Fix typo.

.dir-locals.el

@@ -1,18 +0,0 @@
-((c++-mode . (
-  (c-file-style . "k&r")
-  (c-basic-offset . 4)
-  (c-block-comment-prefix . "  ")
-  (indent-tabs-mode . nil)
-  (tab-width . 4)
-  (show-trailing-whitespace . t)
-  (indicate-empty-lines . t)
-  (eval . (c-set-offset 'innamespace 0))
-  (eval . (c-set-offset 'defun-open 0))
-  (eval . (c-set-offset 'inline-open 0))
-  (eval . (c-set-offset 'arglist-intro '+))
-  (eval . (c-set-offset 'arglist-cont 0))
-  (eval . (c-set-offset 'arglist-cont-nonempty '+))
-  (eval . (c-set-offset 'substatement-open 0))
-  (eval . (c-set-offset 'access-label '-))
-  (eval . (c-set-offset 'inlambda 0))
-  )))

.editorconfig

@@ -1,26 +0,0 @@
-# EditorConfig configuration for nix
-# http://EditorConfig.org
-
-# Top-most EditorConfig file
-root = true
-
-# Unix-style newlines with a newline ending every file, utf-8 charset
-[*]
-end_of_line = lf
-insert_final_newline = true
-trim_trailing_whitespace = true
-charset = utf-8
-
-# Match nix files, set indent to spaces with width of two
-[*.nix]
-indent_style = space
-indent_size = 2
-
-# Match c++/shell/perl, set indent to spaces with width of four
-[*.{hpp,cc,hh,sh,pl}]
-indent_style = space
-indent_size = 4
-
-# Match diffs, avoid to trim trailing whitespace
-[*.{diff,patch}]
-trim_trailing_whitespace = false

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,32 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: bug
-assignees: ''
-
----
-
-**Describe the bug**
-
-A clear and concise description of what the bug is.
-
-If you have a problem with a specific package or NixOS,
-you probably want to file an issue at https://github.com/NixOS/nixpkgs/issues. 
-
-**Steps To Reproduce**
-
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Expected behavior**
-
-A clear and concise description of what you expected to happen.
-
-**`nix-env --version` output**
-
-**Additional context**
-
-Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,20 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-title: ''
-labels: improvement
-assignees: ''
-
----
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.

.github/dependabot.yml

@@ -1,6 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"

.github/workflows/test.yml

@@ -1,17 +0,0 @@
-name: "Test"
-on:
-  pull_request:
-  push:
-jobs:
-  tests:
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        fetch-depth: 0
-    - uses: cachix/install-nix-action@v11
-    #- run: nix flake check
-    - run: nix-build -A checks.$(if [[ `uname` = Linux ]]; then echo x86_64-linux; else echo x86_64-darwin; fi)

.gitignore

@@ -1,125 +0,0 @@
-Makefile.config
-perl/Makefile.config
-
-# /
-/aclocal.m4
-/autom4te.cache
-/precompiled-headers.h.gch
-/config.*
-/configure
-/stamp-h1
-/svn-revision
-/libtool
-
-# /doc/manual/
-/doc/manual/*.1
-/doc/manual/*.5
-/doc/manual/*.8
-/doc/manual/nix.json
-/doc/manual/conf-file.json
-/doc/manual/builtins.json
-/doc/manual/src/command-ref/nix.md
-/doc/manual/src/command-ref/conf-file.md
-/doc/manual/src/expressions/builtins.md
-
-# /scripts/
-/scripts/nix-profile.sh
-/scripts/nix-copy-closure
-/scripts/nix-reduce-build
-/scripts/nix-http-export.cgi
-/scripts/nix-profile-daemon.sh
-
-# /src/libexpr/
-/src/libexpr/lexer-tab.cc
-/src/libexpr/lexer-tab.hh
-/src/libexpr/parser-tab.cc
-/src/libexpr/parser-tab.hh
-/src/libexpr/parser-tab.output
-/src/libexpr/nix.tbl
-
-# /src/libstore/
-*.gen.*
-
-# /src/libutil/
-/src/libutil/tests/libutil-tests
-
-/src/nix/nix
-
-# /src/nix-env/
-/src/nix-env/nix-env
-
-# /src/nix-instantiate/
-/src/nix-instantiate/nix-instantiate
-
-# /src/nix-store/
-/src/nix-store/nix-store
-
-/src/nix-prefetch-url/nix-prefetch-url
-
-# /src/nix-daemon/
-/src/nix-daemon/nix-daemon
-
-/src/nix-collect-garbage/nix-collect-garbage
-
-# /src/nix-channel/
-/src/nix-channel/nix-channel
-
-# /src/nix-build/
-/src/nix-build/nix-build
-
-/src/nix-copy-closure/nix-copy-closure
-
-/src/error-demo/error-demo
-
-/src/build-remote/build-remote
-
-# /tests/
-/tests/test-tmp
-/tests/common.sh
-/tests/dummy
-/tests/result*
-/tests/restricted-innocent
-/tests/shell
-/tests/shell.drv
-/tests/config.nix
-
-# /tests/lang/
-/tests/lang/*.out
-/tests/lang/*.out.xml
-/tests/lang/*.ast
-
-/perl/lib/Nix/Config.pm
-/perl/lib/Nix/Store.cc
-
-/misc/systemd/nix-daemon.service
-/misc/systemd/nix-daemon.socket
-/misc/upstart/nix-daemon.conf
-
-/src/resolve-system-dependencies/resolve-system-dependencies
-
-outputs/
-
-*.a
-*.o
-*.so
-*.dylib
-*.dll
-*.exe
-*.dep
-*~
-*.pc
-*.plist
-
-# GNU Global
-GPATH
-GRTAGS
-GSYMS
-GTAGS
-
-# ccls
-/.ccls-cache
-
-# auto-generated compilation database
-compile_commands.json
-
-nix-rust/target

.version

@@ -1 +0,0 @@
-3.0

AUTHORS

@@ -0,0 +1,8 @@
+The following people contributed to Nix, in alphabetical order:
+
+Martin Bravenboer
+Eelco Dolstra
+Niels Janssen
+Armijn Hemel
+Rob Vermaas
+Eelco Visser

INSTALL

@@ -0,0 +1,229 @@
+Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
+Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   These are generic installation instructions.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  (Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.)
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You only need
+`configure.ac' if you want to change it or regenerate `configure' using
+a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.  If you're
+     using `csh' on an old version of System V, you might need to type
+     `sh ./configure' instead to prevent `csh' from trying to execute
+     `configure' itself.
+
+     Running `configure' takes awhile.  While running, it prints some
+     messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   If you have to use a `make' that does not support the `VPATH'
+variable, you have to compile the package for one architecture at a
+time in the source code directory.  After you have installed the
+package for one architecture, use `make distclean' before reconfiguring
+for another architecture.
+
+Installation Names
+==================
+
+   By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc.  You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the `--target=TYPE' option to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+will cause the specified gcc to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of the options to `configure', and exit.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+

Makefile

@@ -1,34 +0,0 @@
-makefiles = \
-  mk/precompiled-headers.mk \
-  local.mk \
-  src/libutil/local.mk \
-  src/libutil/tests/local.mk \
-  src/libstore/local.mk \
-  src/libfetchers/local.mk \
-  src/libmain/local.mk \
-  src/libexpr/local.mk \
-  src/nix/local.mk \
-  src/resolve-system-dependencies/local.mk \
-  scripts/local.mk \
-  corepkgs/local.mk \
-  misc/bash/local.mk \
-  misc/systemd/local.mk \
-  misc/launchd/local.mk \
-  misc/upstart/local.mk \
-  doc/manual/local.mk \
-  tests/local.mk \
-  tests/plugins/local.mk
-
--include Makefile.config
-
-OPTIMIZE = 1
-
-ifeq ($(OPTIMIZE), 1)
-  GLOBAL_CXXFLAGS += -O3
-else
-  GLOBAL_CXXFLAGS += -O0 -U_FORTIFY_SOURCE
-endif
-
-include mk/lib.mk
-
-GLOBAL_CXXFLAGS += -g -Wall -include config.h -std=c++17

Makefile.am

@@ -0,0 +1,48 @@
+SUBDIRS = externals src scripts corepkgs doc misc tests
+EXTRA_DIST = substitute.mk nix.spec nix.spec.in bootstrap.sh \
+  nix.conf.example NEWS version
+
+include ./substitute.mk
+
+nix.spec: nix.spec.in
+
+install-data-local: init-state
+	$(INSTALL) -d $(DESTDIR)$(sysconfdir)/nix
+	$(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix
+	if ! test -e $(DESTDIR)$(sysconfdir)/nix/nix.conf; then \
+		$(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix/nix.conf; \
+	fi
+	$(INSTALL) -d $(DESTDIR)$(docdir)
+	$(INSTALL_DATA) README $(DESTDIR)$(docdir)/
+
+if INIT_STATE
+
+# For setuid operation, you can enable the following:
+# INIT_FLAGS = -g @NIX_GROUP@ -o @NIX_USER@
+# GROUP_WRITABLE = -m 775
+
+init-state:
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/db
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/log/nix
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/log/nix/drvs
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/profiles
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/gcroots
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/temproots
+	$(INSTALL) $(INIT_FLAGS) $(GROUP_WRITABLE) -d $(DESTDIR)$(localstatedir)/nix/gcroots/tmp
+	$(INSTALL) $(INIT_FLAGS) $(GROUP_WRITABLE) -d $(DESTDIR)$(localstatedir)/nix/gcroots/channels
+	ln -sfn $(localstatedir)/nix/profiles $(DESTDIR)$(localstatedir)/nix/gcroots/profiles
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/userpool
+	$(INSTALL) $(INIT_FLAGS) -m 1777 -d $(DESTDIR)$(storedir)
+	$(INSTALL) $(INIT_FLAGS) $(GROUP_WRITABLE) -d $(DESTDIR)$(localstatedir)/nix/manifests
+	ln -sfn $(localstatedir)/nix/manifests $(DESTDIR)$(localstatedir)/nix/gcroots/manifests
+
+else
+
+init-state:
+
+endif
+
+NEWS:
+	$(MAKE) -C doc/manual NEWS.txt
+	cp $(srcdir)/doc/manual/NEWS.txt NEWS

Makefile.config.in

@@ -1,43 +0,0 @@
-AR = @AR@
-BDW_GC_LIBS = @BDW_GC_LIBS@
-BOOST_LDFLAGS = @BOOST_LDFLAGS@
-BUILD_SHARED_LIBS = @BUILD_SHARED_LIBS@
-CC = @CC@
-CFLAGS = @CFLAGS@
-CXX = @CXX@
-CXXFLAGS = @CXXFLAGS@
-EDITLINE_LIBS = @EDITLINE_LIBS@
-ENABLE_S3 = @ENABLE_S3@
-GTEST_LIBS = @GTEST_LIBS@
-HAVE_SECCOMP = @HAVE_SECCOMP@
-HAVE_SODIUM = @HAVE_SODIUM@
-LDFLAGS = @LDFLAGS@
-LIBARCHIVE_LIBS = @LIBARCHIVE_LIBS@
-LIBBROTLI_LIBS = @LIBBROTLI_LIBS@
-LIBCURL_LIBS = @LIBCURL_LIBS@
-LIBLZMA_LIBS = @LIBLZMA_LIBS@
-OPENSSL_LIBS = @OPENSSL_LIBS@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-SHELL = @bash@
-SODIUM_LIBS = @SODIUM_LIBS@
-SQLITE3_LIBS = @SQLITE3_LIBS@
-bash = @bash@
-bindir = @bindir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-doc_generate = @doc_generate@
-docdir = @docdir@
-exec_prefix = @exec_prefix@
-includedir = @includedir@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localstatedir = @localstatedir@
-lsof = @lsof@
-mandir = @mandir@
-pkglibdir = $(libdir)/$(PACKAGE_NAME)
-prefix = @prefix@
-sandbox_shell = @sandbox_shell@
-storedir = @storedir@
-sysconfdir = @sysconfdir@
-system = @system@

README

@@ -0,0 +1,10 @@
+Nix is a purely functional package manager.  For installation and
+usage instructions, please read the manual, which can be found in
+`docs/manual/manual.html', and additionally at the Nix website at
+<http://nixos.org/>.
+
+
+Acknowledgments
+
+This product includes software developed by the OpenSSL Project for
+use in the OpenSSL Toolkit (http://www.OpenSSL.org/).

README.md

@@ -1,35 +0,0 @@
-# Nix
-
-[![Open Collective supporters](https://opencollective.com/nixos/tiers/supporter/badge.svg?label=Supporters&color=brightgreen)](https://opencollective.com/nixos)
-[![Test](https://github.com/NixOS/nix/workflows/Test/badge.svg)](https://github.com/NixOS/nix/actions)
-
-Nix is a powerful package manager for Linux and other Unix systems that makes package
-management reliable and reproducible. Please refer to the [Nix manual](https://nixos.org/nix/manual)
-for more details.
-
-## Installation
-
-On Linux and macOS the easiest way to install Nix is to run the following shell command
-(as a user other than root):
-
-```console
-$ curl -L https://nixos.org/nix/install | sh
-```
-
-Information on additional installation methods is available on the [Nix download page](https://nixos.org/download.html).
-
-## Building And Developing
-
-See our [Hacking guide](https://hydra.nixos.org/job/nix/master/build.x86_64-linux/latest/download-by-type/doc/manual/hacking.html) in our manual for instruction on how to
-build nix from source with nix-build or how to get a development environment.
-
-## Additional Resources
-
-- [Nix manual](https://nixos.org/nix/manual)
-- [Nix jobsets on hydra.nixos.org](https://hydra.nixos.org/project/nix)
-- [NixOS Discourse](https://discourse.nixos.org/)
-- [IRC - #nixos on freenode.net](irc://irc.freenode.net/#nixos)
-
-## License
-
-Nix is released under the [LGPL v2.1](./COPYING).

aterm-gc.supp

@@ -0,0 +1,117 @@
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:*
+   fun:AT_collect_minor
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:*
+   fun:*
+   fun:AT_collect_minor
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:*
+   fun:AT_collect_minor
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value8
+   fun:*
+   fun:AT_collect_minor
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:*
+   fun:*
+   fun:AT_collect_minor
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value8
+   fun:*
+   fun:*
+   fun:AT_collect_minor
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Addr4
+   fun:*
+   fun:AT_collect_minor
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Addr8
+   fun:*
+   fun:AT_collect_minor
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:*
+   fun:AT_collect
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:*
+   fun:AT_collect
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value8
+   fun:*
+   fun:AT_collect
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Addr4
+   fun:*
+   fun:AT_collect
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Addr8
+   fun:*
+   fun:AT_collect
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:*
+   fun:*
+   fun:AT_collect
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value8
+   fun:*
+   fun:*
+   fun:AT_collect
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:*
+   fun:*
+   fun:AT_collect
+}

blacklisting/check-env.pl

@@ -0,0 +1,252 @@
+#! /usr/bin/perl -w -I /home/eelco/.nix-profile/lib/site_perl
+
+use strict;
+use XML::LibXML;
+#use XML::Simple;
+
+my $blacklistFN = shift @ARGV;
+die unless defined $blacklistFN;
+my $userEnv = shift @ARGV;
+die unless defined $userEnv;
+
+
+# Read the blacklist.
+my $parser = XML::LibXML->new();
+my $blacklist = $parser->parse_file($blacklistFN)->getDocumentElement;
+
+#print $blacklist->toString() , "\n";
+
+
+# Get all the elements of the user environment.
+my $userEnvElems = `nix-store --query --references '$userEnv'`;
+die "cannot query user environment elements" if $? != 0;
+my @userEnvElems = split ' ', $userEnvElems;
+
+
+my %storePathHashes;
+
+
+sub getElemNodes {
+    my $node = shift;
+    my @elems = ();
+    foreach my $node ($node->getChildNodes) {
+        push @elems, $node if $node->nodeType == XML_ELEMENT_NODE;
+    }
+    return @elems;
+}
+
+
+my %referencesCache;
+sub getReferences {
+    my $path = shift;
+    return $referencesCache{$path} if defined $referencesCache{$path};
+    
+    my $references = `nix-store --query --references '$path'`;
+    die "cannot query references" if $? != 0;
+    $referencesCache{$path} = [split ' ', $references];
+    
+    return $referencesCache{$path};
+}
+
+
+my %attrsCache;
+sub getAttr {
+    my $path = shift;
+    my $name = shift;
+    my $key = "$path/$name";
+    return $referencesCache{$key} if defined $referencesCache{$key};
+
+    my $value = `nix-store --query --binding '$name' '$path' 2> /dev/null`;
+    $value = "" if $? != 0; # !!!
+    chomp $value;
+    $referencesCache{$key} = $value;
+
+    return $value;
+}
+
+
+sub evalCondition;
+
+
+sub traverse {
+    my $done = shift;
+    my $set = shift;
+    my $path = shift;
+    my $stopCondition = shift;
+
+    return if defined $done->{$path};
+    $done->{$path} = 1;
+    $set->{$path} = 1;
+
+#    print "  in $path\n";
+
+    if (!evalCondition({$path => 1}, $stopCondition)) {
+#        print "  STOPPING in $path\n";
+        return;
+    }
+
+    # Get the requisites of the deriver.
+
+    foreach my $reference (@{getReferences $path}) {
+        traverse($done, $set, $reference, $stopCondition);
+    }
+}
+
+
+sub evalSet {
+    my $inSet = shift;
+    my $expr = shift;
+    my $name = $expr->getName;
+    
+    if ($name eq "traverse") {
+        my $stopCondition = (getElemNodes $expr)[0];
+        my $done = { };
+        my $set = { };
+        foreach my $path (keys %{$inSet}) {
+            traverse($done, $set, $path, $stopCondition);
+        }
+        return $set;
+    }
+
+    else {
+        die "unknown element `$name'";
+    }
+}
+
+
+# Function for evaluating conditions.
+sub evalCondition {
+    my $storePaths = shift;
+    my $condition = shift;
+    my $elemName = $condition->getName;
+    
+    if ($elemName eq "containsSource") {
+        my $hash = $condition->attributes->getNamedItem("hash")->getValue;
+        foreach my $path (keys %{$storePathHashes{$hash}}) {
+            return 1 if defined $storePaths->{$path};
+        }
+        return 0;
+    }
+
+    elsif ($elemName eq "hasName") { 
+        my $nameRE = $condition->attributes->getNamedItem("name")->getValue;
+        foreach my $path (keys %{$storePaths}) {
+            return 1 if $path =~ /$nameRE/;
+        }
+        return 0;
+    }
+    
+    elsif ($elemName eq "hasAttr") { 
+        my $name = $condition->attributes->getNamedItem("name")->getValue;
+        my $valueRE = $condition->attributes->getNamedItem("value")->getValue;
+        foreach my $path (keys %{$storePaths}) {
+            if ($path =~ /\.drv$/) {
+                my $value = getAttr($path, $name);
+#                print "    $path $name $value\n";
+                return 1 if $value =~ /$valueRE/;
+            }
+        }
+        return 0;
+    }
+    
+    elsif ($elemName eq "and") {
+        my $result = 1;
+        foreach my $node (getElemNodes $condition) {
+            $result &= evalCondition($storePaths, $node);
+        }
+        return $result;
+    }
+
+    elsif ($elemName eq "not") {
+        return !evalCondition($storePaths, (getElemNodes $condition)[0]);
+    }
+    
+    elsif ($elemName eq "within") {
+        my @elems = getElemNodes $condition;
+        my $set = evalSet($storePaths, $elems[0]);
+        return evalCondition($set, $elems[1]);
+    }
+
+    elsif ($elemName eq "true") {
+        return 1;
+    }
+
+    elsif ($elemName eq "false") {
+        return 0;
+    }
+
+    else {
+        die "unknown element `$elemName'";
+    }
+}
+
+
+sub evalOr {
+    my $storePaths = shift;
+    my $nodes = shift;
+
+    my $result = 0;
+    foreach my $node (@{$nodes}) {
+        $result |= evalCondition($storePaths, $node);
+    }
+    
+    return $result;
+}
+
+
+# Iterate over all elements, check them.
+foreach my $userEnvElem (@userEnvElems) {
+
+    # Get the deriver of this path.
+    my $deriver = `nix-store --query --deriver '$userEnvElem'`;
+    die "cannot query deriver" if $? != 0;
+    chomp $deriver;
+
+    if ($deriver eq "unknown-deriver") {
+#        print "  deriver unknown, cannot check sources\n";
+        next;
+    }
+
+    print "CHECKING $userEnvElem\n";
+
+
+    # Get the requisites of the deriver.
+#    my $requisites = `nix-store --query --requisites --include-outputs '$deriver'`;
+#    die "cannot query requisites" if $? != 0;
+#    my @requisites = split ' ', $requisites;
+
+
+    # Get the hashes of the requisites.
+#    my $hashes = `nix-store --query --hash @requisites`;
+#    die "cannot query hashes" if $? != 0;
+#    my @hashes = split ' ', $hashes;
+#    for (my $i = 0; $i < scalar @requisites; $i++) {
+#        die unless $i < scalar @hashes;
+#        my $hash = $hashes[$i];
+#        $storePathHashes{$hash} = {} unless defined $storePathHashes{$hash};
+#        my $r = $storePathHashes{$hash}; # !!! fix
+#        $$r{$requisites[$i]} = 1;
+#    }
+
+
+    # Evaluate each blacklist item.
+    foreach my $item ($blacklist->getChildrenByTagName("item")) {
+        my $itemId = $item->getAttributeNode("id")->getValue;
+#        print "  CHECKING FOR $itemId\n";
+
+        my $condition = ($item->getChildrenByTagName("condition"))[0];
+        die unless $condition;
+
+        # Evaluate the condition.
+        my @elems = getElemNodes $condition;
+        if (evalOr({$deriver => 1}, \@elems)) {
+            # Oops, condition triggered.
+            my $reason = ($item->getChildrenByTagName("reason"))[0]->getChildNodes->to_literal;
+            $reason =~ s/\s+/ /g;
+            $reason =~ s/^\s+//g;
+
+            print "    VULNERABLE TO `$itemId': $reason\n";
+        }
+    }
+}
+

bootstrap.sh

@@ -1,4 +1,7 @@
 #! /bin/sh -e
-rm -f aclocal.m4
 mkdir -p config
-exec autoreconf -vfi
+libtoolize --copy
+aclocal
+autoheader
+automake --add-missing --copy
+autoconf

