
     parallel to the specified number. Specify `auto` to use the number
     of CPUs in the system. The default is specified by the `max-jobs`
@@ -83,7 +83,7 @@ Most Nix commands accept the following command-line options:
     Setting it to `0` disallows building on the local machine, which is
     useful when you want builds to happen only on remote builders.
 
-  - [`--cores`]{#opt-cores}\
+  - `--cores`\
     Sets the value of the `NIX_BUILD_CORES` environment variable in
     the invocation of builders. Builders can use this variable at
     their discretion to control the maximum amount of parallelism. For
@@ -94,18 +94,18 @@ Most Nix commands accept the following command-line options:
     means that the builder should use all available CPU cores in the
     system.
 
-  - [`--max-silent-time`]{#opt-max-silent-time}\
+  - `--max-silent-time`\
     Sets the maximum number of seconds that a builder can go without
     producing any data on standard output or standard error. The
     default is specified by the `max-silent-time` configuration
     setting. `0` means no time-out.
 
-  - [`--timeout`]{#opt-timeout}\
+  - `--timeout`\
     Sets the maximum number of seconds that a builder can run. The
     default is specified by the `timeout` configuration setting. `0`
     means no timeout.
 
-  - [`--keep-going`]{#opt-keep-going} / `-k`\
+  - `--keep-going` / `-k`\
     Keep going in case of failed builds, to the greatest extent
     possible. That is, if building an input of some derivation fails,
     Nix will still build the other inputs, but not the derivation
@@ -113,13 +113,13 @@ Most Nix commands accept the following command-line options:
     for builds of substitutes), possibly killing builds in progress (in
     case of parallel or distributed builds).
 
-  - [`--keep-failed`]{#opt-keep-failed} / `-K`\
+  - `--keep-failed` / `-K`\
     Specifies that in case of a build failure, the temporary directory
     (usually in `/tmp`) in which the build takes place should not be
     deleted. The path of the build directory is printed as an
     informational message.
 
-  - [`--fallback`]{#opt-fallback}\
+  - `--fallback`\
     Whenever Nix attempts to build a derivation for which substitutes
     are known for each output path, but realising the output paths
     through the substitutes fails, fall back on building the derivation.
@@ -134,18 +134,18 @@ Most Nix commands accept the following command-line options:
     failure in obtaining the substitutes to lead to a full build from
     source (with the related consumption of resources).
 
-  - [`--readonly-mode`]{#opt-readonly-mode}\
+  - `--readonly-mode`\
     When this option is used, no attempt is made to open the Nix
     database. Most Nix operations do need database access, so those
     operations will fail.
 
-  - [`--arg`]{#opt-arg} *name* *value*\
+  - `--arg` *name* *value*\
     This option is accepted by `nix-env`, `nix-instantiate`,
     `nix-shell` and `nix-build`. When evaluating Nix expressions, the
     expression evaluator will automatically try to call functions that
     it encounters. It can automatically call functions for which every
     argument has a [default
-    value](../language/constructs.md#functions) (e.g.,
+    value](../expressions/language-constructs.md#functions) (e.g.,
     `{ argName ?  defaultValue }: ...`). With `--arg`, you can also
     call functions that have arguments without a default value (or
     override a default value). That is, if the evaluator encounters a
@@ -162,21 +162,21 @@ Most Nix commands accept the following command-line options:
     }: ...
     ```
 
-    So if you call this Nix expression (e.g., when you do `nix-env -iA
+    So if you call this Nix expression (e.g., when you do `nix-env -i
     pkgname`), the function will be called automatically using the
-    value [`builtins.currentSystem`](../language/builtins.md) for
+    value [`builtins.currentSystem`](../expressions/builtins.md) for
     the `system` argument. You can override this using `--arg`, e.g.,
-    `nix-env -iA pkgname --arg system \"i686-freebsd\"`. (Note that
+    `nix-env -i pkgname --arg system \"i686-freebsd\"`. (Note that
     since the argument is a Nix string literal, you have to escape the
     quotes.)
 
-  - [`--argstr`]{#opt-argstr} *name* *value*\
+  - `--argstr` *name* *value*\
     This option is like `--arg`, only the value is not a Nix
     expression but a string. So instead of `--arg system
     \"i686-linux\"` (the outer quotes are to keep the shell happy) you
     can say `--argstr system i686-linux`.
 
-  - [`--attr`]{#opt-attr} / `-A` *attrPath*\
+  - `--attr` / `-A` *attrPath*\
     Select an attribute from the top-level Nix expression being
     evaluated. (`nix-env`, `nix-instantiate`, `nix-build` and
     `nix-shell` only.) The *attribute path* *attrPath* is a sequence
@@ -191,7 +191,7 @@ Most Nix commands accept the following command-line options:
     attribute of the fourth element of the array in the `foo` attribute
     of the top-level expression.
 
-  - [`--expr`]{#opt-expr} / `-E`\
+  - `--expr` / `-E`\
     Interpret the command line arguments as a list of Nix expressions to
     be parsed and evaluated, rather than as a list of file names of Nix
     expressions. (`nix-instantiate`, `nix-build` and `nix-shell` only.)
@@ -202,17 +202,17 @@ Most Nix commands accept the following command-line options:
     use, give your expression to the `nix-shell -p` convenience flag
     instead.
 
-  - [`-I`]{#opt-I} *path*\
+  - `-I` *path*\
     Add a path to the Nix expression search path. This option may be
     given multiple times. See the `NIX_PATH` environment variable for
     information on the semantics of the Nix search path. Paths added
     through `-I` take precedence over `NIX_PATH`.
 
-  - [`--option`]{#opt-option} *name* *value*\
+  - `--option` *name* *value*\
     Set the Nix configuration option *name* to *value*. This overrides
     settings in the Nix configuration file (see nix.conf5).
 
-  - [`--repair`]{#opt-repair}\
+  - `--repair`\
     Fix corrupted or missing store paths by redownloading or rebuilding
     them. Note that this is slow because it requires computing a
     cryptographic hash of the contents of every path in the closure of

doc/manual/src/contributing/cli-guideline.md

@@ -3,7 +3,7 @@
 ## Goals
 
 Purpose of this document is to provide a clear direction to **help design
-delightful command line** experience. This document contains guidelines to
+delightful command line** experience. This document contain guidelines to
 follow to ensure a consistent and approachable user experience.
 
 ## Overview
@@ -103,7 +103,7 @@ impacted the most by bad user experience.
 # Help is essential
 
 Help should be built into your command line so that new users can gradually
-discover new features when they need them.
+discover new features when they need them. 
 
 ## Looking for help
 
@@ -115,7 +115,7 @@ The rules are:
 
 - Help is shown by using `--help` or `help` command (eg `nix` `--``help` or
   `nix help`).
-- For non-COMMANDs (eg. `nix` `--``help` and `nix store` `--``help`) we **show
+- For non-COMMANDs (eg. `nix` `--``help`  and `nix store` `--``help`) we **show
   a summary** of most common use cases. Summary is presented on the STDOUT
   without any use of PAGER.
 - For COMMANDs (eg. `nix init` `--``help` or `nix help init`) we display the
@@ -176,7 +176,7 @@ $ nix init --template=template#pyton
 ------------------------------------------------------------------------
 Initializing Nix project at `/path/to/here`.
       Select a template for you new project:
-          |> template#python
+          |> template#pyton
              template#python-pip
              template#python-poetry
 ```
@@ -230,17 +230,17 @@ Now **Learn** part of the output is where you educate users. You should only
 show it when you know that a build will take some time and not annoy users of
 the builds that take only few seconds.
 
-Every feature like this should go through an intensive review and testing to
-collect as much feedback as possible and to fine tune every little detail. If
+Every feature like this should go though a intensive review and testing to
+collect as much a feedback as possible and to fine tune every little detail. If
 done right this can be an awesome features beginners and advance users will
 love, but if not done perfectly it will annoy users and leave bad impression.
 
 # Input
 
-Input to a command is provided via `ARGUMENTS` and `OPTIONS`.
+Input to a command is provided via `ARGUMENTS` and `OPTIONS`. 
 
 `ARGUMENTS` represent a required input for a function. When choosing to use
-`ARGUMENTS` over `OPTIONS` please be aware of the downsides that come with it:
+`ARGUMENT` over function please be aware of the downsides that come with it:
 
 - User will need to remember the order of `ARGUMENTS`. This is not a problem if
   there is only one `ARGUMENT`.
@@ -253,7 +253,7 @@ developer consider the downsides and choose wisely.
 
 ## Naming the `OPTIONS`
 
-The only naming convention - apart from the ones mentioned in Naming the
+Then only naming convention - apart from the ones mentioned in Naming the
 `COMMANDS` section is how flags are named.
 
 Flags are a type of `OPTION` that represent an option that can be turned ON of
@@ -271,12 +271,12 @@ to improve the discoverability of possible input. A new user will most likely
 not know which `ARGUMENTS` and `OPTIONS` are required or which values are
 possible for those options.
 
-In case the user does not provide the input or they provide wrong input,
-rather than show the error, prompt a user with an option to find and select
+In cases, the user might not provide the input or they provide wrong input,
+rather then show the error, prompt a user with an option to find and select
 correct input (see examples).
 
 Prompting is of course not required when TTY is not attached to STDIN. This
-would mean that scripts won't need to handle prompt, but rather handle errors.
+would mean that scripts wont need to handle prompt, but rather handle errors.
 
 A place to use prompt and provide user with interactive select
 
@@ -300,9 +300,9 @@ going to happen.
 ```shell
 $ nix build --option substitutors https://cache.example.org
 ------------------------------------------------------------------------
-  Warning! A security related question needs to be answered.
+  Warning! A security related question need to be answered.
 ------------------------------------------------------------------------
-  The following substitutors will be used to in `my-project`:
+  The following substitutors will be used to in `my-project`: 
     - https://cache.example.org
 
   Do you allow `my-project` to use above mentioned substitutors?
@@ -311,14 +311,14 @@ $ nix build --option substitutors https://cache.example.org
 
 # Output
 
-Terminal output can be quite limiting in many ways. Which should force us to
+Terminal output can be quite limiting in many ways. Which should forces us to
 think about the experience even more. As with every design the output is a
 compromise between being terse and being verbose, between showing help to
 beginners and annoying advance users. For this it is important that we know
 what are the priorities.
 
 Nix command line should be first and foremost written with beginners in mind.
-But users won't stay beginners for long and what was once useful might quickly
+But users wont stay beginners for long and what was once useful might quickly
 become annoying. There is no golden rule that we can give in this guideline
 that would make it easier how to draw a line and find best compromise.
 
@@ -342,7 +342,7 @@ also allowing them to redirect content to a file. For example:
 ```shell
 $ nix build > build.txt
 ------------------------------------------------------------------------
-  Error! Attribute `bin` missing at (1:94) from string.
+  Error! Atrribute `bin` missing at (1:94) from string.
 ------------------------------------------------------------------------
 
   1| with import <nixpkgs> { }; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (surge.bin) ]; } ""
@@ -408,7 +408,7 @@ Above command clearly states that command successfully completed. And in case
 of `nix build`, which is a command that might take some time to complete, it is
 equally important to also show that a command started.
 
-## Text alignment
+## Text alignment 
 
 Text alignment is the number one design element that will present all of the
 Nix commands as a family and not as separate tools glued together.
@@ -419,7 +419,7 @@ The format we should follow is:
 $ nix COMMAND
    VERB_1 NOUN and other words
   VERB__1 NOUN and other words
-       |> Some details
+       |> Some details 
 ```
 
 Few rules that we can extract from above example:
@@ -444,13 +444,13 @@ is not even notable, therefore relying on it wouldn’t make much sense.
 
 **The bright text is much better supported** across terminals and color
 schemes. Most of the time the difference is perceived as if the bright text
-would be bold.
+would be bold. 
 
 ## Colors
 
 Humans are already conditioned by society to attach certain meaning to certain
 colors. While the meaning is not universal, a simple collection of colors is
-used to represent basic emotions.
+used to represent basic emotions. 
 
 Colors that can be used in output
 
@@ -508,7 +508,7 @@ can, with a few key strokes, be changed into and advance introspection tool.
 
 ### Progress
 
-For longer running commands we should provide and overview the progress.
+For longer running commands we should provide and overview of the progress.
 This is shown best in `nix build` example:
 
 ```shell
@@ -553,9 +553,9 @@ going to happen.
 ```shell
 $ nix build --option substitutors https://cache.example.org
 ------------------------------------------------------------------------
-  Warning! A security related question needs to be answered.
+  Warning! A security related question need to be answered.
 ------------------------------------------------------------------------
-  The following substitutors will be used to in `my-project`:
+  The following substitutors will be used to in `my-project`: 
     - https://cache.example.org
 
   Do you allow `my-project` to use above mentioned substitutors?
@@ -566,7 +566,7 @@ $ nix build --option substitutors https://cache.example.org
 
 There are many ways that you can control verbosity.
 
-Verbosity levels are:
+Verbosity levels are: 
 
 - `ERROR` (level 0)
 - `WARN` (level 1)
@@ -586,4 +586,4 @@ There are also two shortcuts, `--debug` to run in `DEBUG` verbosity level and
 
 # Appendix 1: Commands naming exceptions
 
-`nix init` and `nix repl` are well established
+`nix init` and `nix repl` are well established 

doc/manual/src/contributing/hacking.md

@@ -35,28 +35,6 @@ variables are set up so that those dependencies can be found:
 $ nix-shell
 ```
 
-or if you have a flake-enabled nix:
-
-```console
-$ nix develop
-```
-
-To get a shell with a different compilation environment (e.g. stdenv,
-gccStdenv, clangStdenv, clang11Stdenv, ccacheStdenv):
-
-```console
-$ nix-shell -A devShells.x86_64-linux.clang11StdenvPackages
-```
-
-or if you have a flake-enabled nix:
-
-```console
-$ nix develop .#clang11StdenvPackages
-```
-
-Note: you can use `ccacheStdenv` to drastically improve rebuild
-time. By default, ccache keeps artifacts in `~/.cache/ccache/`.
-
 To build Nix itself in this shell:
 
 ```console
@@ -74,6 +52,18 @@ To install it in `$(pwd)/outputs` and test it:
 nix (Nix) 3.0
 ```
 
+To run a functional test:
+
+```console
+make tests/test-name-should-auto-complete.sh.test
+```
+
+To run the unit-tests for C++ code:
+
+```
+make check
+```
+
 If you have a flakes-enabled Nix you can replace:
 
 ```console
@@ -85,200 +75,3 @@ by:
 ```console
 $ nix develop
 ```
-
-## Running tests
-
-### Unit-tests
-
-The unit-tests for each Nix library (`libexpr`, `libstore`, etc..) are defined
-under `src/{library_name}/tests` using the
-[googletest](https://google.github.io/googletest/) framework.
-
-You can run the whole testsuite with `make check`, or the tests for a specific component with `make libfoo-tests_RUN`. Finer-grained filtering is also possible using the [--gtest_filter](https://google.github.io/googletest/advanced.html#running-a-subset-of-the-tests) command-line option.
-
-### Functional tests
-
-The functional tests reside under the `tests` directory and are listed in `tests/local.mk`.
-Each test is a bash script.
-
-The whole test suite can be run with:
-
-```shell-session
-$ make install && make installcheck
-ran test tests/foo.sh... [PASS]
-ran test tests/bar.sh... [PASS]
-...
-```
-
-Individual tests can be run with `make`:
-
-```shell-session
-$ make tests/${testName}.sh.test
-ran test tests/${testName}.sh... [PASS]
-```
-
-or without `make`:
-
-```shell-session
-$ ./mk/run-test.sh tests/${testName}.sh
-ran test tests/${testName}.sh... [PASS]
-```
-
-To see the complete output, one can also run:
-
-```shell-session
-$ ./mk/debug-test.sh tests/${testName}.sh
-+ foo
-output from foo
-+ bar
-output from bar
-...
-```
-
-The test script will then be traced with `set -x` and the output displayed as it happens, regardless of whether the test succeeds or fails.
-
-#### Debugging failing functional tests
-
-When a functional test fails, it usually does so somewhere in the middle of the script.
-
-To figure out what's wrong, it is convenient to run the test regularly up to the failing `nix` command, and then run that command with a debugger like GDB.
-
-For example, if the script looks like:
-
-```bash
-foo
-nix blah blub
-bar
-```
-edit it like so:
-
-```diff
- foo
--nix blah blub
-+gdb --args nix blah blub
- bar
-```
-
-Then, running the test with `./mk/debug-test.sh` will drop you into GDB once the script reaches that point:
-
-```shell-session
-$ ./mk/debug-test.sh tests/${testName}.sh
-...
-+ gdb blash blub
-GNU gdb (GDB) 12.1
-...
-(gdb)
-```
-
-One can debug the Nix invocation in all the usual ways.
-For example, enter `run` to start the Nix invocation.
-
-### Integration tests
-
-The integration tests are defined in the Nix flake under the `hydraJobs.tests` attribute.
-These tests include everything that needs to interact with external services or run Nix in a non-trivial distributed setup.
-Because these tests are expensive and require more than what the standard github-actions setup provides, they only run on the master branch (on <https://hydra.nixos.org/jobset/nix/master>).
-
-You can run them manually with `nix build .#hydraJobs.tests.{testName}` or `nix-build -A hydraJobs.tests.{testName}`
-
-### Installer tests
-
-After a one-time setup, the Nix repository's GitHub Actions continuous integration (CI) workflow can test the installer each time you push to a branch.
-
-Creating a Cachix cache for your installer tests and adding its authorization token to GitHub enables [two installer-specific jobs in the CI workflow](https://github.com/NixOS/nix/blob/88a45d6149c0e304f6eb2efcc2d7a4d0d569f8af/.github/workflows/ci.yml#L50-L91):
-
-- The `installer` job generates installers for the platforms below and uploads them to your Cachix cache:
-  - `x86_64-linux`
-  - `armv6l-linux`
-  - `armv7l-linux`
-  - `x86_64-darwin`
-
-- The `installer_test` job (which runs on `ubuntu-latest` and `macos-latest`) will try to install Nix with the cached installer and run a trivial Nix command.
-
-#### One-time setup
-
-1. Have a GitHub account with a fork of the [Nix repository](https://github.com/NixOS/nix).
-2. At cachix.org:
-    - Create or log in to an account.
-    - Create a Cachix cache using the format `<github-username>-nix-install-tests`.
-    - Navigate to the new cache > Settings > Auth Tokens.
-    - Generate a new Cachix auth token and copy the generated value.
-3. At github.com:
-    - Navigate to your Nix fork > Settings > Secrets > Actions > New repository secret.
-    - Name the secret `CACHIX_AUTH_TOKEN`.
-    - Paste the copied value of the Cachix cache auth token.
-
-#### Using the CI-generated installer for manual testing
-
-After the CI run completes, you can check the output to extract the installer URL:
-1. Click into the detailed view of the CI run.
-2. Click into any `installer_test` run (the URL you're here to extract will be the same in all of them).
-3. Click into the `Run cachix/install-nix-action@v...` step and click the detail triangle next to the first log line (it will also be `Run cachix/install-nix-action@v...`)
-4. Copy the value of `install_url`
-5. To generate an install command, plug this `install_url` and your GitHub username into this template:
-
-    ```console
-    sh <(curl -L <install_url>) --tarball-url-prefix https://<github-username>-nix-install-tests.cachix.org/serve
-    ```
-
-<!-- #### Manually generating test installers
-
-There's obviously a manual way to do this, and it's still the only way for
-platforms that lack GA runners.
-
-I did do this back in Fall 2020 (before the GA approach encouraged here). I'll
-sketch what I recall in case it encourages someone to fill in detail, but: I
-didn't know what I was doing at the time and had to fumble/ask around a lot--
-so I don't want to uphold any of it as "right". It may have been dumb or
-the _hard_ way from the getgo. Fundamentals may have changed since.
-
-Here's the build command I used to do this on and for x86_64-darwin:
-nix build --out-link /tmp/foo ".#checks.x86_64-darwin.binaryTarball"
-
-I used the stable out-link to make it easier to script the next steps:
-link=$(readlink /tmp/foo)
-cp $link/*-darwin.tar.xz ~/somewheres
-
-I've lost the last steps and am just going from memory:
-
-From here, I think I had to extract and modify the `install` script to point
-it at this tarball (which I scped to my own site, but it might make more sense
-to just share them locally). I extracted this script once and then just
-search/replaced in it for each new build.
-
-The installer now supports a `--tarball-url-prefix` flag which _may_ have
-solved this need?
--->
-
-### Checking links in the manual
-
-The build checks for broken internal links.
-This happens late in the process, so `nix build` is not suitable for iterating.
-To build the manual incrementally, run:
-
-```console
-make html -j $NIX_BUILD_CORES
-```
-
-In order to reflect changes to the [Makefile], clear all generated files before re-building:
-
-[Makefile]: https://github.com/NixOS/nix/blob/master/doc/manual/local.mk
-
-```console
-rm $(git ls-files doc/manual/ -o | grep -F '.md') && rmdir doc/manual/src/command-ref/new-cli && make html -j $NIX_BUILD_CORES
-```
-
-[`mdbook-linkcheck`] does not implement checking [URI fragments] yet.
-
-[`mdbook-linkcheck`]: https://github.com/Michael-F-Bryan/mdbook-linkcheck
-[URI fragments]: https://en.m.wikipedia.org/wiki/URI_fragment
-
-#### `@docroot@` variable
-
-`@docroot@` provides a base path for links that occur in reusable snippets or other documentation that doesn't have a base path of its own.
-
-If a broken link occurs in a snippet that was inserted into multiple generated files in different directories, use `@docroot@` to reference the `doc/manual/src` directory.
-
-If the `@docroot@` literal appears in an error message from the `mdbook-linkcheck` tool, the `@docroot@` replacement needs to be applied to the generated source file that mentions it.
-See existing `@docroot@` logic in the [Makefile].
-Regular markdown files used for the manual have a base path of their own and they can use relative paths instead of `@docroot@`.

doc/manual/src/expressions/advanced-attributes.md

@@ -2,7 +2,7 @@
 
 Derivations can declare some infrequently used optional attributes.
 
-  - [`allowedReferences`]{#adv-attr-allowedReferences}\
+  - `allowedReferences`\
     The optional attribute `allowedReferences` specifies a list of legal
     references (dependencies) of the output of the builder. For example,
 
@@ -17,7 +17,7 @@ Derivations can declare some infrequently used optional attributes.
     booting Linux don’t have accidental dependencies on other paths in
     the Nix store.
 
-  - [`allowedRequisites`]{#adv-attr-allowedRequisites}\
+  - `allowedRequisites`\
     This attribute is similar to `allowedReferences`, but it specifies
     the legal requisites of the whole closure, so all the dependencies
     recursively. For example,
@@ -30,7 +30,7 @@ Derivations can declare some infrequently used optional attributes.
     runtime dependency than `foobar`, and in addition it enforces that
     `foobar` itself doesn't introduce any other dependency itself.
 
-  - [`disallowedReferences`]{#adv-attr-disallowedReferences}\
+  - `disallowedReferences`\
     The optional attribute `disallowedReferences` specifies a list of
     illegal references (dependencies) of the output of the builder. For
     example,
@@ -42,7 +42,7 @@ Derivations can declare some infrequently used optional attributes.
     enforces that the output of a derivation cannot have a direct
     runtime dependencies on the derivation `foo`.
 
-  - [`disallowedRequisites`]{#adv-attr-disallowedRequisites}\
+  - `disallowedRequisites`\
     This attribute is similar to `disallowedReferences`, but it
     specifies illegal requisites for the whole closure, so all the
     dependencies recursively. For example,
@@ -55,7 +55,7 @@ Derivations can declare some infrequently used optional attributes.
     dependency on `foobar` or any other derivation depending recursively
     on `foobar`.
 
-  - [`exportReferencesGraph`]{#adv-attr-exportReferencesGraph}\
+  - `exportReferencesGraph`\
     This attribute allows builders access to the references graph of
     their inputs. The attribute is a list of inputs in the Nix store
     whose references graph the builder needs to know. The value of
@@ -84,7 +84,7 @@ Derivations can declare some infrequently used optional attributes.
     with a Nix store containing the closure of a bootable NixOS
     configuration).
 
-  - [`impureEnvVars`]{#adv-attr-impureEnvVars}\
+  - `impureEnvVars`\
     This attribute allows you to specify a list of environment variables
     that should be passed from the environment of the calling user to
     the builder. Usually, the environment is cleared completely when the
@@ -112,7 +112,7 @@ Derivations can declare some infrequently used optional attributes.
     > environmental variables come from the environment of the
     > `nix-build`.
 
-  - [`outputHash`]{#adv-attr-outputHash}; [`outputHashAlgo`]{#adv-attr-outputHashAlgo}; [`outputHashMode`]{#adv-attr-outputHashMode}\
+  - `outputHash`; `outputHashAlgo`; `outputHashMode`\
     These attributes declare that the derivation is a so-called
     *fixed-output derivation*, which means that a cryptographic hash of
     the output is already known in advance. When the build of a
@@ -208,7 +208,7 @@ Derivations can declare some infrequently used optional attributes.
     [`nix-hash` command](../command-ref/nix-hash.md) for information
     about converting to and from base-32 notation.)
     
-  - [`__contentAddressed`]{#adv-attr-__contentAddressed}
+  - `__contentAddressed`
     If this **experimental** attribute is set to true, then the derivation
     outputs will be stored in a content-addressed location rather than the
     traditional input-addressed one.
@@ -216,7 +216,7 @@ Derivations can declare some infrequently used optional attributes.
     
     Setting this attribute also requires setting `outputHashMode` and `outputHashAlgo` like for *fixed-output derivations* (see above).
 
-  - [`passAsFile`]{#adv-attr-passAsFile}\
+  - `passAsFile`\
     A list of names of attributes that should be passed via files rather
     than environment variables. For example, if you have
 
@@ -234,15 +234,15 @@ Derivations can declare some infrequently used optional attributes.
     builder, since most operating systems impose a limit on the size
     of the environment (typically, a few hundred kilobyte).
 
-  - [`preferLocalBuild`]{#adv-attr-preferLocalBuild}\
+  - `preferLocalBuild`\
     If this attribute is set to `true` and [distributed building is
     enabled](../advanced-topics/distributed-builds.md), then, if
-    possible, the derivation will be built locally instead of forwarded
+    possible, the derivaton will be built locally instead of forwarded
     to a remote machine. This is appropriate for trivial builders
     where the cost of doing a download or remote build would exceed
     the cost of building locally.
 
-  - [`allowSubstitutes`]{#adv-attr-allowSubstitutes}\
+  - `allowSubstitutes`\
     If this attribute is set to `false`, then Nix will always build this
     derivation; it will not try to substitute its outputs. This is
     useful for very trivial derivations (such as `writeText` in Nixpkgs)

doc/manual/src/expressions/arguments-variables.md

@@ -0,0 +1,80 @@
+# Arguments and Variables
+
+The [Nix expression for GNU Hello](expression-syntax.md) is a
+function; it is missing some arguments that have to be filled in
+somewhere. In the Nix Packages collection this is done in the file
+`pkgs/top-level/all-packages.nix`, where all Nix expressions for
+packages are imported and called with the appropriate arguments. Here
+are some fragments of `all-packages.nix`, with annotations of what
+they mean:
+
+```nix
+...
+
+rec { ①
+
+  hello = import ../applications/misc/hello/ex-1 ② { ③
+    inherit fetchurl stdenv perl;
+  };
+
+  perl = import ../development/interpreters/perl { ④
+    inherit fetchurl stdenv;
+  };
+
+  fetchurl = import ../build-support/fetchurl {
+    inherit stdenv; ...
+  };
+
+  stdenv = ...;
+
+}
+```
+
+1.  This file defines a set of attributes, all of which are concrete
+    derivations (i.e., not functions). In fact, we define a *mutually
+    recursive* set of attributes. That is, the attributes can refer to
+    each other. This is precisely what we want since we want to “plug”
+    the various packages into each other.
+
+2.  Here we *import* the Nix expression for GNU Hello. The import
+    operation just loads and returns the specified Nix expression. In
+    fact, we could just have put the contents of the Nix expression
+    for GNU Hello in `all-packages.nix` at this point. That would be
+    completely equivalent, but it would make `all-packages.nix` rather
+    bulky.
+    
+    Note that we refer to `../applications/misc/hello/ex-1`, not
+    `../applications/misc/hello/ex-1/default.nix`. When you try to
+    import a directory, Nix automatically appends `/default.nix` to the
+    file name.
+
+3.  This is where the actual composition takes place. Here we *call* the
+    function imported from `../applications/misc/hello/ex-1` with a set
+    containing the things that the function expects, namely `fetchurl`,
+    `stdenv`, and `perl`. We use inherit again to use the attributes
+    defined in the surrounding scope (we could also have written
+    `fetchurl = fetchurl;`, etc.).
+    
+    The result of this function call is an actual derivation that can be
+    built by Nix (since when we fill in the arguments of the function,
+    what we get is its body, which is the call to `stdenv.mkDerivation`
+    in the [Nix expression for GNU Hello](expression-syntax.md)).
+    
+    > **Note**
+    > 
+    > Nixpkgs has a convenience function `callPackage` that imports and
+    > calls a function, filling in any missing arguments by passing the
+    > corresponding attribute from the Nixpkgs set, like this:
+    > 
+    > ```nix
+    > hello = callPackage ../applications/misc/hello/ex-1 { };
+    > ```
+    > 
+    > If necessary, you can set or override arguments:
+    > 
+    > ```nix
+    > hello = callPackage ../applications/misc/hello/ex-1 { stdenv = myStdenv; };
+    > ```
+
+4.  Likewise, we have to instantiate Perl, `fetchurl`, and the standard
+    environment.

doc/manual/src/expressions/build-script.md

@@ -0,0 +1,70 @@
+# Build Script
+
+Here is the builder referenced from Hello's Nix expression (stored in
+`pkgs/applications/misc/hello/ex-1/builder.sh`):
+
+```bash
+source $stdenv/setup ①
+
+PATH=$perl/bin:$PATH ②
+
+tar xvfz $src ③
+cd hello-*
+./configure --prefix=$out ④
+make ⑤
+make install
+```
+
+The builder can actually be made a lot shorter by using the *generic
+builder* functions provided by `stdenv`, but here we write out the build
+steps to elucidate what a builder does. It performs the following steps:
+
+1.  When Nix runs a builder, it initially completely clears the
+    environment (except for the attributes declared in the derivation).
+    This is done to prevent undeclared inputs from being used in the
+    build process. If for example the `PATH` contained `/usr/bin`, then
+    you might accidentally use `/usr/bin/gcc`.
+    
+    So the first step is to set up the environment. This is done by
+    calling the `setup` script of the standard environment. The
+    environment variable `stdenv` points to the location of the
+    standard environment being used. (It wasn't specified explicitly
+    as an attribute in Hello's Nix expression, but `mkDerivation` adds
+    it automatically.)
+
+2.  Since Hello needs Perl, we have to make sure that Perl is in the
+    `PATH`. The `perl` environment variable points to the location of
+    the Perl package (since it was passed in as an attribute to the
+    derivation), so `$perl/bin` is the directory containing the Perl
+    interpreter.
+
+3.  Now we have to unpack the sources. The `src` attribute was bound to
+    the result of fetching the Hello source tarball from the network, so
+    the `src` environment variable points to the location in the Nix
+    store to which the tarball was downloaded. After unpacking, we `cd`
+    to the resulting source directory.
+    
+    The whole build is performed in a temporary directory created in
+    `/tmp`, by the way. This directory is removed after the builder
+    finishes, so there is no need to clean up the sources afterwards.
+    Also, the temporary directory is always newly created, so you don't
+    have to worry about files from previous builds interfering with the
+    current build.
+
+4.  GNU Hello is a typical Autoconf-based package, so we first have to
+    run its `configure` script. In Nix every package is stored in a
+    separate location in the Nix store, for instance
+    `/nix/store/9a54ba97fb71b65fda531012d0443ce2-hello-2.1.1`. Nix
+    computes this path by cryptographically hashing all attributes of
+    the derivation. The path is passed to the builder through the `out`
+    environment variable. So here we give `configure` the parameter
+    `--prefix=$out` to cause Hello to be installed in the expected
+    location.
+
+5.  Finally we build Hello (`make`) and install it into the location
+    specified by `out` (`make install`).
+
+If you are wondering about the absence of error checking on the result
+of various commands called in the builder: this is because the shell
+script is evaluated with Bash's `-e` option, which causes the script to
+be aborted if any command fails without an error check.

doc/manual/src/expressions/builtin-constants.md

@@ -14,7 +14,7 @@ Here are the constants built into the Nix expression evaluator:
     This allows a Nix expression to fall back gracefully on older Nix
     installations that don’t have the desired built-in function.
 
-  - [`builtins.currentSystem`]{#builtins-currentSystem}\
+  - `builtins.currentSystem`\
     The built-in value `currentSystem` evaluates to the Nix platform
     identifier for the Nix installation on which the expression is being
     evaluated, such as `"i686-linux"` or `"x86_64-darwin"`.

doc/manual/src/expressions/builtins-prefix.md

@@ -9,8 +9,7 @@ scope. Instead, you can access them through the `builtins` built-in
 value, which is a set that contains all built-in functions and values.
 For instance, `derivation` is also available as `builtins.derivation`.
 
-<dl>
-  <dt><code>derivation <var>attrs</var></code>;
-      <code>builtins.derivation <var>attrs</var></code></dt>
-  <dd><p><var>derivation</var> is described in
-         <a href="derivations.md">its own section</a>.</p></dd>
+  - `derivation` *attrs*; `builtins.derivation` *attrs*\
+
+    `derivation` is described in [its own section](derivations.md).
+

doc/manual/src/expressions/derivations.md

@@ -1,10 +1,10 @@
 # Derivations
 
 The most important built-in function is `derivation`, which is used to
-describe a single derivation (a build task). It takes as input a set,
+describe a single derivation (a build action). It takes as input a set,
 the attributes of which specify the inputs of the build.
 
-  - There must be an attribute named [`system`]{#attr-system} whose value must be a
+  - There must be an attribute named `system` whose value must be a
     string specifying a Nix system type, such as `"i686-linux"` or
     `"x86_64-darwin"`. (To figure out your system type, run `nix -vv
     --version`.) The build can only be performed on a machine and

doc/manual/src/expressions/expression-language.md

@@ -0,0 +1,12 @@
+# Nix Expression Language
+
+The Nix expression language is a pure, lazy, functional language. Purity
+means that operations in the language don't have side-effects (for
+instance, there is no variable assignment). Laziness means that
+arguments to functions are evaluated only when they are needed.
+Functional means that functions are “normal” values that can be passed
+around and manipulated in interesting ways. The language is not a
+full-featured, general purpose language. Its main job is to describe
+packages, compositions of packages, and the variability within packages.
+
+This section presents the various features of the language.

doc/manual/src/expressions/expression-syntax.md

@@ -0,0 +1,93 @@
+# Expression Syntax
+
+Here is a Nix expression for GNU Hello:
+
+```nix
+{ stdenv, fetchurl, perl }: ①
+
+stdenv.mkDerivation { ②
+  name = "hello-2.1.1"; ③
+  builder = ./builder.sh; ④
+  src = fetchurl { ⑤
+    url = "ftp://ftp.nluug.nl/pub/gnu/hello/hello-2.1.1.tar.gz";
+    sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
+  };
+  inherit perl; ⑥
+}
+```
+
+This file is actually already in the Nix Packages collection in
+`pkgs/applications/misc/hello/ex-1/default.nix`. It is customary to
+place each package in a separate directory and call the single Nix
+expression in that directory `default.nix`. The file has the following
+elements (referenced from the figure by number):
+
+1.  This states that the expression is a *function* that expects to be
+    called with three arguments: `stdenv`, `fetchurl`, and `perl`. They
+    are needed to build Hello, but we don't know how to build them here;
+    that's why they are function arguments. `stdenv` is a package that
+    is used by almost all Nix Packages packages; it provides a
+    “standard” environment consisting of the things you would expect
+    in a basic Unix environment: a C/C++ compiler (GCC, to be precise),
+    the Bash shell, fundamental Unix tools such as `cp`, `grep`, `tar`,
+    etc. `fetchurl` is a function that downloads files. `perl` is the
+    Perl interpreter.
+    
+    Nix functions generally have the form `{ x, y, ..., z }: e` where
+    `x`, `y`, etc. are the names of the expected arguments, and where
+    *e* is the body of the function. So here, the entire remainder of
+    the file is the body of the function; when given the required
+    arguments, the body should describe how to build an instance of
+    the Hello package.
+
+2.  So we have to build a package. Building something from other stuff
+    is called a *derivation* in Nix (as opposed to sources, which are
+    built by humans instead of computers). We perform a derivation by
+    calling `stdenv.mkDerivation`. `mkDerivation` is a function
+    provided by `stdenv` that builds a package from a set of
+    *attributes*. A set is just a list of key/value pairs where each
+    key is a string and each value is an arbitrary Nix
+    expression. They take the general form `{ name1 = expr1; ...
+    nameN = exprN; }`.
+
+3.  The attribute `name` specifies the symbolic name and version of
+    the package. Nix doesn't really care about these things, but they
+    are used by for instance `nix-env -q` to show a “human-readable”
+    name for packages. This attribute is required by `mkDerivation`.
+
+4.  The attribute `builder` specifies the builder. This attribute can
+    sometimes be omitted, in which case `mkDerivation` will fill in a
+    default builder (which does a `configure; make; make install`, in
+    essence). Hello is sufficiently simple that the default builder
+    would suffice, but in this case, we will show an actual builder
+    for educational purposes. The value `./builder.sh` refers to the
+    shell script shown in the [next section](build-script.md),
+    discussed below.
+
+5.  The builder has to know what the sources of the package are. Here,
+    the attribute `src` is bound to the result of a call to the
+    `fetchurl` function. Given a URL and a SHA-256 hash of the expected
+    contents of the file at that URL, this function builds a derivation
+    that downloads the file and checks its hash. So the sources are a
+    dependency that like all other dependencies is built before Hello
+    itself is built.
+    
+    Instead of `src` any other name could have been used, and in fact
+    there can be any number of sources (bound to different attributes).
+    However, `src` is customary, and it's also expected by the default
+    builder (which we don't use in this example).
+
+6.  Since the derivation requires Perl, we have to pass the value of the
+    `perl` function argument to the builder. All attributes in the set
+    are actually passed as environment variables to the builder, so
+    declaring an attribute
+
+    ```nix
+    perl = perl;
+    ```
+    
+    will do the trick: it binds an attribute `perl` to the function
+    argument which also happens to be called `perl`. However, it looks a
+    bit silly, so there is a shorter syntax. The `inherit` keyword
+    causes the specified attributes to be bound to whatever variables
+    with the same name happen to be in scope.

doc/manual/src/expressions/generic-builder.md

@@ -0,0 +1,66 @@
+# Generic Builder Syntax
+
+Recall that the [build script for GNU Hello](build-script.md) looked
+something like this:
+
+```bash
+PATH=$perl/bin:$PATH
+tar xvfz $src
+cd hello-*
+./configure --prefix=$out
+make
+make install
+```
+
+The builders for almost all Unix packages look like this — set up some
+environment variables, unpack the sources, configure, build, and
+install. For this reason the standard environment provides some Bash
+functions that automate the build process. Here is what a builder using
+the generic build facilities looks like:
+
+```bash
+buildInputs="$perl" ①
+
+source $stdenv/setup ②
+
+genericBuild ③
+```
+
+Here is what each line means:
+
+1.  The `buildInputs` variable tells `setup` to use the indicated
+    packages as “inputs”. This means that if a package provides a `bin`
+    subdirectory, it's added to `PATH`; if it has a `include`
+    subdirectory, it's added to GCC's header search path; and so on.
+    (This is implemented in a modular way: `setup` tries to source the
+    file `pkg/nix-support/setup-hook` of all dependencies. These “setup
+    hooks” can then set up whatever environment variables they want; for
+    instance, the setup hook for Perl sets the `PERL5LIB` environment
+    variable to contain the `lib/site_perl` directories of all inputs.)
+
+2.  The function `genericBuild` is defined in the file `$stdenv/setup`.
+
+3.  The final step calls the shell function `genericBuild`, which
+    performs the steps that were done explicitly in the previous build
+    script. The generic builder is smart enough to figure out whether
+    to unpack the sources using `gzip`, `bzip2`, etc.  It can be
+    customised in many ways; see the Nixpkgs manual for details.
+
+Discerning readers will note that the `buildInputs` could just as well
+have been set in the Nix expression, like this:
+
+```nix
+  buildInputs = [ perl ];
+```
+
+The `perl` attribute can then be removed, and the builder becomes even
+shorter:
+
+```bash
+source $stdenv/setup
+genericBuild
+```
+
+In fact, `mkDerivation` provides a default builder that looks exactly
+like that, so it is actually possible to omit the builder for Hello
+entirely.

doc/manual/src/expressions/language-constructs.md

@@ -284,10 +284,6 @@ The points of interest are:
     function is called with the `localServer` argument set to `true` but
     the `db4` argument set to `null`, then the evaluation fails.
 
-    Note that `->` is the [logical
-    implication](https://en.wikipedia.org/wiki/Truth_table#Logical_implication)
-    Boolean operation.
-
 2.  This is a more subtle condition: if Subversion is built with Apache
     (`httpServer`) support, then the Expat library (an XML library) used
     by Subversion should be same as the one used by Apache. This is

doc/manual/src/expressions/language-operators.md

@@ -0,0 +1,28 @@
+# Operators
+
+The table below lists the operators in the Nix expression language, in
+order of precedence (from strongest to weakest binding).
+
+| Name                     | Syntax                              | Associativity | Description                                                                                                                                                                                                                   | Precedence |
+| ------------------------ | ----------------------------------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- |
+| Select                   | *e* `.` *attrpath* \[ `or` *def* \] | none          | Select attribute denoted by the attribute path *attrpath* from set *e*. (An attribute path is a dot-separated list of attribute names.) If the attribute doesn’t exist, return *def* if provided, otherwise abort evaluation. | 1          |
+| Application              | *e1* *e2*                           | left          | Call function *e1* with argument *e2*.                                                                                                                                                                                        | 2          |
+| Arithmetic Negation      | `-` *e*                             | none          | Arithmetic negation.                                                                                                                                                                                                          | 3          |
+| Has Attribute            | *e* `?` *attrpath*                  | none          | Test whether set *e* contains the attribute denoted by *attrpath*; return `true` or `false`.                                                                                                                                  | 4          |
+| List Concatenation       | *e1* `++` *e2*                      | right         | List concatenation.                                                                                                                                                                                                           | 5          |
+| Multiplication           | *e1* `*` *e2*,                      | left          | Arithmetic multiplication.                                                                                                                                                                                                    | 6          |
+| Division                 | *e1* `/` *e2*                       | left          | Arithmetic division.                                                                                                                                                                                                          | 6          |
+| Addition                 | *e1* `+` *e2*                       | left          | Arithmetic addition.                                                                                                                                                                                                          | 7          |
+| Subtraction              | *e1* `-` *e2*                       | left          | Arithmetic subtraction.                                                                                                                                                                                                       | 7          |
+| String Concatenation     | *string1* `+` *string2*             | left          | String concatenation.                                                                                                                                                                                                         | 7          |
+| Not                      | `!` *e*                             | none          | Boolean negation.                                                                                                                                                                                                             | 8          |
+| Update                   | *e1* `//` *e2*                      | right         | Return a set consisting of the attributes in *e1* and *e2* (with the latter taking precedence over the former in case of equally named attributes).                                                                           | 9          |
+| Less Than                | *e1* `<` *e2*,                      | none          | Arithmetic comparison.                                                                                                                                                                                                        | 10         |
+| Less Than or Equal To    | *e1* `<=` *e2*                      | none          | Arithmetic comparison.                                                                                                                                                                                                        | 10         |
+| Greater Than             | *e1* `>` *e2*                       | none          | Arithmetic comparison.                                                                                                                                                                                                        | 10         |
+| Greater Than or Equal To | *e1* `>=` *e2*                      | none          | Arithmetic comparison.                                                                                                                                                                                                        | 10         |
+| Equality                 | *e1* `==` *e2*                      | none          | Equality.                                                                                                                                                                                                                     | 11         |
+| Inequality               | *e1* `!=` *e2*                      | none          | Inequality.                                                                                                                                                                                                                   | 11         |
+| Logical AND              | *e1* `&&` *e2*                      | left          | Logical AND.                                                                                                                                                                                                                  | 12         |
+| Logical OR               | *e1* `\|\|` *e2*                    | left          | Logical OR.                                                                                                                                                                                                                   | 13         |
+| Logical Implication      | *e1* `->` *e2*                      | none          | Logical implication (equivalent to `!e1 \|\| e2`).                                                                                                                                                                            | 14         |

doc/manual/src/expressions/language-values.md

@@ -0,0 +1,244 @@
+# Values
+
+## Simple Values
+
+Nix has the following basic data types:
+
+  - *Strings* can be written in three ways.
+    
+    The most common way is to enclose the string between double quotes,
+    e.g., `"foo bar"`. Strings can span multiple lines. The special
+    characters `"` and `\` and the character sequence `${` must be
+    escaped by prefixing them with a backslash (`\`). Newlines, carriage
+    returns and tabs can be written as `\n`, `\r` and `\t`,
+    respectively.
+    
+    You can include the result of an expression into a string by
+    enclosing it in `${...}`, a feature known as *antiquotation*. The
+    enclosed expression must evaluate to something that can be coerced
+    into a string (meaning that it must be a string, a path, or a
+    derivation). For instance, rather than writing
+    
+    ```nix
+    "--with-freetype2-library=" + freetype + "/lib"
+    ```
+    
+    (where `freetype` is a derivation), you can instead write the more
+    natural
+    
+    ```nix
+    "--with-freetype2-library=${freetype}/lib"
+    ```
+    
+    The latter is automatically translated to the former. A more
+    complicated example (from the Nix expression for
+    [Qt](http://www.trolltech.com/products/qt)):
+    
+    ```nix
+    configureFlags = "
+      -system-zlib -system-libpng -system-libjpeg
+      ${if openglSupport then "-dlopen-opengl
+        -L${mesa}/lib -I${mesa}/include
+        -L${libXmu}/lib -I${libXmu}/include" else ""}
+      ${if threadSupport then "-thread" else "-no-thread"}
+    ";
+    ```
+    
+    Note that Nix expressions and strings can be arbitrarily nested; in
+    this case the outer string contains various antiquotations that
+    themselves contain strings (e.g., `"-thread"`), some of which in
+    turn contain expressions (e.g., `${mesa}`).
+    
+    The second way to write string literals is as an *indented string*,
+    which is enclosed between pairs of *double single-quotes*, like so:
+    
+    ```nix
+    ''
+      This is the first line.
+      This is the second line.
+        This is the third line.
+    ''
+    ```
+    
+    This kind of string literal intelligently strips indentation from
+    the start of each line. To be precise, it strips from each line a
+    number of spaces equal to the minimal indentation of the string as a
+    whole (disregarding the indentation of empty lines). For instance,
+    the first and second line are indented two space, while the third
+    line is indented four spaces. Thus, two spaces are stripped from
+    each line, so the resulting string is
+    
+    ```nix
+    "This is the first line.\nThis is the second line.\n  This is the third line.\n"
+    ```
+    
+    Note that the whitespace and newline following the opening `''` is
+    ignored if there is no non-whitespace text on the initial line.
+    
+    Antiquotation (`${expr}`) is supported in indented strings.
+    
+    Since `${` and `''` have special meaning in indented strings, you
+    need a way to quote them. `$` can be escaped by prefixing it with
+    `''` (that is, two single quotes), i.e., `''$`. `''` can be escaped
+    by prefixing it with `'`, i.e., `'''`. `$` removes any special
+    meaning from the following `$`. Linefeed, carriage-return and tab
+    characters can be written as `''\n`, `''\r`, `''\t`, and `''\`
+    escapes any other character.
+    
+    Indented strings are primarily useful in that they allow multi-line
+    string literals to follow the indentation of the enclosing Nix
+    expression, and that less escaping is typically necessary for
+    strings representing languages such as shell scripts and
+    configuration files because `''` is much less common than `"`.
+    Example:
+    
+    ```nix
+    stdenv.mkDerivation {
+      ...
+      postInstall =
+        ''
+          mkdir $out/bin $out/etc
+          cp foo $out/bin
+          echo "Hello World" > $out/etc/foo.conf
+          ${if enableBar then "cp bar $out/bin" else ""}
+        '';
+      ...
+    }
+    ```
+    
+    Finally, as a convenience, *URIs* as defined in appendix B of
+    [RFC 2396](http://www.ietf.org/rfc/rfc2396.txt) can be written *as
+    is*, without quotes. For instance, the string
+    `"http://example.org/foo.tar.bz2"` can also be written as
+    `http://example.org/foo.tar.bz2`.
+
+  - Numbers, which can be *integers* (like `123`) or *floating point*
+    (like `123.43` or `.27e13`).
+    
+    Numbers are type-compatible: pure integer operations will always
+    return integers, whereas any operation involving at least one
+    floating point number will have a floating point number as a result.
+
+  - *Paths*, e.g., `/bin/sh` or `./builder.sh`. A path must contain at
+    least one slash to be recognised as such. For instance, `builder.sh`
+    is not a path: it's parsed as an expression that selects the
+    attribute `sh` from the variable `builder`. If the file name is
+    relative, i.e., if it does not begin with a slash, it is made
+    absolute at parse time relative to the directory of the Nix
+    expression that contained it. For instance, if a Nix expression in
+    `/foo/bar/bla.nix` refers to `../xyzzy/fnord.nix`, the absolute path
+    is `/foo/xyzzy/fnord.nix`.
+    
+    If the first component of a path is a `~`, it is interpreted as if
+    the rest of the path were relative to the user's home directory.
+    e.g. `~/foo` would be equivalent to `/home/edolstra/foo` for a user
+    whose home directory is `/home/edolstra`.
+    
+    Paths can also be specified between angle brackets, e.g.
+    `<nixpkgs>`. This means that the directories listed in the
+    environment variable `NIX_PATH` will be searched for the given file
+    or directory name.
+
+  - *Booleans* with values `true` and `false`.
+
+  - The null value, denoted as `null`.
+
+## Lists
+
+Lists are formed by enclosing a whitespace-separated list of values
+between square brackets. For example,
+
+```nix
+[ 123 ./foo.nix "abc" (f { x = y; }) ]
+```
+
+defines a list of four elements, the last being the result of a call to
+the function `f`. Note that function calls have to be enclosed in
+parentheses. If they had been omitted, e.g.,
+
+```nix
+[ 123 ./foo.nix "abc" f { x = y; } ]
+```
+
+the result would be a list of five elements, the fourth one being a
+function and the fifth being a set.
+
+Note that lists are only lazy in values, and they are strict in length.
+
+## Sets
+
+Sets are really the core of the language, since ultimately the Nix
+language is all about creating derivations, which are really just sets
+of attributes to be passed to build scripts.
+
+Sets are just a list of name/value pairs (called *attributes*) enclosed
+in curly brackets, where each value is an arbitrary expression
+terminated by a semicolon. For example:
+
+```nix
+{ x = 123;
+  text = "Hello";
+  y = f { bla = 456; };
+}
+```
+
+This defines a set with attributes named `x`, `text`, `y`. The order of
+the attributes is irrelevant. An attribute name may only occur once.
+
+Attributes can be selected from a set using the `.` operator. For
+instance,
+
+```nix
+{ a = "Foo"; b = "Bar"; }.a
+```
+
+evaluates to `"Foo"`. It is possible to provide a default value in an
+attribute selection using the `or` keyword. For example,
+
+```nix
+{ a = "Foo"; b = "Bar"; }.c or "Xyzzy"
+```
+
+will evaluate to `"Xyzzy"` because there is no `c` attribute in the set.
+
+You can use arbitrary double-quoted strings as attribute names:
+
+```nix
+{ "foo ${bar}" = 123; "nix-1.0" = 456; }."foo ${bar}"
+```
+
+This will evaluate to `123` (Assuming `bar` is antiquotable). In the
+case where an attribute name is just a single antiquotation, the quotes
+can be dropped:
+
+```nix
+{ foo = 123; }.${bar} or 456
+```
+
+This will evaluate to `123` if `bar` evaluates to `"foo"` when coerced
+to a string and `456` otherwise (again assuming `bar` is antiquotable).
+
+In the special case where an attribute name inside of a set declaration
+evaluates to `null` (which is normally an error, as `null` is not
+antiquotable), that attribute is simply not added to the set:
+
+```nix
+{ ${if foo then "bar" else null} = true; }
+```
+
+This will evaluate to `{}` if `foo` evaluates to `false`.
+
+A set that has a `__functor` attribute whose value is callable (i.e. is
+itself a function or a set with a `__functor` attribute whose value is
+callable) can be applied as if it were a function, with the set itself
+passed in first , e.g.,
+
+```nix
+let add = { __functor = self: x: x + self.x; };
+    inc = add // { x = 1; };
+in inc 1
+```
+
+evaluates to `2`. This can be used to attach metadata to a function
+without the caller needing to treat it specially, or to implement a form
+of object-oriented programming, for example.