config/install-sh

@@ -1,527 +0,0 @@
-#!/bin/sh
-# install - install a program, script, or datafile
-
-scriptversion=2011-11-20.07; # UTC
-
-# This originates from X11R5 (mit/util/scripts/install.sh), which was
-# later released in X11R6 (xc/config/util/install.sh) with the
-# following copyright and license.
-#
-# Copyright (C) 1994 X Consortium
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
-# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
-# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-# Except as contained in this notice, the name of the X Consortium shall not
-# be used in advertising or otherwise to promote the sale, use or other deal-
-# ings in this Software without prior written authorization from the X Consor-
-# tium.
-#
-#
-# FSF changes to this file are in the public domain.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# 'make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.
-
-nl='
-'
-IFS=" ""	$nl"
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit=${DOITPROG-}
-if test -z "$doit"; then
-  doit_exec=exec
-else
-  doit_exec=$doit
-fi
-
-# Put in absolute file names if you don't have them in your path;
-# or use environment vars.
-
-chgrpprog=${CHGRPPROG-chgrp}
-chmodprog=${CHMODPROG-chmod}
-chownprog=${CHOWNPROG-chown}
-cmpprog=${CMPPROG-cmp}
-cpprog=${CPPROG-cp}
-mkdirprog=${MKDIRPROG-mkdir}
-mvprog=${MVPROG-mv}
-rmprog=${RMPROG-rm}
-stripprog=${STRIPPROG-strip}
-
-posix_glob='?'
-initialize_posix_glob='
-  test "$posix_glob" != "?" || {
-    if (set -f) 2>/dev/null; then
-      posix_glob=
-    else
-      posix_glob=:
-    fi
-  }
-'
-
-posix_mkdir=
-
-# Desired mode of installed file.
-mode=0755
-
-chgrpcmd=
-chmodcmd=$chmodprog
-chowncmd=
-mvcmd=$mvprog
-rmcmd="$rmprog -f"
-stripcmd=
-
-src=
-dst=
-dir_arg=
-dst_arg=
-
-copy_on_change=false
-no_target_directory=
-
-usage="\
-Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
-   or: $0 [OPTION]... SRCFILES... DIRECTORY
-   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
-   or: $0 [OPTION]... -d DIRECTORIES...
-
-In the 1st form, copy SRCFILE to DSTFILE.
-In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
-In the 4th, create DIRECTORIES.
-
-Options:
-     --help     display this help and exit.
-     --version  display version info and exit.
-
-  -c            (ignored)
-  -C            install only if different (preserve the last data modification time)
-  -d            create directories instead of installing files.
-  -g GROUP      $chgrpprog installed files to GROUP.
-  -m MODE       $chmodprog installed files to MODE.
-  -o USER       $chownprog installed files to USER.
-  -s            $stripprog installed files.
-  -t DIRECTORY  install into DIRECTORY.
-  -T            report an error if DSTFILE is a directory.
-
-Environment variables override the default commands:
-  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
-  RMPROG STRIPPROG
-"
-
-while test $# -ne 0; do
-  case $1 in
-    -c) ;;
-
-    -C) copy_on_change=true;;
-
-    -d) dir_arg=true;;
-
-    -g) chgrpcmd="$chgrpprog $2"
-	shift;;
-
-    --help) echo "$usage"; exit $?;;
-
-    -m) mode=$2
-	case $mode in
-	  *' '* | *'	'* | *'
-'*	  | *'*'* | *'?'* | *'['*)
-	    echo "$0: invalid mode: $mode" >&2
-	    exit 1;;
-	esac
-	shift;;
-
-    -o) chowncmd="$chownprog $2"
-	shift;;
-
-    -s) stripcmd=$stripprog;;
-
-    -t) dst_arg=$2
-	# Protect names problematic for 'test' and other utilities.
-	case $dst_arg in
-	  -* | [=\(\)!]) dst_arg=./$dst_arg;;
-	esac
-	shift;;
-
-    -T) no_target_directory=true;;
-
-    --version) echo "$0 $scriptversion"; exit $?;;
-
-    --)	shift
-	break;;
-
-    -*)	echo "$0: invalid option: $1" >&2
-	exit 1;;
-
-    *)  break;;
-  esac
-  shift
-done
-
-if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
-  # When -d is used, all remaining arguments are directories to create.
-  # When -t is used, the destination is already specified.
-  # Otherwise, the last argument is the destination.  Remove it from $@.
-  for arg
-  do
-    if test -n "$dst_arg"; then
-      # $@ is not empty: it contains at least $arg.
-      set fnord "$@" "$dst_arg"
-      shift # fnord
-    fi
-    shift # arg
-    dst_arg=$arg
-    # Protect names problematic for 'test' and other utilities.
-    case $dst_arg in
-      -* | [=\(\)!]) dst_arg=./$dst_arg;;
-    esac
-  done
-fi
-
-if test $# -eq 0; then
-  if test -z "$dir_arg"; then
-    echo "$0: no input file specified." >&2
-    exit 1
-  fi
-  # It's OK to call 'install-sh -d' without argument.
-  # This can happen when creating conditional directories.
-  exit 0
-fi
-
-if test -z "$dir_arg"; then
-  do_exit='(exit $ret); exit $ret'
-  trap "ret=129; $do_exit" 1
-  trap "ret=130; $do_exit" 2
-  trap "ret=141; $do_exit" 13
-  trap "ret=143; $do_exit" 15
-
-  # Set umask so as not to create temps with too-generous modes.
-  # However, 'strip' requires both read and write access to temps.
-  case $mode in
-    # Optimize common cases.
-    *644) cp_umask=133;;
-    *755) cp_umask=22;;
-
-    *[0-7])
-      if test -z "$stripcmd"; then
-	u_plus_rw=
-      else
-	u_plus_rw='% 200'
-      fi
-      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
-    *)
-      if test -z "$stripcmd"; then
-	u_plus_rw=
-      else
-	u_plus_rw=,u+rw
-      fi
-      cp_umask=$mode$u_plus_rw;;
-  esac
-fi
-
-for src
-do
-  # Protect names problematic for 'test' and other utilities.
-  case $src in
-    -* | [=\(\)!]) src=./$src;;
-  esac
-
-  if test -n "$dir_arg"; then
-    dst=$src
-    dstdir=$dst
-    test -d "$dstdir"
-    dstdir_status=$?
-  else
-
-    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
-    # might cause directories to be created, which would be especially bad
-    # if $src (and thus $dsttmp) contains '*'.
-    if test ! -f "$src" && test ! -d "$src"; then
-      echo "$0: $src does not exist." >&2
-      exit 1
-    fi
-
-    if test -z "$dst_arg"; then
-      echo "$0: no destination specified." >&2
-      exit 1
-    fi
-    dst=$dst_arg
-
-    # If destination is a directory, append the input filename; won't work
-    # if double slashes aren't ignored.
-    if test -d "$dst"; then
-      if test -n "$no_target_directory"; then
-	echo "$0: $dst_arg: Is a directory" >&2
-	exit 1
-      fi
-      dstdir=$dst
-      dst=$dstdir/`basename "$src"`
-      dstdir_status=0
-    else
-      # Prefer dirname, but fall back on a substitute if dirname fails.
-      dstdir=`
-	(dirname "$dst") 2>/dev/null ||
-	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
-	     X"$dst" : 'X\(//\)[^/]' \| \
-	     X"$dst" : 'X\(//\)$' \| \
-	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
-	echo X"$dst" |
-	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
-		   s//\1/
-		   q
-		 }
-		 /^X\(\/\/\)[^/].*/{
-		   s//\1/
-		   q
-		 }
-		 /^X\(\/\/\)$/{
-		   s//\1/
-		   q
-		 }
-		 /^X\(\/\).*/{
-		   s//\1/
-		   q
-		 }
-		 s/.*/./; q'
-      `
-
-      test -d "$dstdir"
-      dstdir_status=$?
-    fi
-  fi
-
-  obsolete_mkdir_used=false
-
-  if test $dstdir_status != 0; then
-    case $posix_mkdir in
-      '')
-	# Create intermediate dirs using mode 755 as modified by the umask.
-	# This is like FreeBSD 'install' as of 1997-10-28.
-	umask=`umask`
-	case $stripcmd.$umask in
-	  # Optimize common cases.
-	  *[2367][2367]) mkdir_umask=$umask;;
-	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
-
-	  *[0-7])
-	    mkdir_umask=`expr $umask + 22 \
-	      - $umask % 100 % 40 + $umask % 20 \
-	      - $umask % 10 % 4 + $umask % 2
-	    `;;
-	  *) mkdir_umask=$umask,go-w;;
-	esac
-
-	# With -d, create the new directory with the user-specified mode.
-	# Otherwise, rely on $mkdir_umask.
-	if test -n "$dir_arg"; then
-	  mkdir_mode=-m$mode
-	else
-	  mkdir_mode=
-	fi
-
-	posix_mkdir=false
-	case $umask in
-	  *[123567][0-7][0-7])
-	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
-	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
-	    ;;
-	  *)
-	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
-	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
-
-	    if (umask $mkdir_umask &&
-		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
-	    then
-	      if test -z "$dir_arg" || {
-		   # Check for POSIX incompatibilities with -m.
-		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
-		   # other-writable bit of parent directory when it shouldn't.
-		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
-		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
-		   case $ls_ld_tmpdir in
-		     d????-?r-*) different_mode=700;;
-		     d????-?--*) different_mode=755;;
-		     *) false;;
-		   esac &&
-		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
-		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
-		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
-		   }
-		 }
-	      then posix_mkdir=:
-	      fi
-	      rmdir "$tmpdir/d" "$tmpdir"
-	    else
-	      # Remove any dirs left behind by ancient mkdir implementations.
-	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
-	    fi
-	    trap '' 0;;
-	esac;;
-    esac
-
-    if
-      $posix_mkdir && (
-	umask $mkdir_umask &&
-	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
-      )
-    then :
-    else
-
-      # The umask is ridiculous, or mkdir does not conform to POSIX,
-      # or it failed possibly due to a race condition.  Create the
-      # directory the slow way, step by step, checking for races as we go.
-
-      case $dstdir in
-	/*) prefix='/';;
-	[-=\(\)!]*) prefix='./';;
-	*)  prefix='';;
-      esac
-
-      eval "$initialize_posix_glob"
-
-      oIFS=$IFS
-      IFS=/
-      $posix_glob set -f
-      set fnord $dstdir
-      shift
-      $posix_glob set +f
-      IFS=$oIFS
-
-      prefixes=
-
-      for d
-      do
-	test X"$d" = X && continue
-
-	prefix=$prefix$d
-	if test -d "$prefix"; then
-	  prefixes=
-	else
-	  if $posix_mkdir; then
-	    (umask=$mkdir_umask &&
-	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
-	    # Don't fail if two instances are running concurrently.
-	    test -d "$prefix" || exit 1
-	  else
-	    case $prefix in
-	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
-	      *) qprefix=$prefix;;
-	    esac
-	    prefixes="$prefixes '$qprefix'"
-	  fi
-	fi
-	prefix=$prefix/
-      done
-
-      if test -n "$prefixes"; then
-	# Don't fail if two instances are running concurrently.
-	(umask $mkdir_umask &&
-	 eval "\$doit_exec \$mkdirprog $prefixes") ||
-	  test -d "$dstdir" || exit 1
-	obsolete_mkdir_used=true
-      fi
-    fi
-  fi
-
-  if test -n "$dir_arg"; then
-    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
-    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
-    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
-      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
-  else
-
-    # Make a couple of temp file names in the proper directory.
-    dsttmp=$dstdir/_inst.$$_
-    rmtmp=$dstdir/_rm.$$_
-
-    # Trap to clean up those temp files at exit.
-    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
-
-    # Copy the file name to the temp name.
-    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
-
-    # and set any options; do chmod last to preserve setuid bits.
-    #
-    # If any of these fail, we abort the whole thing.  If we want to
-    # ignore errors from any of these, just make sure not to ignore
-    # errors from the above "$doit $cpprog $src $dsttmp" command.
-    #
-    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
-    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
-    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
-    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
-
-    # If -C, don't bother to copy if it wouldn't change the file.
-    if $copy_on_change &&
-       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
-       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
-
-       eval "$initialize_posix_glob" &&
-       $posix_glob set -f &&
-       set X $old && old=:$2:$4:$5:$6 &&
-       set X $new && new=:$2:$4:$5:$6 &&
-       $posix_glob set +f &&
-
-       test "$old" = "$new" &&
-       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
-    then
-      rm -f "$dsttmp"
-    else
-      # Rename the file to the real destination.
-      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
-
-      # The rename failed, perhaps because mv can't rename something else
-      # to itself, or perhaps because mv is so ancient that it does not
-      # support -f.
-      {
-	# Now remove or move aside any old file at destination location.
-	# We try this two ways since rm can't unlink itself on some
-	# systems and the destination file might be busy for other
-	# reasons.  In this case, the final cleanup might fail but the new
-	# file should still install successfully.
-	{
-	  test ! -f "$dst" ||
-	  $doit $rmcmd -f "$dst" 2>/dev/null ||
-	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
-	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
-	  } ||
-	  { echo "$0: cannot unlink or rename $dst" >&2
-	    (exit 1); exit 1
-	  }
-	} &&
-
-	# Now rename the file to the real destination.
-	$doit $mvcmd "$dsttmp" "$dst"
-      }
-    fi || exit 1
-
-    trap '' 0
-  fi
-done
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
-# time-stamp-end: "; # UTC"
-# End:

configure.ac

@@ -1,37 +1,34 @@
-AC_INIT(nix, m4_esyscmd([bash -c "echo -n $(cat ./.version)$VERSION_SUFFIX"]))
-AC_CONFIG_MACRO_DIRS([m4])
-AC_CONFIG_SRCDIR(README.md)
+AC_INIT(nix, m4_esyscmd([echo -n $(cat ./version)$VERSION_SUFFIX]))
+AC_CONFIG_SRCDIR(README)
 AC_CONFIG_AUX_DIR(config)
+AM_INIT_AUTOMAKE([dist-bzip2 foreign])
+
+AC_DEFINE_UNQUOTED(NIX_VERSION, ["$VERSION"], [Nix version.])
+
+AC_CANONICAL_HOST
 
-AC_PROG_SED
 
 # Construct a Nix system name (like "i686-linux").
-AC_CANONICAL_HOST
 AC_MSG_CHECKING([for the canonical Nix system name])
+cpu_name=$(uname -p | tr 'A-Z ' 'a-z_')
+machine_name=$(uname -m | tr 'A-Z ' 'a-z_')
 
-AC_ARG_WITH(system, AC_HELP_STRING([--with-system=SYSTEM],
-  [Platform identifier (e.g., `i686-linux').]),
-  [system=$withval],
-  [case "$host_cpu" in
-     i*86)
-        machine_name="i686";;
-     amd64)
-        machine_name="x86_64";;
-     armv6|armv7)
-        machine_name="${host_cpu}l";;
-     *)
-        machine_name="$host_cpu";;
-   esac
-
-   case "$host_os" in
-     linux-gnu*|linux-musl*)
-        # For backward compatibility, strip the `-gnu' part.
-        system="$machine_name-linux";;
-     *)
-        # Strip the version number from names such as `gnu0.3',
-        # `darwin10.2.0', etc.
-        system="$machine_name-`echo $host_os | "$SED" -e's/@<:@0-9.@:>@*$//g'`";;
-   esac])
+case $machine_name in
+    i*86)
+        machine_name=i686
+        ;;
+    x86_64)
+        machine_name=x86_64
+        ;;
+    ppc)
+        machine_name=powerpc
+        ;;
+    *)
+        if test "$cpu_name" != "unknown"; then
+            machine_name=$cpu_name
+        fi
+        ;;
+esac
 
 sys_name=$(uname -s | tr 'A-Z ' 'a-z_')
 
@@ -41,33 +38,58 @@ case $sys_name in
         ;;
 esac
 
+AC_ARG_WITH(system, AC_HELP_STRING([--with-system=SYSTEM],
+  [Platform identifier (e.g., `i686-linux').]),
+  system=$withval, system="${machine_name}-${sys_name}")
 AC_MSG_RESULT($system)
 AC_SUBST(system)
-AC_DEFINE_UNQUOTED(SYSTEM, ["$system"], [platform identifier ('cpu-os')])
+AC_DEFINE_UNQUOTED(SYSTEM, ["$system"], [platform identifier (`cpu-os')])
 
 
 # State should be stored in /nix/var, unless the user overrides it explicitly.
 test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var
 
 
-CFLAGS=
-CXXFLAGS=
+# Whether to produce a statically linked binary.  On Cygwin, this is
+# the default: dynamically linking against the ATerm DLL does work,
+# except that it requires the ATerm "lib" directory to be in $PATH, as
+# Windows doesn't have anything like an RPATH embedded in executable.
+# Since this is kind of annoying, we use static libraries for now.
+    
+AC_ARG_ENABLE(static-nix, AC_HELP_STRING([--enable-static-nix],
+  [produce statically linked binaries]),
+  static_nix=$enableval, static_nix=no)
+
+if test "$sys_name" = cygwin; then
+   static_nix=yes
+fi
+  
+if test "$static_nix" = yes; then
+    AC_DISABLE_SHARED
+    AC_ENABLE_STATIC
+fi
+
+  
+# Windows-specific stuff.
+if test "$sys_name" = "cygwin"; then
+    # We cannot delete open files.
+    AC_DEFINE(CANNOT_DELETE_OPEN_FILES, 1, [Whether it is impossible to delete open files.])
+fi
+
+
 AC_PROG_CC
 AC_PROG_CXX
-AC_PROG_CPP
 
-AC_CHECK_TOOL([AR], [ar])
+
+# We are going to use libtool.
+AC_DISABLE_STATIC
+AC_ENABLE_SHARED
+AC_PROG_LIBTOOL
+
 
 # Use 64-bit file system calls so that we can support files > 2 GiB.
-AC_SYS_LARGEFILE
-
-
-# Solaris-specific stuff.
-AC_STRUCT_DIRENT_D_TYPE
-if test "$sys_name" = sunos; then
-    # Solaris requires -lsocket -lnsl for network functions
-    LIBS="-lsocket -lnsl $LIBS"
-fi
+CFLAGS="-D_FILE_OFFSET_BITS=64 $CFLAGS"
+CXXFLAGS="-D_FILE_OFFSET_BITS=64 $CXXFLAGS"
 
 
 # Check for pubsetbuf.
@@ -82,32 +104,29 @@ static char buf[1024];]],
 AC_LANG_POP(C++)
 
 
-AC_CHECK_FUNCS([statvfs pipe2])
-
-
-# Check for lutimes, optionally used for changing the mtime of
-# symlinks.
-AC_CHECK_FUNCS([lutimes])
-
-
-# Check whether the store optimiser can optimise symlinks.
-AC_MSG_CHECKING([whether it is possible to create a link to a symlink])
-ln -s bla tmp_link
-if ln tmp_link tmp_link2 2> /dev/null; then
-    AC_MSG_RESULT(yes)
-    AC_DEFINE(CAN_LINK_SYMLINK, 1, [Whether link() works on symlinks.])
-else
-    AC_MSG_RESULT(no)
-fi
-rm -f tmp_link tmp_link2
+# Check for chroot support (requires chroot() and bind mounts).
+AC_CHECK_FUNCS([chroot])
+AC_CHECK_FUNCS([unshare])
+AC_CHECK_HEADERS([sched.h], [], [], [])
+AC_CHECK_HEADERS([sys/param.h], [], [], [])
+AC_CHECK_HEADERS([sys/mount.h], [], [],
+[#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+# endif
+])
 
 
 # Check for <locale>.
 AC_LANG_PUSH(C++)
-AC_CHECK_HEADERS([locale])
+AC_CHECK_HEADERS([locale], [], [], [])
 AC_LANG_POP(C++)
 
 
+# Check whether we have the personality() syscall, which allows us to
+# do i686-linux builds on x86_64-linux machines.
+AC_CHECK_HEADERS([sys/personality.h])
+
+
 AC_DEFUN([NEED_PROG],
 [
 AC_PATH_PROG($1, $2)
@@ -116,164 +135,145 @@ if test -z "$$1"; then
 fi
 ])
 
+NEED_PROG(curl, curl)
 NEED_PROG(bash, bash)
+NEED_PROG(patch, patch)
+AC_PATH_PROG(xmllint, xmllint, false)
+AC_PATH_PROG(xsltproc, xsltproc, false)
+AC_PATH_PROG(jing, jing, false) # needed because xmllint --relaxng seems broken
+AC_PATH_PROG(w3m, w3m, false)
 AC_PATH_PROG(flex, flex, false)
 AC_PATH_PROG(bison, bison, false)
+NEED_PROG(perl, perl)
+NEED_PROG(tar, tar)
 AC_PATH_PROG(dot, dot)
-AC_PATH_PROG(lsof, lsof, lsof)
-NEED_PROG(jq, jq)
+AC_PATH_PROG(dblatex, dblatex)
+AC_PATH_PROG(gzip, gzip)
 
+AC_PATH_PROG(openssl_prog, openssl, openssl) # if not found, call openssl in $PATH
+AC_SUBST(openssl_prog)
+AC_DEFINE_UNQUOTED(OPENSSL_PATH, ["$openssl_prog"], [Path of the OpenSSL binary])
 
-AC_SUBST(coreutils, [$(dirname $(type -p cat))])
+# Test that Perl has the open/fork feature (Perl 5.8.0 and beyond).
+AC_MSG_CHECKING([whether Perl is recent enough])
+if ! $perl -e 'open(FOO, "-|", "true"); while (<FOO>) { print; }; close FOO or die;'; then
+    AC_MSG_RESULT(no)
+    AC_MSG_ERROR([Your Perl version is too old.  Nix requires Perl 5.8.0 or newer.])
+fi
+AC_MSG_RESULT(yes)
 
+NEED_PROG(cat, cat)
+NEED_PROG(tr, tr)
+AC_ARG_WITH(coreutils-bin, AC_HELP_STRING([--with-coreutils-bin=PATH],
+  [path of cat, mkdir, etc.]),
+  coreutils=$withval, coreutils=$(dirname $cat))
+AC_SUBST(coreutils)
+
+AC_ARG_WITH(docbook-rng, AC_HELP_STRING([--with-docbook-rng=PATH],
+  [path of the DocBook RelaxNG schema]),
+  docbookrng=$withval, docbookrng=/docbook-rng-missing)
+AC_SUBST(docbookrng)
+
+AC_ARG_WITH(docbook-xsl, AC_HELP_STRING([--with-docbook-xsl=PATH],
+  [path of the DocBook XSL stylesheets]),
+  docbookxsl=$withval, docbookxsl=/docbook-xsl-missing)
+AC_SUBST(docbookxsl)
+
+AC_ARG_WITH(xml-flags, AC_HELP_STRING([--with-xml-flags=FLAGS],
+  [extra flags to be passed to xmllint and xsltproc]),
+  xmlflags=$withval, xmlflags=)
+AC_SUBST(xmlflags)
 