doc/manual/src/expressions/simple-building-testing.md

@@ -0,0 +1,61 @@
+# Building and Testing
+
+You can now try to build Hello. Of course, you could do `nix-env -i
+hello`, but you may not want to install a possibly broken package just
+yet. The best way to test the package is by using the command
+`nix-build`, which builds a Nix expression and creates a symlink named
+`result` in the current directory:
+
+```console
+$ nix-build -A hello
+building path `/nix/store/632d2b22514d...-hello-2.1.1'
+hello-2.1.1/
+hello-2.1.1/intl/
+hello-2.1.1/intl/ChangeLog
+...
+
+$ ls -l result
+lrwxrwxrwx ... 2006-09-29 10:43 result -> /nix/store/632d2b22514d...-hello-2.1.1
+
+$ ./result/bin/hello
+Hello, world!
+```
+
+The `-A` option selects the `hello` attribute. This is faster than
+using the symbolic package name specified by the `name` attribute
+(which also happens to be `hello`) and is unambiguous (there can be
+multiple packages with the symbolic name `hello`, but there can be
+only one attribute in a set named `hello`).
+
+`nix-build` registers the `./result` symlink as a garbage collection
+root, so unless and until you delete the `./result` symlink, the output
+of the build will be safely kept on your system. You can use
+`nix-build`’s `-o` switch to give the symlink another name.
+
+Nix has transactional semantics. Once a build finishes successfully, Nix
+makes a note of this in its database: it registers that the path denoted
+by `out` is now “valid”. If you try to build the derivation again, Nix
+will see that the path is already valid and finish immediately. If a
+build fails, either because it returns a non-zero exit code, because Nix
+or the builder are killed, or because the machine crashes, then the
+output paths will not be registered as valid. If you try to build the
+derivation again, Nix will remove the output paths if they exist (e.g.,
+because the builder died half-way through `make
+install`) and try again. Note that there is no “negative caching”: Nix
+doesn't remember that a build failed, and so a failed build can always
+be repeated. This is because Nix cannot distinguish between permanent
+failures (e.g., a compiler error due to a syntax error in the source)
+and transient failures (e.g., a disk full condition).
+
+Nix also performs locking. If you run multiple Nix builds
+simultaneously, and they try to build the same derivation, the first Nix
+instance that gets there will perform the build, while the others block
+(or perform other derivations if available) until the build finishes:
+
+```console
+$ nix-build -A hello
+waiting for lock on `/nix/store/0h5b7hp8d4hqfrw8igvx97x1xawrjnac-hello-2.1.1x'
+```
+
+So it is always safe to run multiple instances of Nix in parallel (which
+isn’t the case with, say, `make`).

doc/manual/src/expressions/simple-expression.md

@@ -0,0 +1,23 @@
+# A Simple Nix Expression
+
+This section shows how to add and test the [GNU Hello
+package](http://www.gnu.org/software/hello/hello.html) to the Nix
+Packages collection. Hello is a program that prints out the text “Hello,
+world\!”.
+
+To add a package to the Nix Packages collection, you generally need to
+do three things:
+
+1.  Write a Nix expression for the package. This is a file that
+    describes all the inputs involved in building the package, such as
+    dependencies, sources, and so on.
+
+2.  Write a *builder*. This is a shell script that builds the package
+    from the inputs. (In fact, it can be written in any language, but
+    typically it's a `bash` shell script.)
+
+3.  Add the package to the file `pkgs/top-level/all-packages.nix`. The
+    Nix expression written in the first step is a *function*; it
+    requires other packages in order to build it. In this step you put
+    it all together, i.e., you call the function with the right
+    arguments to build the actual package.

doc/manual/src/expressions/writing-nix-expressions.md

@@ -0,0 +1,12 @@
+This chapter shows you how to write Nix expressions, which instruct Nix
+how to build packages. It starts with a simple example (a Nix expression
+for GNU Hello), and then moves on to a more in-depth look at the Nix
+expression language.
+
+> **Note**
+> 
+> This chapter is mostly about the Nix expression language. For more
+> extensive information on adding packages to the Nix Packages
+> collection (such as functions in the standard environment and coding
+> conventions), please consult [its
+> manual](http://nixos.org/nixpkgs/manual/).

doc/manual/src/glossary.md

@@ -1,134 +1,62 @@
 # Glossary
 
-  - [derivation]{#gloss-derivation}\
-    A description of a build task. The result of a derivation is a
+  - derivation\
+    A description of a build action. The result of a derivation is a
     store object. Derivations are typically specified in Nix expressions
-    using the [`derivation` primitive](./language/derivations.md). These are
+    using the [`derivation` primitive](expressions/derivations.md). These are
     translated into low-level *store derivations* (implicitly by
     `nix-env` and `nix-build`, or explicitly by `nix-instantiate`).
 
-    [derivation]: #gloss-derivation
-
-  - [store derivation]{#gloss-store-derivation}\
-    A [derivation] represented as a `.drv` file in the [store].
-    It has a [store path], like any [store object].
-
-    Example: `/nix/store/g946hcz4c8mdvq2g8vxx42z51qb71rvp-git-2.38.1.drv`
-
-    See [`nix show-derivation`](./command-ref/new-cli/nix3-show-derivation.md) (experimental) for displaying the contents of store derivations.
-
-    [store derivation]: #gloss-store-derivation
-
-  - [content-addressed derivation]{#gloss-content-addressed-derivation}\
-    A derivation which has the
-    [`__contentAddressed`](./language/advanced-attributes.md#adv-attr-__contentAddressed)
-    attribute set to `true`.
-
-  - [fixed-output derivation]{#gloss-fixed-output-derivation}\
-    A derivation which includes the
-    [`outputHash`](./language/advanced-attributes.md#adv-attr-outputHash) attribute.
-
-  - [store]{#gloss-store}\
+  - store\
     The location in the file system where store objects live. Typically
     `/nix/store`.
 
-    From   the  perspective   of   the  location   where  Nix   is
-    invoked, the  Nix store can be  referred to
-    as a "_local_" or a "_remote_" one:
-
-    + A *local  store* exists  on the filesystem of
-      the machine where Nix is  invoked. You can use other
-      local stores  by passing  the `--store` flag  to the
-      `nix` command.  Local stores can be used for building derivations.
-
-    + A  *remote store*  exists  anywhere  other than  the
-      local  filesystem. One  example is  the `/nix/store`
-      directory on another machine,  accessed via `ssh` or
-      served by the `nix-serve` Perl script.
-
-    [store]: #gloss-store
-
-  - [chroot store]{#gloss-chroot-store}\
-    A local store whose canonical path is anything other than `/nix/store`.
-
-  - [binary cache]{#gloss-binary-cache}\
-    A *binary cache* is a Nix store which uses a different format: its
-    metadata and signatures are kept in `.narinfo` files rather than in a
-    Nix database.  This different format simplifies serving store objects
-    over the network, but cannot host builds.  Examples of binary caches
-    include S3 buckets and the [NixOS binary
-    cache](https://cache.nixos.org).
-
-  - [store path]{#gloss-store-path}\
-    The location of a [store object] in the file system, i.e., an
+  - store path\
+    The location in the file system of a store object, i.e., an
     immediate child of the Nix store directory.
 
-    Example: `/nix/store/a040m110amc4h71lds2jmr8qrkj2jhxd-git-2.38.1`
-
-    [store path]: #gloss-store-path
-
-  - [store object]{#gloss-store-object}\
+  - store object\
     A file that is an immediate child of the Nix store directory. These
     can be regular files, but also entire directory trees. Store objects
     can be sources (objects copied from outside of the store),
-    derivation outputs (objects produced by running a build task), or
-    derivations (files describing a build task).
+    derivation outputs (objects produced by running a build action), or
+    derivations (files describing a build action).
 
-    [store object]: #gloss-store-object
-
-  - [input-addressed store object]{#gloss-input-addressed-store-object}\
-    A store object produced by building a
-    non-[content-addressed](#gloss-content-addressed-derivation),
-    non-[fixed-output](#gloss-fixed-output-derivation)
-    derivation.
-
-  - [output-addressed store object]{#gloss-output-addressed-store-object}\
-    A store object whose store path hashes its content.  This
-    includes derivations, the outputs of
-    [content-addressed derivations](#gloss-content-addressed-derivation),
-    and the outputs of
-    [fixed-output derivations](#gloss-fixed-output-derivation).
-
-  - [substitute]{#gloss-substitute}\
+  - substitute\
     A substitute is a command invocation stored in the Nix database that
     describes how to build a store object, bypassing the normal build
     mechanism (i.e., derivations). Typically, the substitute builds the
     store object by downloading a pre-built version of the store object
     from some server.
 
-  - [substituter]{#gloss-substituter}\
-    A *substituter* is an additional store from which Nix will
-    copy store objects it doesn't have.  For details, see the
-    [`substituters` option](./command-ref/conf-file.md#conf-substituters).
-
-  - [purity]{#gloss-purity}\
+  - purity\
     The assumption that equal Nix derivations when run always produce
     the same output. This cannot be guaranteed in general (e.g., a
     builder can rely on external inputs such as the network or the
     system time) but the Nix model assumes it.
 
-  - [Nix expression]{#gloss-nix-expression}\
+  - Nix expression\
     A high-level description of software packages and compositions
     thereof. Deploying software using Nix entails writing Nix
     expressions for your packages. Nix expressions are translated to
     derivations that are stored in the Nix store. These derivations can
     then be built.
 
-  - [reference]{#gloss-reference}\
+  - reference\
     A store path `P` is said to have a reference to a store path `Q` if
     the store object at `P` contains the path `Q` somewhere. The
     *references* of a store path are the set of store paths to which it
     has a reference.
-
+    
     A derivation can reference other derivations and sources (but not
     output paths), whereas an output path only references other output
     paths.
 
-  - [reachable]{#gloss-reachable}\
+  - reachable\
     A store path `Q` is reachable from another store path `P` if `Q`
     is in the *closure* of the *references* relation.
 
-  - [closure]{#gloss-closure}\
+  - closure\
     The closure of a store path is the set of store paths that are
     directly or indirectly “reachable” from that store path; that is,
     it’s the closure of the path under the *references* relation. For
@@ -138,52 +66,35 @@
     is necessary to deploy whole closures, since otherwise at runtime
     files could be missing. The command `nix-store -qR` prints out
     closures of store paths.
-
+    
     As an example, if the store object at path `P` contains a reference
     to path `Q`, then `Q` is in the closure of `P`. Further, if `Q`
     references `R` then `R` is also in the closure of `P`.
 
-  - [output path]{#gloss-output-path}\
-    A [store path] produced by a [derivation].
+  - output path\
+    A store path produced by a derivation.
 
-    [output path]: #gloss-output-path
-
-  - [deriver]{#gloss-deriver}\
+  - deriver\
     The deriver of an *output path* is the store
     derivation that built it.
 
-  - [validity]{#gloss-validity}\
+  - validity\
     A store path is considered *valid* if it exists in the file system,
     is listed in the Nix database as being valid, and if all paths in
     its closure are also valid.
 
-  - [user environment]{#gloss-user-env}\
+  - user environment\
     An automatically generated store object that consists of a set of
     symlinks to “active” applications, i.e., other store paths. These
     are generated automatically by
-    [`nix-env`](./command-ref/nix-env.md). See *profiles*.
+    [`nix-env`](command-ref/nix-env.md). See *profiles*.
 
-  - [profile]{#gloss-profile}\
+  - profile\
     A symlink to the current *user environment* of a user, e.g.,
     `/nix/var/nix/profiles/default`.
 
-  - [NAR]{#gloss-nar}\
+  - NAR\
     A *N*ix *AR*chive. This is a serialisation of a path in the Nix
     store. It can contain regular files, directories and symbolic
     links.  NARs are generated and unpacked using `nix-store --dump`
     and `nix-store --restore`.
-
-  - [`∅`]{#gloss-emtpy-set}\
-    The empty set symbol. In the context of profile history, this denotes a package is not present in a particular version of the profile.
-
-  - [`ε`]{#gloss-epsilon}\
-    The epsilon symbol. In the context of a package, this means the version is empty. More precisely, the derivation does not have a version attribute.
-
-  - [string interpolation]{#gloss-string-interpolation}\
-    Expanding expressions enclosed in `${ }` within a [string], [path], or [attribute name].
-
-    See [String interpolation](./language/string-interpolation.md) for details.
-
-    [string]: ./language/values.md#type-string
-    [path]: ./language/values.md#type-path
-    [attribute name]: ./language/values.md#attribute-set

doc/manual/src/installation/building-source.md

@@ -1,9 +1,9 @@
 # Building Nix from Source
 
-After cloning Nix's Git repository, issue the following commands:
+After unpacking or checking out the Nix sources, issue the following
+commands:
 
 ```console
-$ ./bootstrap.sh
 $ ./configure options...
 $ make
 $ make install
@@ -11,6 +11,13 @@ $ make install
 
 Nix requires GNU Make so you may need to invoke `gmake` instead.
 
+When building from the Git repository, these should be preceded by the
+command:
+
+```console
+$ ./bootstrap.sh
+```
+
 The installation path can be specified by passing the `--prefix=prefix`
 to `configure`. The default installation directory is `/usr/local`. You
 can change this to any location you like. You must have write permission

doc/manual/src/installation/env-variables.md

@@ -40,7 +40,7 @@ export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
 > **Note**
 > 
 > You must not add the export and then do the install, as the Nix
-> installer will detect the presence of Nix configuration, and abort.
+> installer will detect the presense of Nix configuration, and abort.
 
 ## `NIX_SSL_CERT_FILE` with macOS and the Nix daemon
 

doc/manual/src/installation/installing-binary.md

@@ -13,7 +13,7 @@ for your platform:
 - multi-user on macOS
 
   > **Notes on read-only filesystem root in macOS 10.15 Catalina +**
-  >
+  > 
   > - It took some time to support this cleanly. You may see posts,
   >   examples, and tutorials using obsolete workarounds.
   > - Supporting it cleanly made macOS installs too complex to qualify
@@ -31,8 +31,8 @@ $ sh <(curl -L https://nixos.org/nix/install) --no-daemon
 ```
 
 This will perform a single-user installation of Nix, meaning that `/nix`
-is owned by the invoking user. You can run this under your usual user
-account or root. The script will invoke `sudo` to create `/nix`
+is owned by the invoking user. You should run this under your usual user
+account, *not* as root. The script will invoke `sudo` to create `/nix`
 if it doesn’t already exist. If you don’t have `sudo`, you should
 manually create `/nix` first as root, e.g.:
 
@@ -71,11 +71,11 @@ $ sh <(curl -L https://nixos.org/nix/install) --daemon
 
 The multi-user installation of Nix will create build users between the
 user IDs 30001 and 30032, and a group with the group ID 30000. You
-can run this under your usual user account or root. The script
+should run this under your usual user account, *not* as root. The script
 will invoke `sudo` as needed.
 
 > **Note**
->
+> 
 > If you need Nix to use a different group ID or user ID set, you will
 > have to download the tarball manually and [edit the install
 > script](#installing-from-a-binary-tarball).
@@ -84,159 +84,32 @@ The installer will modify `/etc/bashrc`, and `/etc/zshrc` if they exist.
 The installer will first back up these files with a `.backup-before-nix`
 extension. The installer will also create `/etc/profile.d/nix.sh`.
 
-## Uninstalling
-
-### Linux
-
-If you are on Linux with systemd:
-
-1. Remove the Nix daemon service:
-
-   ```console
-   sudo systemctl stop nix-daemon.service
-   sudo systemctl disable nix-daemon.socket nix-daemon.service
-   sudo systemctl daemon-reload
-   ```
-
-1. Remove systemd service files:
-
-   ```console
-   sudo rm /etc/systemd/system/nix-daemon.service /etc/systemd/system/nix-daemon.socket
-   ```
-
-1. The installer script uses systemd-tmpfiles to create the socket directory.
-    You may also want to remove the configuration for that:
-
-   ```console
-   sudo rm /etc/tmpfiles.d/nix-daemon.conf
-   ```
-
-Remove files created by Nix:
+You can uninstall Nix with the following commands:
 
 ```console
-sudo rm -rf /nix /etc/nix /etc/profile/nix.sh ~root/.nix-profile ~root/.nix-defexpr ~root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
+sudo rm -rf /etc/profile/nix.sh /etc/nix /nix ~root/.nix-profile ~root/.nix-defexpr ~root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
+
+# If you are on Linux with systemd, you will need to run:
+sudo systemctl stop nix-daemon.socket
+sudo systemctl stop nix-daemon.service
+sudo systemctl disable nix-daemon.socket
+sudo systemctl disable nix-daemon.service
+sudo systemctl daemon-reload
+
+# If you are on macOS, you will need to run:
+sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
+sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist
 ```
 
-Remove build users and their group:
+There may also be references to Nix in `/etc/profile`, `/etc/bashrc`,
+and `/etc/zshrc` which you may remove.
 
-```console
-for i in $(seq 1 32); do
-  sudo userdel nixbld$i
-done
-sudo groupdel nixbld
-```
-
-There may also be references to Nix in
-
-- `/etc/profile`
-- `/etc/bashrc`
-- `/etc/zshrc`
-
-which you may remove.
-
-### macOS
-
-1. Edit `/etc/zshrc` and `/etc/bashrc` to remove the lines sourcing
-   `nix-daemon.sh`, which should look like this:
-
-   ```bash
-   # Nix
-   if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
-     . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
-   fi
-   # End Nix
-   ```
-
-   If these files haven't been altered since installing Nix you can simply put
-   the backups back in place:
-
-   ```console
-   sudo mv /etc/zshrc.backup-before-nix /etc/zshrc
-   sudo mv /etc/bashrc.backup-before-nix /etc/bashrc
-   ```
-
-   This will stop shells from sourcing the file and bringing everything you
-   installed using Nix in scope.
-
-2. Stop and remove the Nix daemon services:
-
-   ```console
-   sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-   sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-   sudo launchctl unload /Library/LaunchDaemons/org.nixos.darwin-store.plist
-   sudo rm /Library/LaunchDaemons/org.nixos.darwin-store.plist
-   ```
-
-   This stops the Nix daemon and prevents it from being started next time you
-   boot the system.
-
-3. Remove the `nixbld` group and the `_nixbuildN` users:
-
-   ```console
-   sudo dscl . -delete /Groups/nixbld
-   for u in $(sudo dscl . -list /Users | grep _nixbld); do sudo dscl . -delete /Users/$u; done
-   ```
-
-   This will remove all the build users that no longer serve a purpose.
-
-4. Edit fstab using `sudo vifs` to remove the line mounting the Nix Store
-   volume on `/nix`, which looks like
-   `UUID=<uuid> /nix apfs rw,noauto,nobrowse,suid,owners` or
-   `LABEL=Nix\040Store /nix apfs rw,nobrowse`. This will prevent automatic
-   mounting of the Nix Store volume.
-
-5. Edit `/etc/synthetic.conf` to remove the `nix` line. If this is the only
-   line in the file you can remove it entirely, `sudo rm /etc/synthetic.conf`.
-   This will prevent the creation of the empty `/nix` directory to provide a
-   mountpoint for the Nix Store volume.
-
-6. Remove the files Nix added to your system:
-
-   ```console
-   sudo rm -rf /etc/nix /var/root/.nix-profile /var/root/.nix-defexpr /var/root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
-   ```
-
-   This gets rid of any data Nix may have created except for the store which is
-   removed next.
-
-7. Remove the Nix Store volume:
-
-   ```console
-   sudo diskutil apfs deleteVolume /nix
-   ```
-
-   This will remove the Nix Store volume and everything that was added to the
-   store.
-
-   If the output indicates that the command couldn't remove the volume, you should
-   make sure you don't have an _unmounted_ Nix Store volume. Look for a
-   "Nix Store" volume in the output of the following command:
-
-   ```console
-   diskutil list
-   ```
-
-   If you _do_ see a "Nix Store" volume, delete it by re-running the diskutil
-   deleteVolume command, but replace `/nix` with the store volume's `diskXsY`
-   identifier.
-
-> **Note**
->
-> After you complete the steps here, you will still have an empty `/nix`
-> directory. This is an expected sign of a successful uninstall. The empty
-> `/nix` directory will disappear the next time you reboot.
->
-> You do not have to reboot to finish uninstalling Nix. The uninstall is
-> complete. macOS (Catalina+) directly controls root directories and its
-> read-only root will prevent you from manually deleting the empty `/nix`
-> mountpoint.
-
-# macOS Installation
-[]{#sect-macos-installation-change-store-prefix}[]{#sect-macos-installation-encrypted-volume}[]{#sect-macos-installation-symlink}[]{#sect-macos-installation-recommended-notes}
+# macOS Installation <a name="sect-macos-installation-change-store-prefix"></a><a name="sect-macos-installation-encrypted-volume"></a><a name="sect-macos-installation-symlink"></a><a name="sect-macos-installation-recommended-notes"></a>
 <!-- Note: anchors above to catch permalinks to old explanations -->
 
 We believe we have ironed out how to cleanly support the read-only root
-on modern macOS. New installs will do this automatically.
+on modern macOS. New installs will do this automatically, and you can
+also re-run a new installer to convert your existing setup.
 
 This section previously detailed the situation, options, and trade-offs,
 but it now only outlines what the installer does. You don't need to know
@@ -246,30 +119,6 @@ this to run the installer, but it may help if you run into trouble:
 - update `/etc/synthetic.conf` to direct macOS to create a "synthetic"
   empty root directory to mount your volume
 - specify mount options for the volume in `/etc/fstab`
-  - `rw`: read-write
-  - `noauto`: prevent the system from auto-mounting the volume (so the
-    LaunchDaemon mentioned below can control mounting it, and to avoid
-    masking problems with that mounting service).
-  - `nobrowse`: prevent the Nix Store volume from showing up on your
-    desktop; also keeps Spotlight from spending resources to index
-    this volume
-  <!-- TODO:
-  - `suid`: honor setuid? surely not? ...
-  - `owners`: honor file ownership on the volume
-
-    For now I'll avoid pretending to understand suid/owners more
-    than I do. There've been some vague reports of file-ownership
-    and permission issues, particularly in cloud/VM/headless setups.
-    My pet theory is that this has something to do with these setups
-    not having a token that gets delegated to initial/admin accounts
-    on macOS. See scripts/create-darwin-volume.sh for a little more.
-
-    In any case, by Dec 4 2021, it _seems_ like some combination of
-    suid, owners, and calling diskutil enableOwnership have stopped
-    new reports from coming in. But I hesitate to celebrate because we
-    haven't really named and catalogued the behavior, understood what
-    we're fixing, and validated that all 3 components are essential.
-  -->
 - if you have FileVault enabled
     - generate an encryption password
     - put it in your system Keychain

doc/manual/src/installation/installing-docker.md

@@ -1,59 +0,0 @@
-# Using Nix within Docker
-
-To run the latest stable release of Nix with Docker run the following command:
-
-```console
-$ docker run -ti nixos/nix
-Unable to find image 'nixos/nix:latest' locally
-latest: Pulling from nixos/nix
-5843afab3874: Pull complete
-b52bf13f109c: Pull complete
-1e2415612aa3: Pull complete
-Digest: sha256:27f6e7f60227e959ee7ece361f75d4844a40e1cc6878b6868fe30140420031ff
-Status: Downloaded newer image for nixos/nix:latest
-35ca4ada6e96:/# nix --version
-nix (Nix) 2.3.12
-35ca4ada6e96:/# exit
-```
-
-# What is included in Nix's Docker image?
-
-The official Docker image is created using `pkgs.dockerTools.buildLayeredImage`
-(and not with `Dockerfile` as it is usual with Docker images). You can still
-base your custom Docker image on it as you would do with any other Docker
-image.
-
-The Docker image is also not based on any other image and includes minimal set
-of runtime dependencies that are required to use Nix:
-
- - pkgs.nix
- - pkgs.bashInteractive
- - pkgs.coreutils-full
- - pkgs.gnutar
- - pkgs.gzip
- - pkgs.gnugrep
- - pkgs.which
- - pkgs.curl
- - pkgs.less
- - pkgs.wget
- - pkgs.man
- - pkgs.cacert.out
- - pkgs.findutils
-
-# Docker image with the latest development version of Nix
-
-To get the latest image that was built by [Hydra](https://hydra.nixos.org) run
-the following command:
-
-```console
-$ curl -L https://hydra.nixos.org/job/nix/master/dockerImage.x86_64-linux/latest/download/1 | docker load
-$ docker run -ti nix:2.5pre20211105
-```
-
-You can also build a Docker image from source yourself:
-
-```console
-$ nix build ./\#hydraJobs.dockerImage.x86_64-linux
-$ docker load -i ./result/image.tar.gz
-$ docker run -ti nix:2.5pre20211105
-```

doc/manual/src/installation/installing-source.md

@@ -1,4 +1,4 @@
 # Installing Nix from Source
 
-If no binary package is available or if you want to hack on Nix, you
-can build Nix from its Git repository.
+If no binary package is available, you can download and compile a source
+distribution.

doc/manual/src/installation/obtaining-source.md

@@ -1,9 +1,14 @@
-# Obtaining the Source
+# Obtaining a Source Distribution
 
-The most recent sources of Nix can be obtained from its [Git
-repository](https://github.com/NixOS/nix). For example, the following
-command will check out the latest revision into a directory called
-`nix`:
+The source tarball of the most recent stable release can be downloaded
+from the [Nix homepage](http://nixos.org/nix/download.html). You can
+also grab the [most recent development
+release](http://hydra.nixos.org/job/nix/master/release/latest-finished#tabs-constituents).
+
+Alternatively, the most recent sources of Nix can be obtained from its
+[Git repository](https://github.com/NixOS/nix). For example, the
+following command will check out the latest revision into a directory
+called `nix`:
 
 ```console
 $ git clone https://github.com/NixOS/nix

doc/manual/src/installation/prerequisites-source.md

@@ -2,8 +2,9 @@
 
   - GNU Autoconf (<https://www.gnu.org/software/autoconf/>) and the
     autoconf-archive macro collection
-    (<https://www.gnu.org/software/autoconf-archive/>). These are
-    needed to run the bootstrap script.
+    (<https://www.gnu.org/software/autoconf-archive/>). These are only
+    needed to run the bootstrap script, and are not necessary if your
+    source distribution came with a pre-built `./configure` script.
 
   - GNU Make.
 
@@ -25,6 +26,15 @@
     available for download from the official repository
     <https://github.com/google/brotli>.
 
+  - The bzip2 compressor program and the `libbz2` library. Thus you must
+    have bzip2 installed, including development headers and libraries.
+    If your distribution does not provide these, you can obtain bzip2
+    from
+    <https://sourceware.org/bzip2/>.
+
+  - `liblzma`, which is provided by XZ Utils. If your distribution does
+    not provide this, you can get it from <https://tukaani.org/xz/>.
+
   - cURL and its library. If your distribution does not provide it, you
     can get it from <https://curl.haxx.se/>.
 
@@ -44,11 +54,6 @@
     obtained from the its repository
     <https://github.com/troglobit/editline>.
 
-  - The `libsodium` library for verifying cryptographic signatures
-    of contents fetched from binary caches.
-    It can be obtained from the official web site
-    <https://libsodium.org>.
-
   - Recent versions of Bison and Flex to build the parser. (This is
     because Nix needs GLR support in Bison and reentrancy support in
     Flex.) For Bison, you need version 2.6, which can be obtained from
@@ -56,18 +61,11 @@
     you need version 2.5.35, which is available on
     [SourceForge](http://lex.sourceforge.net/). Slightly older versions
     may also work, but ancient versions like the ubiquitous 2.5.4a
-    won't.
+    won't. Note that these are only required if you modify the parser or
+    when you are building from the Git repository.
 
   - The `libseccomp` is used to provide syscall filtering on Linux. This
     is an optional dependency and can be disabled passing a
     `--disable-seccomp-sandboxing` option to the `configure` script (Not
     recommended unless your system doesn't support `libseccomp`). To get
     the library, visit <https://github.com/seccomp/libseccomp>.
-
-  - On 64-bit x86 machines only, `libcpuid` library
-    is used to determine which microarchitecture levels are supported
-    (e.g., as whether to have `x86_64-v2-linux` among additional system types).
-    The library is available from its homepage
-    <http://libcpuid.sourceforge.net>.
-    This is an optional dependency and can be disabled
-    by providing a `--disable-cpuid` to the `configure` script.

doc/manual/src/installation/supported-platforms.md

@@ -4,4 +4,4 @@ Nix is currently supported on the following platforms:
 
   - Linux (i686, x86\_64, aarch64).
 
-  - macOS (x86\_64, aarch64).
+  - macOS (x86\_64).

doc/manual/src/introduction.md

@@ -76,7 +76,7 @@ there after an upgrade.  This means that you can _roll back_ to the
 old version:
 
 ```console
-$ nix-env --upgrade -A nixpkgs.some-package
+$ nix-env --upgrade some-packages
 $ nix-env --rollback
 ```
 
@@ -104,7 +104,7 @@ a currently running program.
 
 Packages are built from _Nix expressions_, which is a simple
 functional language.  A Nix expression describes everything that goes
-into a package build task (a “derivation”): other packages, sources,
+into a package build action (a “derivation”): other packages, sources,
 the build script, environment variables for the build script, etc.
 Nix tries very hard to ensure that Nix expressions are
 _deterministic_: building a Nix expression twice should yield the same
@@ -122,12 +122,12 @@ Nix expressions generally describe how to build a package from
 source, so an installation action like
 
 ```console
-$ nix-env --install -A nixpkgs.firefox
+$ nix-env --install firefox
 ```
 
 _could_ cause quite a bit of build activity, as not only Firefox but
 also all its dependencies (all the way up to the C library and the
-compiler) would have to be built, at least if they are not already in the
+compiler) would have to built, at least if they are not already in the
 Nix store.  This is a _source deployment model_.  For most users,
 building from source is not very pleasant as it takes far too long.
 However, Nix can automatically skip building from source and instead

doc/manual/src/language/builtins-suffix.md

@@ -1 +0,0 @@
-</dl>

doc/manual/src/language/index.md

@@ -1,581 +0,0 @@
-# Nix Language
-
-The Nix language is
-
-- *domain-specific*
-
-  It only exists for the Nix package manager:
-  to describe packages and configurations as well as their variants and compositions.
-  It is not intended for general purpose use.
-
-- *declarative*
-
-  There is no notion of executing sequential steps.
-  Dependencies between operations are established only through data.
-
-- *pure*
-
-  Values cannot change during computation.
-  Functions always produce the same output if their input does not change.
-
-- *functional*
-
-  Functions are like any other value.
-  Functions can be assigned to names, taken as arguments, or returned by functions.
-
-- *lazy*
-
-  Expressions are only evaluated when their value is needed.
-
-- *dynamically typed*
-
-  Type errors are only detected when expressions are evaluated.
-
-# Overview
-
-This is an incomplete overview of language features, by example.
-
-<table>
- <tr>
-  <th>
-   Example
-  </th>
-  <th>
-   Description
-  </th>
- </tr>
- <tr>
-  <td>
-
-
-   *Basic values*
-
-
-  </td>
-  <td>
-
-
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `"hello world"`
-
-  </td>
-  <td>
-
-   A string
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   ```
-   ''
-     multi
-      line
-       string
-   ''
-   ```
-
-  </td>
-  <td>
-
-   A multi-line string. Strips common prefixed whitespace. Evaluates to `"multi\n line\n  string"`.
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `"hello ${ { a = "world" }.a }"`
-
-   `"1 2 ${toString 3}"`
-
-   `"${pkgs.bash}/bin/sh"`
-
-  </td>
-  <td>
-
-   String interpolation (expands to `"hello world"`, `"1 2 3"`, `"/nix/store/<hash>-bash-<version>/bin/sh"`)
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `true`, `false`
-
-  </td>
-  <td>
-
-   Booleans
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `null`
-
-  </td>
-  <td>
-
-   Null value
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `123`
-
-  </td>
-  <td>
-
-   An integer
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `3.141`
-
-  </td>
-  <td>
-
-   A floating point number
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `/etc`
-
-  </td>
-  <td>
-
-   An absolute path
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `./foo.png`
-
-  </td>
-  <td>
-
-   A path relative to the file containing this Nix expression
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `~/.config`
-
-  </td>
-  <td>
-
-   A home path. Evaluates to the `"<user's home directory>/.config"`.
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   <nixpkgs>
-
-  </td>
-  <td>
-
-   Search path. Value determined by [`$NIX_PATH` environment variable](../command-ref/env-common.md#env-NIX_PATH).
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   *Compound values*
-
-  </td>
-  <td>
-
-
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `{ x = 1; y = 2; }`
-
-  </td>
-  <td>
-
-   A set with attributes named `x` and `y`
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `{ foo.bar = 1; }`
-
-  </td>
-  <td>
-
-   A nested set, equivalent to `{ foo = { bar = 1; }; }`
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `rec { x = "foo"; y = x + "bar"; }`
-
-  </td>
-  <td>
-
-   A recursive set, equivalent to `{ x = "foo"; y = "foobar"; }`
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `[ "foo" "bar" "baz" ]`
-
-   `[ 1 2 3 ]`
-
-   `[ (f 1) { a = 1; b = 2; } [ "c" ] ]`
-
-  </td>
-  <td>
-
-   Lists with three elements.
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   *Operators*
-
-  </td>
-  <td>
-
-
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `"foo" + "bar"`
-
-  </td>
-  <td>
-
-   String concatenation
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `1 + 2`
-
-  </td>
-  <td>
-
-   Integer addition
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `"foo" == "f" + "oo"`
-
-  </td>
-  <td>
-
-   Equality test (evaluates to `true`)
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `"foo" != "bar"`
-
-  </td>
-  <td>
-
-   Inequality test (evaluates to `true`)
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `!true`
-
-  </td>
-  <td>
-
-   Boolean negation
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `{ x = 1; y = 2; }.x`
-
-  </td>
-  <td>
-
-   Attribute selection (evaluates to `1`)
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `{ x = 1; y = 2; }.z or 3`
-
-  </td>
-  <td>
-
-   Attribute selection with default (evaluates to `3`)
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `{ x = 1; y = 2; } // { z = 3; }`
-
-  </td>
-  <td>
-
-   Merge two sets (attributes in the right-hand set taking precedence)
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   *Control structures*
-
-  </td>
-  <td>
-
-
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `if 1 + 1 == 2 then "yes!" else "no!"`
-
-  </td>
-  <td>
-
-   Conditional expression
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `assert 1 + 1 == 2; "yes!"`
-
-  </td>
-  <td>
-
-   Assertion check (evaluates to `"yes!"`).
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `let x = "foo"; y = "bar"; in x + y`
-
-  </td>
-  <td>
-
-   Variable definition
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `with builtins; head [ 1 2 3 ]`
-
-  </td>
-  <td>
-
-   Add all attributes from the given set to the scope (evaluates to `1`)
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   *Functions (lambdas)*
-
-  </td>
-  <td>
-
-
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `x: x + 1`
-
-  </td>
-  <td>
-
-   A function that expects an integer and returns it increased by 1
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `x: y: x + y`
-
-  </td>
-  <td>
-
-   Curried function, equivalent to `x: (y: x + y)`. Can be used like a function that takes two arguments and returns their sum.
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `(x: x + 1) 100`
-
-  </td>
-  <td>
-
-   A function call (evaluates to 101)
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `let inc = x: x + 1; in inc (inc (inc 100))`
-
-  </td>
-  <td>
-
-   A function bound to a variable and subsequently called by name (evaluates to 103)
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `{ x, y }: x + y`
-
-  </td>
-  <td>
-
-   A function that expects a set with required attributes `x` and `y` and concatenates them
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `{ x, y ? "bar" }: x + y`
-
-  </td>
-  <td>
-
-   A function that expects a set with required attribute `x` and optional `y`, using `"bar"` as default value for `y`
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `{ x, y, ... }: x + y`
-
-  </td>
-  <td>
-
-   A function that expects a set with required attributes `x` and `y` and ignores any other attributes
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `{ x, y } @ args: x + y`
-
-   `args @ { x, y }: x + y`
-
-  </td>
-  <td>
-
-   A function that expects a set with required attributes `x` and `y`, and binds the whole set to `args`
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   *Built-in functions*
-
-  </td>
-  <td>
-
-
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `import ./foo.nix`
-
-  </td>
-  <td>
-
-   Load and return Nix expression in given file
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `map (x: x + x) [ 1 2 3 ]`
-
-  </td>
-  <td>
-
-   Apply a function to every element of a list (evaluates to `[ 2 4 6 ]`)
-
-  </td>
- </tr>
-</table>

doc/manual/src/language/operators.md

@@ -1,167 +0,0 @@
-# Operators
-
-| Name                                   | Syntax                                     | Associativity | Precedence |
-|----------------------------------------|--------------------------------------------|---------------|------------|
-| [Attribute selection]                  | *attrset* `.` *attrpath* \[ `or` *expr* \] | none          | 1          |
-| Function application                   | *func* *expr*                              | left          | 2          |
-| [Arithmetic negation][arithmetic]      | `-` *number*                               | none          | 3          |
-| [Has attribute]                        | *attrset* `?` *attrpath*                   | none          | 4          |
-| List concatenation                     | *list* `++` *list*                         | right         | 5          |
-| [Multiplication][arithmetic]           | *number* `*` *number*                      | left          | 6          |
-| [Division][arithmetic]                 | *number* `/` *number*                      | left          | 6          |
-| [Subtraction][arithmetic]              | *number* `-` *number*                      | left          | 7          |
-| [Addition][arithmetic]                 | *number* `+` *number*                      | left          | 7          |
-| [String concatenation]                 | *string* `+` *string*                      | left          | 7          |
-| [Path concatenation]                   | *path* `+` *path*                          | left          | 7          |
-| [Path and string concatenation]        | *path* `+` *string*                        | left          | 7          |
-| [String and path concatenation]        | *string* `+` *path*                        | left          | 7          |
-| Logical negation (`NOT`)               | `!` *bool*                                 | none          | 8          |
-| [Update]                               | *attrset* `//` *attrset*                   | right         | 9          |
-| [Less than][Comparison]                | *expr* `<` *expr*                          | none          | 10         |
-| [Less than or equal to][Comparison]    | *expr* `<=` *expr*                         | none          | 10         |
-| [Greater than][Comparison]             | *expr* `>` *expr*                          | none          | 10         |
-| [Greater than or equal to][Comparison] | *expr* `>=` *expr*                         | none          | 10         |
-| [Equality]                             | *expr* `==` *expr*                         | none          | 11         |
-| Inequality                             | *expr* `!=` *expr*                         | none          | 11         |
-| Logical conjunction (`AND`)            | *bool* `&&` *bool*                         | left          | 12         |
-| Logical disjunction (`OR`)             | *bool* `||` *bool*                         | left          | 13         |
-| [Logical implication]                  | *bool* `->` *bool*                         | none          | 14         |
-
-[string]: ./values.md#type-string
-[path]: ./values.md#type-path
-[number]: ./values.md#type-number
-[list]: ./values.md#list
-[attribute set]: ./values.md#attribute-set
-
-## Attribute selection
-
-Select the attribute denoted by attribute path *attrpath* from [attribute set] *attrset*.
-If the attribute doesn’t exist, return *value* if provided, otherwise abort evaluation.
-
-<!-- FIXME: the following should to into its own language syntax section, but that needs more work to fit in well -->
-
-An attribute path is a dot-separated list of attribute names.
-An attribute name can be an identifier or a string.
-
-> *attrpath* = *name* [ `.` *name* ]...
-> *name* = *identifier* | *string*
-> *identifier* ~ `[a-zA-Z_][a-zA-Z0-9_'-]*`
-
-[Attribute selection]: #attribute-selection
-
-## Has attribute
-
-> *attrset* `?` *attrpath*
-
-Test whether [attribute set] *attrset* contains the attribute denoted by *attrpath*.
-The result is a [Boolean] value.
-
-[Boolean]: ./values.md#type-boolean
-
-[Has attribute]: #has-attribute
-
-## Arithmetic
-
-Numbers are type-compatible:
-Pure integer operations will always return integers, whereas any operation involving at least one floating point number return a floating point number.
-
-See also [Comparison] and [Equality].
-
-The `+` operator is overloaded to also work on strings and paths.
-
-[arithmetic]: #arithmetic
-
-## String concatenation
-
-> *string* `+` *string*
-
-Concatenate two [string]s and merge their string contexts.
-
-[String concatenation]: #string-concatenation
-
-## Path concatenation
-
-> *path* `+` *path*
-
-Concatenate two [path]s.
-The result is a path.
-
-[Path concatenation]: #path-concatenation
-
-## Path and string concatenation
-
-> *path* + *string*
-
-Concatenate *[path]* with *[string]*.
-The result is a path.
-
-> **Note**
->
-> The string must not have a string context that refers to a [store path].
-
-[Path and string concatenation]: #path-and-string-concatenation
-
-## String and path concatenation
-
-> *string* + *path*
-
-Concatenate *[string]* with *[path]*.
-The result is a string.
-
-> **Important**
->
-> The file or directory at *path* must exist and is copied to the [store].
-> The path appears in the result as the corresponding [store path].
-
-[store path]: ../glossary.md#gloss-store-path
-[store]: ../glossary.md#gloss-store
-
-[Path and string concatenation]: #path-and-string-concatenation
-
-## Update
-
-> *attrset1* + *attrset2*
-
-Update [attribute set] *attrset1* with names and values from *attrset2*.
-
-The returned attribute set will have of all the attributes in *e1* and *e2*.
-If an attribute name is present in both, the attribute value from the former is taken.
-
-[Update]: #update
-
-## Comparison
-
-Comparison is
-
-- [arithmetic] for [number]s 
-- lexicographic for [string]s and [path]s
-- item-wise lexicographic for [list]s:
-  elements at the same index in both lists are compared according to their type and skipped if they are equal.
-
-All comparison operators are implemented in terms of `<`, and the following equivalencies hold:
-
-| comparison   | implementation        |
-|--------------|-----------------------|
-| *a* `<=` *b* | `! (` *b* `<` *a* `)` |
-| *a* `>`  *b* |       *b* `<` *a*     |
-| *a* `>=` *b* | `! (` *a* `<` *b* `)` |
-
-[Comparison]: #comparison-operators
-
-## Equality
-
-- [Attribute sets][attribute set] and [list]s are compared recursively, and therefore are fully evaluated.
-- Comparison of [function]s always returns `false`.
-- Numbers are type-compatible, see [arithmetic] operators.
-- Floating point numbers only differ up to a limited precision.
-
-[function]: ./constructs.md#functions
-
-[Equality]: #equality
-
-## Logical implication
-
-Equivalent to `!`*b1* `||` *b2*.
-
-[Logical implication]: #logical-implication
-

doc/manual/src/language/string-interpolation.md

@@ -1,82 +0,0 @@
-# String interpolation
-
-String interpolation is a language feature where a [string], [path], or [attribute name] can contain expressions enclosed in `${ }` (dollar-sign with curly brackets).
-
-Such a string is an *interpolated string*, and an expression inside is an *interpolated expression*.
-
-Interpolated expressions must evaluate to one of the following:
-
-- a [string]
-- a [path]
-- a [derivation]
-
-[string]: ./values.md#type-string
-[path]: ./values.md#type-path
-[attribute name]: ./values.md#attribute-set
-[derivation]: ../glossary.md#gloss-derivation
-
-## Examples
-
-### String
-
-Rather than writing
-
-```nix
-"--with-freetype2-library=" + freetype + "/lib"
-```
-
-(where `freetype` is a [derivation]), you can instead write
-
-```nix
-"--with-freetype2-library=${freetype}/lib"
-```
-
-The latter is automatically translated to the former.
-
-A more complicated example (from the Nix expression for [Qt](http://www.trolltech.com/products/qt)):
-
-```nix
-configureFlags = "
-  -system-zlib -system-libpng -system-libjpeg
-  ${if openglSupport then "-dlopen-opengl
-    -L${mesa}/lib -I${mesa}/include
-    -L${libXmu}/lib -I${libXmu}/include" else ""}
-  ${if threadSupport then "-thread" else "-no-thread"}
-";
-```
-
-Note that Nix expressions and strings can be arbitrarily nested;
-in this case the outer string contains various interpolated expressions that themselves contain strings (e.g., `"-thread"`), some of which in turn contain interpolated expressions (e.g., `${mesa}`).
-
-### Path
-
-Rather than writing
-
-```nix
-./. + "/" + foo + "-" + bar + ".nix"
-```
-
-or
-
-```nix
-./. + "/${foo}-${bar}.nix"
-```
-
-you can instead write
-
-```nix
-./${foo}-${bar}.nix
-```
-
-### Attribute name
-
-Attribute names can be created dynamically with string interpolation:
-
-```nix
-let name = "foo"; in
-{
-  ${name} = "bar";
-}
-```
-
-    { foo = "bar"; }

doc/manual/src/language/values.md

@@ -1,251 +0,0 @@
-# Data Types
-
-## Primitives
-
-- <a id="type-string" href="#type-string">String</a>
-
-  *Strings* can be written in three ways.
-
-  The most common way is to enclose the string between double quotes,
-  e.g., `"foo bar"`. Strings can span multiple lines. The special
-  characters `"` and `\` and the character sequence `${` must be
-  escaped by prefixing them with a backslash (`\`). Newlines, carriage
-  returns and tabs can be written as `\n`, `\r` and `\t`,
-  respectively.
-
-  You can include the results of other expressions into a string by enclosing them in `${ }`, a feature known as [string interpolation].
-
-  [string interpolation]: ./string-interpolation.md
-
-  The second way to write string literals is as an *indented string*,
-  which is enclosed between pairs of *double single-quotes*, like so:
-
-  ```nix
-  ''
-    This is the first line.
-    This is the second line.
-      This is the third line.
-  ''
-  ```
-
-  This kind of string literal intelligently strips indentation from
-  the start of each line. To be precise, it strips from each line a
-  number of spaces equal to the minimal indentation of the string as a
-  whole (disregarding the indentation of empty lines). For instance,
-  the first and second line are indented two spaces, while the third
-  line is indented four spaces. Thus, two spaces are stripped from
-  each line, so the resulting string is
-
-  ```nix
-  "This is the first line.\nThis is the second line.\n  This is the third line.\n"
-  ```
-
-  Note that the whitespace and newline following the opening `''` is
-  ignored if there is no non-whitespace text on the initial line.
-
-  Indented strings support [string interpolation].
-
-  Since `${` and `''` have special meaning in indented strings, you
-  need a way to quote them. `$` can be escaped by prefixing it with
-  `''` (that is, two single quotes), i.e., `''$`. `''` can be escaped
-  by prefixing it with `'`, i.e., `'''`. `$` removes any special
-  meaning from the following `$`. Linefeed, carriage-return and tab
-  characters can be written as `''\n`, `''\r`, `''\t`, and `''\`
-  escapes any other character.
-
-  Indented strings are primarily useful in that they allow multi-line
-  string literals to follow the indentation of the enclosing Nix
-  expression, and that less escaping is typically necessary for
-  strings representing languages such as shell scripts and
-  configuration files because `''` is much less common than `"`.
-  Example:
-
-  ```nix
-  stdenv.mkDerivation {
-    ...
-    postInstall =
-      ''
-        mkdir $out/bin $out/etc
-        cp foo $out/bin
-        echo "Hello World" > $out/etc/foo.conf
-        ${if enableBar then "cp bar $out/bin" else ""}
-      '';
-    ...
-  }
-  ```
-
-  Finally, as a convenience, *URIs* as defined in appendix B of
-  [RFC 2396](http://www.ietf.org/rfc/rfc2396.txt) can be written *as
-  is*, without quotes. For instance, the string
-  `"http://example.org/foo.tar.bz2"` can also be written as
-  `http://example.org/foo.tar.bz2`.
-
-- <a id="type-number" href="#type-number">Number</a>
-
-  Numbers, which can be *integers* (like `123`) or *floating point*
-  (like `123.43` or `.27e13`).
-
-  See [arithmetic] and [comparison] operators for semantics.
-
-  [arithmetic]: ./operators.md#arithmetic
-  [comparison]: ./operators.md#comparison
-
-- <a id="type-path" href="#type-path">Path</a>
-
-  *Paths*, e.g., `/bin/sh` or `./builder.sh`. A path must contain at
-  least one slash to be recognised as such. For instance, `builder.sh`
-  is not a path: it's parsed as an expression that selects the
-  attribute `sh` from the variable `builder`. If the file name is
-  relative, i.e., if it does not begin with a slash, it is made
-  absolute at parse time relative to the directory of the Nix
-  expression that contained it. For instance, if a Nix expression in
-  `/foo/bar/bla.nix` refers to `../xyzzy/fnord.nix`, the absolute path
-  is `/foo/xyzzy/fnord.nix`.
-
-  If the first component of a path is a `~`, it is interpreted as if
-  the rest of the path were relative to the user's home directory.
-  e.g. `~/foo` would be equivalent to `/home/edolstra/foo` for a user
-  whose home directory is `/home/edolstra`.
-
-  Paths can also be specified between angle brackets, e.g.
-  `<nixpkgs>`. This means that the directories listed in the
-  environment variable `NIX_PATH` will be searched for the given file
-  or directory name.
-
-  When an [interpolated string][string interpolation] evaluates to a path, the path is first copied into the Nix store and the resulting string is the [store path] of the newly created [store object].
-
-  [store path]: ../glossary.md#gloss-store-path
-  [store object]: ../glossary.md#gloss-store-object
-
-  For instance, evaluating `"${./foo.txt}"` will cause `foo.txt` in the current directory to be copied into the Nix store and result in the string `"/nix/store/<hash>-foo.txt"`.
-
-  Note that the Nix language assumes that all input files will remain _unchanged_ while  evaluating a Nix expression.
-  For example, assume you used a file path in an interpolated string during a `nix repl` session.
-  Later in the same session, after having changed the file contents, evaluating the interpolated string with the file path again might not return a new store path, since Nix might not re-read the file contents.
-
-  Paths themselves, except those in angle brackets (`< >`), support [string interpolation].
-
-  At least one slash (`/`) must appear *before* any interpolated expression for the result to be recognized as a path.
-
-  `a.${foo}/b.${bar}` is a syntactically valid division operation.
-  `./a.${foo}/b.${bar}` is a path.
-
-- <a id="type-boolean" href="#type-boolean">Boolean</a>
-
-  *Booleans* with values `true` and `false`.
-
-- <a id="type-null" href="#type-null">Null</a>
-
-  The null value, denoted as `null`.
-
-## List
-
-Lists are formed by enclosing a whitespace-separated list of values
-between square brackets. For example,
-
-```nix
-[ 123 ./foo.nix "abc" (f { x = y; }) ]
-```
-
-defines a list of four elements, the last being the result of a call to
-the function `f`. Note that function calls have to be enclosed in
-parentheses. If they had been omitted, e.g.,
-
-```nix
-[ 123 ./foo.nix "abc" f { x = y; } ]
-```
-
-the result would be a list of five elements, the fourth one being a
-function and the fifth being a set.
-
-Note that lists are only lazy in values, and they are strict in length.
-
-## Attribute Set
-
-An attribute set is a collection of name-value-pairs (called *attributes*) enclosed in curly brackets (`{ }`).
-
-Names and values are separated by an equal sign (`=`).
-Each value is an arbitrary expression terminated by a semicolon (`;`).
-
-Attributes can appear in any order.
-An attribute name may only occur once.
-
-Example:
-
-```nix
-{
-  x = 123;
-  text = "Hello";
-  y = f { bla = 456; };
-}
-```
-
-This defines a set with attributes named `x`, `text`, `y`.
-
-Attributes can be selected from a set using the `.` operator. For
-instance,
-
-```nix
-{ a = "Foo"; b = "Bar"; }.a
-```
-
-evaluates to `"Foo"`. It is possible to provide a default value in an
-attribute selection using the `or` keyword. For example,
-
-```nix
-{ a = "Foo"; b = "Bar"; }.c or "Xyzzy"
-```
-
-will evaluate to `"Xyzzy"` because there is no `c` attribute in the set.
-
-You can use arbitrary double-quoted strings as attribute names:
-
-```nix
-{ "$!@#?" = 123; }."$!@#?"
-```
-
-```nix
-let bar = "bar";
-{ "foo ${bar}" = 123; }."foo ${bar}"
-```
-
-Both will evaluate to `123`.
-
-Attribute names support [string interpolation]:
-
-```nix
-let bar = "foo"; in
-{ foo = 123; }.${bar}
-```
-
-```nix
-let bar = "foo"; in
-{ ${bar} = 123; }.foo
-```
-
-Both will evaluate to `123`.
-
-In the special case where an attribute name inside of a set declaration
-evaluates to `null` (which is normally an error, as `null` cannot be coerced to
-a string), that attribute is simply not added to the set:
-
-```nix
-{ ${if foo then "bar" else null} = true; }
-```
-
-This will evaluate to `{}` if `foo` evaluates to `false`.
-
-A set that has a `__functor` attribute whose value is callable (i.e. is
-itself a function or a set with a `__functor` attribute whose value is
-callable) can be applied as if it were a function, with the set itself
-passed in first , e.g.,
-
-```nix
-let add = { __functor = self: x: x + self.x; };
-    inc = add // { x = 1; };
-in inc 1
-```
-
-evaluates to `2`. This can be used to attach metadata to a function
-without the caller needing to treat it specially, or to implement a form
-of object-oriented programming, for example.

doc/manual/src/package-management/basic-package-mgmt.md

@@ -24,7 +24,7 @@ collection; you could write your own Nix expressions based on Nixpkgs,
 or completely new ones.)
 