 AC_ARG_WITH(store-dir, AC_HELP_STRING([--with-store-dir=PATH],
-  [path of the Nix store (defaults to /nix/store)]),
+  [path of the Nix store]),
   storedir=$withval, storedir='/nix/store')
 AC_SUBST(storedir)
 
+AC_ARG_ENABLE(old-db-compat, AC_HELP_STRING([--disable-old-db-compat],
+  [disable support for converting from old Berkeley DB-based Nix stores]),
+  old_db_compat=$enableval, old_db_compat=yes)
+AM_CONDITIONAL(OLD_DB_COMPAT, test "$old_db_compat" = "yes")
 
-# Look for boost, a required dependency.
-# Note that AX_BOOST_BASE only exports *CPP* BOOST_CPPFLAGS, no CXX flags,
-# and CPPFLAGS are not passed to the C++ compiler automatically.
-# Thus we append the returned CPPFLAGS to the CXXFLAGS here.
-AX_BOOST_BASE([1.66], [CXXFLAGS="$BOOST_CPPFLAGS $CXXFLAGS"], [AC_MSG_ERROR([Nix requires boost.])])
-# For unknown reasons, setting this directly in the ACTION-IF-FOUND above
-# ends up with LDFLAGS being empty, so we set it afterwards.
-LDFLAGS="$BOOST_LDFLAGS $LDFLAGS"
-
-# On some platforms, new-style atomics need a helper library
-AC_MSG_CHECKING(whether -latomic is needed)
-AC_LINK_IFELSE([AC_LANG_SOURCE([[
-#include <stdint.h>
-uint64_t v;
-int main() {
-    return (int)__atomic_load_n(&v, __ATOMIC_ACQUIRE);
-}]])], GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC=no, GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC=yes)
-AC_MSG_RESULT($GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC)
-if test "x$GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC" = xyes; then
-    LIBS="-latomic $LIBS"
-fi
-
-PKG_PROG_PKG_CONFIG
-
-AC_ARG_ENABLE(shared, AC_HELP_STRING([--enable-shared],
-  [Build shared libraries for Nix [default=yes]]),
-  shared=$enableval, shared=yes)
-if test "$shared" = yes; then
-  AC_SUBST(BUILD_SHARED_LIBS, 1, [Whether to build shared libraries.])
+AC_ARG_WITH(bdb, AC_HELP_STRING([--with-bdb=PATH],
+  [prefix of Berkeley DB (for Nix <= 0.11 compatibility)]),
+  bdb=$withval, bdb=)
+AM_CONDITIONAL(HAVE_BDB, test -n "$bdb")
+if test -z "$bdb"; then
+  bdb_lib='-L${top_builddir}/externals/inst-bdb/lib -ldb_cxx'
+  bdb_include='-I${top_builddir}/externals/inst-bdb/include'
 else
-  AC_SUBST(BUILD_SHARED_LIBS, 0, [Whether to build shared libraries.])
-  PKG_CONFIG="$PKG_CONFIG --static"
+  bdb_lib="-L$bdb/lib -ldb_cxx"
+  bdb_include="-I$bdb/include"
 fi
-
-# Look for OpenSSL, a required dependency. FIXME: this is only (maybe)
-# used by S3BinaryCacheStore.
-PKG_CHECK_MODULES([OPENSSL], [libcrypto], [CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"])
-
-
-# Look for libbz2, a required dependency.
-AC_CHECK_LIB([bz2], [BZ2_bzWriteOpen], [true],
-  [AC_MSG_ERROR([Nix requires libbz2, which is part of bzip2.  See https://web.archive.org/web/20180624184756/http://www.bzip.org/.])])
-AC_CHECK_HEADERS([bzlib.h], [true],
-  [AC_MSG_ERROR([Nix requires libbz2, which is part of bzip2.  See https://web.archive.org/web/20180624184756/http://www.bzip.org/.])])
-# Checks for libarchive
-PKG_CHECK_MODULES([LIBARCHIVE], [libarchive >= 3.1.2], [CXXFLAGS="$LIBARCHIVE_CFLAGS $CXXFLAGS"])
-
-# Look for SQLite, a required dependency.
-PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"])
-
-# Look for libcurl, a required dependency.
-PKG_CHECK_MODULES([LIBCURL], [libcurl], [CXXFLAGS="$LIBCURL_CFLAGS $CXXFLAGS"])
-
-# Look for editline, a required dependency.
-# The the libeditline.pc file was added only in libeditline >= 1.15.2,
-# see https://github.com/troglobit/editline/commit/0a8f2ef4203c3a4a4726b9dd1336869cd0da8607,
-# but e.g. Ubuntu 16.04 has an older version, so we fall back to searching for
-# editline.h when the pkg-config approach fails.
-PKG_CHECK_MODULES([EDITLINE], [libeditline], [CXXFLAGS="$EDITLINE_CFLAGS $CXXFLAGS"], [
-  AC_CHECK_HEADERS([editline.h], [true],
-    [AC_MSG_ERROR([Nix requires libeditline; it was found neither via pkg-config nor its normal header.])])
-  AC_SEARCH_LIBS([readline read_history], [editline], [],
-    [AC_MSG_ERROR([Nix requires libeditline; it was not found via pkg-config, but via its header, but required functions do not work. Maybe it is too old? >= 1.14 is required.])])
-])
-
-# Look for libsodium, an optional dependency.
-PKG_CHECK_MODULES([SODIUM], [libsodium],
-  [AC_DEFINE([HAVE_SODIUM], [1], [Whether to use libsodium for cryptography.])
-   CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"
-   have_sodium=1], [have_sodium=])
-AC_SUBST(HAVE_SODIUM, [$have_sodium])
-
-# Look for liblzma, a required dependency.
-PKG_CHECK_MODULES([LIBLZMA], [liblzma], [CXXFLAGS="$LIBLZMA_CFLAGS $CXXFLAGS"])
-AC_CHECK_LIB([lzma], [lzma_stream_encoder_mt],
-  [AC_DEFINE([HAVE_LZMA_MT], [1], [xz multithreaded compression support])])
-
-# Look for zlib, a required dependency.
-PKG_CHECK_MODULES([ZLIB], [zlib], [CXXFLAGS="$ZLIB_CFLAGS $CXXFLAGS"])
-AC_CHECK_HEADER([zlib.h],[:],[AC_MSG_ERROR([could not find the zlib.h header])])
-LDFLAGS="-lz $LDFLAGS"
-
-# Look for libbrotli{enc,dec}.
-PKG_CHECK_MODULES([LIBBROTLI], [libbrotlienc libbrotlidec], [CXXFLAGS="$LIBBROTLI_CFLAGS $CXXFLAGS"])
-
-
-# Look for libseccomp, required for Linux sandboxing.
-if test "$sys_name" = linux; then
-  AC_ARG_ENABLE([seccomp-sandboxing],
-                AC_HELP_STRING([--disable-seccomp-sandboxing],
-                               [Don't build support for seccomp sandboxing (only recommended if your arch doesn't support libseccomp yet!)]
-                              ))
-  if test "x$enable_seccomp_sandboxing" != "xno"; then
-    PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
-                      [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
-    have_seccomp=1
-    AC_DEFINE([HAVE_SECCOMP], [1], [Whether seccomp is available and should be used for sandboxing.])
-  else
-    have_seccomp=
-  fi
+if test "$old_db_compat" = "no"; then
+  bdb_lib=
+  bdb_include=
 else
-  have_seccomp=
+  AC_DEFINE(OLD_DB_COMPAT, 1, [Whether to support converting from old Berkeley DB-based Nix stores.])
 fi
-AC_SUBST(HAVE_SECCOMP, [$have_seccomp])
+AC_SUBST(bdb_lib)
+AC_SUBST(bdb_include)
 
+AC_ARG_WITH(aterm, AC_HELP_STRING([--with-aterm=PATH],
+  [prefix of CWI ATerm library]),
+  aterm=$withval, aterm=)
+AM_CONDITIONAL(HAVE_ATERM, test -n "$aterm")
+if test -z "$aterm"; then
+  aterm_lib='-L${top_builddir}/externals/inst-aterm/lib -lATerm'
+  aterm_include='-I${top_builddir}/externals/inst-aterm/include'
+  aterm_bin='${top_builddir}/externals/inst-aterm/bin'
+else
+  aterm_lib="-L$aterm/lib -lATerm"
+  aterm_include="-I$aterm/include"
+  aterm_bin="$aterm/bin"
+fi
+AC_SUBST(aterm_lib)
+AC_SUBST(aterm_include)
+AC_SUBST(aterm_bin)
 
-# Look for aws-cpp-sdk-s3.
-AC_LANG_PUSH(C++)
-AC_CHECK_HEADERS([aws/s3/S3Client.h],
-  [AC_DEFINE([ENABLE_S3], [1], [Whether to enable S3 support via aws-sdk-cpp.])
-  enable_s3=1], [enable_s3=])
-AC_SUBST(ENABLE_S3, [$enable_s3])
-AC_LANG_POP(C++)
-
-if test -n "$enable_s3"; then
-  declare -a aws_version_tokens=($(printf '#include <aws/core/VersionConfig.h>\nAWS_SDK_VERSION_STRING' | $CPP $CPPFLAGS - | grep -v '^#.*' | sed 's/"//g' | tr '.' ' '))
-  AC_DEFINE_UNQUOTED([AWS_VERSION_MAJOR], ${aws_version_tokens@<:@0@:>@}, [Major version of aws-sdk-cpp.])
-  AC_DEFINE_UNQUOTED([AWS_VERSION_MINOR], ${aws_version_tokens@<:@1@:>@}, [Minor version of aws-sdk-cpp.])
+AC_ARG_WITH(openssl, AC_HELP_STRING([--with-openssl=PATH],
+  [prefix of the OpenSSL library]),
+  openssl=$withval, openssl=)
+AM_CONDITIONAL(HAVE_OPENSSL, test -n "$openssl")
+if test -n "$openssl"; then
+  LDFLAGS="-L$openssl/lib -lcrypto $LDFLAGS"
+  CFLAGS="-I$openssl/include $CFLAGS"
+  CXXFLAGS="-I$openssl/include $CXXFLAGS"
+  AC_DEFINE(HAVE_OPENSSL, 1, [Whether to use OpenSSL.])
 fi
 
-
-# Whether to use the Boehm garbage collector.
-AC_ARG_ENABLE(gc, AC_HELP_STRING([--enable-gc],
-  [enable garbage collection in the Nix expression evaluator (requires Boehm GC) [default=yes]]),
-  gc=$enableval, gc=yes)
-if test "$gc" = yes; then
-  PKG_CHECK_MODULES([BDW_GC], [bdw-gc])
-  CXXFLAGS="$BDW_GC_CFLAGS $CXXFLAGS"
-  AC_DEFINE(HAVE_BOEHMGC, 1, [Whether to use the Boehm garbage collector.])
-fi
+AC_ARG_WITH(bzip2, AC_HELP_STRING([--with-bzip2=PATH],
+  [prefix of bzip2]),
+  bzip2=$withval, bzip2=)
+AM_CONDITIONAL(HAVE_BZIP2, test -n "$bzip2")
+if test -z "$bzip2"; then
+  # Headers and libraries will be used from the temporary installation
+  # in externals/inst-bzip2.
+  bzip2_lib='-L${top_builddir}/externals/inst-bzip2/lib -lbz2'
+  bzip2_include='-I${top_builddir}/externals/inst-bzip2/include'
+  # The binary will be copied to $libexecdir.
+  bzip2_bin='${libexecdir}/nix'
+  # But for testing, we have to use the temporary copy :-(
+  bzip2_bin_test='${top_builddir}/externals/inst-bzip2/bin'
+else
+  bzip2_lib="-L$bzip2/lib -lbz2"
+  bzip2_include="-I$bzip2/include"
+  bzip2_bin="$bzip2/bin"
+  bzip2_bin_test="$bzip2/bin"
+fi   
+AC_SUBST(bzip2_lib)
+AC_SUBST(bzip2_include)
+AC_SUBST(bzip2_bin)
+AC_SUBST(bzip2_bin_test)
 
 
-# Look for gtest.
-PKG_CHECK_MODULES([GTEST], [gtest_main])
+AC_CHECK_LIB(pthread, pthread_mutex_init)
 
 
-# documentation generation switch
-AC_ARG_ENABLE(doc-gen, AC_HELP_STRING([--disable-doc-gen],
-  [disable documentation generation]),
-  doc_generate=$enableval, doc_generate=yes)
-AC_SUBST(doc_generate)
+AC_ARG_ENABLE(init-state, AC_HELP_STRING([--disable-init-state],
+  [do not initialise DB etc. in `make install']),
+  init_state=$enableval, init_state=yes)
+AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes")
 
 
 # Setuid installations.
@@ -281,43 +281,53 @@ AC_CHECK_FUNCS([setresuid setreuid lchown])
 
 
 # Nice to have, but not essential.
-AC_CHECK_FUNCS([strsignal posix_fallocate sysconf])
+AC_CHECK_FUNCS([strsignal])
+AC_CHECK_FUNCS([posix_fallocate])
 
 
-# This is needed if bzip2 is a static library, and the Nix libraries
-# are dynamic.
+# This is needed if ATerm, Berkeley DB or bzip2 are static libraries,
+# and the Nix libraries are dynamic.
 if test "$(uname)" = "Darwin"; then
     LDFLAGS="-all_load $LDFLAGS"
 fi
 
 
-# Do we have GNU tar?
-AC_MSG_CHECKING([if you have a recent GNU tar])
-if $tar --version 2> /dev/null | grep -q GNU && tar cvf /dev/null --warning=no-timestamp ./config.log > /dev/null; then
-    AC_MSG_RESULT(yes)
-    tarFlags="--warning=no-timestamp"
-else
-    AC_MSG_RESULT(no)
+if test "$static_nix" = yes; then
+    # `-all-static' has to be added at the end of configure, because
+    # the C compiler doesn't know about -all-static (it's filtered out
+    # by libtool, but configure doesn't use libtool).
+    LDFLAGS="-all-static $LDFLAGS"
 fi
-AC_SUBST(tarFlags)
 
 
-AC_ARG_WITH(sandbox-shell, AC_HELP_STRING([--with-sandbox-shell=PATH],
-  [path of a statically-linked shell to use as /bin/sh in sandboxes]),
-  sandbox_shell=$withval)
-AC_SUBST(sandbox_shell)
-
-# Expand all variables in config.status.
-test "$prefix" = NONE && prefix=$ac_default_prefix
-test "$exec_prefix" = NONE && exec_prefix='${prefix}'
-for name in $ac_subst_vars; do
-    declare $name="$(eval echo "${!name}")"
-    declare $name="$(eval echo "${!name}")"
-    declare $name="$(eval echo "${!name}")"
-done
-
-rm -f Makefile.config
-
-AC_CONFIG_HEADER([config.h])
-AC_CONFIG_FILES([])
+AM_CONFIG_HEADER([config.h])
+AC_CONFIG_FILES([Makefile
+   externals/Makefile
+   src/Makefile
+   src/bin2c/Makefile
+   src/boost/Makefile
+   src/boost/format/Makefile
+   src/libutil/Makefile
+   src/libstore/Makefile
+   src/libmain/Makefile
+   src/nix-store/Makefile
+   src/nix-hash/Makefile
+   src/libexpr/Makefile
+   src/nix-instantiate/Makefile
+   src/nix-env/Makefile
+   src/nix-worker/Makefile
+   src/nix-setuid-helper/Makefile
+   src/nix-log2xml/Makefile
+   src/bsdiff-4.3/Makefile
+   scripts/Makefile
+   corepkgs/Makefile
+   corepkgs/nar/Makefile
+   corepkgs/buildenv/Makefile
+   corepkgs/channels/Makefile
+   doc/Makefile
+   doc/manual/Makefile
+   misc/Makefile
+   misc/emacs/Makefile
+   tests/Makefile
+  ])
 AC_OUTPUT

contrib/stack-collapse.py

@@ -1,38 +0,0 @@
-#!/usr/bin/env nix-shell
-#!nix-shell -i python3 -p python3 --pure
-
-# To be used with `--trace-function-calls` and `flamegraph.pl`.
-#
-# For example:
-#
-# nix-instantiate --trace-function-calls '<nixpkgs>' -A hello 2> nix-function-calls.trace
-# ./contrib/stack-collapse.py nix-function-calls.trace > nix-function-calls.folded
-# nix-shell -p flamegraph --run "flamegraph.pl nix-function-calls.folded > nix-function-calls.svg"
-
-import sys
-from pprint import pprint
-import fileinput
-
-stack = []
-timestack = []
-
-for line in fileinput.input():
-    components = line.strip().split(" ", 2)
-    if components[0] != "function-trace":
-        continue
-
-    direction = components[1]
-    components = components[2].rsplit(" ", 2)
-
-    loc = components[0]
-    _at = components[1]
-    time = int(components[2])
-
-    if direction == "entered":
-        stack.append(loc)
-        timestack.append(time)
-    elif direction == "exited":
-        dur = time - timestack.pop()
-        vst = ";".join(stack)
-        print(f"{vst} {dur}")
-        stack.pop()

corepkgs/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS = nar buildenv channels

corepkgs/buildenv/Makefile.am

@@ -0,0 +1,11 @@
+all-local: builder.pl
+
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs/buildenv
+	$(INSTALL_DATA) $(srcdir)/default.nix $(DESTDIR)$(datadir)/nix/corepkgs/buildenv
+	$(INSTALL_PROGRAM) builder.pl $(DESTDIR)$(datadir)/nix/corepkgs/buildenv
+
+include ../../substitute.mk
+
+EXTRA_DIST = default.nix builder.pl.in

corepkgs/buildenv/builder.pl.in

@@ -0,0 +1,163 @@
+#! @perl@ -w
+
+use strict;
+use Cwd;
+use IO::Handle;
+
+STDOUT->autoflush(1);
+
+my $out = $ENV{"out"};
+mkdir "$out", 0755 || die "error creating $out";
+
+
+my $symlinks = 0;
+
+my %priorities;
+
+
+# For each activated package, create symlinks.
+
+sub createLinks {
+    my $srcDir = shift;
+    my $dstDir = shift;
+    my $priority = shift;
+
+    my @srcFiles = glob("$srcDir/*");
+
+    foreach my $srcFile (@srcFiles) {
+        my $baseName = $srcFile;
+        $baseName =~ s/^.*\///g; # strip directory
+        my $dstFile = "$dstDir/$baseName";
+
+        # Urgh, hacky...
+	if ($srcFile =~ /\/propagated-build-inputs$/ ||
+            $srcFile =~ /\/nix-support$/ ||
+            $srcFile =~ /\/perllocal.pod$/ ||
+            $srcFile =~ /\/info\/dir$/ ||
+            $srcFile =~ /\/log$/)
+        {
+            # Do nothing.
+	}
+
+        elsif (-d $srcFile) {
+
+            lstat $dstFile;
+            
+            if (-d _) {
+                createLinks($srcFile, $dstFile, $priority);
+            }
+
+            elsif (-l _) {
+                my $target = readlink $dstFile or die;
+                if (!-d $target) {
+                    die "collission between directory `$srcFile' and non-directory `$target'";
+                }
+                unlink $dstFile or die "error unlinking `$dstFile': $!";
+                mkdir $dstFile, 0755 || 
+                    die "error creating directory `$dstFile': $!";
+                createLinks($target, $dstFile, $priorities{$dstFile});
+                createLinks($srcFile, $dstFile, $priority);
+            }
+
+            else {
+                symlink($srcFile, $dstFile) ||
+                    die "error creating link `$dstFile': $!";
+                $priorities{$dstFile} = $priority;
+                $symlinks++;
+            }
+        }
+
+        else {
+
+            if (-l $dstFile) {
+                my $target = readlink $dstFile;
+                my $prevPriority = $priorities{$dstFile};
+                die ( "Collission between `$srcFile' and `$target'. "
+                    . "Suggested solution: use `nix-env --set-flag "
+                    . "priority NUMBER PKGNAME' to change the priority of "
+                    . "one of the conflicting packages.\n" )
+                    if $prevPriority == $priority;
+                next if $prevPriority < $priority;
+                unlink $dstFile or die;
+            }
+            
+            symlink($srcFile, $dstFile) ||
+                die "error creating link `$dstFile': $!";
+            $priorities{$dstFile} = $priority;
+            $symlinks++;
+        }
+    }
+}
+
+
+my %done;
+my %postponed;
+
+sub addPkg;
+sub addPkg {
+    my $pkgDir = shift;
+    my $priority = shift;
+
+    return if (defined $done{$pkgDir});
+    $done{$pkgDir} = 1;
+
+#    print "symlinking $pkgDir\n";
+    createLinks("$pkgDir", "$out", $priority);
+
+    my $propagatedFN = "$pkgDir/nix-support/propagated-user-env-packages";
+    if (-e $propagatedFN) {
+        open PROP, "<$propagatedFN" or die;
+        my $propagated = <PROP>;
+        close PROP;
+        my @propagated = split ' ', $propagated;
+        foreach my $p (@propagated) {
+            $postponed{$p} = 1 unless defined $done{$p};
+        }
+    }
+}
+
+
+# Convert the stuff we get from the environment back into a coherent
+# data type.
+my @paths = split ' ', $ENV{"paths"};
+my @active = split ' ', $ENV{"active"};
+my @priority = split ' ', $ENV{"priority"};
+
+die if scalar @paths != scalar @active;
+die if scalar @paths != scalar @priority;
+
+my %pkgs;
+
+for (my $n = 0; $n < scalar @paths; $n++) {
+    $pkgs{$paths[$n]} =
+        { active => $active[$n]
+        , priority => $priority[$n] };
+}
+
+
+# Symlink to the packages that have been installed explicitly by the
+# user.
+foreach my $pkg (sort (keys %pkgs)) {
+    #print $pkg, " ", $pkgs{$pkg}->{priority}, "\n";
+    addPkg($pkg, $pkgs{$pkg}->{priority}) if $pkgs{$pkg}->{active} ne "false";
+}
+
+
+# Symlink to the packages that have been "propagated" by packages
+# installed by the user (i.e., package X declares that it want Y
+# installed as well).  We do these later because they have a lower
+# priority in case of collisions.
+my $priorityCounter = 1000; # don't care about collisions
+while (scalar(keys %postponed) > 0) {
+    my @pkgDirs = keys %postponed;
+    %postponed = ();
+    foreach my $pkgDir (sort @pkgDirs) {
+        addPkg($pkgDir, $priorityCounter++);
+    }
+}
+
+
+print STDERR "created $symlinks symlinks in user environment\n";
+
+
+symlink($ENV{"manifest"}, "$out/manifest") or die "cannot create manifest";

corepkgs/buildenv/default.nix

@@ -0,0 +1,14 @@
+{system, derivations, manifest}:
+
+derivation { 
+  name = "user-environment";
+  system = system;
+  builder = ./builder.pl;
+  
+  manifest = manifest;
+
+  # !!! grmbl, need structured data for passing this in a clean way.
+  paths = derivations;
+  active = map (x: if x ? meta && x.meta ? active then x.meta.active else "true") derivations;
+  priority = map (x: if x ? meta && x.meta ? priority then x.meta.priority else "5") derivations;
+}

corepkgs/channels/Makefile.am

@@ -0,0 +1,11 @@
+all-local: unpack.sh
+
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs/channels
+	$(INSTALL_DATA) $(srcdir)/unpack.nix $(DESTDIR)$(datadir)/nix/corepkgs/channels
+	$(INSTALL_PROGRAM) unpack.sh $(DESTDIR)$(datadir)/nix/corepkgs/channels
+
+include ../../substitute.mk
+
+EXTRA_DIST = unpack.nix unpack.sh.in

corepkgs/channels/unpack.nix

@@ -0,0 +1,7 @@
+{system, inputs}:
+
+derivation {
+  name = "channels";
+  builder = ./unpack.sh;
+  inherit system inputs;
+}

corepkgs/channels/unpack.sh.in

@@ -0,0 +1,32 @@
+#! @shell@ -e
+
+@coreutils@/mkdir $out
+@coreutils@/mkdir $out/tmp
+cd $out/tmp
+
+inputs=($inputs)
+for ((n = 0; n < ${#inputs[*]}; n += 2)); do
+    channelName=${inputs[n]}
+    channelTarball=${inputs[n+1]}
+    
+    echo "unpacking channel $channelName"
+    
+    @bunzip2@ < $channelTarball | @tar@ xf -
+
+    if test -e */channel-name; then
+        channelName="$(@coreutils@/cat */channel-name)"
+    fi
+
+    nr=1
+    attrName=$(echo $channelName | @tr@ -- '- ' '__')
+    dirName=$attrName
+    while test -e ../$dirName; do
+        nr=$((nr+1))
+        dirName=$attrName-$nr
+    done
+
+    @coreutils@/mv * ../$dirName # !!! hacky
+done
+
+cd ..
+@coreutils@/rmdir tmp

corepkgs/fetchurl.nix

@@ -1,41 +0,0 @@
-{ system ? "" # obsolete
-, url
-, hash ? "" # an SRI ash
-
-# Legacy hash specification
-, md5 ? "", sha1 ? "", sha256 ? "", sha512 ? ""
-, outputHash ?
-    if hash != "" then hash else if sha512 != "" then sha512 else if sha1 != "" then sha1 else if md5 != "" then md5 else sha256
-, outputHashAlgo ?
-    if hash != "" then "" else if sha512 != "" then "sha512" else if sha1 != "" then "sha1" else if md5 != "" then "md5" else "sha256"
-
-, executable ? false
-, unpack ? false
-, name ? baseNameOf (toString url)
-}:
-
-derivation {
-  builder = "builtin:fetchurl";
-
-  # New-style output content requirements.
-  inherit outputHashAlgo outputHash;
-  outputHashMode = if unpack || executable then "recursive" else "flat";
-
-  inherit name url executable unpack;
-
-  system = "builtin";
-
-  # No need to double the amount of network traffic
-  preferLocalBuild = true;
-
-  impureEnvVars = [
-    # We borrow these environment variables from the caller to allow
-    # easy proxy configuration.  This is impure, but a fixed-output
-    # derivation like fetchurl is allowed to do so since its result is
-    # by definition pure.
-    "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
-  ];
-
-  # To make "nix-prefetch-url" work.
-  urls = [ url ];
-}

corepkgs/local.mk

@@ -1,5 +0,0 @@
-corepkgs_FILES = \
-  fetchurl.nix \
-  module.nix
-
-$(foreach file,$(corepkgs_FILES),$(eval $(call install-data-in,$(d)/$(file),$(datadir)/nix/corepkgs)))

corepkgs/module.nix

@@ -1,48 +0,0 @@
-with builtins;
-
-let
-
-  showPos = pos:
-    if pos == null
-    then "<unknown location>"
-    else "${pos.file}:${toString pos.line}:${toString pos.column}";
-
-  getAnyPos = attrs:
-    builtins.foldl' (prev: name: if prev == null then builtins.unsafeGetAttrPos name attrs else prev) null (builtins.attrNames attrs);
-
-in
-
-{ doc ? null, extends ? [], options ? {}, config ? ({ config }: {}) } @ inArgs:
-
-let thisModule = rec {
-  type = "module";
-
-  _module = {
-    inherit extends options config;
-  } // (if doc != null then { inherit doc; } else {});
-
-  _allModules = [thisModule] ++ builtins.concatLists (map (mod: assert mod.type or "<untyped>" == "module"; mod._allModules) extends);
-
-  _allOptions = builtins.foldl' (xs: mod: xs // mod._module.options) {} _allModules;
-
-  _allConfigs = map (mod: mod._module.config { config = final; }) _allModules;
-
-  _allDefinitions = builtins.mapAttrs (name: value: map (x: x) (builtins.catAttrs name _allConfigs)) _allOptions;
-
-  final = builtins.mapAttrs
-    (name: defs:
-      if defs == []
-      then
-        _allOptions.${name}.default
-          or (throw "Option '${name}' is not defined by module at ${showPos (getAnyPos inArgs)} and has no default value.")
-      else
-        # FIXME: support merge functions.
-        if builtins.isList (builtins.head defs)
-        then builtins.concatLists defs
-        else
-          if builtins.isAttrs (builtins.head defs)
-          then builtins.foldl' (xs: ys: xs // ys) {} defs
-          else builtins.head defs)
-    _allDefinitions;
-
-}; in thisModule

corepkgs/nar/Makefile.am

@@ -0,0 +1,11 @@
+all-local: nar.sh
+
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs/nar
+	$(INSTALL_DATA) $(srcdir)/nar.nix $(DESTDIR)$(datadir)/nix/corepkgs/nar
+	$(INSTALL_PROGRAM) nar.sh $(DESTDIR)$(datadir)/nix/corepkgs/nar
+
+include ../../substitute.mk
+
+EXTRA_DIST = nar.nix nar.sh.in

corepkgs/nar/nar.nix

@@ -0,0 +1,7 @@
+{system, storePath, hashAlgo}: 
+
+derivation {
+  name = "nar";
+  builder = ./nar.sh;
+  inherit system storePath hashAlgo;
+}

corepkgs/nar/nar.sh.in

@@ -0,0 +1,14 @@
+#! @shell@ -e
+
+echo "packing $storePath into $out..."
+@coreutils@/mkdir $out
+dst=$out/tmp.nar.bz2
+@bindir@/nix-store --dump "$storePath" > tmp
+
+@bzip2@ < tmp > $dst
+
+@bindir@/nix-hash -vvvvv --flat --type $hashAlgo --base32 tmp > $out/nar-hash
+
+@bindir@/nix-hash --flat --type $hashAlgo --base32 $dst > $out/narbz2-hash
+
+@coreutils@/mv $out/tmp.nar.bz2 $out/$(@coreutils@/cat $out/narbz2-hash).nar.bz2

default.nix

@@ -1,3 +0,0 @@
-(import (fetchTarball https://github.com/edolstra/flake-compat/archive/master.tar.gz) {
-  src = ./.;
-}).defaultNix

doc/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS = manual

doc/dev/release-procedures.txt

@@ -0,0 +1,33 @@
+To produce a `stable' release from the trunk:
+
+-1. Update the release notes; make sure that the release date is
+    correct.
+
+0. Make sure that the trunk builds in the release supervisor.
+
+1. Branch the trunk, e.g., `svn cp .../trunk
+   .../branches/0.5-release'.
+
+2. Switch to the branch, e.g., `svn switch .../branches/0.5-release'.
+
+3. In `configure.ac', change `STABLE=0' into `STABLE=1' and commit.
+
+4. In the release supervisor, add a one-time job to build
+   `.../branches/0.5-release'.
+
+5. Make sure that the release succeeds.
+
+6. Move the branch to a tag, e.g., `svn mv .../branches/0.5-release
+   .../tags/0.5'.
+
+   Note that the branch should not be used for maintenance; it should
+   be deleted after the release has been created.  A maintenance
+   branch (e.g., `.../branches/0.5') should be created from the
+   original revision of the trunk (since maintenance releases should
+   also be tested first; hence, we cannot have `STABLE=1').  The same
+   procedure can then be followed to produce maintenance releases;
+   just substitute `.../branches/VERSION' for the trunk.
+
+7. Switch back to the trunk.
+
+8. Bump the version number in `configure.ac' (in AC_INIT).

doc/manual/Makefile.am

@@ -0,0 +1,102 @@
+XMLLINT = $(xmllint) $(xmlflags)
+XSLTPROC = $(xsltproc) $(xmlflags) \
+ --param section.autolabel 1 \
+ --param section.label.includes.component.label 1 \
+ --param html.stylesheet \'style.css\' \
+ --param xref.with.number.and.title 1 \
+ --param toc.section.depth 3 \
+ --param admon.style \'\' \
+ --param callout.graphics.extension \'.gif\'
+
+# Note: we use GIF for now, since the PNGs shipped with Docbook aren't
+# transparent.
+
+man1_MANS = nix-env.1 nix-build.1 nix-store.1 nix-instantiate.1 \
+ nix-collect-garbage.1 nix-push.1 nix-pull.1 \
+ nix-prefetch-url.1 nix-channel.1 \
+ nix-install-package.1 nix-hash.1 nix-copy-closure.1
+
+man8_MANS = nix-worker.8
+
+FIGURES = figures/user-environments.png
+
+MANUAL_SRCS = manual.xml introduction.xml installation.xml \
+ package-management.xml writing-nix-expressions.xml builtins.xml \
+ build-farm.xml \
+ $(man1_MANS:.1=.xml) $(man8_MANS:.8=.xml) \
+ troubleshooting.xml bugs.xml opt-common.xml opt-common-syn.xml \
+ env-common.xml quick-start.xml nix-lang-ref.xml glossary.xml \
+ conf-file.xml release-notes.xml \
+ style.css images
+
+manual.is-valid: $(MANUAL_SRCS) version.txt
+#	$(XMLLINT) --xinclude $< | $(XMLLINT) --noout --nonet --relaxng $(docbookrng)/docbook.rng -
+	if test "$(jing)" != "false"; then \
+		$(XMLLINT) --xinclude $< | $(jing) $(docbookrng)/docbook.rng /dev/fd/0; \
+	else \
+		echo "Not validating."; \
+	fi
+	touch $@
+
+version.txt:
+	echo -n $(VERSION) > version.txt
+
+man $(MANS): $(MANUAL_SRCS) manual.is-valid
+	$(XSLTPROC) --nonet --xinclude $(docbookxsl)/manpages/docbook.xsl manual.xml
+
+manual.html: $(MANUAL_SRCS) manual.is-valid images
+	$(XSLTPROC) --nonet --xinclude --output manual.html \
+	  $(docbookxsl)/html/docbook.xsl manual.xml
+
+manual.pdf: $(MANUAL_SRCS) manual.is-valid images
+	if test "$(dblatex)" != ""; then \
+		$(dblatex) manual.xml; \
+	else \
+		echo "Please install dblatex and rerun configure."; \
+		exit 1; \
+	fi
+
+
+NEWS_OPTS = \
+ --stringparam generate.toc "article nop" \
+ --stringparam section.autolabel.max.depth 0 \
+ --stringparam header.rule 0
+
+NEWS.html: release-notes.xml
+	$(XSLTPROC) --nonet --xinclude --output $@ $(NEWS_OPTS) \
+	  $(docbookxsl)/html/docbook.xsl release-notes.xml
+
+NEWS.txt: release-notes.xml
+	$(XSLTPROC) --nonet --xinclude quote-literals.xsl release-notes.xml | \
+	  $(XSLTPROC) --nonet --output $@.tmp.html $(NEWS_OPTS) \
+	  $(docbookxsl)/html/docbook.xsl -
+	LANG=en_US $(w3m) -dump $@.tmp.html > $@
+	rm $@.tmp.html
+
+
+all-local: manual.html NEWS.html NEWS.txt
+
+install-data-local: manual.html
+	$(INSTALL) -d $(DESTDIR)$(docdir)/manual
+	$(INSTALL_DATA) manual.html $(DESTDIR)$(docdir)/manual
+	ln -sf manual.html $(DESTDIR)$(docdir)/manual/index.html
+	$(INSTALL_DATA) style.css $(DESTDIR)$(docdir)/manual
+	cp -r images $(DESTDIR)$(docdir)/manual/images
+	$(INSTALL) -d $(DESTDIR)$(docdir)/manual/figures
+	$(INSTALL_DATA) $(FIGURES) $(DESTDIR)$(docdir)/manual/figures
+	$(INSTALL) -d $(DESTDIR)$(docdir)/release-notes
+	$(INSTALL_DATA) NEWS.html $(DESTDIR)$(docdir)/release-notes/index.html
+	$(INSTALL_DATA) style.css $(DESTDIR)$(docdir)/release-notes/
+
+images:
+	mkdir images
+#	cp $(docbookxsl)/images/*.gif images
+	mkdir images/callouts
+	cp $(docbookxsl)/images/callouts/*.gif images/callouts
+	chmod -R +w images
+
+KEEP = manual.html manual.is-valid version.txt $(MANS) NEWS.html NEWS.txt
+
+EXTRA_DIST = $(MANUAL_SRCS) $(FIGURES) $(KEEP)
+
+DISTCLEANFILES = $(KEEP)

doc/manual/book.toml

@@ -1,2 +0,0 @@
-[output.html]
-additional-css = ["custom.css"]

doc/manual/bugs.xml

@@ -0,0 +1,39 @@
+<appendix xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink">
+
+<title>Bugs / To-Do</title>
+
+
+<itemizedlist>
+
+<listitem><para>The man-pages generated from the DocBook documentation
+are ugly.</para></listitem>
+
+<listitem><para>Generations properly form a tree.  E.g., if after
+switching to generation 39, we perform an installation action, a
+generation 43 is created which is a descendant of 39, not 42.  So a
+rollback from 43 ought to go back to 39.  This is not currently
+implemented; generations form a linear sequence.</para></listitem>
+
+<listitem><para>For security, <command>nix-push</command> manifests
+should be digitally signed, and <command>nix-pull</command> should
+verify the signatures.  The actual NAR archives in the cache do not
+need to be signed, since the manifest contains cryptographic hashes of
+these files (and <filename>fetchurl.nix</filename> checks
+them).</para></listitem>
+
+<listitem><para>It would be useful to have an option in
+<command>nix-env --delete-generations</command> to remove non-current
+generations older than a certain age.</para></listitem>
+
+<listitem><para>There should be a flexible way to change the user
+environment builder.  Currently, you have to replace
+<filename><replaceable>prefix</replaceable>/share/nix/corepkgs/buildenv/builder.pl</filename>,
+which is hard-coded into <command>nix-env</command>.  Also, the
+default builder should be more powerful.  For instance, there should
+be some way to specify priorities to resolve
+collisions.</para></listitem>
+
+</itemizedlist>
+
+</appendix>

doc/manual/build-farm.xml

@@ -0,0 +1,137 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id='chap-build-farm'>
+
+<title>Setting up a Build Farm</title>
+
+
+<para>This chapter provides some sketchy information on how to set up
+a Nix-based build farm.  Nix is particularly suited as a basis for a
+build farm, since:
+
+<itemizedlist>
+
+  <listitem><para>Nix supports distributed builds: a local Nix
+  installation can forward Nix builds to other machines over the
+  network.  This allows multiple builds to be performed in parallel
+  (thus improving performance), but more in importantly, it allows Nix
+  to perform multi-platform builds in a semi-transparent way.  For
+  instance, if you perform a build for a
+  <literal>powerpc-darwin</literal> on an
+  <literal>i686-linux</literal> machine, Nix can automatically forward
+  the build to a <literal>powerpc-darwin</literal> machine, if
+  available.</para></listitem>
+
+  <listitem><para>The Nix expression language is ideal for describing
+  build jobs, plus all their dependencies.  For instance, if your
+  package has some dependency, you don't have to manually install it
+  on all the machines in the build farm; they will be built
+  automatically.</para></listitem>
+
+  <listitem><para>Proper release management requires that builds (if
+  deployed) are traceable: it should be possible to figure out from
+  exactly what sources they were built, in what configuration, etc.;
+  and it should be possible to reproduce the build, if necessary.  Nix
+  makes this possible since Nix's hashing scheme uniquely identifies
+  builds, and Nix expressions are self-contained.</para></listitem>
+
+  <listitem><para>Nix will only rebuild things that have actually
+  changed.  For instance, if the sources of a package haven't changed
+  between runs of the build farm, the package won't be rebuilt (unless
+  it was garbage-collected).  Also, dependencies typically don't
+  change very often, so they only need to be built
+  once.</para></listitem>
+
+  <listitem><para>The results of a Nix build farm can be made
+  available through a channel, so successful builds can be deployed to
+  users immediately.</para></listitem>
+
+</itemizedlist>
+
+</para>
+
+
+<section><title>Overview</title>
+
+<para>TODO</para>
+
+<para>The sources of the Nix build farm are at <link
+xlink:href='https://svn.nixos.org/repos/nix/release/trunk'/>.</para>
+
+</section>
+
+
+<section xml:id='sec-distributed-builds'><title>Setting up distributed builds</title>
+
+<para>You can enable distributed builds by setting the environment
+variable <envar>NIX_BUILD_HOOK</envar> to point to a program that Nix
+will call whenever it wants to build a derivation.  The build hook
+(typically a shell or Perl script) can decline the build, in which Nix
+will perform it in the usual way if possible, or it can accept it, in
+which case it is responsible for somehow getting the inputs of the
+build to another machine, doing the build there, and getting the
+results back.  The details of the build hook protocol are described in
+the documentation of the <link
+linkend="envar-build-hook"><envar>NIX_BUILD_HOOK</envar>
+variable</link>.</para>
+
+<example xml:id='ex-remote-systems'><title>Remote machine configuration:
+<filename>remote-systems.conf</filename></title>
+<programlisting>
+nix@mcflurry.labs.cs.uu.nl  powerpc-darwin  /home/nix/.ssh/id_quarterpounder_auto  2
+nix@scratchy.labs.cs.uu.nl  i686-linux      /home/nix/.ssh/id_scratchy_auto        1
+</programlisting>
+</example>
+
+<para>An example build hook can be found in the Nix build farm
+sources: <link
+xlink:href='https://svn.nixos.org/repos/nix/release/trunk/common/distributed/build-remote.pl'
+/>.  It should be suitable for most purposes, with maybe some minor
+adjustments.  It uses <command>ssh</command> and
+<command>rsync</command> to copy the build inputs and outputs and
+perform the remote build.  You should define a list of available build
+machines and set the environment variable
+<envar>REMOTE_SYSTEMS</envar> to point to it.  An example
+configuration is shown in <xref linkend='ex-remote-systems' />.  Each
+line in the file specifies a machine, with the following bits of
+information:
+
+<orderedlist>
+  
+  <listitem><para>The name of the remote machine, with optionally the
+  user under which the remote build should be performed.  This is
+  actually passed as an argument to <command>ssh</command>, so it can
+  be an alias defined in your
+  <filename>~/.ssh/config</filename>.</para></listitem>
+
+  <listitem><para>The Nix platform type identifier, such as
+  <literal>powerpc-darwin</literal>.</para></listitem>
+
+  <listitem><para>The SSH private key to be used to log in to the
+  remote machine.  Since builds should be non-interactive, this key
+  should not have a passphrase!</para></listitem>
+
+  <listitem><para>The maximum <quote>load</quote> of the remote
+  machine.  This is just the maximum number of jobs that
+  <filename>build-remote.pl</filename> will execute in parallel on the
+  machine.  Typically this should be equal to the number of
+  CPUs.</para></listitem>
+
+</orderedlist>
+
+You should also set up the environment variable
+<envar>CURRENT_LOAD</envar> to point at a file that
+<filename>build-remote.pl</filename> uses to remember how many jobs it
+is currently executing remotely.  It doesn't look at the actual load
+on the remote machine, so if you have multiple instances of Nix
+running, they should use the same <envar>CURRENT_LOAD</envar>
+file<footnote><para>Although there are probably some race conditions
+in the script right now.</para></footnote>.  Maybe in the future
+<filename>build-remote.pl</filename> will look at the actual remote
+load.  The load file should exist, so you should just create it as an
+empty file initially.</para>
+  
+</section>
+
+
+</chapter>