 You can manually download the latest version of Nixpkgs from
-<https://github.com/NixOS/nixpkgs>. However, it’s much more
+<http://nixos.org/nixpkgs/download.html>. However, it’s much more
 convenient to use the Nixpkgs [*channel*](channels.md), since it makes
 it easy to stay up to date with new versions of Nixpkgs. Nixpkgs is
 automatically added to your list of “subscribed” channels when you
@@ -40,52 +40,48 @@ $ nix-channel --update
 > 
 > On NixOS, you’re automatically subscribed to a NixOS channel
 > corresponding to your NixOS major release (e.g.
-> <http://nixos.org/channels/nixos-21.11>). A NixOS channel is identical
+> <http://nixos.org/channels/nixos-14.12>). A NixOS channel is identical
 > to the Nixpkgs channel, except that it contains only Linux binaries
 > and is updated only if a set of regression tests succeed.
 
 You can view the set of available packages in Nixpkgs:
 
 ```console
-$ nix-env -qaP
-nixpkgs.aterm                       aterm-2.2
-nixpkgs.bash                        bash-3.0
-nixpkgs.binutils                    binutils-2.15
-nixpkgs.bison                       bison-1.875d
-nixpkgs.blackdown                   blackdown-1.4.2
-nixpkgs.bzip2                       bzip2-1.0.2
+$ nix-env -qa
+aterm-2.2
+bash-3.0
+binutils-2.15
+bison-1.875d
+blackdown-1.4.2
+bzip2-1.0.2
 …
 ```
 
-The flag `-q` specifies a query operation, `-a` means that you want
+The flag `-q` specifies a query operation, and `-a` means that you want
 to show the “available” (i.e., installable) packages, as opposed to the
-installed packages, and `-P` prints the attribute paths that can be used
-to unambiguously select a package for installation (listed in the first column).
-If you downloaded Nixpkgs yourself, or if you checked it out from GitHub,
-then you need to pass the path to your Nixpkgs tree using the `-f` flag:
+installed packages. If you downloaded Nixpkgs yourself, or if you
+checked it out from GitHub, then you need to pass the path to your
+Nixpkgs tree using the `-f` flag:
 
 ```console
-$ nix-env -qaPf /path/to/nixpkgs
-aterm                               aterm-2.2
-bash                                bash-3.0
-…
+$ nix-env -qaf /path/to/nixpkgs
 ```
 
 where */path/to/nixpkgs* is where you’ve unpacked or checked out
 Nixpkgs.
 
-You can filter the packages by name:
+You can select specific packages by name:
 
 ```console
-$ nix-env -qaP firefox
-nixpkgs.firefox-esr                 firefox-91.3.0esr
-nixpkgs.firefox                     firefox-94.0.1
+$ nix-env -qa firefox
+firefox-34.0.5
+firefox-with-plugins-34.0.5
 ```
 
 and using regular expressions:
 
 ```console
-$ nix-env -qaP 'firefox.*'
+$ nix-env -qa 'firefox.*'
 ```
 
 It is also possible to see the *status* of available packages, i.e.,
@@ -93,11 +89,11 @@ whether they are installed into the user environment and/or present in
 the system:
 
 ```console
-$ nix-env -qaPs
+$ nix-env -qas
 …
--PS  nixpkgs.bash                bash-3.0
---S  nixpkgs.binutils            binutils-2.15
-IPS  nixpkgs.bison               bison-1.875d
+-PS bash-3.0
+--S binutils-2.15
+IPS bison-1.875d
 …
 ```
 
@@ -110,13 +106,13 @@ which is Nix’s mechanism for doing binary deployment. It just means that
 Nix knows that it can fetch a pre-built package from somewhere
 (typically a network server) instead of building it locally.
 
-You can install a package using `nix-env -iA`. For instance,
+You can install a package using `nix-env -i`. For instance,
 
 ```console
-$ nix-env -iA nixpkgs.subversion
+$ nix-env -i subversion
 ```
 
-will install the package called `subversion` from `nixpkgs` channel (which is, of course, the
+will install the package called `subversion` (which is, of course, the
 [Subversion version management system](http://subversion.tigris.org/)).
 
 > **Note**
@@ -126,7 +122,7 @@ will install the package called `subversion` from `nixpkgs` channel (which is, o
 > binary cache <https://cache.nixos.org>; it contains binaries for most
 > packages in Nixpkgs. Only if no binary is available in the binary
 > cache, Nix will build the package from source. So if `nix-env
-> -iA nixpkgs.subversion` results in Nix building stuff from source, then either
+> -i subversion` results in Nix building stuff from source, then either
 > the package is not built for your platform by the Nixpkgs build
 > servers, or your version of Nixpkgs is too old or too new. For
 > instance, if you have a very recent checkout of Nixpkgs, then the
@@ -137,10 +133,7 @@ will install the package called `subversion` from `nixpkgs` channel (which is, o
 > using a Git checkout of the Nixpkgs tree), you will get binaries for
 > most packages.
 
-Naturally, packages can also be uninstalled. Unlike when installing, you will
-need to use the derivation name (though the version part can be omitted),
-instead of the attribute path, as `nix-env` does not record which attribute
-was used for installing:
+Naturally, packages can also be uninstalled:
 
 ```console
 $ nix-env -e subversion
@@ -150,7 +143,7 @@ Upgrading to a new version is just as easy. If you have a new release of
 Nix Packages, you can do:
 
 ```console
-$ nix-env -uA nixpkgs.subversion
+$ nix-env -u subversion
 ```
 
 This will *only* upgrade Subversion if there is a “newer” version in the

doc/manual/src/package-management/binary-cache-substituter.md

@@ -9,7 +9,7 @@ The daemon that handles binary cache requests via HTTP, `nix-serve`, is
 not part of the Nix distribution, but you can install it from Nixpkgs:
 
 ```console
-$ nix-env -iA nixpkgs.nix-serve
+$ nix-env -i nix-serve
 ```
 
 You can then start the server, listening for HTTP connections on
@@ -35,7 +35,7 @@ On the client side, you can tell Nix to use your binary cache using
 `--option extra-binary-caches`, e.g.:
 
 ```console
-$ nix-env -iA nixpkgs.firefox --option extra-binary-caches http://avalon:8080/
+$ nix-env -i firefox --option extra-binary-caches http://avalon:8080/
 ```
 
 The option `extra-binary-caches` tells Nix to use this binary cache in

doc/manual/src/package-management/garbage-collection.md

@@ -44,7 +44,7 @@ collector as follows:
 $ nix-store --gc
 ```
 
-The behaviour of the garbage collector is affected by the
+The behaviour of the gargage collector is affected by the
 `keep-derivations` (default: true) and `keep-outputs` (default: false)
 options in the Nix configuration file. The defaults will ensure that all
 derivations that are build-time dependencies of garbage collector roots

doc/manual/src/package-management/package-management.md

@@ -1,4 +1,5 @@
 This chapter discusses how to do package management with Nix, i.e.,
 how to obtain, install, upgrade, and erase packages. This is the
 “user’s” perspective of the Nix system — people who want to *create*
-packages should consult the chapter on the [Nix language](../language/index.md).
+packages should consult the [chapter on writing Nix
+expressions](../expressions/writing-nix-expressions.md).

doc/manual/src/package-management/profiles.md

@@ -39,7 +39,7 @@ just Subversion 1.1.2 (arrows in the figure indicate symlinks). This
 would be what we would obtain if we had done
 
 ```console
-$ nix-env -iA nixpkgs.subversion
+$ nix-env -i subversion
 ```
 
 on a set of Nix expressions that contained Subversion 1.1.2.
@@ -54,7 +54,7 @@ environment is generated based on the current one. For instance,
 generation 43 was created from generation 42 when we did
 
 ```console
-$ nix-env -iA nixpkgs.subversion nixpkgs.firefox
+$ nix-env -i subversion firefox
 ```
 
 on a set of Nix expressions that contained Firefox and a new version of
@@ -127,7 +127,7 @@ All `nix-env` operations work on the profile pointed to by
 (abbreviation `-p`):
 
 ```console
-$ nix-env -p /nix/var/nix/profiles/other-profile -iA nixpkgs.subversion
+$ nix-env -p /nix/var/nix/profiles/other-profile -i subversion
 ```
 
 This will *not* change the `~/.nix-profile` symlink.

doc/manual/src/package-management/ssh-substituter.md

@@ -6,7 +6,7 @@ automatically fetching any store paths in Firefox’s closure if they are
 available on the server `avalon`:
 
 ```console
-$ nix-env -iA nixpkgs.firefox --substituters ssh://alice@avalon
+$ nix-env -i firefox --substituters ssh://alice@avalon
 ```
 
 This works similar to the binary cache substituter that Nix usually

doc/manual/src/quick-start.md

@@ -19,19 +19,19 @@ to subsequent chapters.
    channel:
 
    ```console
-   $ nix-env -qaP
-   nixpkgs.docbook_xml_dtd_43                    docbook-xml-4.3
-   nixpkgs.docbook_xml_dtd_45                    docbook-xml-4.5
-   nixpkgs.firefox                               firefox-33.0.2
-   nixpkgs.hello                                 hello-2.9
-   nixpkgs.libxslt                               libxslt-1.1.28
+   $ nix-env -qa
+   docbook-xml-4.3
+   docbook-xml-4.5
+   firefox-33.0.2
+   hello-2.9
+   libxslt-1.1.28
    …
    ```
 
 1. Install some packages from the channel:
 
    ```console
-   $ nix-env -iA nixpkgs.hello
+   $ nix-env -i hello
    ```
 
    This should download pre-built packages; it should not build them

doc/manual/src/release-notes/rl-2.10.md

@@ -1,31 +0,0 @@
-# Release 2.10 (2022-07-11)
-
-* `nix repl` now takes installables on the command line, unifying the usage
-  with other commands that use `--file` and `--expr`. Primary breaking change
-  is for the common usage of `nix repl '<nixpkgs>'` which can be recovered with
-  `nix repl --file '<nixpkgs>'` or `nix repl --expr 'import <nixpkgs>{}'`.
-
-  This is currently guarded by the `repl-flake` experimental feature.
-
-* A new function `builtins.traceVerbose` is available. It is similar
-  to `builtins.trace` if the `trace-verbose` setting is set to true,
-  and it is a no-op otherwise.
-
-* `nix search` has a new flag `--exclude` to filter out packages.
-
-* On Linux, if `/nix` doesn't exist and cannot be created and you're
-  not running as root, Nix will automatically use
-  `~/.local/share/nix/root` as a chroot store. This enables non-root
-  users to download the statically linked Nix binary and have it work
-  out of the box, e.g.
-
-  ```
-  # ~/nix run nixpkgs#hello
-  warning: '/nix' does not exists, so Nix will use '/home/ubuntu/.local/share/nix/root' as a chroot store
-  Hello, world!
-  ```
-
-* `flake-registry.json` is now fetched from `channels.nixos.org`.
-
-* Nix can now be built with LTO by passing `--enable-lto` to `configure`.
-  LTO is currently only supported when building with GCC.

doc/manual/src/release-notes/rl-2.11.md

@@ -1,5 +0,0 @@
-# Release 2.11 (2022-08-24)
-
-* `nix copy` now copies the store paths in parallel as much as possible (again).
-  This doesn't apply for the `daemon` and `ssh-ng` stores which copy everything
-  in one batch to avoid latencies issues.

doc/manual/src/release-notes/rl-2.12.md

@@ -1,43 +0,0 @@
-# Release 2.12 (2022-12-06)
-
-* On Linux, Nix can now run builds in a user namespace where they run
-  as root (UID 0) and have 65,536 UIDs available.
-  <!-- FIXME: move this to its own section about system features -->
-  This is primarily useful for running containers such as `systemd-nspawn`
-  inside a Nix build. For an example, see [`tests/systemd-nspawn/nix`][nspawn].
-
-  [nspawn]: https://github.com/NixOS/nix/blob/67bcb99700a0da1395fa063d7c6586740b304598/tests/systemd-nspawn.nix.
-
-  A build can enable this by setting the derivation attribute:
-
-  ```
-  requiredSystemFeatures = [ "uid-range" ];
-  ```
-
-  The `uid-range` [system feature] requires the [`auto-allocate-uids`]
-  setting to be enabled.
-
-  [system feature]: ../command-ref/conf-file.md#conf-system-features
-
-* Nix can now automatically pick UIDs for builds, removing the need to
-  create `nixbld*` user accounts. See [`auto-allocate-uids`].
-
-  [`auto-allocate-uids`]: ../command-ref/conf-file.md#conf-auto-allocate-uids
-
-* On Linux, Nix has experimental support for running builds inside a
-  cgroup. See
-  [`use-cgroups`](../command-ref/conf-file.md#conf-use-cgroups).
-
-* `<nix/fetchurl.nix>` now accepts an additional argument `impure` which
-  defaults to `false`.  If it is set to `true`, the `hash` and `sha256`
-  arguments will be ignored and the resulting derivation will have
-  `__impure` set to `true`, making it an impure derivation.
-
-* If `builtins.readFile` is called on a file with context, then only
-  the parts of the context that appear in the content of the file are
-  retained.  This avoids a lot of spurious errors where strings end up
-  having a context just because they are read from a store path
-  ([#7260](https://github.com/NixOS/nix/pull/7260)).
-
-* `nix build --json` now prints some statistics about top-level
-  derivations, such as CPU statistics when cgroups are enabled.

doc/manual/src/release-notes/rl-2.13.md

@@ -1,40 +0,0 @@
-# Release 2.13 (2023-01-17)
-
-* The `repeat` and `enforce-determinism` options have been removed
-  since they had been broken under many circumstances for a long time.
-
-* You can now use [flake references] in the [old command line interface], e.g.
-
-   [flake references]: ../command-ref/new-cli/nix3-flake.md#flake-references
-   [old command line interface]: ../command-ref/main-commands.md
-
-  ```shell-session
-  # nix-build flake:nixpkgs -A hello
-  # nix-build -I nixpkgs=flake:github:NixOS/nixpkgs/nixos-22.05 \
-      '<nixpkgs>' -A hello
-  # NIX_PATH=nixpkgs=flake:nixpkgs nix-build '<nixpkgs>' -A hello
-  ```
-
-* Instead of "antiquotation", the more common term [string interpolation](../language/string-interpolation.md) is now used consistently.
-  Historical release notes were not changed.
-
-* Allow explicitly selecting outputs in a store derivation installable, just like we can do with other sorts of installables.
-  For example,
-  ```shell-session
-  # nix build /nix/store/gzaflydcr6sb3567hap9q6srzx8ggdgg-glibc-2.33-78.drv^dev
-  ```
-  now works just as
-  ```shell-session
-  # nix build nixpkgs#glibc^dev
-  ```
-  does already.
-
-* On Linux, `nix develop` now sets the
-  [*personality*](https://man7.org/linux/man-pages/man2/personality.2.html)
-  for the development shell in the same way as the actual build of the
-  derivation. This makes shells for `i686-linux` derivations work
-  correctly on `x86_64-linux`.
-
-* You can now disable the global flake registry by setting the `flake-registry`
-  configuration option to an empty string. The same can be achieved at runtime with
-  `--flake-registry ""`.

doc/manual/src/release-notes/rl-2.4.md

@@ -1,542 +1,8 @@
-# Release 2.4 (2021-11-01)
-
-This is the first release in more than two years and is the result of
-more than 2800 commits from 195 contributors since release 2.3.
-
-## Highlights
-
-* Nix's **error messages** have been improved a lot. For instance,
-  evaluation errors now point out the location of the error:
-
-  ```
-  $ nix build
-  error: undefined variable 'bzip3'
-
-         at /nix/store/449lv242z0zsgwv95a8124xi11sp419f-source/flake.nix:88:13:
-
-             87|           [ curl
-             88|             bzip3 xz brotli editline
-               |             ^
-             89|             openssl sqlite
-  ```
-
-* The **`nix` command** has seen a lot of work and is now almost at
-  feature parity with the old command-line interface (the `nix-*`
-  commands). It aims to be [more modern, consistent and pleasant to
-  use](../contributing/cli-guideline.md) than the old CLI. It is still
-  marked as experimental but its interface should not change much
-  anymore in future releases.
-
-* **Flakes** are a new format to package Nix-based projects in a more
-  discoverable, composable, consistent and reproducible way. A flake
-  is just a repository or tarball containing a file named `flake.nix`
-  that specifies dependencies on other flakes and returns any Nix
-  assets such as packages, Nixpkgs overlays, NixOS modules or CI
-  tests. The new `nix` CLI is primarily based around flakes; for
-  example, a command like `nix run nixpkgs#hello` runs the `hello`
-  application from the `nixpkgs` flake.
-
-  Flakes are currently marked as experimental. For an introduction,
-  see [this blog
-  post](https://www.tweag.io/blog/2020-05-25-flakes/). For detailed
-  information about flake syntax and semantics, see the [`nix flake`
-  manual page](../command-ref/new-cli/nix3-flake.md).
-
-* Nix's store can now be **content-addressed**, meaning that the hash
-  component of a store path is the hash of the path's
-  contents. Previously Nix could only build **input-addressed** store
-  paths, where the hash is computed from the derivation dependency
-  graph. Content-addressing allows deduplication, early cutoff in
-  build systems, and unprivileged closure copying. This is still [an
-  experimental
-  feature](https://discourse.nixos.org/t/content-addressed-nix-call-for-testers/12881).
-
-* The Nix manual has been converted into Markdown, making it easier to
-  contribute. In addition, every `nix` subcommand now has a manual
-  page, documenting every option.
-
-* A new setting that allows **experimental features** to be enabled
-  selectively. This allows us to merge unstable features into Nix more
-  quickly and do more frequent releases.
-
-## Other features
-
-* There are many new `nix` subcommands:
-
-  - `nix develop` is intended to replace `nix-shell`. It has a number
-    of new features:
-
-    * It automatically sets the output environment variables (such as
-      `$out`) to writable locations (such as `./outputs/out`).
-
-    * It can store the environment in a profile. This is useful for
-      offline work.
-
-    * It can run specific phases directly. For instance, `nix develop
-      --build` runs `buildPhase`.
-
-    - It allows dependencies in the Nix store to be "redirected" to
-      arbitrary directories using the `--redirect` flag. This is
-      useful if you want to hack on a package *and* some of its
-      dependencies at the same time.
-
-  - `nix print-dev-env` prints the environment variables and bash
-    functions defined by a derivation. This is useful for users of
-    other shells than bash (especially with `--json`).
-
-  - `nix shell` was previously named `nix run` and is intended to
-    replace `nix-shell -p`, but without the `stdenv` overhead. It
-    simply starts a shell where some packages have been added to
-    `$PATH`.
-
-  - `nix run` (not to be confused with the old subcommand that has
-    been renamed to `nix shell`) runs an "app", a flake output that
-    specifies a command to run, or an eponymous program from a
-    package. For example, `nix run nixpkgs#hello` runs the `hello`
-    program from the `hello` package in `nixpkgs`.
-
-  - `nix flake` is the container for flake-related operations, such as
-    creating a new flake, querying the contents of a flake or updating
-    flake lock files.
-
-  - `nix registry` allows you to query and update the flake registry,
-    which maps identifiers such as `nixpkgs` to concrete flake URLs.
-
-  - `nix profile` is intended to replace `nix-env`. Its main advantage
-    is that it keeps track of the provenance of installed packages
-    (e.g. exactly which flake version a package came from). It also
-    has some helpful subcommands:
-
-    * `nix profile history` shows what packages were added, upgraded
-      or removed between each version of a profile.
-
-    * `nix profile diff-closures` shows the changes between the
-      closures of each version of a profile. This allows you to
-      discover the addition or removal of dependencies or size
-      changes.
-
-    **Warning**: after a profile has been updated using `nix profile`,
-    it is no longer usable with `nix-env`.
-
-  - `nix store diff-closures` shows the differences between the
-    closures of two store paths in terms of the versions and sizes of
-    dependencies in the closures.
-
-  - `nix store make-content-addressable` rewrites an arbitrary closure
-    to make it content-addressed. Such paths can be copied into other
-    stores without requiring signatures.
-
-  - `nix bundle` uses the [`nix-bundle`
-    program](https://github.com/matthewbauer/nix-bundle) to convert a
-    closure into a self-extracting executable.
-
-  - Various other replacements for the old CLI, e.g. `nix store gc`,
-    `nix store delete`, `nix store repair`, `nix nar dump-path`, `nix
-    store prefetch-file`, `nix store prefetch-tarball`, `nix key` and
-    `nix daemon`.
-
-* Nix now has an **evaluation cache** for flake outputs. For example,
-  a second invocation of the command `nix run nixpkgs#firefox` will
-  not need to evaluate the `firefox` attribute because it's already in
-  the evaluation cache. This is made possible by the hermetic
-  evaluation model of flakes.
-
-* The new `--offline` flag disables substituters and causes all
-  locally cached tarballs and repositories to be considered
-  up-to-date.
-
-* The new `--refresh` flag causes all locally cached tarballs and
-  repositories to be considered out-of-date.
-
-* Many `nix` subcommands now have a `--json` option to produce
-  machine-readable output.
-
-* `nix repl` has a new `:doc` command to show documentation about
-  builtin functions (e.g. `:doc builtins.map`).
-
-* Binary cache stores now have an option `index-debug-info` to create
-  an index of DWARF debuginfo files for use by
-  [`dwarffs`](https://github.com/edolstra/dwarffs).
-
-* To support flakes, Nix now has an extensible mechanism for fetching
-  source trees. Currently it has the following backends:
-
-  * Git repositories
-
-  * Mercurial repositories
-
-  * GitHub and GitLab repositories (an optimisation for faster
-    fetching than Git)
-
-  * Tarballs
-
-  * Arbitrary directories
-
-  The fetcher infrastructure is exposed via flake input specifications
-  and via the `fetchTree` built-in.
-
-* **Languages changes**: the only new language feature is that you can
-  now have antiquotations in paths, e.g. `./${foo}` instead of `./. +
-  foo`.
-
-* **New built-in functions**:
-
-  - `builtins.fetchTree` allows fetching a source tree using any
-    backends supported by the fetcher infrastructure. It subsumes the
-    functionality of existing built-ins like `fetchGit`,
-    `fetchMercurial` and `fetchTarball`.
-
-  - `builtins.getFlake` fetches a flake and returns its output
-    attributes. This function should not be used inside flakes! Use
-    flake inputs instead.
-
-  - `builtins.floor` and `builtins.ceil` round a floating-point number
-    down and up, respectively.
-
-* Experimental support for recursive Nix. This means that Nix
-  derivations can now call Nix to build other derivations. This is not
-  in a stable state yet and not well
-  [documented](https://github.com/NixOS/nix/commit/c4d7c76b641d82b2696fef73ce0ac160043c18da).
-
-* The new experimental feature `no-url-literals` disables URL
-  literals. This helps to implement [RFC
-  45](https://github.com/NixOS/rfcs/pull/45).
-
-* Nix now uses `libarchive` to decompress and unpack tarballs and zip
-  files, so `tar` is no longer required.
-
-* The priority of substituters can now be overridden using the
-  `priority` substituter setting (e.g. `--substituters
-  'http://cache.nixos.org?priority=100 daemon?priority=10'`).
-
-* `nix edit` now supports non-derivation attributes, e.g. `nix edit
-  .#nixosConfigurations.bla`.
-
-* The `nix` command now provides command line completion for `bash`,
-  `zsh` and `fish`. Since the support for getting completions is built
-  into `nix`, it's easy to add support for other shells.
-
-* The new `--log-format` flag selects what Nix's output looks like. It
-  defaults to a terse progress indicator. There is a new
-  `internal-json` output format for use by other programs.
-
-* `nix eval` has a new `--apply` flag that applies a function to the
-  evaluation result.
-
-* `nix eval` has a new `--write-to` flag that allows it to write a
-  nested attribute set of string leaves to a corresponding directory
-  tree.
-
-* Memory improvements: many operations that add paths to the store or
-  copy paths between stores now run in constant memory.
-
-* Many `nix` commands now support the flag `--derivation` to operate
-  on a `.drv` file itself instead of its outputs.
-
-* There is a new store called `dummy://` that does not support
-  building or adding paths. This is useful if you want to use the Nix
-  evaluator but don't have a Nix store.
-
-* The `ssh-ng://` store now allows substituting paths on the remote,
-  as `ssh://` already did.
-
-* When auto-calling a function with an ellipsis, all arguments are now
-  passed.
-
-* New `nix-shell` features:
-
-  - It preserves the `PS1` environment variable if
-    `NIX_SHELL_PRESERVE_PROMPT` is set.
-
-  - With `-p`, it passes any `--arg`s as Nixpkgs arguments.
-
-  - Support for structured attributes.
-
-* `nix-prefetch-url` has a new `--executable` flag.
-
-* On `x86_64` systems, [`x86_64` microarchitecture
-  levels](https://lwn.net/Articles/844831/) are mapped to additional
-  system types (e.g. `x86_64-v1-linux`).
-
-* The new `--eval-store` flag allows you to use a different store for
-  evaluation than for building or storing the build result. This is
-  primarily useful when you want to query whether something exists in
-  a read-only store, such as a binary cache:
-
-  ```
-  # nix path-info --json --store https://cache.nixos.org \
-    --eval-store auto nixpkgs#hello
-  ```
-
-  (Here `auto` indicates the local store.)
-
-* The Nix daemon has a new low-latency mechanism for copying
-  closures. This is useful when building on remote stores such as
-  `ssh-ng://`.
-
-* Plugins can now register `nix` subcommands.
-
-* The `--indirect` flag to `nix-store --add-root` has become a no-op.
-  `--add-root` will always generate indirect GC roots from now on.
-
-## Incompatible changes
-
-* The `nix` command is now marked as an experimental feature. This
-  means that you need to add
-
-  ```
-  experimental-features = nix-command
-  ```
-
-  to your `nix.conf` if you want to use it, or pass
-  `--extra-experimental-features nix-command` on the command line.
-
-* The `nix` command no longer has a syntax for referring to packages
-  in a channel. This means that the following no longer works:
-
-  ```console
-  nix build nixpkgs.hello # Nix 2.3
-  ```
-
-  Instead, you can either use the `#` syntax to select a package from
-  a flake, e.g.
-
-  ```console
-  nix build nixpkgs#hello
-  ```
-
-  Or, if you want to use the `nixpkgs` channel in the `NIX_PATH`
-  environment variable:
-
-  ```console
-  nix build -f '<nixpkgs>' hello
-  ```
-
-* The old `nix run` has been renamed to `nix shell`, while there is a
-  new `nix run` that runs a default command. So instead of
-
-  ```console
-  nix run nixpkgs.hello -c hello # Nix 2.3
-  ```
-
-  you should use
-
-  ```console
-  nix shell nixpkgs#hello -c hello
-  ```
-
-  or just
-
-  ```console
-  nix run nixpkgs#hello
-  ```
-
-  if the command you want to run has the same name as the package.
-
-* It is now an error to modify the `plugin-files` setting via a
-  command-line flag that appears after the first non-flag argument to
-  any command, including a subcommand to `nix`. For example,
-  `nix-instantiate default.nix --plugin-files ""` must now become
-  `nix-instantiate --plugin-files "" default.nix`.
-
-* We no longer release source tarballs. If you want to build from
-  source, please build from the tags in the Git repository.
-
-## Contributors
-
-This release has contributions from
-Adam Höse,
-Albert Safin,
-Alex Kovar,
-Alex Zero,
-Alexander Bantyev,
-Alexandre Esteves,
-Alyssa Ross,
-Anatole Lucet,
-Anders Kaseorg,
-Andreas Rammhold,
-Antoine Eiche,
-Antoine Martin,
-Arnout Engelen,
-Arthur Gautier,
-aszlig,
-Ben Burdette,
-Benjamin Hipple,
-Bernardo Meurer,
-Björn Gohla,
-Bjørn Forsman,
-Bob van der Linden,
-Brian Leung,
-Brian McKenna,
-Brian Wignall,
-Bruce Toll,
-Bryan Richter,
-Calle Rosenquist,
-Calvin Loncaric,
-Carlo Nucera,
-Carlos D'Agostino,
-Chaz Schlarp,
-Christian Höppner,
-Christian Kampka,
-Chua Hou,
-Chuck,
-Cole Helbling,
-Daiderd Jordan,
-Dan Callahan,
-Dani,
-Daniel Fitzpatrick,
-Danila Fedorin,
-Daniël de Kok,
-Danny Bautista,
-DavHau,
-David McFarland,
-Dima,
-Domen Kožar,
-Dominik Schrempf,
-Dominique Martinet,
-dramforever,
-Dustin DeWeese,
-edef,
-Eelco Dolstra,
-Ellie Hermaszewska,
-Emilio Karakey,
-Emily,
-Eric Culp,
-Ersin Akinci,
-Fabian Möller,
-Farid Zakaria,
-Federico Pellegrin,
-Finn Behrens,
-Florian Franzen,
-Félix Baylac-Jacqué,
-Gabriella Gonzalez,
-Geoff Reedy,
-Georges Dubus,
-Graham Christensen,
-Greg Hale,
-Greg Price,
-Gregor Kleen,
-Gregory Hale,
-Griffin Smith,
-Guillaume Bouchard,
-Harald van Dijk,
-illustris,
-Ivan Zvonimir Horvat,
-Jade,
-Jake Waksbaum,
-jakobrs,
-James Ottaway,
-Jan Tojnar,
-Janne Heß,
-Jaroslavas Pocepko,
-Jarrett Keifer,
-Jeremy Schlatter,
-Joachim Breitner,
-Joe Pea,
-John Ericson,
-Jonathan Ringer,
-Josef Kemetmüller,
-Joseph Lucas,
-Jude Taylor,
-Julian Stecklina,
-Julien Tanguy,
-Jörg Thalheim,
-Kai Wohlfahrt,
-keke,
-Keshav Kini,
-Kevin Quick,
-Kevin Stock,
-Kjetil Orbekk,
-Krzysztof Gogolewski,
-kvtb,
-Lars Mühmel,
-Leonhard Markert,
-Lily Ballard,
-Linus Heckemann,
-Lorenzo Manacorda,
-Lucas Desgouilles,
-Lucas Franceschino,
-Lucas Hoffmann,
-Luke Granger-Brown,
-Madeline Haraj,
-Marwan Aljubeh,
-Mat Marini,
-Mateusz Piotrowski,
-Matthew Bauer,
-Matthew Kenigsberg,
-Mauricio Scheffer,
-Maximilian Bosch,
-Michael Adler,
-Michael Bishop,
-Michael Fellinger,
-Michael Forney,
-Michael Reilly,
-mlatus,
-Mykola Orliuk,
-Nathan van Doorn,
-Naïm Favier,
-ng0,
-Nick Van den Broeck,
-Nicolas Stig124 Formichella,
-Niels Egberts,
-Niklas Hambüchen,
-Nikola Knezevic,
-oxalica,
-p01arst0rm,
-Pamplemousse,
-Patrick Hilhorst,
-Paul Opiyo,
-Pavol Rusnak,
-Peter Kolloch,
-Philipp Bartsch,
-Philipp Middendorf,
-Piotr Szubiakowski,
-Profpatsch,
-Puck Meerburg,
-Ricardo M. Correia,
-Rickard Nilsson,
-Robert Hensing,
-Robin Gloster,
-Rodrigo,
-Rok Garbas,
-Ronnie Ebrin,
-Rovanion Luckey,
-Ryan Burns,
-Ryan Mulligan,
-Ryne Everett,
-Sam Doshi,
-Sam Lidder,
-Samir Talwar,
-Samuel Dionne-Riel,
-Sebastian Ullrich,
-Sergei Trofimovich,
-Sevan Janiyan,
-Shao Cheng,
-Shea Levy,
-Silvan Mosberger,
-Stefan Frijters,
-Stefan Jaax,
-sternenseemann,
-Steven Shaw,
-Stéphan Kochen,
-SuperSandro2000,
-Suraj Barkale,
-Taeer Bar-Yam,
-Thomas Churchman,
-Théophane Hufschmitt,
-Timothy DeHerrera,
-Timothy Klim,
-Tobias Möst,
-Tobias Pflug,
-Tom Bereknyei,
-Travis A. Everett,
-Ujjwal Jain,
-Vladimír Čunát,
-Wil Taylor,
-Will Dietz,
-Yaroslav Bolyukin,
-Yestin L. Harrison,
-YI,
-Yorick van Pelt,
-Yuriy Taraday and
-zimbatm.
+# Release 2.4 (202X-XX-XX)
+
+  - It is now an error to modify the `plugin-files` setting via a
+    command-line flag that appears after the first non-flag argument
+    to any command, including a subcommand to `nix`. For example,
+    `nix-instantiate default.nix --plugin-files ""` must now become
+    `nix-instantiate --plugin-files "" default.nix`.
+  - Plugins that add new `nix` subcommands are now actually respected.