doc/manual/builtins.xml

@@ -0,0 +1,841 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id='ssec-builtins'>
+
+<title>Built-in functions</title>
+
+
+<para>This section lists the functions and constants built into the
+Nix expression evaluator.  (The built-in function
+<function>derivation</function> is discussed above.)  Some built-ins,
+such as <function>derivation</function>, are always in scope of every
+Nix expression; you can just access them right away.  But to prevent
+polluting the namespace too much, most built-ins are not in scope.
+Instead, you can access them through the <varname>builtins</varname>
+built-in value, which is an attribute set that contains all built-in
+functions and values.  For instance, <function>derivation</function>
+is also available as <function>builtins.derivation</function>.</para>
+
+
+<variablelist>
+
+  
+  <varlistentry><term><function>abort</function> <replaceable>s</replaceable></term>
+
+    <listitem><para>Abort Nix expression evaluation, print error
+    message <replaceable>s</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.add</function>
+  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
+
+    <listitem><para>Return the sum of the integers
+    <replaceable>e1</replaceable> and
+    <replaceable>e2</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.attrNames</function>
+  <replaceable>attrs</replaceable></term>
+
+    <listitem><para>Return the names of the attributes in the
+    attribute set <replaceable>attrs</replaceable> in a sorted list.
+    For instance, <literal>builtins.attrNames {y = 1; x =
+    "foo";}</literal> evaluates to <literal>["x" "y"]</literal>.
+    There is no built-in function <function>attrValues</function>, but
+    you can easily define it yourself:
+
+<programlisting>
+attrValues = attrs: map (name: builtins.getAttr name attrs) (builtins.attrNames attrs);</programlisting>
+
+    </para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>baseNameOf</function> <replaceable>s</replaceable></term>
+
+    <listitem><para>Return the <emphasis>base name</emphasis> of the
+    string <replaceable>s</replaceable>, that is, everything following
+    the final slash in the string.  This is similar to the GNU
+    <command>basename</command> command.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><varname>builtins</varname></term>
+
+    <listitem><para>The attribute set <varname>builtins</varname>
+    contains all the built-in functions and values.  You can use
+    <varname>builtins</varname> to test for the availability of
+    features in the Nix installation, e.g.,
+
+<programlisting>
+if builtins ? getEnv then builtins.getEnv "PATH" else ""</programlisting>
+
+    This allows a Nix expression to fall back gracefully on older Nix
+    installations that don’t have the desired built-in
+    function.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.compareVersions</function>
+  <replaceable>s1</replaceable> <replaceable>s2</replaceable></term>
+
+    <listitem><para>Compare two strings representing versions and
+    return <literal>-1</literal> if version
+    <replaceable>s1</replaceable> is older than version
+    <replaceable>s2</replaceable>, <literal>0</literal> if they are
+    the same, and <literal>1</literal> if
+    <replaceable>s1</replaceable> is newer than
+    <replaceable>s2</replaceable>.  The version comparison algorithm
+    is the same as the one used by <link
+    linkend="ssec-version-comparisons"><command>nix-env
+    -u</command></link>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry
+  xml:id='builtin-currentSystem'><term><varname>builtins.currentSystem</varname></term>
+
+    <listitem><para>The built-in value <varname>currentSystem</varname>
+    evaluates to the Nix platform identifier for the Nix installation
+    on which the expression is being evaluated, such as
+    <literal>"i686-linux"</literal> or
+    <literal>"powerpc-darwin"</literal>.</para></listitem>
+
+  </varlistentry>
+
+
+  <!--
+  <varlistentry><term><function>currentTime</function></term>
+
+    <listitem><para>The built-in value <varname>currentTime</varname>
+    returns the current system time in seconds since 00:00:00 1/1/1970
+    UTC.  Due to the evaluation model of Nix expressions
+    (<emphasis>maximal laziness</emphasis>), it always yields the same
+    value within an execution of Nix.</para></listitem>
+
+  </varlistentry>
+  -->
+
+  
+  <!--
+  <varlistentry><term><function>dependencyClosure</function></term>
+
+    <listitem><para>TODO</para></listitem>
+
+  </varlistentry>
+  -->
+
+  
+  <varlistentry><term><function>derivation</function>
+  <replaceable>attrs</replaceable></term>
+
+    <listitem><para><function>derivation</function> is described in
+    <xref linkend='ssec-derivation' />.</para></listitem>
+
+  </varlistentry>
+
+
+  <varlistentry><term><function>dirOf</function> <replaceable>s</replaceable></term>
+
+    <listitem><para>Return the directory part of the string
+    <replaceable>s</replaceable>, that is, everything before the final
+    slash in the string.  This is similar to the GNU
+    <command>dirname</command> command.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.div</function>
+  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
+
+    <listitem><para>Return the quotient of the integers
+    <replaceable>e1</replaceable> and
+    <replaceable>e2</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.filterSource</function>
+  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
+
+    <listitem>
+
+      <para>This function allows you to copy sources into the Nix
+      store while filtering certain files.  For instance, suppose that
+      you want to use the directory <filename>source-dir</filename> as
+      an input to a Nix expression, e.g.
+
+<programlisting>
+stdenv.mkDerivation {
+  ...
+  src = ./source-dir;
+}
+</programlisting>
+
+      However, if <filename>source-dir</filename> is a Subversion
+      working copy, then all those annoying <filename>.svn</filename>
+      subdirectories will also be copied to the store.  Worse, the
+      contents of those directories may change a lot, causing lots of
+      spurious rebuilds.  With <function>filterSource</function> you
+      can filter out the <filename>.svn</filename> directories:
+
+<programlisting>
+  src = builtins.filterSource
+    (path: type: type != "directory" || baseNameOf path != ".svn")
+    ./source-dir;
+</programlisting>
+
+      </para>
+
+      <para>Thus, the first argument <replaceable>e1</replaceable>
+      must be a predicate function that is called for each regular
+      file, directory or symlink in the source tree
+      <replaceable>e2</replaceable>.  If the function returns
+      <literal>true</literal>, the file is copied to the Nix store,
+      otherwise it is omitted.  The function is called with two
+      arguments.  The first is the full path of the file.  The second
+      is a string that identifies the type of the file, which is
+      either <literal>"regular"</literal>,
+      <literal>"directory"</literal>, <literal>"symlink"</literal> or
+      <literal>"unknown"</literal> (for other kinds of files such as
+      device nodes or fifos — but note that those cannot be copied to
+      the Nix store, so if the predicate returns
+      <literal>true</literal> for them, the copy will fail).</para>
+
+    </listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.getAttr</function>
+  <replaceable>s</replaceable> <replaceable>attrs</replaceable></term>
+
+    <listitem><para><function>getAttr</function> returns the attribute
+    named <replaceable>s</replaceable> from the attribute set
+    <replaceable>attrs</replaceable>.  Evaluation aborts if the
+    attribute doesn’t exist.  This is a dynamic version of the
+    <literal>.</literal> operator, since <replaceable>s</replaceable>
+    is an expression rather than an identifier.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.getEnv</function>
+  <replaceable>s</replaceable></term>
+
+    <listitem><para><function>getEnv</function> returns the value of
+    the environment variable <replaceable>s</replaceable>, or an empty
+    string if the variable doesn’t exist.  This function should be
+    used with care, as it can introduce all sorts of nasty environment
+    dependencies in your Nix expression.</para>
+
+    <para><function>getEnv</function> is used in Nix Packages to
+    locate the file <filename>~/.nixpkgs/config.nix</filename>, which
+    contains user-local settings for Nix Packages.  (That is, it does
+    a <literal>getEnv "HOME"</literal> to locate the user’s home
+    directory.)</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.hasAttr</function>
+  <replaceable>s</replaceable> <replaceable>attrs</replaceable></term>
+
+    <listitem><para><function>hasAttr</function> returns
+    <literal>true</literal> if the attribute set
+    <replaceable>attrs</replaceable> has an attribute named
+    <replaceable>s</replaceable>, and <literal>false</literal>
+    otherwise.  This is a dynamic version of the <literal>?</literal>
+    operator, since <replaceable>s</replaceable> is an expression
+    rather than an identifier.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.head</function>
+  <replaceable>list</replaceable></term>
+
+    <listitem><para>Return the first element of a list; abort
+    evaluation if the argument isn’t a list or is an empty list.  You
+    can test whether a list is empty by comparing it with
+    <literal>[]</literal>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>import</function>
+  <replaceable>path</replaceable></term>
+
+    <listitem><para>Load, parse and return the Nix expression in the
+    file <replaceable>path</replaceable>.  Evaluation aborts if the
+    file doesn’t exist or contains an incorrect Nix
+    expression.  <function>import</function> implements Nix’s module
+    system: you can put any Nix expression (such as an attribute set
+    or a function) in a separate file, and use it from Nix expressions
+    in other files.</para>
+
+    <para>A Nix expression loaded by <function>import</function> must
+    not contain any <emphasis>free variables</emphasis> (identifiers
+    that are not defined in the Nix expression itself and are not
+    built-in).  Therefore, it cannot refer to variables that are in
+    scope at the call site.  For instance, if you have a calling
+    expression
+    
+<programlisting>
+rec {
+  x = 123;
+  y = import ./foo.nix;
+}</programlisting>
+
+    then the following <filename>foo.nix</filename> will give an
+    error:
+
+<programlisting>
+x + 456</programlisting>
+
+    since <varname>x</varname> is not in scope in
+    <filename>foo.nix</filename>.  If you want <varname>x</varname>
+    to be available in <filename>foo.nix</filename>, you should pass
+    it as a function argument:
+
+<programlisting>
+rec {
+  x = 123;
+  y = import ./foo.nix x;
+}</programlisting>
+
+    and
+
+<programlisting>
+x: x + 456</programlisting>
+
+    (The function argument doesn’t have to be called
+    <varname>x</varname> in <filename>foo.nix</filename>; any name
+    would work.)</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.isAttrs</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return <literal>true</literal> if
+    <replaceable>e</replaceable> evaluates to an attribute set, and
+    <literal>false</literal> otherwise.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.isList</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return <literal>true</literal> if
+    <replaceable>e</replaceable> evaluates to a list, and
+    <literal>false</literal> otherwise.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.isFunction</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return <literal>true</literal> if
+    <replaceable>e</replaceable> evaluates to a function, and
+    <literal>false</literal> otherwise.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.isString</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return <literal>true</literal> if
+    <replaceable>e</replaceable> evaluates to a string, and
+    <literal>false</literal> otherwise.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.isInt</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return <literal>true</literal> if
+    <replaceable>e</replaceable> evaluates to a int, and
+    <literal>false</literal> otherwise.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.isBool</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return <literal>true</literal> if
+    <replaceable>e</replaceable> evaluates to a bool, and
+    <literal>false</literal> otherwise.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>isNull</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return <literal>true</literal> if
+    <replaceable>e</replaceable> evaluates to <literal>null</literal>,
+    and <literal>false</literal> otherwise.</para>
+
+    <warning><para>This function is <emphasis>deprecated</emphasis>;
+    just write <literal>e == null</literal> instead.</para></warning>
+    
+    </listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.length</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return the length of the list
+    <replaceable>e</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.lessThan</function>
+  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
+
+    <listitem><para>Return <literal>true</literal> if the integer
+    <replaceable>e1</replaceable> is less than the integer
+    <replaceable>e2</replaceable>, and <literal>false</literal>
+    otherwise.  Evaluation aborts if either
+    <replaceable>e1</replaceable> or <replaceable>e2</replaceable>
+    does not evaluate to an integer.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.listToAttrs</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Construct an attribute set from a list specifying
+    the names and values of each attribute.  Each element of the list
+    should be an attribute set consisting of a string-valued attribute
+    <varname>name</varname> specifying the name of the attribute, and
+    an attribute <varname>value</varname> specifying its value.
+    Example:
+
+<programlisting>
+builtins.listToAttrs [
+  {name = "foo"; value = 123;}
+  {name = "bar"; value = 456;}
+]
+</programlisting>
+
+    evaluates to
+
+<programlisting>
+{ foo = 123; bar = 456; }
+</programlisting>
+
+    </para></listitem>
+
+  </varlistentry>
+  
+  <varlistentry><term><function>map</function>
+  <replaceable>f</replaceable> <replaceable>list</replaceable></term>
+
+    <listitem><para>Apply the function <replaceable>f</replaceable> to
+    each element in the list <replaceable>list</replaceable>.  For
+    example,
+
+<programlisting>
+map (x: "foo" + x) ["bar" "bla" "abc"]</programlisting>
+
+    evaluates to <literal>["foobar" "foobla"
+    "fooabc"]</literal>.</para></listitem>
+    
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.mul</function>
+  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
+
+    <listitem><para>Return the product of the integers
+    <replaceable>e1</replaceable> and
+    <replaceable>e2</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.parseDrvName</function>
+  <replaceable>s</replaceable></term>
+
+    <listitem><para>Split the string <replaceable>s</replaceable> into
+    a package name and version.  The package name is everything up to
+    but not including the first dash followed by a digit, and the
+    version is everything following that dash.  The result is returned
+    in an attribute set <literal>{name, version}</literal>.  Thus,
+    <literal>builtins.parseDrvName "nix-0.12pre12876"</literal>
+    returns <literal>{name = "nix"; version =
+    "0.12pre12876";}</literal>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.pathExists</function>
+  <replaceable>path</replaceable></term>
+
+    <listitem><para>Return <literal>true</literal> if the path
+    <replaceable>path</replaceable> exists, and
+    <literal>false</literal> otherwise.  One application of this
+    function is to conditionally include a Nix expression containing
+    user configuration:
+
+<programlisting>
+let
+  fileName = builtins.getEnv "CONFIG_FILE";
+  config =
+    if fileName != "" &amp;&amp; builtins.pathExists (builtins.toPath fileName)
+    then import (builtins.toPath fileName)
+    else { someSetting = false; }; <lineannotation># default configuration</lineannotation>
+in config.someSetting</programlisting>
+
+    (Note that <envar>CONFIG_FILE</envar> must be an absolute path for
+    this to work.)</para></listitem>
+
+  </varlistentry>
+
+
+  <!--
+  <varlistentry><term><function>relativise</function></term>
+
+    <listitem><para>TODO</para></listitem>
+
+  </varlistentry>
+  -->
+
+  
+  <varlistentry><term><function>builtins.readFile</function>
+  <replaceable>path</replaceable></term>
+
+    <listitem><para>Return the contents of the file
+    <replaceable>path</replaceable> as a string.</para></listitem>
+
+  </varlistentry>
+  
+  
+  <varlistentry><term><function>removeAttrs</function>
+  <replaceable>attrs</replaceable> <replaceable>list</replaceable></term>
+
+    <listitem><para>Remove the attributes listed in
+    <replaceable>list</replaceable> from the attribute set
+    <replaceable>attrs</replaceable>.  The attributes don’t have to
+    exist in <replaceable>attrs</replaceable>. For instance,
+
+<screen>
+removeAttrs { x = 1; y = 2; z = 3; } ["a" "x" "z"]</screen>
+
+    evaluates to <literal>{y = 2;}</literal>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.stringLength</function>
+  <replaceable>e</replaceable></term>
+
+    <listitem><para>Return the length of the string
+    <replaceable>e</replaceable>.  If <replaceable>e</replaceable> is
+    not a string, evaluation is aborted.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.sub</function>
+  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
+
+    <listitem><para>Return the difference between the integers
+    <replaceable>e1</replaceable> and
+    <replaceable>e2</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.substring</function>
+  <replaceable>start</replaceable> <replaceable>len</replaceable>
+  <replaceable>s</replaceable></term>
+
+    <listitem><para>Return the substring of
+    <replaceable>s</replaceable> from character position
+    <replaceable>start</replaceable> (zero-based) up to but not
+    including <replaceable>start + len</replaceable>.  If
+    <replaceable>start</replaceable> is greater than the length of the
+    string, an empty string is returned, and if <replaceable>start +
+    len</replaceable> lies beyond the end of the string, only the
+    substring up to the end of the string is returned.
+    <replaceable>start</replaceable> must be
+    non-negative.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.tail</function>
+  <replaceable>list</replaceable></term>
+
+    <listitem><para>Return the second to last elements of a list;
+    abort evaluation if the argument isn’t a list or is an empty
+    list.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>throw</function>
+  <replaceable>s</replaceable></term>
+
+    <listitem><para>Throw an error message
+    <replaceable>s</replaceable>.  This usually aborts Nix expression
+    evaluation, but in <command>nix-env -qa</command> and other
+    commands that try to evaluate a set of derivations to get
+    information about those derivations, a derivation that throws an
+    error is silently skipped (which is not the case for
+    <function>abort</function>).</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry
+  xml:id='builtin-toFile'><term><function>builtins.toFile</function>
+  <replaceable>name</replaceable> <replaceable>s</replaceable></term>
+
+    <listitem><para>Store the string <replaceable>s</replaceable> in a
+    file in the Nix store and return its path.  The file has suffix
+    <replaceable>name</replaceable>.  This file can be used as an
+    input to derivations.  One application is to write builders
+    “inline”.  For instance, the following Nix expression combines
+    <xref linkend='ex-hello-nix' /> and <xref
+    linkend='ex-hello-builder' /> into one file:
+
+<programlisting>
+{stdenv, fetchurl, perl}:
+
+stdenv.mkDerivation {
+  name = "hello-2.1.1";
+  
+  builder = builtins.toFile "builder.sh" "
+    source $stdenv/setup
+
+    PATH=$perl/bin:$PATH
+
+    tar xvfz $src
+    cd hello-*
+    ./configure --prefix=$out
+    make
+    make install
+  ";
+
+  src = fetchurl {
+    url = http://nix.cs.uu.nl/dist/tarballs/hello-2.1.1.tar.gz;
+    md5 = "70c9ccf9fac07f762c24f2df2290784d";
+  };
+  inherit perl;
+}</programlisting>
+  
+    </para>
+
+    <para>It is even possible for one file to refer to another, e.g.,
+
+<programlisting>
+  builder = let
+    configFile = builtins.toFile "foo.conf" "
+      # This is some dummy configuration file.
+      <replaceable>...</replaceable>
+    ";
+  in builtins.toFile "builder.sh" "
+    source $stdenv/setup
+    <replaceable>...</replaceable>
+    cp ${configFile} $out/etc/foo.conf
+  ";</programlisting>
+
+    Note that <literal>${configFile}</literal> is an antiquotation
+    (see <xref linkend='ssec-values' />), so the result of the
+    expression <literal>configFile</literal> (i.e., a path like
+    <filename>/nix/store/m7p7jfny445k...-foo.conf</filename>) will be
+    spliced into the resulting string.</para>
+
+    <para>It is however <emphasis>not</emphasis> allowed to have files
+    mutually referring to each other, like so:
+
+<programlisting>
+let
+  foo = builtins.toFile "foo" "...${bar}...";
+  bar = builtins.toFile "bar" "...${foo}...";
+in foo</programlisting>
+
+    This is not allowed because it would cause a cyclic dependency in
+    the computation of the cryptographic hashes for
+    <varname>foo</varname> and <varname>bar</varname>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.toPath</function> <replaceable>s</replaceable></term>
+
+    <listitem><para>Convert the string value
+    <replaceable>s</replaceable> into a path value.  The string
+    <replaceable>s</replaceable> must represent an absolute path
+    (i.e., must start with <literal>/</literal>).  The path need not
+    exist.  The resulting path is canonicalised, e.g.,
+    <literal>builtins.toPath "//foo/xyzzy/../bar/"</literal> returns
+    <literal>/foo/bar</literal>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>toString</function> <replaceable>e</replaceable></term>
+
+    <listitem><para>Convert the expression
+    <replaceable>e</replaceable> to a string.
+    <replaceable>e</replaceable> can be a string (in which case
+    <function>toString</function> is a no-op) or a path (e.g.,
+    <literal>toString /foo/bar</literal> yields
+    <literal>"/foo/bar"</literal>.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry xml:id='builtin-toXML'><term><function>builtins.toXML</function> <replaceable>e</replaceable></term>
+
+    <listitem><para>Return a string containing an XML representation
+    of <replaceable>e</replaceable>.  The main application for
+    <function>toXML</function> is to communicate information with the
+    builder in a more structured format than plain environment
+    variables.</para>
+
+    <!-- TODO: more formally describe the schema of the XML
+    representation -->
+
+    <para><xref linkend='ex-toxml' /> shows an example where this is
+    the case.  The builder is supposed to generate the configuration
+    file for a <link xlink:href='http://jetty.mortbay.org/'>Jetty
+    servlet container</link>.  A servlet container contains a number
+    of servlets (<filename>*.war</filename> files) each exported under
+    a specific URI prefix.  So the servlet configuration is a list of
+    attribute sets containing the <varname>path</varname> and
+    <varname>war</varname> of the servlet (<xref
+    linkend='ex-toxml-co-servlets' />).  This kind of information is
+    difficult to communicate with the normal method of passing
+    information through an environment variable, which just
+    concatenates everything together into a string (which might just
+    work in this case, but wouldn’t work if fields are optional or
+    contain lists themselves).  Instead the Nix expression is
+    converted to an XML representation with
+    <function>toXML</function>, which is unambiguous and can easily be
+    processed with the appropriate tools.  For instance, in the
+    example an XSLT stylesheet (<xref linkend='ex-toxml-co-stylesheet'
+    />) is applied to it (<xref linkend='ex-toxml-co-apply' />) to
+    generate the XML configuration file for the Jetty server.  The XML
+    representation produced from <xref linkend='ex-toxml-co-servlets'
+    /> by <function>toXML</function> is shown in <xref
+    linkend='ex-toxml-result' />.</para>
+
+    <para>Note that <xref linkend='ex-toxml' /> uses the <function
+    linkend='builtin-toFile'>toFile</function> built-in to write the
+    builder and the stylesheet “inline” in the Nix expression.  The
+    path of the stylesheet is spliced into the builder at
+    <literal>xsltproc ${stylesheet}
+    <replaceable>...</replaceable></literal>.</para>
+
+    <example xml:id='ex-toxml'><title>Passing information to a builder
+    using <function>toXML</function></title>
+    
+<programlisting><![CDATA[
+{stdenv, fetchurl, libxslt, jira, uberwiki}:
+
+stdenv.mkDerivation (rec {
+  name = "web-server";
+
+  buildInputs = [libxslt];
+  
+  builder = builtins.toFile "builder.sh" "
+    source $stdenv/setup
+    mkdir $out
+    echo $servlets | xsltproc ${stylesheet} - > $out/server-conf.xml]]> <co xml:id='ex-toxml-co-apply' /> <![CDATA[
+  ";
+
+  stylesheet = builtins.toFile "stylesheet.xsl"]]> <co xml:id='ex-toxml-co-stylesheet' /> <![CDATA[
+   "<?xml version='1.0' encoding='UTF-8'?>
+    <xsl:stylesheet xmlns:xsl='http://www.w3.org/1999/XSL/Transform' version='1.0'>
+      <xsl:template match='/'>
+        <Configure>
+          <xsl:for-each select='/expr/list/attrs'>
+            <Call name='addWebApplication'>
+              <Arg><xsl:value-of select=\"attr[@name = 'path']/string/@value\" /></Arg>
+              <Arg><xsl:value-of select=\"attr[@name = 'war']/path/@value\" /></Arg>
+            </Call>
+          </xsl:for-each>
+        </Configure>
+      </xsl:template>
+    </xsl:stylesheet>
+  ";
+
+  servlets = builtins.toXML []]> <co xml:id='ex-toxml-co-servlets' /> <![CDATA[
+    { path = "/bugtracker"; war = jira + "/lib/atlassian-jira.war"; }
+    { path = "/wiki"; war = uberwiki + "/uberwiki.war"; }
+  ];
+})]]></programlisting>
+
+    </example>
+
+    <example xml:id='ex-toxml-result'><title>XML representation produced by
+    <function>toXML</function></title>
+    
+<programlisting><![CDATA[<?xml version='1.0' encoding='utf-8'?>
+<expr>
+  <list>
+    <attrs>
+      <attr name="path">
+        <string value="/bugtracker" />
+      </attr>
+      <attr name="war">
+        <path value="/nix/store/d1jh9pasa7k2...-jira/lib/atlassian-jira.war" />
+      </attr>
+    </attrs>
+    <attrs>
+      <attr name="path">
+        <string value="/wiki" />
+      </attr>
+      <attr name="war">
+        <path value="/nix/store/y6423b1yi4sx...-uberwiki/uberwiki.war" />
+      </attr>
+    </attrs>
+  </list>
+</expr>]]></programlisting>
+
+    </example>
+
+    </listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><function>builtins.trace</function>
+  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
+
+    <listitem><para>Evaluate <replaceable>e1</replaceable> and print its
+    abstract syntax representation on standard error.  Then return
+    <replaceable>e2</replaceable>.  This function is useful for
+    debugging.</para></listitem>
+
+  </varlistentry>
+
+  
+</variablelist>
+
+
+</section>