doc/manual/src/release-notes/rl-2.5.md

@@ -1,16 +0,0 @@
-# Release 2.5 (2021-12-13)
-
-* The garbage collector no longer blocks new builds, so the message
-  `waiting for the big garbage collector lock...` is a thing of the
-  past.
-
-* Binary cache stores now have a setting `compression-level`.
-
-* `nix develop` now has a flag `--unpack` to run `unpackPhase`.
-
-* Lists can now be compared lexicographically using the `<` operator.
-
-* New built-in function: `builtins.groupBy`, with the same functionality as
-  Nixpkgs' `lib.groupBy`, but faster.
-
-* `nix repl` now has a `:log` command.

doc/manual/src/release-notes/rl-2.6.md

@@ -1,21 +0,0 @@
-# Release 2.6 (2022-01-24)
-
-* The Nix CLI now searches for a `flake.nix` up until the root of the current
-  Git repository or a filesystem boundary rather than just in the current
-  directory.
-* The TOML parser used by `builtins.fromTOML` has been replaced by [a
-  more compliant one](https://github.com/ToruNiina/toml11).
-* Added `:st`/`:show-trace` commands to `nix repl`, which are used to
-  set or toggle display of error traces.
-* New builtin function `builtins.zipAttrsWith` with the same
-  functionality as `lib.zipAttrsWith` from Nixpkgs, but much more
-  efficient.
-* New command `nix store copy-log` to copy build logs from one store
-  to another.
-* The `commit-lockfile-summary` option can be set to a non-empty
-  string to override the commit summary used when commiting an updated
-  lockfile.  This may be used in conjunction with the `nixConfig`
-  attribute in `flake.nix` to better conform to repository
-  conventions.
-* `docker run -ti nixos/nix:master` will place you in the Docker
-  container with the latest version of Nix from the `master` branch.

doc/manual/src/release-notes/rl-2.7.md

@@ -1,33 +0,0 @@
-# Release 2.7 (2022-03-07)
-
-* Nix will now make some helpful suggestions when you mistype
-  something on the command line. For instance, if you type `nix build
-  nixpkgs#thunderbrd`, it will suggest `thunderbird`.
-
-* A number of "default" flake output attributes have been
-  renamed. These are:
-
-  * `defaultPackage.<system>` → `packages.<system>.default`
-  * `defaultApps.<system>` → `apps.<system>.default`
-  * `defaultTemplate` → `templates.default`
-  * `defaultBundler.<system>` → `bundlers.<system>.default`
-  * `overlay` → `overlays.default`
-  * `devShell.<system>` → `devShells.<system>.default`
-
-  The old flake output attributes still work, but `nix flake check`
-  will warn about them.
-
-* Breaking API change: `nix bundle` now supports bundlers of the form
-  `bundler.<system>.<name>= derivation: another-derivation;`. This
-  supports additional functionality to inspect evaluation information
-  during bundling. A new
-  [repository](https://github.com/NixOS/bundlers) has various bundlers
-  implemented.
-
-* `nix store ping` now reports the version of the remote Nix daemon.
-
-* `nix flake {init,new}` now display information about which files have been
-  created.
-
-* Templates can now define a `welcomeText` attribute, which is printed out by
-  `nix flake {init,new} --template <template>`.

doc/manual/src/release-notes/rl-2.8.md

@@ -1,53 +0,0 @@
-# Release 2.8 (2022-04-19)
-
-* New experimental command: `nix fmt`, which applies a formatter
-  defined by the `formatter.<system>` flake output to the Nix
-  expressions in a flake.
-
-* Various Nix commands can now read expressions from standard input
-  using `--file -`.
-
-* New experimental builtin function `builtins.fetchClosure` that
-  copies a closure from a binary cache at evaluation time and rewrites
-  it to content-addressed form (if it isn't already). Like
-  `builtins.storePath`, this allows importing pre-built store paths;
-  the difference is that it doesn't require the user to configure
-  binary caches and trusted public keys.
-
-  This function is only available if you enable the experimental
-  feature `fetch-closure`.
-
-* New experimental feature: *impure derivations*. These are
-  derivations that can produce a different result every time they're
-  built. Here is an example:
-
-  ```nix
-  stdenv.mkDerivation {
-    name = "impure";
-    __impure = true; # marks this derivation as impure
-    buildCommand = "date > $out";
-  }
-  ```
-
-  Running `nix build` twice on this expression will build the
-  derivation twice, producing two different content-addressed store
-  paths. Like fixed-output derivations, impure derivations have access
-  to the network. Only fixed-output derivations and impure derivations
-  can depend on an impure derivation.
-
-* `nix store make-content-addressable` has been renamed to `nix store
-  make-content-addressed`.
-
-* The `nixosModule` flake output attribute has been renamed consistent
-  with the `.default` renames in Nix 2.7.
-
-  * `nixosModule` → `nixosModules.default`
-
-  As before, the old output will continue to work, but `nix flake check` will
-  issue a warning about it.
-
-* `nix run` is now stricter in what it accepts: members of the `apps`
-  flake output are now required to be apps (as defined in [the
-  manual](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-run.html#apps)),
-  and members of `packages` or `legacyPackages` must be derivations
-  (not apps).

doc/manual/src/release-notes/rl-2.9.md

@@ -1,47 +0,0 @@
-# Release 2.9 (2022-05-30)
-
-* Running Nix with the new `--debugger` flag will cause it to start a
-  repl session if an exception is thrown during evaluation, or if
-  `builtins.break` is called.  From there you can inspect the values
-  of variables and evaluate Nix expressions.  In debug mode, the
-  following new repl commands are available:
-
-  ```
-  :env          Show env stack
-  :bt           Show trace stack
-  :st           Show current trace
-  :st <idx>     Change to another trace in the stack
-  :c            Go until end of program, exception, or builtins.break().
-  :s            Go one step
-  ```
-
-  Read more about the debugger
-  [here](https://www.zknotes.com/note/5970).
-
-* Nix now provides better integration with zsh's `run-help`
-  feature. It is now included in the Nix installation in the form of
-  an autoloadable shell function, `run-help-nix`. It picks up Nix
-  subcommands from the currently typed in command and directs the user
-  to the associated man pages.
-
-* `nix repl` has a new build-and-link (`:bl`) command that builds a
-  derivation while creating GC root symlinks.
-
-* The path produced by `builtins.toFile` is now allowed to be imported
-  or read even with restricted evaluation. Note that this will not
-  work with a read-only store.
-
-* `nix build` has a new `--print-out-paths` flag to print the
-  resulting output paths.  This matches the default behaviour of
-  `nix-build`.
-
-* You can now specify which outputs of a derivation `nix` should
-  operate on using the syntax `installable^outputs`,
-  e.g. `nixpkgs#glibc^dev,static` or `nixpkgs#glibc^*`. By default,
-  `nix` will use the outputs specified by the derivation's
-  `meta.outputsToInstall` attribute if it exists, or all outputs
-  otherwise.
-
-* `builtins.fetchTree` (and flake inputs) can now be used to fetch
-  plain files over the `http(s)` and `file` protocols in addition to
-  directory tarballs.

doc/manual/src/release-notes/rl-next.md

@@ -1,2 +0,0 @@
-# Release X.Y (202?-??-??)
-

doc/manual/utils.nix

@@ -5,32 +5,6 @@ rec {
 
   concatStrings = concatStringsSep "";
 
-  replaceStringsRec = from: to: string:
-    # recursively replace occurrences of `from` with `to` within `string`
-    # example:
-    #     replaceStringRec "--" "-" "hello-----world"
-    #     => "hello-world"
-    let
-      replaced = replaceStrings [ from ] [ to ] string;
-    in
-      if replaced == string then string else replaceStringsRec from to replaced;
-
-  squash = replaceStringsRec "\n\n\n" "\n\n";
-
-  trim = string:
-    # trim trailing spaces and squash non-leading spaces
-    let
-      trimLine = line:
-        let
-          # separate leading spaces from the rest
-          parts = split "(^ *)" line;
-          spaces = head (elemAt parts 1);
-          rest = elemAt parts 2;
-          # drop trailing spaces
-          body = head (split " *$" rest);
-        in spaces + replaceStringsRec "  " " " body;
-    in concatStringsSep "\n" (map trimLine (splitLines string));
-
   # FIXME: O(n^2)
   unique = foldl' (acc: e: if elem e acc then acc else acc ++ [ e ]) [];
 

docker.nix

@@ -1,288 +0,0 @@
-{ pkgs ? import <nixpkgs> { }
-, lib ? pkgs.lib
-, name ? "nix"
-, tag ? "latest"
-, bundleNixpkgs ? true
-, channelName ? "nixpkgs"
-, channelURL ? "https://nixos.org/channels/nixpkgs-unstable"
-, extraPkgs ? []
-, maxLayers ? 100
-, nixConf ? {}
-}:
-let
-  defaultPkgs = with pkgs; [
-    nix
-    bashInteractive
-    coreutils-full
-    gnutar
-    gzip
-    gnugrep
-    which
-    curl
-    less
-    wget
-    man
-    cacert.out
-    findutils
-    iana-etc
-    git
-    openssh
-  ] ++ extraPkgs;
-
-  users = {
-
-    root = {
-      uid = 0;
-      shell = "${pkgs.bashInteractive}/bin/bash";
-      home = "/root";
-      gid = 0;
-      groups = [ "root" ];
-      description = "System administrator";
-    };
-
-    nobody = {
-      uid = 65534;
-      shell = "${pkgs.shadow}/bin/nologin";
-      home = "/var/empty";
-      gid = 65534;
-      groups = [ "nobody" ];
-      description = "Unprivileged account (don't use!)";
-    };
-
-  } // lib.listToAttrs (
-    map
-      (
-        n: {
-          name = "nixbld${toString n}";
-          value = {
-            uid = 30000 + n;
-            gid = 30000;
-            groups = [ "nixbld" ];
-            description = "Nix build user ${toString n}";
-          };
-        }
-      )
-      (lib.lists.range 1 32)
-  );
-
-  groups = {
-    root.gid = 0;
-    nixbld.gid = 30000;
-    nobody.gid = 65534;
-  };
-
-  userToPasswd = (
-    k:
-    { uid
-    , gid ? 65534
-    , home ? "/var/empty"
-    , description ? ""
-    , shell ? "/bin/false"
-    , groups ? [ ]
-    }: "${k}:x:${toString uid}:${toString gid}:${description}:${home}:${shell}"
-  );
-  passwdContents = (
-    lib.concatStringsSep "\n"
-      (lib.attrValues (lib.mapAttrs userToPasswd users))
-  );
-
-  userToShadow = k: { ... }: "${k}:!:1::::::";
-  shadowContents = (
-    lib.concatStringsSep "\n"
-      (lib.attrValues (lib.mapAttrs userToShadow users))
-  );
-
-  # Map groups to members
-  # {
-  #   group = [ "user1" "user2" ];
-  # }
-  groupMemberMap = (
-    let
-      # Create a flat list of user/group mappings
-      mappings = (
-        builtins.foldl'
-          (
-            acc: user:
-              let
-                groups = users.${user}.groups or [ ];
-              in
-              acc ++ map
-                (group: {
-                  inherit user group;
-                })
-                groups
-          )
-          [ ]
-          (lib.attrNames users)
-      );
-    in
-    (
-      builtins.foldl'
-        (
-          acc: v: acc // {
-            ${v.group} = acc.${v.group} or [ ] ++ [ v.user ];
-          }
-        )
-        { }
-        mappings)
-  );
-
-  groupToGroup = k: { gid }:
-    let
-      members = groupMemberMap.${k} or [ ];
-    in
-    "${k}:x:${toString gid}:${lib.concatStringsSep "," members}";
-  groupContents = (
-    lib.concatStringsSep "\n"
-      (lib.attrValues (lib.mapAttrs groupToGroup groups))
-  );
-
-  defaultNixConf = {
-    sandbox = "false";
-    build-users-group = "nixbld";
-    trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
-  };
-
-  nixConfContents = (lib.concatStringsSep "\n" (lib.mapAttrsFlatten (n: v:
-    let
-      vStr = if builtins.isList v then lib.concatStringsSep " " v else v;
-    in
-      "${n} = ${vStr}") (defaultNixConf // nixConf))) + "\n";
-
-  baseSystem =
-    let
-      nixpkgs = pkgs.path;
-      channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
-        mkdir $out
-        if [ "$bundleNixpkgs" ]; then
-          ln -s ${nixpkgs} $out/nixpkgs
-          echo "[]" > $out/manifest.nix
-        fi
-      '';
-      rootEnv = pkgs.buildPackages.buildEnv {
-        name = "root-profile-env";
-        paths = defaultPkgs;
-      };
-      manifest = pkgs.buildPackages.runCommand "manifest.nix" { } ''
-        cat > $out <<EOF
-        [
-        ${lib.concatStringsSep "\n" (builtins.map (drv: let
-          outputs = drv.outputsToInstall or [ "out" ];
-        in ''
-          {
-            ${lib.concatStringsSep "\n" (builtins.map (output: ''
-              ${output} = { outPath = "${lib.getOutput output drv}"; };
-            '') outputs)}
-            outputs = [ ${lib.concatStringsSep " " (builtins.map (x: "\"${x}\"") outputs)} ];
-            name = "${drv.name}";
-            outPath = "${drv}";
-            system = "${drv.system}";
-            type = "derivation";
-            meta = { };
-          }
-        '') defaultPkgs)}
-        ]
-        EOF
-      '';
-      profile = pkgs.buildPackages.runCommand "user-environment" { } ''
-        mkdir $out
-        cp -a ${rootEnv}/* $out/
-        ln -s ${manifest} $out/manifest.nix
-      '';
-    in
-    pkgs.runCommand "base-system"
-      {
-        inherit passwdContents groupContents shadowContents nixConfContents;
-        passAsFile = [
-          "passwdContents"
-          "groupContents"
-          "shadowContents"
-          "nixConfContents"
-        ];
-        allowSubstitutes = false;
-        preferLocalBuild = true;
-      } ''
-      env
-      set -x
-      mkdir -p $out/etc
-
-      mkdir -p $out/etc/ssl/certs
-      ln -s /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs
-
-      cat $passwdContentsPath > $out/etc/passwd
-      echo "" >> $out/etc/passwd
-
-      cat $groupContentsPath > $out/etc/group
-      echo "" >> $out/etc/group
-
-      cat $shadowContentsPath > $out/etc/shadow
-      echo "" >> $out/etc/shadow
-
-      mkdir -p $out/usr
-      ln -s /nix/var/nix/profiles/share $out/usr/
-
-      mkdir -p $out/nix/var/nix/gcroots
-
-      mkdir $out/tmp
-
-      mkdir -p $out/var/tmp
-
-      mkdir -p $out/etc/nix
-      cat $nixConfContentsPath > $out/etc/nix/nix.conf
-
-      mkdir -p $out/root
-      mkdir -p $out/nix/var/nix/profiles/per-user/root
-
-      ln -s ${profile} $out/nix/var/nix/profiles/default-1-link
-      ln -s $out/nix/var/nix/profiles/default-1-link $out/nix/var/nix/profiles/default
-      ln -s /nix/var/nix/profiles/default $out/root/.nix-profile
-
-      ln -s ${channel} $out/nix/var/nix/profiles/per-user/root/channels-1-link
-      ln -s $out/nix/var/nix/profiles/per-user/root/channels-1-link $out/nix/var/nix/profiles/per-user/root/channels
-
-      mkdir -p $out/root/.nix-defexpr
-      ln -s $out/nix/var/nix/profiles/per-user/root/channels $out/root/.nix-defexpr/channels
-      echo "${channelURL} ${channelName}" > $out/root/.nix-channels
-
-      mkdir -p $out/bin $out/usr/bin
-      ln -s ${pkgs.coreutils}/bin/env $out/usr/bin/env
-      ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/sh
-    '';
-
-in
-pkgs.dockerTools.buildLayeredImageWithNixDb {
-
-  inherit name tag maxLayers;
-
-  contents = [ baseSystem ];
-
-  extraCommands = ''
-    rm -rf nix-support
-    ln -s /nix/var/nix/profiles nix/var/nix/gcroots/profiles
-  '';
-  fakeRootCommands = ''
-    chmod 1777 tmp
-    chmod 1777 var/tmp
-  '';
-
-  config = {
-    Cmd = [ "/root/.nix-profile/bin/bash" ];
-    Env = [
-      "USER=root"
-      "PATH=${lib.concatStringsSep ":" [
-        "/root/.nix-profile/bin"
-        "/nix/var/nix/profiles/default/bin"
-        "/nix/var/nix/profiles/default/sbin"
-      ]}"
-      "MANPATH=${lib.concatStringsSep ":" [
-        "/root/.nix-profile/share/man"
-        "/nix/var/nix/profiles/default/share/man"
-      ]}"
-      "SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
-      "GIT_SSL_CAINFO=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
-      "NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
-      "NIX_PATH=/nix/var/nix/profiles/per-user/root/channels:/root/.nix-defexpr/channels"
-    ];
-  };
-
-}

flake.lock

@@ -3,56 +3,39 @@
     "lowdown-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1633514407,
-        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "lastModified": 1617481909,
+        "narHash": "sha256-SqnfOFuLuVRRNeVJr1yeEPJue/qWoCp5N6o5Kr///p4=",
         "owner": "kristapsdz",
         "repo": "lowdown",
-        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "rev": "148f9b2f586c41b7e36e73009db43ea68c7a1a4d",
         "type": "github"
       },
       "original": {
         "owner": "kristapsdz",
+        "ref": "VERSION_0_8_4",
         "repo": "lowdown",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1670461440,
-        "narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=",
+        "lastModified": 1624862269,
+        "narHash": "sha256-JFcsh2+7QtfKdJFoPibLFPLgIW6Ycnv8Bts9a7RYme0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425",
+        "rev": "f77036342e2b690c61c97202bf48f2ce13acc022",
         "type": "github"
       },
       "original": {
-        "owner": "NixOS",
-        "ref": "nixos-22.11-small",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-regression": {
-      "locked": {
-        "lastModified": 1643052045,
-        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
-        "type": "github"
+        "id": "nixpkgs",
+        "ref": "nixos-21.05-small",
+        "type": "indirect"
       }
     },
     "root": {
       "inputs": {
         "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-regression": "nixpkgs-regression"
+        "nixpkgs": "nixpkgs"
       }
     }
   },

flake.nix

@@ -1,60 +1,36 @@
 {
   description = "The purely functional package manager";
 
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small";
-  inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2";
-  inputs.lowdown-src = { url = "github:kristapsdz/lowdown"; flake = false; };
+  inputs.nixpkgs.url = "nixpkgs/nixos-21.05-small";
+  inputs.lowdown-src = { url = "github:kristapsdz/lowdown/VERSION_0_8_4"; flake = false; };
 
-  outputs = { self, nixpkgs, nixpkgs-regression, lowdown-src }:
+  outputs = { self, nixpkgs, lowdown-src }:
 
     let
 
-      officialRelease = true;
-
-      version = nixpkgs.lib.fileContents ./.version + versionSuffix;
+      version = builtins.readFile ./.version + versionSuffix;
       versionSuffix =
         if officialRelease
         then ""
         else "pre${builtins.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}_${self.shortRev or "dirty"}";
 
+      officialRelease = false;
+
       linux64BitSystems = [ "x86_64-linux" "aarch64-linux" ];
       linuxSystems = linux64BitSystems ++ [ "i686-linux" ];
       systems = linuxSystems ++ [ "x86_64-darwin" "aarch64-darwin" ];
 
-      crossSystems = [ "armv6l-linux" "armv7l-linux" ];
-
-      stdenvs = [ "gccStdenv" "clangStdenv" "clang11Stdenv" "stdenv" "libcxxStdenv" "ccacheStdenv" ];
-
       forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
-      forAllSystemsAndStdenvs = f: forAllSystems (system:
-        nixpkgs.lib.listToAttrs
-          (map
-            (n:
-            nixpkgs.lib.nameValuePair "${n}Packages" (
-              f system n
-            )) stdenvs
-          )
-      );
-
-      forAllStdenvs = f: nixpkgs.lib.genAttrs stdenvs (stdenv: f stdenv);
 