doc/manual/conf-file.xml

@@ -0,0 +1,243 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-conf-file">
+
+<title>Nix configuration file</title>
+
+
+<para>A number of persistent settings of Nix are stored in the file
+<filename><replaceable>prefix</replaceable>/etc/nix/nix.conf</filename>.
+This file is a list of <literal><replaceable>name</replaceable> =
+<replaceable>value</replaceable></literal> pairs, one per line.
+Comments start with a <literal>#</literal> character.  An example
+configuration file is shown in <xref linkend="ex-nix-conf" />.</para>
+
+<example xml:id='ex-nix-conf'><title>Nix configuration file</title>
+
+<programlisting>
+gc-keep-outputs = true       # Nice for developers
+gc-keep-derivations = true   # Idem
+env-keep-derivations = false
+</programlisting>
+</example>
+
+<para>The following variables are currently available: 
+
+<variablelist>
+
+  
+  <varlistentry xml:id="conf-gc-keep-outputs"><term><literal>gc-keep-outputs</literal></term>
+
+    <listitem><para>If <literal>true</literal>, the garbage collector
+    will keep the outputs of non-garbage derivations.  If
+    <literal>false</literal> (default), outputs will be deleted unless
+    they are GC roots themselves (or reachable from other roots).</para>
+ 
+    <para>In general, outputs must be registered as roots separately.
+    However, even if the output of a derivation is registered as a
+    root, the collector will still delete store paths that are used
+    only at build time (e.g., the C compiler, or source tarballs
+    downloaded from the network).  To prevent it from doing so, set
+    this option to <literal>true</literal>.</para></listitem>
+
+  </varlistentry>
+  
+
+  <varlistentry xml:id="conf-gc-keep-derivations"><term><literal>gc-keep-derivations</literal></term>
+
+    <listitem><para>If <literal>true</literal> (default), the garbage
+    collector will keep the derivations from which non-garbage store
+    paths were built.  If <literal>false</literal>, they will be
+    deleted unless explicitly registered as a root (or reachable from
+    other roots).</para>
+
+    <para>Keeping derivation around is useful for querying and
+    traceability (e.g., it allows you to ask with what dependencies or
+    options a store path was built), so by default this option is on.
+    Turn it off to safe a bit of disk space (or a lot if
+    <literal>gc-keep-outputs</literal> is also turned on).</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><literal>env-keep-derivations</literal></term>
+
+    <listitem><para>If <literal>false</literal> (default), derivations
+    are not stored in Nix user environments.  That is, the derivation
+    any build-time-only dependencies may be garbage-collected.</para>
+
+    <para>If <literal>true</literal>, when you add a Nix derivation to
+    a user environment, the path of the derivation is stored in the
+    user environment.  Thus, the derivation will not be
+    garbage-collected until the user environment generation is deleted
+    (<command>nix-env --delete-generations</command>).  To prevent
+    build-time-only dependencies from being collected, you should also
+    turn on <literal>gc-keep-outputs</literal>.</para>
+
+    <para>The difference between this option and
+    <literal>gc-keep-derivations</literal> is that this one is
+    “sticky”: it applies to any user environment created while this
+    option was enabled, while <literal>gc-keep-derivations</literal>
+    only applies at the moment the garbage collector is
+    run.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry xml:id="conf-build-max-jobs"><term><literal>build-max-jobs</literal></term>
+
+    <listitem><para>This option defines the maximum number of jobs
+    that Nix will try to build in parallel.  The default is
+    <literal>1</literal>.  You should generally set it to the number
+    of CPUs in your system (e.g., <literal>2</literal> on a Athlon 64
+    X2).  It can be overriden using the <option
+    linkend='opt-max-jobs'>--max-jobs</option> (<option>-j</option>)
+    command line switch.</para></listitem>
+
+  </varlistentry>
+
+
+  <varlistentry xml:id="conf-build-max-silent-time"><term><literal>build-max-silent-time</literal></term>
+
+    <listitem>
+
+      <para>This option defines the maximum number of seconds that a
+      builder can go without producing any data on standard output or
+      standard error.  This is useful (for instance in a automated
+      build system) to catch builds that are stuck in an infinite
+      loop, or to catch remote builds that are hanging due to network
+      problems.  It can be overriden using the <option
+      linkend="opt-max-silent-time">--max-silent-time</option> command
+      line switch.</para>
+
+      <para>The value <literal>0</literal> means that there is no
+      timeout.  This is also the default.</para>
+
+    </listitem>
+
+  </varlistentry>
+
+
+  <varlistentry xml:id="conf-build-users-group"><term><literal>build-users-group</literal></term>
+
+    <listitem><para>This options specifies the Unix group containing
+    the Nix build user accounts.  In multi-user Nix installations,
+    builds should not be performed by the Nix account since that would
+    allow users to arbitrarily modify the Nix store and database by
+    supplying specially crafted builders; and they cannot be performed
+    by the calling user since that would allow him/her to influence
+    the build result.</para>
+
+    <para>Therefore, if this option is non-empty and specifies a valid
+    group, builds will be performed under the user accounts that are a
+    member of the group specified here (as listed in
+    <filename>/etc/group</filename>).  Those user accounts should not
+    be used for any other purpose!</para>
+
+    <para>Nix will never run two builds under the same user account at
+    the same time.  This is to prevent an obvious security hole: a
+    malicious user writing a Nix expression that modifies the build
+    result of a legitimate Nix expression being built by another user.
+    Therefore it is good to have as many Nix build user accounts as
+    you can spare.  (Remember: uids are cheap.)</para>
+
+    <para>The build users should have permission to create files in
+    the Nix store, but not delete them.  Therefore,
+    <filename>/nix/store</filename> should be owned by the Nix
+    account, its group should be the group specified here, and its
+    mode should be <literal>1775</literal>.</para>
+
+    <para>If the build users group is empty, builds will be performed
+    under the uid of the Nix process (that is, the uid of the caller
+    if <envar>NIX_REMOTE</envar> is empty, the uid under which the Nix
+    daemon runs if <envar>NIX_REMOTE</envar> is
+    <literal>daemon</literal>, or the uid that owns the setuid
+    <command>nix-worker</command> program if <envar>NIX_REMOTE</envar>
+    is <literal>slave</literal>).  Obviously, this should not be used
+    in multi-user settings with untrusted users.</para>
+
+    </listitem>
+
+  </varlistentry>
+
+
+  <varlistentry><term><literal>build-use-chroot</literal></term>
+
+    <listitem><para>If set to <literal>true</literal>, builds will be
+    performed in a <emphasis>chroot environment</emphasis>, i.e., the
+    build will be isolated from the normal file system hierarchy and
+    will only see the Nix store, the temporary build directory, and
+    the directories configured with the <link
+    linkend='conf-build-chroot-dirs'><literal>build-chroot-dirs</literal>
+    option</link> (such as <filename>/proc</filename> and
+    <filename>/dev</filename>).  This is useful to prevent undeclared
+    dependencies on files in directories such as
+    <filename>/usr/bin</filename>.</para>
+
+    <para>The use of a chroot requires that Nix is run as root (but
+    you can still use the <link
+    linkend='conf-build-users-group'>“build users” feature</link> to
+    perform builds under different users than root).  Currently,
+    chroot builds only work on Linux because Nix uses “bind mounts” to
+    make the Nix store and other directories available inside the
+    chroot.</para>
+
+    </listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry xml:id="conf-build-chroot-dirs"><term><literal>build-chroot-dirs</literal></term>
+
+    <listitem><para>When builds are performed in a chroot environment,
+    Nix will mount (using <command>mount --bind</command> on Linux)
+    some directories from the normal file system hierarchy inside the
+    chroot.  These are the Nix store, the temporary build directory
+    (usually
+    <filename>/tmp/nix-<replaceable>pid</replaceable>-<replaceable>number</replaceable></filename>)
+    and the directories listed here.  The default is <literal>dev
+    /proc</literal>.  Files in <filename>/dev</filename> (such as
+    <filename>/dev/null</filename>) are needed by many builds, and
+    some files in <filename>/proc</filename> may also be needed
+    occasionally.</para>
+
+    <para>The value used on NixOS is
+    
+<programlisting>
+build-use-chroot = /dev /proc /bin</programlisting>
+
+    to make the <filename>/bin/sh</filename> symlink available (which
+    is still needed by many builders).</para>
+
+    </listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><literal>system</literal></term>
+
+    <listitem><para>This option specifies the canonical Nix system
+    name of the current installation, such as
+    <literal>i686-linux</literal> or
+    <literal>powerpc-darwin</literal>.  Nix can only build derivations
+    whose <literal>system</literal> attribute equals the value
+    specified here.  In general, it never makes sense to modify this
+    value from its default, since you can use it to ‘lie’ about the
+    platform you are building on (e.g., perform a Mac OS build on a
+    Linux machine; the result would obviously be wrong).  It only
+    makes sense if the Nix binaries can run on multiple platforms,
+    e.g., ‘universal binaries’ that run on <literal>powerpc-darwin</literal> and
+    <literal>i686-darwin</literal>.</para>
+
+    <para>It defaults to the canonical Nix system name detected by
+    <filename>configure</filename> at build time.</para></listitem>
+
+  </varlistentry>
+  
+    
+</variablelist>
+
+</para>
+
+
+</section>

doc/manual/custom.css

@@ -1,7 +0,0 @@
-h1:not(:first-of-type) {
-    margin-top: 1.3em;
-}
-
-h2 {
-    margin-top: 1em;
-}

doc/manual/env-common.xml

@@ -0,0 +1,278 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-common-env">
+
+<title>Common environment variables</title>
+
+
+<para>Most Nix commands interpret the following environment variables:</para>
+
+<variablelist>
+
+  
+<varlistentry><term><envar>NIX_IGNORE_SYMLINK_STORE</envar></term>
+
+  <listitem>
+
+  <para>Normally, the Nix store directory (typically
+  <filename>/nix/store</filename>) is not allowed to contain any
+  symlink components.  This is to prevent “impure” builds.  Builders
+  sometimes “canonicalise” paths by resolving all symlink components.
+  Thus, builds on different machines (with
+  <filename>/nix/store</filename> resolving to different locations)
+  could yield different results.  This is generally not a problem,
+  except when builds are deployed to machines where
+  <filename>/nix/store</filename> resolves differently.  If you are
+  sure that you’re not going to do that, you can set
+  <envar>NIX_IGNORE_SYMLINK_STORE</envar> to <envar>1</envar>.</para>
+
+  <para>Note that if you’re symlinking the Nix store so that you can
+  put it on another file system than the root file system, on Linux
+  you’re better off using <literal>bind</literal> mount points, e.g.,
+
+  <screen>
+$ mkdir /nix   
+$ mount -o bind /mnt/otherdisk/nix /nix</screen>
+
+  Consult the <citerefentry><refentrytitle>mount</refentrytitle>
+  <manvolnum>8</manvolnum></citerefentry> manual page for details.</para>
+
+  </listitem>
+
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_STORE_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix store (default
+  <filename><replaceable>prefix</replaceable>/store</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_DATA_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix static data
+  directory (default
+  <filename><replaceable>prefix</replaceable>/share</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_LOG_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix log directory
+  (default <filename><replaceable>prefix</replaceable>/log/nix</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_STATE_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix state directory
+  (default <filename><replaceable>prefix</replaceable>/var/nix</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_DB_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix database (default
+  <filename><replaceable>$NIX_STATE_DIR</replaceable>/db</filename>, i.e.,
+  <filename><replaceable>prefix</replaceable>/var/nix/db</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_CONF_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix configuration
+  directory (default
+  <filename><replaceable>prefix</replaceable>/etc/nix</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_LOG_TYPE</envar></term>
+
+  <listitem><para>Equivalent to the <link
+  linkend="opt-log-type"><option>--log-type</option>
+  option</link>.</para></listitem>
+
+</varlistentry>
+  
+
+<varlistentry><term><envar>TMPDIR</envar></term>
+
+  <listitem><para>Use the specified directory to store temporary
+  files.  In particular, this includes temporary build directories;
+  these can take up substantial amounts of disk space.  The default is
+  <filename>/tmp</filename>.</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry xml:id="envar-build-hook"><term><envar>NIX_BUILD_HOOK</envar></term>
+
+  <listitem>
+
+  <para>Specifies the location of the <emphasis>build hook</emphasis>,
+  which is a program (typically some script) that Nix will call
+  whenever it wants to build a derivation.  This is used to implement
+  distributed builds (see <xref linkend="sec-distributed-builds"
+  />).  The protocol by which the calling Nix process and the build
+  hook communicate is as follows.</para>
+
+  <para>The build hook is called with the following command-line
+  arguments:
+
+  <orderedlist>
+
+    <listitem><para>A boolean value <literal>0</literal> or
+    <literal>1</literal> specifying whether Nix can locally execute
+    more builds, as per the <link
+    linkend="opt-max-jobs"><option>--max-jobs</option> option</link>.
+    The purpose of this argument is to allow the hook to not have to
+    maintain bookkeeping for the local machine.</para></listitem>
+
+    <listitem><para>The Nix platform identifier for the local machine
+    (e.g., <literal>i686-linux</literal>).</para></listitem>
+
+    <listitem><para>The Nix platform identifier for the derivation,
+    i.e., its <link linkend="attr-system"><varname>system</varname>
+    attribute</link>.</para></listitem>
+
+    <listitem><para>The store path of the derivation.</para></listitem>
+
+  </orderedlist>
+
+  </para>
+
+  <para>On the basis of this information, and whatever persistent
+  state the build hook keeps about other machines and their current
+  load, it has to decide what to do with the build.  It should print
+  out on standard error one of the following responses (terminated by
+  a newline, <literal>"\n"</literal>):
+
+  <variablelist>
+
+    <varlistentry><term><literal># decline</literal></term>
+
+      <listitem><para>The build hook is not willing or able to perform
+      the build; the calling Nix process should do the build itself,
+      if possible.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal># postpone</literal></term>
+
+      <listitem><para>The build hook cannot perform the build now, but
+      can do so in the future (e.g., because all available build slots
+      on remote machines are in use).  The calling Nix process should
+      postpone this build until at least one currently running build
+      has terminated.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal># accept</literal></term>
+
+      <listitem><para>The build hook has accepted the
+      build.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  <para>After sending <literal># accept</literal>, the hook should
+  read one line from standard input, which will be the string
+  <literal>okay</literal>.  It can then proceed with the build.
+  Before sending <literal>okay</literal>, Nix will store in the hook’s
+  current directory a number of text files that contain information
+  about the derivation:
+
+  <variablelist>
+
+    <varlistentry><term><filename>inputs</filename></term>
+
+      <listitem><para>The set of store paths that are inputs to the
+      build process (one per line).  These have to be copied
+      <emphasis>to</emphasis> the remote machine (in addition to the
+      store derivation itself).</para></listitem>
+
+    </varlistentry>
+  
+    <varlistentry><term><filename>outputs</filename></term>
+
+      <listitem><para>The set of store paths that are outputs of the
+      derivation (one per line).  These have to be copied
+      <emphasis>from</emphasis> the remote machine if the build
+      succeeds.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><filename>references</filename></term>
+
+      <listitem><para>The reference graph of the inputs, in the format
+      accepted by the command <command>nix-store
+      --register-validity</command>.  It is necessary to run this
+      command on the remote machine after copying the inputs to inform
+      Nix on the remote machine that the inputs are valid
+      paths.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  <para>The hook should copy the inputs to the remote machine,
+  register the validity of the inputs, perform the remote build, and
+  copy the outputs back to the local machine.  An exit code other than
+  <literal>0</literal> indicates that the hook has failed.  An exit
+  code equal to 100 means that the remote build failed (as opposed to,
+  e.g., a network error).</para>
+
+  </listitem>
+
+
+</varlistentry>
+
+
+<varlistentry xml:id="envar-remote"><term><envar>NIX_REMOTE</envar></term>
+
+  <listitem><para>This variable should be set to
+  <literal>daemon</literal> if you want to use the Nix daemon to
+  executed Nix operations, which is necessary in <link
+  linkend="ssec-multi-user">multi-user Nix installations</link>.
+  Otherwise, it should be left unset.</para></listitem>
+
+</varlistentry>
+
+    
+<varlistentry xml:id="envar-other-stores"><term><envar>NIX_OTHER_STORES</envar></term>
+
+  <listitem><para>This variable contains the paths of remote Nix
+  installations from whichs paths can be copied, separated by colons.
+  See <xref linkend="sec-sharing-packages" /> for details.  Each path
+  should be the <filename>/nix</filename> directory of a remote Nix
+  installation (i.e., not the <filename>/nix/store</filename>
+  directory).  The paths are subject to globbing, so you can set it so
+  something like <literal>/var/run/nix/remote-stores/*/nix</literal>
+  and mount multiple remote filesystems in
+  <literal>/var/run/nix/remote-stores</literal>.</para>
+
+  <para>Note that if you’re building through the <link
+  linkend="sec-nix-worker">Nix daemon</link>, the only setting for
+  this variable that matters is the one that the
+  <command>nix-worker</command> process uses.  So if you want to
+  change it, you have to restart the daemon.</para></listitem>
+
+</varlistentry>
+
+    
+</variablelist>
+
+
+</section>

doc/manual/generate-builtins.nix

@@ -1,14 +0,0 @@
-with builtins;
-with import ./utils.nix;
-
-builtins:
-
-concatStrings (map
-  (name:
-    let builtin = builtins.${name}; in
-    "  - `builtins.${name}` " + concatStringsSep " " (map (s: "*${s}*") builtin.args)
-    + "  \n\n"
-    + concatStrings (map (s: "    ${s}\n") (splitLines builtin.doc)) + "\n\n"
-  )
-  (attrNames builtins))
-

doc/manual/generate-manpage.nix

@@ -1,55 +0,0 @@
-with builtins;
-with import ./utils.nix;
-
-let
-
-  showCommand =
-    { command, section, def }:
-    "${section} Name\n\n"
-    + "`${command}` - ${def.description}\n\n"
-    + "${section} Synopsis\n\n"
-    + showSynopsis { inherit command; args = def.args; }
-    + (if def ? doc
-       then "${section} Description\n\n" + def.doc + "\n\n"
-       else "")
-    + (let s = showFlags def.flags; in
-       if s != ""
-       then "${section} Flags\n\n${s}"
-       else "")
-    + (if def.examples or [] != []
-       then
-         "${section} Examples\n\n"
-         + concatStrings (map ({ description, command }: "${description}\n\n```console\n${command}\n```\n\n") def.examples)
-       else "")
-    + (if def.commands or [] != []
-       then concatStrings (
-         map (name:
-           "# Subcommand `${command} ${name}`\n\n"
-           + showCommand { command = command + " " + name; section = "##"; def = def.commands.${name}; })
-           (attrNames def.commands))
-       else "");
-
-  showFlags = flags:
-    concatStrings
-      (map (longName:
-        let flag = flags.${longName}; in
-        if flag.category or "" != "config"
-        then
-          "  - `--${longName}`"
-          + (if flag ? shortName then " / `${flag.shortName}`" else "")
-          + (if flag ? labels then " " + (concatStringsSep " " (map (s: "*${s}*") flag.labels)) else "")
-          + "  \n"
-          + "    " + flag.description + "\n\n"
-        else "")
-        (attrNames flags));
-
-  showSynopsis =
-    { command, args }:
-    "`${command}` [*flags*...] ${concatStringsSep " "
-      (map (arg: "*${arg.label}*" + (if arg ? arity then "" else "...")) args)}\n\n";
-
-in
-
-command:
-
-showCommand { command = "nix"; section = "#"; def = command; }

doc/manual/generate-options.nix

@@ -1,26 +0,0 @@
-with builtins;
-with import ./utils.nix;
-
-options:
-
-concatStrings (map
-  (name:
-    let option = options.${name}; in
-    "  - `${name}`  \n\n"
-    + concatStrings (map (s: "    ${s}\n") (splitLines option.description)) + "\n\n"
-    + "    **Default:** " + (
-      if option.value == "" || option.value == []
-      then "*empty*"
-      else if isBool option.value
-      then (if option.value then "`true`" else "`false`")
-      else
-        # n.b. a StringMap value type is specified as a string, but
-        # this shows the value type.  The empty stringmap is "null" in
-        # JSON, but that converts to "{ }" here.
-        (if isAttrs option.value then "`\"\"`"
-         else "`" + toString option.value + "`")) + "\n\n"
-    + (if option.aliases != []
-       then "    **Deprecated alias:** " + (concatStringsSep ", " (map (s: "`${s}`") option.aliases)) + "\n\n"
-       else "")
-    )
-  (attrNames options))