       # Memoize nixpkgs for different platforms for efficiency.
-      nixpkgsFor =
-        let stdenvsPackages = forAllSystemsAndStdenvs
-          (system: stdenv:
-            import nixpkgs {
-              inherit system;
-              overlays = [
-                (overlayFor (p: p.${stdenv}))
-              ];
-            }
-          );
-        in
-        # Add the `stdenvPackages` at toplevel, both because these are the ones
-        # we want most of the time and for backwards compatibility
-        forAllSystems (system: stdenvsPackages.${system} // stdenvsPackages.${system}.stdenvPackages);
+      nixpkgsFor = forAllSystems (system:
+        import nixpkgs {
+          inherit system;
+          overlays = [ self.overlay ];
+        }
+      );
 
-      commonDeps = { pkgs, isStatic ? false }: with pkgs; rec {
+      commonDeps = pkgs: with pkgs; rec {
         # Use "busybox-sandbox-shell" if present,
         # if not (legacy) fallback and hope it's sufficient.
         sh = pkgs.busybox-sandbox-shell or (busybox.override {
@@ -83,30 +59,27 @@
 
         configureFlags =
           lib.optionals stdenv.isLinux [
-            "--with-boost=${boost}/lib"
             "--with-sandbox-shell=${sh}/bin/busybox"
-          ]
-          ++ lib.optionals (stdenv.isLinux && !(isStatic && stdenv.system == "aarch64-linux")) [
             "LDFLAGS=-fuse-ld=gold"
           ];
 
+
         nativeBuildDeps =
           [
             buildPackages.bison
             buildPackages.flex
-            (lib.getBin buildPackages.lowdown-nix)
+            (lib.getBin buildPackages.lowdown)
             buildPackages.mdbook
-            buildPackages.mdbook-linkcheck
             buildPackages.autoconf-archive
             buildPackages.autoreconfHook
-            buildPackages.pkg-config
+            buildPackages.pkgconfig
 
             # Tests
             buildPackages.git
-            buildPackages.mercurial # FIXME: remove? only needed for tests
-            buildPackages.jq # Also for custom mdBook preprocessor.
+            buildPackages.mercurial
+            buildPackages.jq
           ]
-          ++ lib.optionals stdenv.hostPlatform.isLinux [(buildPackages.util-linuxMinimal or buildPackages.utillinuxMinimal)];
+          ++ lib.optionals stdenv.isLinux [(pkgs.util-linuxMinimal or pkgs.utillinuxMinimal)];
 
         buildDeps =
           [ curl
@@ -114,12 +87,13 @@
             openssl sqlite
             libarchive
             boost
-            lowdown-nix
-            gtest
+            nlohmann_json
+            lowdown
+            gmock
           ]
           ++ lib.optionals stdenv.isLinux [libseccomp]
           ++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium
-          ++ lib.optional stdenv.hostPlatform.isx86_64 libcpuid;
+          ++ lib.optional stdenv.isx86_64 libcpuid;
 
         awsDeps = lib.optional (stdenv.isLinux || stdenv.isDarwin)
           (aws-sdk-cpp.override {
@@ -128,27 +102,25 @@
           });
 
         propagatedDeps =
-          [ ((boehmgc.override {
-              enableLargeConfig = true;
-            }).overrideAttrs(o: {
-              patches = (o.patches or []) ++ [
-                ./boehmgc-coroutine-sp-fallback.diff
-              ];
-            })
-            )
-            nlohmann_json
+          [ (boehmgc.override { enableLargeConfig = true; })
+          ];
+
+        perlDeps =
+          [ perl
+            perlPackages.DBDSQLite
           ];
       };
 
-      installScriptFor = systems:
-        with nixpkgsFor.x86_64-linux;
+    installScriptFor = systems:
+      with nixpkgsFor.x86_64-linux;
         runCommand "installer-script"
           { buildInputs = [ nix ];
           }
           ''
             mkdir -p $out/nix-support
 
-            # Converts /nix/store/50p3qk8k...-nix-2.4pre20201102_550e11f/bin/nix to 50p3qk8k.../bin/nix.
+            # Converts /nix/store/50p3qk8kka9dl6wyq40vydq945k0j3kv-nix-2.4pre20201102_550e11f/bin/nix
+            # To 50p3qk8kka9dl6wyq40vydq945k0j3kv/bin/nix
             tarballPath() {
               # Remove the store prefix
               local path=''${1#${builtins.storeDir}/}
@@ -161,11 +133,10 @@
 
             substitute ${./scripts/install.in} $out/install \
               ${pkgs.lib.concatMapStrings
-                (system: let
-                    tarball = if builtins.elem system crossSystems then self.hydraJobs.binaryTarballCross.x86_64-linux.${system} else self.hydraJobs.binaryTarball.${system};
-                  in '' \
-                  --replace '@tarballHash_${system}@' $(nix --experimental-features nix-command hash-file --base16 --type sha256 ${tarball}/*.tar.xz) \
-                  --replace '@tarballPath_${system}@' $(tarballPath ${tarball}/*.tar.xz) \
+                (system:
+                  '' \
+                  --replace '@tarballHash_${system}@' $(nix --experimental-features nix-command hash-file --base16 --type sha256 ${self.hydraJobs.binaryTarball.${system}}/*.tar.xz) \
+                  --replace '@tarballPath_${system}@' $(tarballPath ${self.hydraJobs.binaryTarball.${system}}/*.tar.xz) \
                   ''
                 )
                 systems
@@ -174,15 +145,13 @@
             echo "file installer $out/install" >> $out/nix-support/hydra-build-products
           '';
 
-      testNixVersions = pkgs: client: daemon: with commonDeps { inherit pkgs; }; with pkgs.lib; pkgs.stdenv.mkDerivation {
+      testNixVersions = pkgs: client: daemon: with commonDeps pkgs; pkgs.stdenv.mkDerivation {
         NIX_DAEMON_PACKAGE = daemon;
         NIX_CLIENT_PACKAGE = client;
-        name =
-          "nix-tests"
-          + optionalString
-            (versionAtLeast daemon.version "2.4pre20211005" &&
-             versionAtLeast client.version "2.4pre20211005")
-            "-${client.version}-against-${daemon.version}";
+        # Must keep this name short as OSX has a rather strict limit on the
+        # socket path length, and this name appears in the path of the
+        # nix-daemon socket used in the tests
+        name = "nix-tests";
         inherit version;
 
         src = self;
@@ -201,216 +170,132 @@
         installPhase = ''
           mkdir -p $out
         '';
+        installCheckPhase = "make installcheck";
 
-        installCheckPhase = "make installcheck -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES";
       };
 
-      binaryTarball = buildPackages: nix: pkgs:
-        let
-          inherit (pkgs) cacert;
-          installerClosureInfo = buildPackages.closureInfo { rootPaths = [ nix cacert ]; };
-        in
-
-        buildPackages.runCommand "nix-binary-tarball-${version}"
-          { #nativeBuildInputs = lib.optional (system != "aarch64-linux") shellcheck;
-            meta.description = "Distribution-independent Nix bootstrap binaries for ${pkgs.system}";
-          }
-          ''
-            cp ${installerClosureInfo}/registration $TMPDIR/reginfo
-            cp ${./scripts/create-darwin-volume.sh} $TMPDIR/create-darwin-volume.sh
-            substitute ${./scripts/install-nix-from-closure.sh} $TMPDIR/install \
-              --subst-var-by nix ${nix} \
-              --subst-var-by cacert ${cacert}
-
-            substitute ${./scripts/install-darwin-multi-user.sh} $TMPDIR/install-darwin-multi-user.sh \
-              --subst-var-by nix ${nix} \
-              --subst-var-by cacert ${cacert}
-            substitute ${./scripts/install-systemd-multi-user.sh} $TMPDIR/install-systemd-multi-user.sh \
-              --subst-var-by nix ${nix} \
-              --subst-var-by cacert ${cacert}
-            substitute ${./scripts/install-multi-user.sh} $TMPDIR/install-multi-user \
-              --subst-var-by nix ${nix} \
-              --subst-var-by cacert ${cacert}
-
-            if type -p shellcheck; then
-              # SC1090: Don't worry about not being able to find
-              #         $nix/etc/profile.d/nix.sh
-              shellcheck --exclude SC1090 $TMPDIR/install
-              shellcheck $TMPDIR/create-darwin-volume.sh
-              shellcheck $TMPDIR/install-darwin-multi-user.sh
-              shellcheck $TMPDIR/install-systemd-multi-user.sh
-
-              # SC1091: Don't panic about not being able to source
-              #         /etc/profile
-              # SC2002: Ignore "useless cat" "error", when loading
-              #         .reginfo, as the cat is a much cleaner
-              #         implementation, even though it is "useless"
-              # SC2116: Allow ROOT_HOME=$(echo ~root) for resolving
-              #         root's home directory
-              shellcheck --external-sources \
-                --exclude SC1091,SC2002,SC2116 $TMPDIR/install-multi-user
-            fi
-
-            chmod +x $TMPDIR/install
-            chmod +x $TMPDIR/create-darwin-volume.sh
-            chmod +x $TMPDIR/install-darwin-multi-user.sh
-            chmod +x $TMPDIR/install-systemd-multi-user.sh
-            chmod +x $TMPDIR/install-multi-user
-            dir=nix-${version}-${pkgs.system}
-            fn=$out/$dir.tar.xz
-            mkdir -p $out/nix-support
-            echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products
-            tar cvfJ $fn \
-              --owner=0 --group=0 --mode=u+rw,uga+r \
-              --mtime='1970-01-01' \
-              --absolute-names \
-              --hard-dereference \
-              --transform "s,$TMPDIR/install,$dir/install," \
-              --transform "s,$TMPDIR/create-darwin-volume.sh,$dir/create-darwin-volume.sh," \
-              --transform "s,$TMPDIR/reginfo,$dir/.reginfo," \
-              --transform "s,$NIX_STORE,$dir/store,S" \
-              $TMPDIR/install \
-              $TMPDIR/create-darwin-volume.sh \
-              $TMPDIR/install-darwin-multi-user.sh \
-              $TMPDIR/install-systemd-multi-user.sh \
-              $TMPDIR/install-multi-user \
-              $TMPDIR/reginfo \
-              $(cat ${installerClosureInfo}/store-paths)
-          '';
-
-      overlayFor = getStdenv: final: prev:
-        let currentStdenv = getStdenv final; in
-        {
-          nixStable = prev.nix;
-
-          # Forward from the previous stage as we don’t want it to pick the lowdown override
-          nixUnstable = prev.nixUnstable;
-
-          nix = with final; with commonDeps { inherit pkgs; }; currentStdenv.mkDerivation {
-            name = "nix-${version}";
-            inherit version;
-
-            src = self;
-
-            VERSION_SUFFIX = versionSuffix;
-
-            outputs = [ "out" "dev" "doc" ];
-
-            nativeBuildInputs = nativeBuildDeps;
-            buildInputs = buildDeps ++ awsDeps;
-
-            propagatedBuildInputs = propagatedDeps;
-
-            disallowedReferences = [ boost ];
-
-            preConfigure =
-              ''
-                # Copy libboost_context so we don't get all of Boost in our closure.
-                # https://github.com/NixOS/nixpkgs/issues/45462
-                mkdir -p $out/lib
-                cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
-                rm -f $out/lib/*.a
-                ${lib.optionalString currentStdenv.isLinux ''
-                  chmod u+w $out/lib/*.so.*
-                  patchelf --set-rpath $out/lib:${currentStdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
-                ''}
-                ${lib.optionalString currentStdenv.isDarwin ''
-                  for LIB in $out/lib/*.dylib; do
-                    chmod u+w $LIB
-                    install_name_tool -id $LIB $LIB
-                    install_name_tool -delete_rpath ${boost}/lib/ $LIB || true
-                  done
-                  install_name_tool -change ${boost}/lib/libboost_system.dylib $out/lib/libboost_system.dylib $out/lib/libboost_thread.dylib
-                ''}
-              '';
-
-            configureFlags = configureFlags ++
-              [ "--sysconfdir=/etc" ];
-
-            enableParallelBuilding = true;
-
-            makeFlags = "profiledir=$(out)/etc/profile.d PRECOMPILE_HEADERS=1";
-
-            doCheck = true;
-
-            installFlags = "sysconfdir=$(out)/etc";
-
-            postInstall = ''
-              mkdir -p $doc/nix-support
-              echo "doc manual $doc/share/doc/nix/manual" >> $doc/nix-support/hydra-build-products
-              ${lib.optionalString currentStdenv.isDarwin ''
-              install_name_tool \
-                -change ${boost}/lib/libboost_context.dylib \
-                $out/lib/libboost_context.dylib \
-                $out/lib/libnixutil.dylib
-              ''}
-            '';
-
-            doInstallCheck = true;
-            installCheckFlags = "sysconfdir=$(out)/etc";
-
-            separateDebugInfo = true;
-
-            strictDeps = true;
-
-            passthru.perl-bindings = with final; perl.pkgs.toPerlModule (currentStdenv.mkDerivation {
-              name = "nix-perl-${version}";
-
-              src = self;
-
-              nativeBuildInputs =
-                [ buildPackages.autoconf-archive
-                  buildPackages.autoreconfHook
-                  buildPackages.pkg-config
-                ];
-
-              buildInputs =
-                [ nix
-                  curl
-                  bzip2
-                  xz
-                  pkgs.perl
-                  boost
-                ]
-                ++ lib.optional (currentStdenv.isLinux || currentStdenv.isDarwin) libsodium
-                ++ lib.optional currentStdenv.isDarwin darwin.apple_sdk.frameworks.Security;
-
-              configureFlags = [
-                "--with-dbi=${perlPackages.DBI}/${pkgs.perl.libPrefix}"
-                "--with-dbd-sqlite=${perlPackages.DBDSQLite}/${pkgs.perl.libPrefix}"
-              ];
-
-              enableParallelBuilding = true;
-
-              postUnpack = "sourceRoot=$sourceRoot/perl";
-            });
-
-            meta.platforms = systems;
-          };
-
-          lowdown-nix = with final; currentStdenv.mkDerivation rec {
-            name = "lowdown-0.9.0";
-
-            src = lowdown-src;
-
-            outputs = [ "out" "bin" "dev" ];
-
-            nativeBuildInputs = [ buildPackages.which ];
-
-            configurePhase = ''
-                ${if (currentStdenv.isDarwin && currentStdenv.isAarch64) then "echo \"HAVE_SANDBOX_INIT=false\" > configure.local" else ""}
-                ./configure \
-                  PREFIX=${placeholder "dev"} \
-                  BINDIR=${placeholder "bin"}/bin
-            '';
-          };
-        };
-
     in {
 
       # A Nixpkgs overlay that overrides the 'nix' and
       # 'nix.perl-bindings' packages.
-      overlays.default = overlayFor (p: p.stdenv);
+      overlay = final: prev: {
+
+        # An older version of Nix to test against when using the daemon.
+        # Currently using `nixUnstable` as the stable one doesn't respect
+        # `NIX_DAEMON_SOCKET_PATH` which is needed for the tests.
+        nixStable = prev.nix;
+
+        nix = with final; with commonDeps pkgs; stdenv.mkDerivation {
+          name = "nix-${version}";
+          inherit version;
+
+          src = self;
+
+          VERSION_SUFFIX = versionSuffix;
+
+          outputs = [ "out" "dev" "doc" ];
+
+          nativeBuildInputs = nativeBuildDeps;
+          buildInputs = buildDeps ++ awsDeps;
+
+          propagatedBuildInputs = propagatedDeps;
+
+          preConfigure =
+            ''
+              # Copy libboost_context so we don't get all of Boost in our closure.
+              # https://github.com/NixOS/nixpkgs/issues/45462
+              mkdir -p $out/lib
+              cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
+              rm -f $out/lib/*.a
+              ${lib.optionalString stdenv.isLinux ''
+                chmod u+w $out/lib/*.so.*
+                patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
+              ''}
+            '';
+
+          configureFlags = configureFlags ++
+            [ "--sysconfdir=/etc" ];
+
+          enableParallelBuilding = true;
+
+          makeFlags = "profiledir=$(out)/etc/profile.d PRECOMPILE_HEADERS=1";
+
+          doCheck = true;
+
+          installFlags = "sysconfdir=$(out)/etc";
+
+          postInstall = ''
+            mkdir -p $doc/nix-support
+            echo "doc manual $doc/share/doc/nix/manual" >> $doc/nix-support/hydra-build-products
+          '';
+
+          doInstallCheck = true;
+          installCheckFlags = "sysconfdir=$(out)/etc";
+
+          separateDebugInfo = true;
+
+          strictDeps = true;
+
+          passthru.perl-bindings = with final; stdenv.mkDerivation {
+            name = "nix-perl-${version}";
+
+            src = self;
+
+            nativeBuildInputs =
+              [ buildPackages.autoconf-archive
+                buildPackages.autoreconfHook
+                buildPackages.pkgconfig
+              ];
+
+            buildInputs =
+              [ nix
+                curl
+                bzip2
+                xz
+                pkgs.perl
+                boost
+                nlohmann_json
+              ]
+              ++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium
+              ++ lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
+
+            configureFlags = ''
+              --with-dbi=${perlPackages.DBI}/${pkgs.perl.libPrefix}
+              --with-dbd-sqlite=${perlPackages.DBDSQLite}/${pkgs.perl.libPrefix}
+            '';
+
+            enableParallelBuilding = true;
+
+            postUnpack = "sourceRoot=$sourceRoot/perl";
+          };
+
+        };
+
+        lowdown = with final; stdenv.mkDerivation rec {
+          name = "lowdown-0.8.4";
+
+          /*
+          src = fetchurl {
+            url = "https://kristaps.bsd.lv/lowdown/snapshots/${name}.tar.gz";
+            hash = "sha512-U9WeGoInT9vrawwa57t6u9dEdRge4/P+0wLxmQyOL9nhzOEUU2FRz2Be9H0dCjYE7p2v3vCXIYk40M+jjULATw==";
+          };
+          */
+
+          src = lowdown-src;
+
+          outputs = [ "out" "bin" "dev" ];
+
+          nativeBuildInputs = [ which ];
+
+          configurePhase = ''
+              ${if (stdenv.isDarwin && stdenv.isAarch64) then "echo \"HAVE_SANDBOX_INIT=false\" > configure.local" else ""}
+              ./configure \
+                PREFIX=${placeholder "dev"} \
+                BINDIR=${placeholder "bin"}/bin
+            '';
+        };
+
+      };
 
       hydraJobs = {
 
@@ -419,43 +304,97 @@
 
         buildStatic = nixpkgs.lib.genAttrs linux64BitSystems (system: self.packages.${system}.nix-static);
 
-        buildCross = nixpkgs.lib.genAttrs crossSystems (crossSystem:
-          nixpkgs.lib.genAttrs ["x86_64-linux"] (system: self.packages.${system}."nix-${crossSystem}"));
-
-        buildNoGc = nixpkgs.lib.genAttrs systems (system: self.packages.${system}.nix.overrideAttrs (a: { configureFlags = (a.configureFlags or []) ++ ["--enable-gc=no"];}));
-
         # Perl bindings for various platforms.
         perlBindings = nixpkgs.lib.genAttrs systems (system: self.packages.${system}.nix.perl-bindings);
 
         # Binary tarball for various platforms, containing a Nix store
         # with the closure of 'nix' package, and the second half of
         # the installation script.
-        binaryTarball = nixpkgs.lib.genAttrs systems (system: binaryTarball nixpkgsFor.${system} nixpkgsFor.${system}.nix nixpkgsFor.${system});
+        binaryTarball = nixpkgs.lib.genAttrs systems (system:
 
-        binaryTarballCross = nixpkgs.lib.genAttrs ["x86_64-linux"] (system: builtins.listToAttrs (map (crossSystem: {
-          name = crossSystem;
-          value = let
-            nixpkgsCross = import nixpkgs {
-              inherit system crossSystem;
-              overlays = [ self.overlays.default ];
-            };
-          in binaryTarball nixpkgsFor.${system} self.packages.${system}."nix-${crossSystem}" nixpkgsCross;
-        }) crossSystems));
+          with nixpkgsFor.${system};
+
+          let
+            installerClosureInfo = closureInfo { rootPaths = [ nix cacert ]; };
+          in
+
+          runCommand "nix-binary-tarball-${version}"
+            { #nativeBuildInputs = lib.optional (system != "aarch64-linux") shellcheck;
+              meta.description = "Distribution-independent Nix bootstrap binaries for ${system}";
+            }
+            ''
+              cp ${installerClosureInfo}/registration $TMPDIR/reginfo
+              cp ${./scripts/create-darwin-volume.sh} $TMPDIR/create-darwin-volume.sh
+              substitute ${./scripts/install-nix-from-closure.sh} $TMPDIR/install \
+                --subst-var-by nix ${nix} \
+                --subst-var-by cacert ${cacert}
+
+              substitute ${./scripts/install-darwin-multi-user.sh} $TMPDIR/install-darwin-multi-user.sh \
+                --subst-var-by nix ${nix} \
+                --subst-var-by cacert ${cacert}
+              substitute ${./scripts/install-systemd-multi-user.sh} $TMPDIR/install-systemd-multi-user.sh \
+                --subst-var-by nix ${nix} \
+                --subst-var-by cacert ${cacert}
+              substitute ${./scripts/install-multi-user.sh} $TMPDIR/install-multi-user \
+                --subst-var-by nix ${nix} \
+                --subst-var-by cacert ${cacert}
+
+              if type -p shellcheck; then
+                # SC1090: Don't worry about not being able to find
+                #         $nix/etc/profile.d/nix.sh
+                shellcheck --exclude SC1090 $TMPDIR/install
+                shellcheck $TMPDIR/create-darwin-volume.sh
+                shellcheck $TMPDIR/install-darwin-multi-user.sh
+                shellcheck $TMPDIR/install-systemd-multi-user.sh
+
+                # SC1091: Don't panic about not being able to source
+                #         /etc/profile
+                # SC2002: Ignore "useless cat" "error", when loading
+                #         .reginfo, as the cat is a much cleaner
+                #         implementation, even though it is "useless"
+                # SC2116: Allow ROOT_HOME=$(echo ~root) for resolving
+                #         root's home directory
+                shellcheck --external-sources \
+                  --exclude SC1091,SC2002,SC2116 $TMPDIR/install-multi-user
+              fi
+
+              chmod +x $TMPDIR/install
+              chmod +x $TMPDIR/create-darwin-volume.sh
+              chmod +x $TMPDIR/install-darwin-multi-user.sh
+              chmod +x $TMPDIR/install-systemd-multi-user.sh
+              chmod +x $TMPDIR/install-multi-user
+              dir=nix-${version}-${system}
+              fn=$out/$dir.tar.xz
+              mkdir -p $out/nix-support
+              echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products
+              tar cvfJ $fn \
+                --owner=0 --group=0 --mode=u+rw,uga+r \
+                --absolute-names \
+                --hard-dereference \
+                --transform "s,$TMPDIR/install,$dir/install," \
+                --transform "s,$TMPDIR/create-darwin-volume.sh,$dir/create-darwin-volume.sh," \
+                --transform "s,$TMPDIR/reginfo,$dir/.reginfo," \
+                --transform "s,$NIX_STORE,$dir/store,S" \
+                $TMPDIR/install \
+                $TMPDIR/create-darwin-volume.sh \
+                $TMPDIR/install-darwin-multi-user.sh \
+                $TMPDIR/install-systemd-multi-user.sh \
+                $TMPDIR/install-multi-user \
+                $TMPDIR/reginfo \
+                $(cat ${installerClosureInfo}/store-paths)
+            '');
 
         # The first half of the installation script. This is uploaded
         # to https://nixos.org/nix/install. It downloads the binary
         # tarball for the user's system and calls the second half of the
         # installation script.
-        installerScript = installScriptFor [ "x86_64-linux" "i686-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" "armv6l-linux" "armv7l-linux" ];
-        installerScriptForGHA = installScriptFor [ "x86_64-linux" "x86_64-darwin" "armv6l-linux" "armv7l-linux"];
-
-        # docker image with Nix inside
-        dockerImage = nixpkgs.lib.genAttrs linux64BitSystems (system: self.packages.${system}.dockerImage);
+        installerScript = installScriptFor [ "x86_64-linux" "i686-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+        installerScriptForGHA = installScriptFor [ "x86_64-linux" "x86_64-darwin" ];
 
         # Line coverage analysis.
         coverage =
           with nixpkgsFor.x86_64-linux;
-          with commonDeps { inherit pkgs; };
+          with commonDeps pkgs;
 
           releaseTools.coverageAnalysis {
             name = "nix-coverage-${version}";
@@ -483,37 +422,19 @@
         tests.remoteBuilds = import ./tests/remote-builds.nix {
           system = "x86_64-linux";
           inherit nixpkgs;
-          overlay = self.overlays.default;
+          inherit (self) overlay;
         };
 
         tests.nix-copy-closure = import ./tests/nix-copy-closure.nix {
           system = "x86_64-linux";
           inherit nixpkgs;
-          overlay = self.overlays.default;
+          inherit (self) overlay;
         };
 
-        tests.nssPreload = (import ./tests/nss-preload.nix rec {
-          system = "x86_64-linux";
-          inherit nixpkgs;
-          overlay = self.overlays.default;
-        });
-
         tests.githubFlakes = (import ./tests/github-flakes.nix rec {
           system = "x86_64-linux";
           inherit nixpkgs;
-          overlay = self.overlays.default;
-        });
-
-        tests.sourcehutFlakes = (import ./tests/sourcehut-flakes.nix rec {
-          system = "x86_64-linux";
-          inherit nixpkgs;
-          overlay = self.overlays.default;
-        });
-
-        tests.containers = (import ./tests/containers.nix rec {
-          system = "x86_64-linux";
-          inherit nixpkgs;
-          overlay = self.overlays.default;
+          inherit (self) overlay;
         });
 
         tests.setuid = nixpkgs.lib.genAttrs
@@ -521,70 +442,55 @@
           (system:
             import ./tests/setuid.nix rec {
               inherit nixpkgs system;
-              overlay = self.overlays.default;
+              inherit (self) overlay;
             });
 