doc/manual/glossary.xml

@@ -0,0 +1,167 @@
+<appendix xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink">
+
+<title>Glossary</title>
+
+
+<glosslist>
+
+
+<glossentry xml:id="gloss-derivation"><glossterm>derivation</glossterm>
+
+  <glossdef><para>A description of a build action.  The result of a
+  derivation is a store object.  Derivations are typically specified
+  in Nix expressions using the <link
+  linkend="ssec-derivation"><function>derivation</function>
+  primitive</link>.  These are translated into low-level
+  <emphasis>store derivations</emphasis> (implicitly by
+  <command>nix-env</command> and <command>nix-build</command>, or
+  explicitly by <command>nix-instantiate</command>).</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>store</glossterm>
+
+  <glossdef><para>The location in the file system where store objects
+  live.  Typically <filename>/nix/store</filename>.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>store path</glossterm>
+
+  <glossdef><para>The location in the file system of a store object,
+  i.e., an immediate child of the Nix store
+  directory.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>store object</glossterm>
+
+  <glossdef><para>A file that is an immediate child of the Nix store
+  directory.  These can be regular files, but also entire directory
+  trees.  Store objects can be sources (objects copied from outside of
+  the store), derivation outputs (objects produced by running a build
+  action), or derivations (files describing a build
+  action).</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-substitute"><glossterm>substitute</glossterm>
+
+  <glossdef><para>A substitute is a command invocation stored in the
+  Nix database that describes how to build a store object, bypassing
+  normal the build mechanism (i.e., derivations).  Typically, the
+  substitute builds the store object by downloading a pre-built
+  version of the store object from some server.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>purity</glossterm>
+
+  <glossdef><para>The assumption that equal Nix derivations when run
+  always produce the same output.  This cannot be guaranteed in
+  general (e.g., a builder can rely on external inputs such as the
+  network or the system time) but the Nix model assumes
+  it.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>Nix expression</glossterm>
+
+  <glossdef><para>A high-level description of software packages and
+  compositions thereof.  Deploying software using Nix entails writing
+  Nix expressions for your packages.  Nix expressions are translated
+  to derivations that are stored in the Nix store.  These derivations
+  can then be built.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-reference"><glossterm>reference</glossterm>
+
+  <glossdef><para>A store path <varname>P</varname> is said to have a
+  reference to a store path <varname>Q</varname> if the store object
+  at <varname>P</varname> contains the path <varname>Q</varname>
+  somewhere.  This implies than an execution involving
+  <varname>P</varname> potentially needs <varname>Q</varname> to be
+  present.  The <emphasis>references</emphasis> of a store path are
+  the set of store paths to which it has a reference.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-closure"><glossterm>closure</glossterm>
+
+  <glossdef><para>The closure of a store path is the set of store
+  paths that are directly or indirectly “reachable” from that store
+  path; that is, it’s the closure of the path under the <link
+  linkend="gloss-reference">references</link> relation.  For instance,
+  if the store object at path <varname>P</varname> contains a
+  reference to path <varname>Q</varname>, then <varname>Q</varname> is
+  in the closure of <varname>P</varname>.  For correct deployment it
+  is necessary to deploy whole closures, since otherwise at runtime
+  files could be missing.  The command <command>nix-store
+  -qR</command> prints out closures of store paths.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-output-path"><glossterm>output path</glossterm>
+
+  <glossdef><para>A store path produced by a derivation.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-deriver"><glossterm>deriver</glossterm>
+
+  <glossdef><para>The deriver of an <link
+  linkend="gloss-output-path">output path</link> is the store
+  derivation that built it.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-validity"><glossterm>validity</glossterm>
+
+  <glossdef><para>A store path is considered
+  <emphasis>valid</emphasis> if it exists in the file system, is
+  listed in the Nix database as being valid, and if all paths in its
+  closure are also valid.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-user-env"><glossterm>user environment</glossterm>
+
+  <glossdef><para>An automatically generated store object that
+  consists of a set of symlinks to “active” applications, i.e., other
+  store paths.  These are generated automatically by <link
+  linkend="sec-nix-env"><command>nix-env</command></link>.  See <xref
+  linkend="sec-profiles" />.</para>
+
+  </glossdef>
+  
+</glossentry>
+
+
+<glossentry xml:id="gloss-profile"><glossterm>profile</glossterm>
+
+  <glossdef><para>A symlink to the current <link
+  linkend="gloss-user-env">user environment</link> of a user, e.g.,
+  <filename>/nix/var/nix/profiles/default</filename>.</para></glossdef>
+
+</glossentry>
+
+
+
+</glosslist>
+
+
+</appendix>

doc/manual/installation.xml

@@ -0,0 +1,474 @@
+<?xml version="1.0" encoding="utf-8"?>
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="chap-installation">
+
+<title>Installation</title>
+
+
+<section><title>Supported platforms</title>
+
+<para>Nix is currently supported on the following platforms:
+
+<itemizedlist>
+
+  <listitem><para>Linux (particularly on x86, x86_64, and
+  PowerPC).</para></listitem>
+
+  <listitem><para>Mac OS X, both on Intel and
+  PowerPC.</para></listitem>
+
+  <listitem><para>FreeBSD (only tested on Intel).</para></listitem>
+
+  <listitem><para>Windows through <link
+  xlink:href="http://www.cygwin.com/">Cygwin</link>.</para>
+
+  <warning><para>On Cygwin, Nix <emphasis>must</emphasis> be installed
+  on an NTFS partition.  It will not work correctly on a FAT
+  partition.</para></warning>
+
+  </listitem>
+
+</itemizedlist>
+
+</para>
+
+<para>Nix is pretty portable, so it should work on most other Unix
+platforms as well.</para>
+
+</section>
+
+
+<section><title>Obtaining Nix</title>
+
+<para>The easiest way to obtain Nix is to download a <link
+xlink:href="http://nixos.org/">source distribution</link>.  RPMs
+for Red Hat, SuSE, and Fedora Core are also available.</para>
+
+<para>Alternatively, the most recent sources of Nix can be obtained
+from its <link
+xlink:href="https://svn.nixos.org/repos/nix/nix/trunk">Subversion
+repository</link>.  For example, the following command will check out
+the latest revision into a directory called
+<filename>nix</filename>:</para>
+
+<screen>
+$ svn checkout https://svn.nixos.org/repos/nix/nix/trunk nix</screen>
+
+<para>Likewise, specific releases can be obtained from the <link
+xlink:href="https://svn.nixos.org/repos/nix/nix/tags">tags
+directory</link> of the repository.</para>
+
+</section>
+
+
+<section><title>Prerequisites</title>
+
+<para><emphasis>The following prerequisites only apply when you build
+from source</emphasis>.  Binary releases (e.g., RPMs) have no
+prerequisites.</para>
+
+<para>A fairly recent version of GCC/G++ is required.  Version 2.95
+and higher should work.</para>
+
+<para>To build this manual and the man-pages you need the
+<command>xmllint</command> and <command>xsltproc</command> programs,
+which are part of the <literal>libxml2</literal> and
+<literal>libxslt</literal> packages, respectively.  You also need the
+<link
+xlink:href="http://docbook.sourceforge.net/projects/xsl/">DocBook XSL
+stylesheets</link> and optionally the <link
+xlink:href="http://www.docbook.org/schemas/5x"> DocBook 5.0 RELAX NG
+schemas</link>.  Note that these are only required if you modify the
+manual sources or when you are building from the Subversion
+repository.</para>
+
+<para>To build the parser, very <emphasis>recent</emphasis> versions
+of Bison and Flex are required.  (This is because Nix needs GLR
+support in Bison and reentrancy support in Flex.)  For Bison, you need
+version 2.3 or higher (1.875 does <emphasis>not</emphasis> work),
+which can be obtained from
+the <link xlink:href="ftp://alpha.gnu.org/pub/gnu/bison">GNU FTP
+server</link>.  For Flex, you need version 2.5.33, which is available
+on <link xlink:href="http://lex.sourceforge.net/">SourceForge</link>.
+Slightly older versions may also work, but ancient versions like the
+ubiquitous 2.5.4a won't.  Note that these are only required if you
+modify the parser or when you are building from the Subversion
+repository.</para>
+
+<para>Nix uses CWI's ATerm library and the bzip2 compressor (including
+the bzip2 library).  These are included in the Nix source
+distribution.  If you build from the Subversion repository, you must
+download them yourself and place them in the
+<filename>externals/</filename> directory.  See
+<filename>externals/Makefile.am</filename> for the precise URLs of
+these packages.  Alternatively, if you already have them installed,
+you can use <command>configure</command>'s
+<option>--with-aterm</option> and <option>--with-bzip2</option>
+options to point to their respective locations.</para>
+
+<para>If you want to be able to upgrade Nix stores from before version
+0.12pre12020, you need Sleepycat's Berkeley DB version version 4.5.
+(Other versions may not have compatible database formats.).  Berkeley
+DB 4.5 is included in the Nix source distribution.  If you do not need
+this ability, you can build Nix with the
+<option>--disable-old-db-compat</option> configure option.</para>
+
+</section>
+
+
+<section><title>Building Nix from source</title>
+
+<para>After unpacking or checking out the Nix sources, issue the
+following commands:
+
+<screen>
+$ ./configure <replaceable>options...</replaceable>
+$ make
+$ make install</screen>
+
+</para>
+
+<para>When building from the Subversion repository, these should be
+preceded by the command:
+
+<screen>
+$ ./bootstrap</screen>
+
+</para>
+
+<para>The installation path can be specified by passing the
+<option>--prefix=<replaceable>prefix</replaceable></option> to
+<command>configure</command>.  The default installation directory is
+<filename>/nix</filename>.  You can change this to any location you
+like.  You must have write permission to the
+<replaceable>prefix</replaceable> path.</para>
+
+<warning><para>It is best <emphasis>not</emphasis> to change the
+installation prefix from its default, since doing so makes it
+impossible to use pre-built binaries from the standard Nixpkgs
+channels.</para></warning>
+
+<para>If you want to rebuilt the documentation, pass the full path to
+the DocBook RELAX NG schemas and to the DocBook XSL stylesheets using
+the
+<option>--with-docbook-rng=<replaceable>path</replaceable></option>
+and
+<option>--with-docbook-xsl=<replaceable>path</replaceable></option>
+options.</para>
+
+</section>
+
+
+<section><title>Installing from RPMs</title>
+
+<para>RPM packages of Nix can be downloaded from <link
+xlink:href="http://nixos.org/" />.  These RPMs should work for most
+fairly recent releases of SuSE and Red Hat Linux.  They have been
+known to work work on SuSE Linux 8.1 and 9.0, and Red Hat 9.0.  In
+fact, it should work on any RPM-based Linux distribution based on
+<literal>glibc</literal> 2.3 or later.</para>
+
+<para>Once downloaded, the RPMs can be installed or upgraded using
+<command>rpm -U</command>.  For example,
+
+<screen>
+$ rpm -U nix-0.5pre664-1.i386.rpm</screen>
+
+</para>
+
+<para>The RPMs install into the directory <filename>/nix</filename>.
+Nix can be uninstalled using <command>rpm -e nix</command>.  After
+this it will be necessary to manually remove the Nix store and other
+auxiliary data:
+
+<screen>
+$ rm -rf /nix/store
+$ rm -rf /nix/var</screen>
+
+</para>
+
+</section>
+
+
+<section><title>Upgrading Nix through Nix</title>
+
+<para>You can install the latest stable version of Nix through Nix
+itself by subscribing to the channel <link
+xlink:href="http://nixos.org/releases/nix/channels/nix-stable" />,
+or the latest unstable version by subscribing to the channel <link
+xlink:href="http://nixos.org/releases/nix/channels/nix-unstable" />.
+You can also do a <link linkend="sec-one-click">one-click
+installation</link> by clicking on the package links at <link
+xlink:href="http://nixos.org/releases/full-index-nix.html" />.</para>
+
+</section>
+
+
+<section><title>Security</title>
+
+<para>Nix has two basic security models.  First, it can be used in
+“single-user mode”, which is similar to what most other package
+management tools do: there is a single user (typically <systemitem
+class="username">root</systemitem>) who performs all package
+management operations.  All other users can then use the installed
+packages, but they cannot perform package management operations
+themselves.</para>
+
+<para>Alternatively, you can configure Nix in “multi-user mode”.  In
+this model, all users can perform package management operations — for
+instance, every user can install software without requiring root
+privileges.  Nix ensures that this is secure.  For instance, it’s not
+possible for one user to overwrite a package used by another user with
+a Trojan horse.</para>
+
+
+<section><title>Single-user mode</title>
+  
+<para>In single-user mode, all Nix operations that access the database
+in <filename><replaceable>prefix</replaceable>/var/nix/db</filename>
+or modify the Nix store in
+<filename><replaceable>prefix</replaceable>/store</filename> must be
+performed under the user ID that owns those directories.  This is
+typically <systemitem class="username">root</systemitem>.  (If you
+install from RPM packages, that’s in fact the default ownership.)
+However, on single-user machines, it is often convenient to
+<command>chown</command> those directories to your normal user account
+so that you don’t have to <command>su</command> to <systemitem
+class="username">root</systemitem> all the time.</para>
+
+</section>
+
+
+<section xml:id="ssec-multi-user"><title>Multi-user mode</title>
+
+<para>To allow a Nix store to be shared safely among multiple users,
+it is important that users are not able to run builders that modify
+the Nix store or database in arbitrary ways, or that interfere with
+builds started by other users.  If they could do so, they could
+install a Trojan horse in some package and compromise the accounts of
+other users.</para>
+
+<para>To prevent this, the Nix store and database are owned by some
+privileged user (usually <literal>root</literal>) and builders are
+executed under special user accounts (usually named
+<literal>nixbld1</literal>, <literal>nixbld2</literal>, etc.).  When a
+unprivileged user runs a Nix command, actions that operate on the Nix
+store (such as builds) are forwarded to a <emphasis>Nix
+daemon</emphasis> running under the owner of the Nix store/database
+that performs the operation.</para>
+
+<note><para>Multi-user mode has one important limitation: only
+<systemitem class="username">root</systemitem> can run <command
+linkend="sec-nix-pull">nix-pull</command> to register the availability
+of pre-built binaries.  However, those registrations are shared by all
+users, so they still get the benefit from <command>nix-pull</command>s
+done by <systemitem class="username">root</systemitem>.</para></note>
+
+
+<section><title>Setting up the build users</title>
+
+<para>The <emphasis>build users</emphasis> are the special UIDs under
+which builds are performed.  They should all be members of the
+<emphasis>build users group</emphasis> (usually called
+<literal>nixbld</literal>).  This group should have no other members.
+The build users should not be members of any other group.</para>
+
+<para>Here is a typical <filename>/etc/group</filename> definition of
+the build users group with 10 build users:
+
+<programlisting>
+nixbld:!:30000:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10
+</programlisting>
+
+In this example the <literal>nixbld</literal> group has UID 30000, but
+of course it can be anything that doesn’t collide with an existing
+group.</para>
+
+<para>Here is the corresponding part of
+<filename>/etc/passwd</filename>:
+
+<programlisting>
+nixbld1:x:30001:65534:Nix build user 1:/var/empty:/noshell
+nixbld2:x:30002:65534:Nix build user 2:/var/empty:/noshell
+nixbld3:x:30003:65534:Nix build user 3:/var/empty:/noshell
+...
+nixbld10:x:30010:65534:Nix build user 10:/var/empty:/noshell
+</programlisting>
+
+The home directory of the build users should not exist or should be an
+empty directory to which they do not have write access.</para>
+
+<para>The build users should have write access to the Nix store, but
+they should not have the right to delete files.  Thus the Nix store’s
+group should be the build users group, and it should have the sticky
+bit turned on (like <filename>/tmp</filename>):
+
+<screen>
+$ chgrp nixbld /nix/store
+$ chmod 1777 /nix/store
+</screen>
+
+</para>
+
+<para>Finally, you should tell Nix to use the build users by
+specifying the build users group in the <link
+linkend="conf-build-users-group"><literal>build-users-group</literal>
+option</link> in the <link linkend="sec-conf-file">Nix configuration
+file</link> (<literal>/nix/etc/nix/nix.conf</literal>):
+
+<programlisting>
+build-users-group = nixbld
+</programlisting>
+
+</para>
+
+</section>
+
+
+<section><title>Nix store/database owned by root</title>
+
+<para>The simplest setup is to let <literal>root</literal> own the Nix
+store and database.  I.e.,
+
+<screen>
+$ chown -R root /nix/store /nix/var/nix</screen>
+
+</para>
+
+<para>The <link linkend="sec-nix-worker">Nix daemon</link> should be
+started as follows (as <literal>root</literal>):
+
+<screen>
+$ nix-worker --daemon</screen>
+
+You’ll want to put that line somewhere in your system’s boot
+scripts.</para>
+
+<para>To let unprivileged users use the daemon, they should set the
+<link linkend="envar-remote"><envar>NIX_REMOTE</envar> environment
+variable</link> to <literal>daemon</literal>.  So you should put a
+line like
+
+<programlisting>
+export NIX_REMOTE=daemon</programlisting>
+
+into the users’ login scripts.</para>
+
+</section>
+
+
+<section><title>Nix store/database not owned by root</title>
+
+<para>It is also possible to let the Nix store and database be owned
+by a non-root user, which should be more secure<footnote><para>Note
+however that even when the Nix daemon runs as root, not
+<emphasis>that</emphasis> much code is executed as root: Nix
+expression evaluation is performed by the calling (unprivileged) user,
+and builds are performed under the special build user accounts.  So
+only the code that accesses the database and starts builds is executed
+as <literal>root</literal>.</para></footnote>.  Typically, this user
+is a special account called <literal>nix</literal>, but it can be
+named anything.  It should own the Nix store and database:
+
+<screen>
+$ chown -R root /nix/store /nix/var/nix</screen>
+
+and of course <command>nix-worker --daemon</command> should be started
+under that user, e.g.,
+
+<screen>
+$ su - nix -c "exec /nix/bin/nix-worker --daemon"</screen>
+
+</para>
+
+<para>There is a catch, though: non-<literal>root</literal> users
+cannot start builds under the build user accounts, since the
+<function>setuid</function> system call is obviously privileged.  To
+allow a non-<literal>root</literal> Nix daemon to use the build user
+feature, it calls a setuid-root helper program,
+<command>nix-setuid-helper</command>.  This program is installed in
+<filename><replaceable>prefix</replaceable>/libexec/nix-setuid-helper</filename>.
+To set the permissions properly (Nix’s <command>make install</command>
+doesn’t do this, since we don’t want to ship setuid-root programs
+out-of-the-box):
+
+<screen>
+$ chown root.root /nix/libexec/nix-setuid-helper
+$ chmod 4755 /nix/libexec/nix-setuid-helper
+</screen>
+
+(This example assumes that the Nix binaries are installed in
+<filename>/nix</filename>.)</para>
+
+<para>Of course, the <command>nix-setuid-helper</command> command
+should not be usable by just anybody, since then anybody could run
+commands under the Nix build user accounts.  For that reason there is
+a configuration file <filename>/etc/nix-setuid.conf</filename> that
+restricts the use of the helper.  This file should be a text file
+containing precisely two lines, the first being the Nix daemon user
+and the second being the build users group, e.g.,
+
+<programlisting>
+nix
+nixbld
+</programlisting>
+
+The setuid-helper barfs if it is called by a user other than the one
+specified on the first line, or if it is asked to execute a build
+under a user who is not a member of the group specified on the second
+line.  The file <filename>/etc/nix-setuid.conf</filename> must be
+owned by root, and must not be group- or world-writable.  The
+setuid-helper barfs if this is not the case.</para>
+
+</section>
+
+
+<section><title>Restricting access</title>
+
+<para>To limit which users can perform Nix operations, you can use the
+permissions on the directory
+<filename>/nix/var/nix/daemon-socket</filename>.  For instance, if you
+want to restrict the use of Nix to the members of a group called
+<literal>nix-users</literal>, do
+
+<screen>
+$ chgrp nix-users /nix/var/nix/daemon-socket
+$ chmod ug=rwx,o= /nix/var/nix/daemon-socket
+</screen>
+
+This way, users who are not in the <literal>nix-users</literal> group
+cannot connect to the Unix domain socket
+<filename>/nix/var/nix/daemon-socket/socket</filename>, so they cannot
+perform Nix operations.</para>
+
+</section>
+
+
+</section> <!-- end of multi-user -->
+
+
+</section> <!-- end of security -->
+
+
+<section><title>Using Nix</title>
+
+<para>To use Nix, some environment variables should be set.  In
+particular, <envar>PATH</envar> should contain the directories
+<filename><replaceable>prefix</replaceable>/bin</filename> and
+<filename>~/.nix-profile/bin</filename>.  The first directory contains
+the Nix tools themselves, while <filename>~/.nix-profile</filename> is
+a symbolic link to the current <emphasis>user environment</emphasis>
+(an automatically generated package consisting of symlinks to
+installed packages).  The simplest way to set the required environment
+variables is to include the file
+<filename><replaceable>prefix</replaceable>/etc/profile.d/nix.sh</filename>
+in your <filename>~/.bashrc</filename> (or similar), like this:</para>
+
+<screen>
+source <replaceable>prefix</replaceable>/etc/profile.d/nix.sh</screen>
+
+</section>
+
+
+</chapter>