-        # Make sure that nix-env still produces the exact same result
-        # on a particular version of Nixpkgs.
+        /*
+        # Check whether we can still evaluate all of Nixpkgs.
         tests.evalNixpkgs =
+          import (nixpkgs + "/pkgs/top-level/make-tarball.nix") {
+            # FIXME: fix pkgs/top-level/make-tarball.nix in NixOS to not require a revCount.
+            inherit nixpkgs;
+            pkgs = nixpkgsFor.x86_64-linux;
+            officialRelease = false;
+          };
+
+        # Check whether we can still evaluate NixOS.
+        tests.evalNixOS =
           with nixpkgsFor.x86_64-linux;
           runCommand "eval-nixos" { buildInputs = [ nix ]; }
             ''
-              type -p nix-env
-              # Note: we're filtering out nixos-install-tools because https://github.com/NixOS/nixpkgs/pull/153594#issuecomment-1020530593.
-              time nix-env --store dummy:// -f ${nixpkgs-regression} -qaP --drv-path | sort | grep -v nixos-install-tools > packages
-              [[ $(sha1sum < packages | cut -c1-40) = ff451c521e61e4fe72bdbe2d0ca5d1809affa733 ]]
-              mkdir $out
+              export NIX_STATE_DIR=$TMPDIR
+
+              nix-instantiate ${nixpkgs}/nixos/release-combined.nix -A tested --dry-run \
+                --arg nixpkgs '{ outPath = ${nixpkgs}; revCount = 123; shortRev = "abcdefgh"; }'
+
+              touch $out
             '';
-
-        tests.nixpkgsLibTests =
-          nixpkgs.lib.genAttrs systems (system:
-            import (nixpkgs + "/lib/tests/release.nix")
-              { pkgs = nixpkgsFor.${system}; }
-          );
-
-        metrics.nixpkgs = import "${nixpkgs-regression}/pkgs/top-level/metrics.nix" {
-          pkgs = nixpkgsFor.x86_64-linux;
-          nixpkgs = nixpkgs-regression;
-        };
-
-        installTests = forAllSystems (system:
-          let pkgs = nixpkgsFor.${system}; in
-          pkgs.runCommand "install-tests" {
-            againstSelf = testNixVersions pkgs pkgs.nix pkgs.pkgs.nix;
-            againstCurrentUnstable =
-              # FIXME: temporarily disable this on macOS because of #3605.
-              if system == "x86_64-linux"
-              then testNixVersions pkgs pkgs.nix pkgs.nixUnstable
-              else null;
-            # Disabled because the latest stable version doesn't handle
-            # `NIX_DAEMON_SOCKET_PATH` which is required for the tests to work
-            # againstLatestStable = testNixVersions pkgs pkgs.nix pkgs.nixStable;
-          } "touch $out");
-
-        installerTests = import ./tests/installer {
-          binaryTarballs = self.hydraJobs.binaryTarball;
-          inherit nixpkgsFor;
-        };
+        */
 
       };
 
       checks = forAllSystems (system: {
         binaryTarball = self.hydraJobs.binaryTarball.${system};
         perlBindings = self.hydraJobs.perlBindings.${system};
-        installTests = self.hydraJobs.installTests.${system};
-        nixpkgsLibTests = self.hydraJobs.tests.nixpkgsLibTests.${system};
-      } // (nixpkgs.lib.optionalAttrs (builtins.elem system linux64BitSystems)) {
-        dockerImage = self.hydraJobs.dockerImage.${system};
+        installTests =
+          let pkgs = nixpkgsFor.${system}; in
+          pkgs.runCommand "install-tests" {
+            againstSelf = testNixVersions pkgs pkgs.nix pkgs.pkgs.nix;
+            againstCurrentUnstable = testNixVersions pkgs pkgs.nix pkgs.nixUnstable;
+            # Disabled because the latest stable version doesn't handle
+            # `NIX_DAEMON_SOCKET_PATH` which is required for the tests to work
+            # againstLatestStable = testNixVersions pkgs pkgs.nix pkgs.nixStable;
+          } "touch $out";
       });
 
-      packages = forAllSystems (system: rec {
+      packages = forAllSystems (system: {
         inherit (nixpkgsFor.${system}) nix;
-        default = nix;
-      } // (nixpkgs.lib.optionalAttrs (builtins.elem system linux64BitSystems) {
+      } // nixpkgs.lib.optionalAttrs (builtins.elem system linux64BitSystems) {
         nix-static = let
           nixpkgs = nixpkgsFor.${system}.pkgsStatic;
-        in with commonDeps { pkgs = nixpkgs; isStatic = true; }; nixpkgs.stdenv.mkDerivation {
+        in with commonDeps nixpkgs; nixpkgs.stdenv.mkDerivation {
           name = "nix-${version}";
 
           src = self;
@@ -596,78 +502,7 @@
           nativeBuildInputs = nativeBuildDeps;
           buildInputs = buildDeps ++ propagatedDeps;
 
-          # Work around pkgsStatic disabling all tests.
-          # Remove in NixOS 22.11, see https://github.com/NixOS/nixpkgs/pull/140271.
-          preHook =
-            ''
-              doCheck=1
-              doInstallCheck=1
-            '';
-
-          configureFlags =
-            configureFlags ++
-            [ "--sysconfdir=/etc"
-              "--enable-embedded-sandbox-shell"
-            ];
-
-          enableParallelBuilding = true;
-
-          makeFlags = "profiledir=$(out)/etc/profile.d";
-
-          installFlags = "sysconfdir=$(out)/etc";
-
-          postInstall = ''
-            mkdir -p $doc/nix-support
-            echo "doc manual $doc/share/doc/nix/manual" >> $doc/nix-support/hydra-build-products
-            mkdir -p $out/nix-support
-            echo "file binary-dist $out/bin/nix" >> $out/nix-support/hydra-build-products
-          '';
-
-          installCheckFlags = "sysconfdir=$(out)/etc";
-
-          stripAllList = ["bin"];
-
-          strictDeps = true;
-
-          hardeningDisable = [ "pie" ];
-        };
-
-        dockerImage =
-          let
-            pkgs = nixpkgsFor.${system};
-            image = import ./docker.nix { inherit pkgs; tag = version; };
-          in
-          pkgs.runCommand
-            "docker-image-tarball-${version}"
-            { meta.description = "Docker image with Nix for ${system}"; }
-            ''
-              mkdir -p $out/nix-support
-              image=$out/image.tar.gz
-              ln -s ${image} $image
-              echo "file binary-dist $image" >> $out/nix-support/hydra-build-products
-            '';
-      }
-
-      // builtins.listToAttrs (map (crossSystem: {
-        name = "nix-${crossSystem}";
-        value = let
-          nixpkgsCross = import nixpkgs {
-            inherit system crossSystem;
-            overlays = [ self.overlays.default ];
-          };
-        in with commonDeps { pkgs = nixpkgsCross; }; nixpkgsCross.stdenv.mkDerivation {
-          name = "nix-${version}";
-
-          src = self;
-
-          VERSION_SUFFIX = versionSuffix;
-
-          outputs = [ "out" "dev" "doc" ];
-
-          nativeBuildInputs = nativeBuildDeps;
-          buildInputs = buildDeps ++ propagatedDeps;
-
-          configureFlags = [ "--sysconfdir=/etc" "--disable-doc-gen" ];
+          configureFlags = [ "--sysconfdir=/etc" ];
 
           enableParallelBuilding = true;
 
@@ -686,46 +521,40 @@
 
           doInstallCheck = true;
           installCheckFlags = "sysconfdir=$(out)/etc";
+
+          stripAllList = ["bin"];
+
+          strictDeps = true;
         };
-      }) (if system == "x86_64-linux" then crossSystems else [])))
+      });
 
-      // (builtins.listToAttrs (map (stdenvName:
-        nixpkgsFor.${system}.lib.nameValuePair
-          "nix-${stdenvName}"
-          nixpkgsFor.${system}."${stdenvName}Packages".nix
-      ) stdenvs)));
+      defaultPackage = forAllSystems (system: self.packages.${system}.nix);
 
-      devShells = forAllSystems (system:
-        forAllStdenvs (stdenv:
-          with nixpkgsFor.${system};
-          with commonDeps { inherit pkgs; };
-          nixpkgsFor.${system}.${stdenv}.mkDerivation {
-            name = "nix";
+      devShell = forAllSystems (system:
+        with nixpkgsFor.${system};
+        with commonDeps pkgs;
 
-            outputs = [ "out" "dev" "doc" ];
+        stdenv.mkDerivation {
+          name = "nix";
 
-            nativeBuildInputs = nativeBuildDeps;
-            buildInputs = buildDeps ++ propagatedDeps ++ awsDeps;
+          outputs = [ "out" "dev" "doc" ];
 
-            inherit configureFlags;
+          nativeBuildInputs = nativeBuildDeps;
+          buildInputs = buildDeps ++ propagatedDeps ++ awsDeps ++ perlDeps;
 
-            enableParallelBuilding = true;
+          inherit configureFlags;
 
-            installFlags = "sysconfdir=$(out)/etc";
+          enableParallelBuilding = true;
 
-            shellHook =
-              ''
-                PATH=$prefix/bin:$PATH
-                unset PYTHONPATH
-                export MANPATH=$out/share/man:$MANPATH
+          installFlags = "sysconfdir=$(out)/etc";
 
-                # Make bash completion work.
-                XDG_DATA_DIRS+=:$out/share
-              '';
-          }
-        )
-        // { default = self.devShells.${system}.stdenv; }
-      );
+          shellHook =
+            ''
+              PATH=$prefix/bin:$PATH
+              unset PYTHONPATH
+              export MANPATH=$out/share/man:$MANPATH
+            '';
+        });
 
   };
 }

maintainers/README.md

@@ -1,107 +0,0 @@
-# Nix maintainers team
-
-## Motivation
-
-The goal of the team is to help other people to contribute to Nix.
-
-## Members
-
-- Eelco Dolstra (@edolstra) – Team lead
-- Théophane Hufschmitt (@thufschmitt)
-- Valentin Gagarin (@fricklerhandwerk)
-- Thomas Bereknyei (@tomberek)
-- Robert Hensing (@roberth)
-
-## Meeting protocol
-
-The team meets twice a week:
-
-- Discussion meeting: [Fridays 13:00-14:00 CET](https://calendar.google.com/calendar/event?eid=MHNtOGVuNWtrZXNpZHR2bW1sM3QyN2ZjaGNfMjAyMjExMjVUMTIwMDAwWiBiOW81MmZvYnFqYWs4b3E4bGZraGczdDBxZ0Bn)
-
-  1. Triage issues and pull requests from the _No Status_ column (30 min)
-  2. Discuss issues and pull requests from the _To discuss_ column (30 min)
-
-- Work meeting: [Mondays 13:00-15:00 CET](https://calendar.google.com/calendar/event?eid=NTM1MG1wNGJnOGpmOTZhYms3bTB1bnY5cWxfMjAyMjExMjFUMTIwMDAwWiBiOW81MmZvYnFqYWs4b3E4bGZraGczdDBxZ0Bn)
-
-  1. Code review on pull requests from _In review_.
-  2. Other chores and tasks.
-
-Meeting notes are collected on a [collaborative scratchpad](https://pad.lassul.us/Cv7FpYx-Ri-4VjUykQOLAw), and published on Discourse under the [Nix category](https://discourse.nixos.org/c/dev/nix/50).
-
-## Project board protocol
-
-The team uses a [GitHub project board](https://github.com/orgs/NixOS/projects/19/views/1) for tracking its work.
-
-Issues on the board progress through the following states:
-
-- No Status
-
-  During the discussion meeting, the team triages new items.
-  To be considered, issues and pull requests must have a high-level description to provide the whole team with the necessary context at a glance.
-
-  On every meeting, at least one item from each of the following categories is inspected:
-
-  1. [critical](https://github.com/NixOS/nix/labels/critical)
-  2. [security](https://github.com/NixOS/nix/labels/security)
-  3. [regression](https://github.com/NixOS/nix/labels/regression)
-  4. [bug](https://github.com/NixOS/nix/issues?q=is%3Aopen+label%3Abug+sort%3Areactions-%2B1-desc)
-
-  - [oldest pull requests](https://github.com/NixOS/nix/pulls?q=is%3Apr+is%3Aopen+sort%3Acreated-asc)
-  - [most popular pull requests](https://github.com/NixOS/nix/pulls?q=is%3Apr+is%3Aopen+sort%3Areactions-%2B1-desc)
-  - [oldest issues](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Acreated-asc)
-  - [most popular issues](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc)
-
-  Team members can also add pull requests or issues they would like the whole team to consider.
-
-  If there is disagreement on the general idea behind an issue or pull request, it is moved to _To discuss_, otherwise to _In review_.
-
-- To discuss
-
-  Pull requests and issues that are deemed important and controversial are discussed by the team during discussion meetings.
-
-  This may be where the merit of the change itself or the implementation strategy is contested by a team member.
-
-  As a general guideline, the order of items is determined as follows:
-
-  - Prioritise pull requests over issues
-
-    Contributors who took the time to implement concrete change proposals should not wait indefinitely.
-
-  - Prioritise fixing bugs over documentation, improvements or new features
-
-    The team values stability and accessibility higher than raw functionality.
-
-  - Interleave issues and PRs
-
-    This way issues without attempts at a solution get a chance to get addressed.
-
-- In review
-
-  Pull requests in this column are reviewed together during work meetings.
-  This is both for spreading implementation knowledge and for establishing common values in code reviews.
-
-  When the overall direction is agreed upon, even when further changes are required, the pull request is assigned to one team member.
-
-- Assigned for merging
-
-  One team member is assigned to each of these pull requests.
-  They will communicate with the authors, and make the final approval once all remaining issues are addressed.
-
-  If more substantive issues arise, the assignee can move the pull request back to _To discuss_ to involve the team again.
-
-The process is illustrated in the following diagram:
-
-```mermaid
-flowchart TD
-    discuss[To discuss]
-
-    review[To review]
-
-    New --> |Disagreement on idea| discuss
-    New & discuss --> |Consensus on idea| review
-
-    review --> |Consensus on implementation| Assigned
-
-    Assigned --> |Implementation issues arise| review
-    Assigned --> |Remaining issues fixed| Merged
-```

maintainers/upload-release.pl

@@ -19,8 +19,6 @@ my $nixpkgsDir = "/home/eelco/Dev/nixpkgs-pristine";
 
 my $TMPDIR = $ENV{'TMPDIR'} // "/tmp";
 
-my $isLatest = ($ENV{'IS_LATEST'} // "") eq "1";
-
 # FIXME: cut&paste from nixos-channel-scripts.
 sub fetch {
     my ($url, $type) = @_;
@@ -37,29 +35,22 @@ sub fetch {
 my $evalUrl = "https://hydra.nixos.org/eval/$evalId";
 my $evalInfo = decode_json(fetch($evalUrl, 'application/json'));
 #print Dumper($evalInfo);
-my $flakeUrl = $evalInfo->{flake} or die;
-my $flakeInfo = decode_json(`nix flake metadata --json "$flakeUrl"` or die);
-my $nixRev = $flakeInfo->{revision} or die;
 
-my $buildInfo = decode_json(fetch("$evalUrl/job/build.x86_64-linux", 'application/json'));
-#print Dumper($buildInfo);
+my $nixRev = $evalInfo->{jobsetevalinputs}->{nix}->{revision} or die;
 
-my $releaseName = $buildInfo->{nixname};
+my $tarballInfo = decode_json(fetch("$evalUrl/job/tarball", 'application/json'));
+
+my $releaseName = $tarballInfo->{releasename};
 $releaseName =~ /nix-(.*)$/ or die;
 my $version = $1;
 
-print STDERR "Flake URL is $flakeUrl, Nix revision is $nixRev, version is $version\n";
+print STDERR "Nix revision is $nixRev, version is $version\n";
 
 my $releaseDir = "nix/$releaseName";
 
 my $tmpDir = "$TMPDIR/nix-release/$releaseName";
 File::Path::make_path($tmpDir);
 
-my $narCache = "$TMPDIR/nar-cache";
-File::Path::make_path($narCache);
-
-my $binaryCache = "https://cache.nixos.org/?local-nar-cache=$narCache";
-
 # S3 setup.
 my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die "No AWS_ACCESS_KEY_ID given.";
 my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die "No AWS_SECRET_ACCESS_KEY given.";
@@ -85,7 +76,6 @@ sub downloadFile {
     my ($jobName, $productNr, $dstName) = @_;
 
     my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json'));
-    #print STDERR "$jobName: ", Dumper($buildInfo), "\n";
 
     my $srcFile = $buildInfo->{buildproducts}->{$productNr}->{path} or die "job '$jobName' lacks product $productNr\n";
     $dstName //= basename($srcFile);
@@ -93,94 +83,35 @@ sub downloadFile {
 
     if (!-e $tmpFile) {
         print STDERR "downloading $srcFile to $tmpFile...\n";
-
-        my $fileInfo = decode_json(`NIX_REMOTE=$binaryCache nix store ls --json '$srcFile'`);
-
-        $srcFile = $fileInfo->{target} if $fileInfo->{type} eq 'symlink';
-
-        #print STDERR $srcFile, " ", Dumper($fileInfo), "\n";
-
-        system("NIX_REMOTE=$binaryCache nix store cat '$srcFile' > '$tmpFile'.tmp") == 0
+        system("NIX_REMOTE=https://cache.nixos.org/ nix cat-store '$srcFile' > '$tmpFile'") == 0
             or die "unable to fetch $srcFile\n";
-        rename("$tmpFile.tmp", $tmpFile) or die;
     }
 
-    my $sha256_expected = $buildInfo->{buildproducts}->{$productNr}->{sha256hash};
-    my $sha256_actual = `nix hash file --base16 --type sha256 '$tmpFile'`;
+    my $sha256_expected = $buildInfo->{buildproducts}->{$productNr}->{sha256hash} or die;
+    my $sha256_actual = `nix hash-file --base16 --type sha256 '$tmpFile'`;
     chomp $sha256_actual;
-    if (defined($sha256_expected) && $sha256_expected ne $sha256_actual) {
+    if ($sha256_expected ne $sha256_actual) {
         print STDERR "file $tmpFile is corrupt, got $sha256_actual, expected $sha256_expected\n";
         exit 1;
     }
 
-    write_file("$tmpFile.sha256", $sha256_actual);
+    write_file("$tmpFile.sha256", $sha256_expected);
+
+    if (! -e "$tmpFile.asc") {
+        system("gpg2 --detach-sign --armor $tmpFile") == 0 or die "unable to sign $tmpFile\n";
+    }
 
     return $sha256_expected;
 }
 
+downloadFile("tarball", "2"); # .tar.bz2
+my $tarballHash = downloadFile("tarball", "3"); # .tar.xz
 downloadFile("binaryTarball.i686-linux", "1");
 downloadFile("binaryTarball.x86_64-linux", "1");
 downloadFile("binaryTarball.aarch64-linux", "1");
 downloadFile("binaryTarball.x86_64-darwin", "1");
-downloadFile("binaryTarball.aarch64-darwin", "1");
-downloadFile("binaryTarballCross.x86_64-linux.armv6l-linux", "1");
-downloadFile("binaryTarballCross.x86_64-linux.armv7l-linux", "1");
 downloadFile("installerScript", "1");
 
-# Upload docker images to dockerhub.
-my $dockerManifest = "";
-my $dockerManifestLatest = "";
-
-for my $platforms (["x86_64-linux", "amd64"], ["aarch64-linux", "arm64"]) {
-    my $system = $platforms->[0];
-    my $dockerPlatform = $platforms->[1];
-    my $fn = "nix-$version-docker-image-$dockerPlatform.tar.gz";
-    downloadFile("dockerImage.$system", "1", $fn);
-
-    print STDERR "loading docker image for $dockerPlatform...\n";
-    system("docker load -i $tmpDir/$fn") == 0 or die;
-
-    my $tag = "nixos/nix:$version-$dockerPlatform";
-    my $latestTag = "nixos/nix:latest-$dockerPlatform";
-
-    print STDERR "tagging $version docker image for $dockerPlatform...\n";
-    system("docker tag nix:$version $tag") == 0 or die;
-
-    if ($isLatest) {
-        print STDERR "tagging latest docker image for $dockerPlatform...\n";
-        system("docker tag nix:$version $latestTag") == 0 or die;
-    }
-
-    print STDERR "pushing $version docker image for $dockerPlatform...\n";
-    system("docker push -q $tag") == 0 or die;
-
-    if ($isLatest) {
-        print STDERR "pushing latest docker image for $dockerPlatform...\n";
-        system("docker push -q $latestTag") == 0 or die;
-    }
-
-    $dockerManifest .= " --amend $tag";
-    $dockerManifestLatest .= " --amend $latestTag"
-}
-
-print STDERR "creating multi-platform docker manifest...\n";
-system("docker manifest rm nixos/nix:$version");
-system("docker manifest create nixos/nix:$version $dockerManifest") == 0 or die;
-if ($isLatest) {
-    print STDERR "creating latest multi-platform docker manifest...\n";
-    system("docker manifest rm nixos/nix:latest");
-    system("docker manifest create nixos/nix:latest $dockerManifestLatest") == 0 or die;
-}
-
-print STDERR "pushing multi-platform docker manifest...\n";
-system("docker manifest push nixos/nix:$version") == 0 or die;
-
-if ($isLatest) {
-    print STDERR "pushing latest multi-platform docker manifest...\n";
-    system("docker manifest push nixos/nix:latest") == 0 or die;
-}
-
-# Upload release files to S3.
 for my $fn (glob "$tmpDir/*") {
     my $name = basename($fn);
     my $dstKey = "$releaseDir/" . $name;
@@ -190,7 +121,7 @@ for my $fn (glob "$tmpDir/*") {
         my $configuration = ();
         $configuration->{content_type} = "application/octet-stream";
 
-        if ($fn =~ /.sha256|install/) {
+        if ($fn =~ /.sha256|.asc|install/) {
             # Text files
             $configuration->{content_type} = "text/plain";
         }
@@ -200,38 +131,41 @@ for my $fn (glob "$tmpDir/*") {
     }
 }
 
+exit if $version =~ /pre/;
+
 # Update nix-fallback-paths.nix.
-if ($isLatest) {
-    system("cd $nixpkgsDir && git pull") == 0 or die;
+system("cd $nixpkgsDir && git pull") == 0 or die;
 
-    sub getStorePath {
-        my ($jobName) = @_;
-        my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json'));
-        return $buildInfo->{buildoutputs}->{out}->{path} or die "cannot get store path for '$jobName'";
+sub getStorePath {
+    my ($jobName) = @_;
+    my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json'));
+    for my $product (values %{$buildInfo->{buildproducts}}) {
+        next unless $product->{type} eq "nix-build";
+        next if $product->{path} =~ /[a-z]+$/;
+        return $product->{path};
     }
-
-    write_file("$nixpkgsDir/nixos/modules/installer/tools/nix-fallback-paths.nix",
-               "{\n" .
-               "  x86_64-linux = \"" . getStorePath("build.x86_64-linux") . "\";\n" .
-               "  i686-linux = \"" . getStorePath("build.i686-linux") . "\";\n" .
-               "  aarch64-linux = \"" . getStorePath("build.aarch64-linux") . "\";\n" .
-               "  x86_64-darwin = \"" . getStorePath("build.x86_64-darwin") . "\";\n" .
-               "  aarch64-darwin = \"" . getStorePath("build.aarch64-darwin") . "\";\n" .
-               "}\n");
-
-    system("cd $nixpkgsDir && git commit -a -m 'nix-fallback-paths.nix: Update to $version'") == 0 or die;
+    die;
 }
 
+write_file("$nixpkgsDir/nixos/modules/installer/tools/nix-fallback-paths.nix",
+           "{\n" .
+           "  x86_64-linux = \"" . getStorePath("build.x86_64-linux") . "\";\n" .
+           "  i686-linux = \"" . getStorePath("build.i686-linux") . "\";\n" .
+           "  aarch64-linux = \"" . getStorePath("build.aarch64-linux") . "\";\n" .
+           "  x86_64-darwin = \"" . getStorePath("build.x86_64-darwin") . "\";\n" .
+           "}\n");
+
+system("cd $nixpkgsDir && git commit -a -m 'nix-fallback-paths.nix: Update to $version'") == 0 or die;
+
 # Update the "latest" symlink.
 $channelsBucket->add_key(
     "nix-latest/install", "",
     { "x-amz-website-redirect-location" => "https://releases.nixos.org/$releaseDir/install" })
-    or die $channelsBucket->err . ": " . $channelsBucket->errstr
-    if $isLatest;
+    or die $channelsBucket->err . ": " . $channelsBucket->errstr;
 
 # Tag the release in Git.
 chdir("/home/eelco/Dev/nix-pristine") or die;
 system("git remote update origin") == 0 or die;
 system("git tag --force --sign $version $nixRev -m 'Tagging release $version'") == 0 or die;
 system("git push --tags") == 0 or die;
-system("git push --force-with-lease origin $nixRev:refs/heads/latest-release") == 0 or die if $isLatest;
+system("git push --force-with-lease origin $nixRev:refs/heads/latest-release") == 0 or die;

misc/bash/completion.sh

@@ -7,15 +7,13 @@ function _complete_nix {
         local completion=${line%%	*}
         if [[ -z $have_type ]]; then
             have_type=1
-            if [[ $completion == filenames ]]; then
+            if [[ $completion = filenames ]]; then
                 compopt -o filenames
-            elif [[ $completion == attrs ]]; then
-                compopt -o nospace
             fi
         else
             COMPREPLY+=("$completion")
         fi
-    done < <(NIX_GET_COMPLETIONS=$cword "${words[@]}" 2>/dev/null)
+    done < <(NIX_GET_COMPLETIONS=$cword "${words[@]}")
     __ltrim_colon_completions "$cur"
 }
 

misc/fish/completion.fish

@@ -1,36 +0,0 @@
-function _nix_complete
-  # Get the current command up to a cursor.
-  # - Behaves correctly even with pipes and nested in commands like env.
-  # - TODO: Returns the command verbatim (does not interpolate variables).
-  #   That might not be optimal for arguments like -f.
-  set -l nix_args (commandline --current-process --tokenize --cut-at-cursor)
-  # --cut-at-cursor with --tokenize removes the current token so we need to add it separately.
-  # https://github.com/fish-shell/fish-shell/issues/7375
-  # Can be an empty string.
-  set -l current_token (commandline --current-token --cut-at-cursor)
-
-  # Nix wants the index of the argv item to complete but the $nix_args variable
-  # also contains the program name (argv[0]) so we would need to subtract 1.
-  # But the variable also misses the current token so it cancels out.
-  set -l nix_arg_to_complete (count $nix_args)
-
-  env NIX_GET_COMPLETIONS=$nix_arg_to_complete $nix_args $current_token
-end
-
-function _nix_accepts_files
-  set -l response (_nix_complete)
-  test $response[1] = 'filenames'
-end
-
-function _nix
-  set -l response (_nix_complete)
-  # Skip the first line since it handled by _nix_accepts_files.
-  # Tail lines each contain a command followed by a tab character and, optionally, a description.
-  # This is also the format fish expects.
-  string collect -- $response[2..-1]
-end
-
-# Disable file path completion if paths do not belong in the current context.
-complete --command nix --condition 'not _nix_accepts_files' --no-files
-
-complete --command nix --arguments '(_nix)'