doc/manual/introduction.xml

@@ -0,0 +1,337 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="chap-introduction">
+
+<title>Introduction</title>
+
+
+<section><title>About Nix</title>
+
+<para>Nix is a <emphasis>purely functional package manager</emphasis>.
+This means that it treats packages like values in purely functional
+programming languages such as Haskell — they are built by functions
+that don’t have side-effects, and they never change after they have
+been built.  Nix stores packages in the <emphasis>Nix
+store</emphasis>, usually the directory
+<filename>/nix/store</filename>, where each package has its own unique
+subdirectory such as
+
+<programlisting>
+/nix/store/r8vvq9kq18pz08v249h8my6r9vs7s0n3-firefox-2.0.0.1/
+</programlisting>
+
+where <literal>r8vvq9kq…</literal> is a unique identifier for the
+package that captures all its dependencies (it’s a cryptographic hash
+of the package’s build dependency graph).  This enables many powerful
+features.</para>
+
+
+<simplesect><title>Multiple versions</title>
+
+<para>You can have multiple versions or variants of a package
+installed at the same time.  This is especially important when
+different applications have dependencies on different versions of the
+same package — it prevents the “DLL hell”.  Because of the hashing
+scheme, different versions of a package end up in different paths in
+the Nix store, so they don’t interfere with each other.</para>
+
+<para>An important consequence is that operations like upgrading or
+uninstalling an application cannot break other applications, since
+these operations never “destructively” update or delete files that are
+used by other packages.</para>
+
+</simplesect>
+
+
+<simplesect><title>Complete dependencies</title>
+
+<para>Nix helps you make sure that package dependency specifications
+are complete.  In general, when you’re making a package for a package
+management system like RPM, you have to specify for each package what
+its dependencies are, but there are no guarantees that this
+specification is complete.  If you forget a dependency, then the
+package will build and work correctly on <emphasis>your</emphasis>
+machine if you have the dependency installed, but not on the end
+user's machine if it's not there.</para>
+
+<para>Since Nix on the other hand doesn’t install packages in “global”
+locations like <filename>/usr/bin</filename> but in package-specific
+directories, the risk of incomplete dependencies is greatly reduced.
+This is because tools such as compilers don’t search in per-packages
+directories such as
+<filename>/nix/store/5lbfaxb722zp…-openssl-0.9.8d/include</filename>,
+so if a package builds correctly on your system, this is because you
+specified the dependency explicitly.</para>
+
+<para>Runtime dependencies are found by scanning binaries for the hash
+parts of Nix store paths (such as <literal>r8vvq9kq…</literal>).  This
+sounds risky, but it works extremely well.</para>
+
+</simplesect>
+
+
+<simplesect><title>Multi-user support</title>
+
+<para>Starting at version 0.11, Nix has multi-user support.  This
+means that non-privileged users can securely install software.  Each
+user can have a different <emphasis>profile</emphasis>, a set of
+packages in the Nix store that appear in the user’s
+<envar>PATH</envar>.  If a user installs a package that another user
+has already installed previously, the package won’t be built or
+downloaded a second time.  At the same time, it is not possible for
+one user to inject a Trojan horse into a package that might be used by
+another user.</para>
+
+<!--
+<para>More details can be found in Section 3 of our <a
+href="docs/papers.html#securesharing">ASE 2005 paper</a>.</para>
+-->
+
+</simplesect>
+
+
+<simplesect><title>Atomic upgrades and rollbacks</title>
+
+<para>Since package management operations never overwrite packages in
+the Nix store but just add new versions in different paths, they are
+<emphasis>atomic</emphasis>.  So during a package upgrade, there is no
+time window in which the package has some files from the old version
+and some files from the new version — which would be bad because a
+program might well crash if it’s started during that period.</para>
+
+<para>And since package aren’t overwritten, the old versions are still
+there after an upgrade.  This means that you can <emphasis>roll
+back</emphasis> to the old version:</para>
+
+<screen>
+$ nix-env --upgrade <replaceable>some-packages</replaceable>
+$ nix-env --rollback
+</screen>
+
+</simplesect>
+
+
+<simplesect><title>Garbage collection</title>
+
+<para>When you install a package like this…
+
+<screen>
+$ nix-env --uninstall firefox
+</screen>
+
+the package isn’t deleted from the system right away (after all, you
+might want to do a rollback, or it might be in the profiles of other
+users).  Instead, unused packages can be deleted safely by running the
+<emphasis>garbage collector</emphasis>:
+
+<screen>
+$ nix-collect-garbage
+</screen>
+
+This deletes all packages that aren’t in use by any user profile or by
+a currently running program.</para>
+
+</simplesect>
+
+
+<simplesect><title>Functional package language</title>
+
+<para>Packages are built from <emphasis>Nix expressions</emphasis>,
+which is a simple functional language.  A Nix expression describes
+everything that goes into a package build action (a “derivation”):
+other packages, sources, the build script, environment variables for
+the build script, etc.  Nix tries very hard to ensure that Nix
+expressions are <emphasis>deterministic</emphasis>: building a Nix
+expression twice should yield the same result.</para>
+
+<para>Because it’s a functional language, it’s easy to support
+building variants of a package: turn the Nix expression into a
+function and call it any number of times with the appropriate
+arguments.  Due to the hashing scheme, variants don’t conflict with
+each other in the Nix store.</para>
+
+</simplesect>
+
+
+<simplesect><title>Transparent source/binary deployment</title>
+
+<para>Nix expressions generally describe how to build a package from
+source, so an installation action like
+
+<screen>
+$ nix-env --install firefox
+</screen>
+
+<emphasis>could</emphasis> cause quite a bit of build activity, as not
+only Firefox but also all its dependencies (all the way up to the C
+library and the compiler) would have to built, at least if they are
+not already in the Nix store.  This is a <emphasis>source deployment
+model</emphasis>.  For most users, building from source is not very
+pleasant as it takes far too long.  However, Nix can automatically
+skip building from source and download a pre-built binary instead if
+it knows about it.  <emphasis>Nix channels</emphasis> provide Nix
+expressions along with pre-built binaries.</para>
+
+<!--
+<para>source deployment model (like <a
+href="http://www.gentoo.org/">Gentoo</a>) and a binary model (like
+RPM)</para>
+-->
+
+</simplesect>
+
+
+<simplesect><title>Binary patching</title>
+
+<para>In addition to downloading binaries automatically if they’re
+available, Nix can download binary deltas that patch an existing
+package in the Nix store into a new version.  This speeds up
+upgrades.</para>
+
+</simplesect>
+
+
+<simplesect><title>Nix Packages collection</title>
+
+<para>We provide a large set of Nix expressions containing hundreds of
+existing Unix packages, the <emphasis>Nix Packages
+collection</emphasis> (Nixpkgs).</para>
+
+</simplesect>
+
+
+<simplesect><title>Service deployment</title>
+
+<para>Nix can be used not only for rolling out packages, but also
+complete <emphasis>configurations</emphasis> of services.  This is
+done by treating all the static bits of a service (such as software
+packages, configuration files, control scripts, static web pages,
+etc.) as “packages” that can be built by Nix expressions.  As a
+result, all the features above apply to services as well: for
+instance, you can roll back a web server configuration if a
+configuration change turns out to be undesirable, you can easily have
+multiple instances of a service (e.g., a test and production server),
+and because the whole service is built in a purely functional way from
+a Nix expression, it is repeatable so you can easily reproduce the
+service on another machine.</para>
+
+<!--
+<para>You can read more about this in our <a
+href="docs/papers.html#servicecm">SCM-12 paper</a>.</para>
+-->
+
+</simplesect>
+
+
+<simplesect><title>Portability</title>
+
+<para>Nix should run on most Unix systems, including Linux, FreeBSD and
+Mac OS X.  It is also supported on Windows using Cygwin.</para>
+
+</simplesect>
+
+
+<simplesect><title>NixOS</title>
+
+<para>NixOS is a Linux distribution based on Nix.  It uses Nix not
+just for package management but also to manage the system
+configuration (e.g., to build configuration files in
+<filename>/etc</filename>).  This means, among other things, that it’s
+possible to easily roll back the entire configuration of the system to
+an earlier state.  Also, users can install software without root
+privileges.  For more information and downloads, see the <link
+xlink:href="http://nixos.org/">NixOS homepage</link>.</para>
+
+</simplesect>
+
+
+<!-- other features:
+
+- build farms
+- reproducibility (Nix expressions allows whole configuration to be rebuilt)
+
+-->
+
+</section>
+
+
+<section><title>About us</title>
+
+<para>Nix was originally developed at the <link
+xlink:href="http://www.cs.uu.nl/">Department of Information and
+Computing Sciences</link>, Utrecht University by the <link
+xlink:href="http://www.cs.uu.nl/wiki/Trace/WebHome">TraCE
+project</link> (2003-2008).  The project was funded by the Software
+Engineering Research Program <link
+xlink:href="http://www.jacquard.nl/">Jacquard</link> to improve the
+support for variability in software systems.  Further funding is now
+provided by the NIRICT LaQuSo Build Farm project.</para>
+
+</section>
+
+
+<section><title>About this manual</title>
+
+<para>This manual tells you how to install and use Nix and how to
+write Nix expressions for software not already in the Nix Packages
+collection.  It also discusses some advanced topics, such as setting
+up a Nix-based build farm.</para>
+
+</section>
+
+
+<section><title>License</title>
+
+<para>Nix is free software; you can redistribute it and/or modify it
+under the terms of the <link
+xlink:href="http://www.gnu.org/licenses/lgpl.html">GNU Lesser General
+Public License</link> as published by the <link
+xlink:href="http://www.fsf.org/">Free Software Foundation</link>;
+either version 2.1 of the License, or (at your option) any later
+version.  Nix is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.</para>
+
+</section>
+
+
+<section><title>More information</title>
+
+<para>Some background information on Nix can be found in a number of
+papers.  The ICSE 2004 paper <citetitle
+xlink:href='http://www.st.ewi.tudelft.nl/~dolstra/pubs/immdsd-icse2004-final.pdf'>Imposing
+a Memory Management Discipline on Software Deployment</citetitle>
+discusses the hashing mechanism used to ensure reliable dependency
+identification and non-interference between different versions and
+variants of packages.  The LISA 2004 paper <citetitle
+xlink:href='http://www.st.ewi.tudelft.nl/~dolstra/pubs/nspfssd-lisa2004-final.pdf'>Nix:
+A Safe and Policy-Free System for Software Deployment</citetitle>
+gives a more general discussion of Nix from a system-administration
+perspective.  The CBSE 2005 paper <citetitle
+xlink:href='http://www.st.ewi.tudelft.nl/~dolstra/pubs/eupfcdm-cbse2005-final.pdf'>Efficient
+Upgrading in a Purely Functional Component Deployment Model
+</citetitle> is about transparent patch deployment in Nix.  The SCM-12
+paper <citetitle
+xlink:href='http://www.st.ewi.tudelft.nl/~dolstra/pubs/servicecm-scm12-final.pdf'>
+Service Configuration Management</citetitle> shows how services (e.g.,
+web servers) can be deployed and managed through Nix.  A short
+overview of NixOS is given in the HotOS XI paper <citetitle
+xlink:href="http://www.st.ewi.tudelft.nl/~dolstra/pubs/hotos-final.pdf">Purely
+Functional System Configuration Management</citetitle>.  The Nix
+homepage has <link
+xlink:href="http://nix.cs.uu.nl/docs/papers.html">an up-to-date list
+of Nix-related papers</link>.</para>
+
+<para>Nix is the subject of Eelco Dolstra’s PhD thesis <citetitle
+xlink:href="http://igitur-archive.library.uu.nl/dissertations/2006-0118-200031/index.htm">The
+Purely Functional Software Deployment Model</citetitle>, which
+contains most of the papers listed above.</para>
+
+<para>Nix has a homepage at <link
+xlink:href="http://nixos.org/"/>.</para>
+
+</section>
+
+
+</chapter>

doc/manual/local.mk

@@ -1,71 +0,0 @@
-ifeq ($(doc_generate),yes)
-
-MANUAL_SRCS := $(call rwildcard, $(d)/src, *.md)
-
-# Generate man pages.
-man-pages := $(foreach n, \
-  nix-env.1 nix-build.1 nix-shell.1 nix-store.1 nix-instantiate.1 nix.1 \
-  nix-collect-garbage.1 \
-  nix-prefetch-url.1 nix-channel.1 \
-  nix-hash.1 nix-copy-closure.1 \
-  nix.conf.5 nix-daemon.8, \
-  $(d)/$(n))
-
-clean-files += $(d)/*.1 $(d)/*.5 $(d)/*.8
-
-dist-files += $(man-pages)
-
-nix-eval = $(bindir)/nix eval --experimental-features nix-command -I nix/corepkgs=corepkgs --store dummy:// --impure --raw --expr
-
-$(d)/%.1: $(d)/src/command-ref/%.md
-	@printf "Title: %s\n\n" "$$(basename $@ .1)" > $^.tmp
-	@cat $^ >> $^.tmp
-	$(trace-gen) lowdown -sT man $^.tmp -o $@
-	@rm $^.tmp
-
-$(d)/%.8: $(d)/src/command-ref/%.md
-	@printf "Title: %s\n\n" "$$(basename $@ .8)" > $^.tmp
-	@cat $^ >> $^.tmp
-	$(trace-gen) lowdown -sT man $^.tmp -o $@
-	@rm $^.tmp
-
-$(d)/nix.conf.5: $(d)/src/command-ref/conf-file.md
-	@printf "Title: %s\n\n" "$$(basename $@ .5)" > $^.tmp
-	@cat $^ >> $^.tmp
-	$(trace-gen) lowdown -sT man $^.tmp -o $@
-	@rm $^.tmp
-
-$(d)/src/command-ref/nix.md: $(d)/nix.json $(d)/generate-manpage.nix $(bindir)/nix
-	$(trace-gen) $(nix-eval) 'import doc/manual/generate-manpage.nix (builtins.fromJSON (builtins.readFile $<))' > $@.tmp
-	@mv $@.tmp $@
-
-$(d)/src/command-ref/conf-file.md: $(d)/conf-file.json $(d)/generate-options.nix $(d)/src/command-ref/conf-file-prefix.md $(bindir)/nix
-	@cat doc/manual/src/command-ref/conf-file-prefix.md > $@.tmp
-	$(trace-gen) $(nix-eval) 'import doc/manual/generate-options.nix (builtins.fromJSON (builtins.readFile $<))' >> $@.tmp
-	@mv $@.tmp $@
-
-$(d)/nix.json: $(bindir)/nix
-	$(trace-gen) $(bindir)/nix __dump-args > $@.tmp
-	@mv $@.tmp $@
-
-$(d)/conf-file.json: $(bindir)/nix
-	$(trace-gen) env -i NIX_CONF_DIR=/dummy HOME=/dummy NIX_SSL_CERT_FILE=/dummy/no-ca-bundle.crt $(bindir)/nix show-config --json --experimental-features nix-command > $@.tmp
-	@mv $@.tmp $@
-
-$(d)/src/expressions/builtins.md: $(d)/builtins.json $(d)/generate-builtins.nix $(d)/src/expressions/builtins-prefix.md $(bindir)/nix
-	@cat doc/manual/src/expressions/builtins-prefix.md > $@.tmp
-	$(trace-gen) $(nix-eval) 'import doc/manual/generate-builtins.nix (builtins.fromJSON (builtins.readFile $<))' >> $@.tmp
-	@mv $@.tmp $@
-
-$(d)/builtins.json: $(bindir)/nix
-	$(trace-gen) NIX_PATH=nix/corepkgs=corepkgs $(bindir)/nix __dump-builtins > $@.tmp
-	mv $@.tmp $@
-
-# Generate the HTML manual.
-install: $(docdir)/manual/index.html
-
-$(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/custom.css $(d)/src/command-ref/nix.md $(d)/src/command-ref/conf-file.md $(d)/src/expressions/builtins.md
-	$(trace-gen) mdbook build doc/manual -d $(docdir)/manual
-	@cp doc/manual/highlight.pack.js $(docdir)/manual/highlight.js
-
-endif

doc/manual/manual.xml

@@ -0,0 +1,122 @@
+<book xmlns="http://docbook.org/ns/docbook"
+      xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <info>
+
+    <title>Nix User's Guide</title>
+
+    <subtitle>Draft (Version <xi:include href="version.txt"
+    parse="text" />)</subtitle>
+
+    <author>
+      <personname>
+        <firstname>Eelco</firstname>
+        <surname>Dolstra</surname>
+      </personname>
+      <affiliation>
+        <orgname>Delft University of Technology</orgname>
+        <orgdiv>Department of Software Technology</orgdiv>
+      </affiliation>
+    </author>
+
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2006</year>
+      <year>2007</year>
+      <year>2008</year>
+      <holder>Eelco Dolstra</holder>
+    </copyright>
+
+    <date>November 2008</date>
+    
+  </info>
+
+  
+  <xi:include href="introduction.xml" />
+  <xi:include href="quick-start.xml" />
+  <xi:include href="installation.xml" />
+  <xi:include href="package-management.xml" />
+  <xi:include href="writing-nix-expressions.xml" />
+  <xi:include href="build-farm.xml" />
+
+
+  <appendix>
+    <title>Command Reference</title>
+    <xi:include href="opt-common.xml" />
+    <xi:include href="env-common.xml" />
+    <xi:include href="conf-file.xml" />
+    
+    <section>
+      <title>Main commands</title>
+      <section xml:id="sec-nix-env">
+        <title>nix-env</title>
+        <xi:include href="nix-env.xml" />
+      </section>
+      <section xml:id="sec-nix-instantiate">
+        <title>nix-instantiate</title>
+        <xi:include href="nix-instantiate.xml" />
+      </section>
+      <section xml:id="sec-nix-store">
+        <title>nix-store</title>
+        <xi:include href="nix-store.xml" />
+      </section>
+    </section>
+    
+    <section>
+      <title>Utilities</title>
+      <section xml:id="sec-nix-build">
+        <title>nix-build</title>
+        <xi:include href="nix-build.xml" />
+      </section>
+      <section xml:id="sec-nix-channel">
+        <title>nix-channel</title>
+        <xi:include href="nix-channel.xml" />
+      </section>
+      <section xml:id="sec-nix-collect-garbage">
+        <title>nix-collect-garbage</title>
+        <xi:include href="nix-collect-garbage.xml" />
+      </section>
+      <section xml:id="sec-nix-copy-closure">
+        <title>nix-copy-closure</title>
+        <xi:include href="nix-copy-closure.xml" />
+      </section>
+      <section xml:id="sec-nix-hash">
+        <title>nix-hash</title>
+        <xi:include href="nix-hash.xml" />
+      </section>
+      <section xml:id="sec-nix-install-package">
+        <title>nix-install-package</title>
+        <xi:include href="nix-install-package.xml" />
+      </section>
+      <section xml:id="sec-nix-prefetch-url">
+        <title>nix-prefetch-url</title>
+        <xi:include href="nix-prefetch-url.xml" />
+      </section>
+      <section xml:id="sec-nix-pull">
+        <title>nix-pull</title>
+        <xi:include href="nix-pull.xml" />
+      </section>
+      <section xml:id="sec-nix-push">
+        <title>nix-push</title>
+        <xi:include href="nix-push.xml" />
+      </section>
+      <section xml:id="sec-nix-worker">
+        <title>nix-worker</title>
+        <xi:include href="nix-worker.xml" />
+      </section>
+    </section>
+    
+  </appendix>
+
+  <xi:include href="troubleshooting.xml" />
+  <!-- <xi:include href="bugs.xml" /> -->
+  <xi:include href="glossary.xml" />
+
+  <appendix>
+    <title>Nix Release Notes</title>
+    <xi:include href="release-notes.xml"
+                xpointer="xmlns(x=http://docbook.org/ns/docbook)xpointer(x:article/x:section)" />
+  </appendix>
+    
+</book>

doc/manual/nix-build.xml

@@ -0,0 +1,145 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-build</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-build</refname>
+  <refpurpose>build a Nix expression</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-build</command>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="opt-common-syn.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(/db:nop/*)" />
+    <arg><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></arg>
+    <arg><option>--argstr</option> <replaceable>name</replaceable> <replaceable>value</replaceable></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--attr</option></arg>
+        <arg choice='plain'><option>-A</option></arg>
+      </group>
+      <replaceable>attrPath</replaceable>
+    </arg>
+    <arg><option>--add-drv-link</option></arg>
+    <arg><option>--drv-link </option><replaceable>drvlink</replaceable></arg>
+    <arg><option>--no-out-link</option></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--out-link</option></arg>
+        <arg choice='plain'><option>-o</option></arg>
+      </group>
+      <replaceable>outlink</replaceable>
+    </arg>
+    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsection><title>Description</title>
+
+<para>The <command>nix-build</command> command builds the derivations
+described by the Nix expressions in <replaceable>paths</replaceable>.
+If the build succeeds, it places a symlink to the result in the
+current directory.  The symlink is called <filename>result</filename>.
+If there are multiple Nix expressions, or the Nix expressions evaluate
+to multiple derivations, multiple sequentially numbered symlinks are
+created (<filename>result</filename>, <filename>result-2</filename>,
+and so on).</para>
+
+<para>If no <replaceable>paths</replaceable> are specified, then
+<command>nix-build</command> will use <filename>default.nix</filename>
+in the current directory, if it exists.</para>
+
+<para><command>nix-build</command> is essentially a wrapper around
+<link
+linkend="sec-nix-instantiate"><command>nix-instantiate</command></link>
+(to translate a high-level Nix expression to a low-level store
+derivation) and <link
+linkend="rsec-nix-store-realise"><command>nix-store
+--realise</command></link> (to build the store derivation).</para>
+
+<warning><para>The result of the build is automatically registered as
+a root of the Nix garbage collector.  This root disappears
+automatically when the <filename>result</filename> symlink is deleted
+or renamed.  So don’t rename the symlink.</para></warning>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<para>See also <xref linkend="sec-common-options" />.  All options not
+listed here are passed to <command>nix-store --realise</command>,
+except for <option>--arg</option> and <option>--attr</option> /
+<option>-A</option> which are passed to
+<command>nix-instantiate</command>.</para>
+
+<variablelist>
+
+  <varlistentry><term><option>--add-drv-link</option></term>
+  
+    <listitem><para>Add a symlink in the current directory to the
+    store derivation produced by <command>nix-instantiate</command>.
+    The symlink is called <filename>derivation</filename> (which is
+    numbered in the case of multiple derivations).  The derivation is
+    a root of the garbage collector until the symlink is deleted or
+    renamed.</para></listitem>
+    
+  </varlistentry>
+
+  <varlistentry><term><option>--drv-link</option> <replaceable>drvlink</replaceable></term>
+  
+    <listitem><para>Change the name of the symlink to the derivation
+    created when <option>--add-drv-link</option> is used from
+    <filename>derivation</filename> to
+    <replaceable>drvlink</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--no-out-link</option></term>
+  
+    <listitem><para>Do not create a symlink to the output path.  Note
+    that as a result the output does not become a root of the garbage
+    collector, and so might be deleted by <command>nix-store
+    --gc</command>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry xml:id='opt-out-link'><term><option>--out-link</option> /
+  <option>-o</option> <replaceable>outlink</replaceable></term>
+  
+    <listitem><para>Change the name of the symlink to the output path
+    created unless <option>--no-out-link</option> is used from
+    <filename>result</filename> to
+    <replaceable>outlink</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<screen>
+$ nix-build pkgs/top-level/all-packages.nix -A firefox
+store derivation is /nix/store/qybprl8sz2lc...-firefox-1.5.0.7.drv
+/nix/store/d18hyl92g30l...-firefox-1.5.0.7
+
+$ ls -l result
+lrwxrwxrwx  <replaceable>...</replaceable>  result -> /nix/store/d18hyl92g30l...-firefox-1.5.0.7
+
+$ ls ./result/bin/
+firefox  firefox-config</screen>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-channel.xml

@@ -0,0 +1,92 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-channel</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-channel</refname>
+  <refpurpose>manage Nix channels</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-channel</command>
+    <group choice='req'>
+      <arg choice='plain'><option>--add</option> <replaceable>url</replaceable></arg>
+      <arg choice='plain'><option>--remove</option> <replaceable>url</replaceable></arg>
+      <arg choice='plain'><option>--list</option></arg>
+      <arg choice='plain'><option>--update</option></arg>
+    </group>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsection><title>Description</title>
+
+<para>A Nix channel is mechanism that allows you to automatically stay
+up-to-date with a set of pre-built Nix expressions.  A Nix channel is
+just a URL that points to a place that contains a set of Nix
+expressions, as well as a <command>nix-push</command> manifest.  See
+also <xref linkend="sec-channels" />.</para>
+
+<para>This command has the following operations:
+
+<variablelist>
+
+  <varlistentry><term><option>--add</option> <replaceable>url</replaceable></term>
+
+    <listitem><para>Adds <replaceable>url</replaceable> to the list of
+    subscribed channels.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--remove</option> <replaceable>url</replaceable></term>
+
+    <listitem><para>Removes <replaceable>url</replaceable> from the
+    list of subscribed channels.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--list</option></term>
+
+    <listitem><para>Prints the URLs of all subscribed channels on
+    standard output.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--update</option></term>
+
+    <listitem><para>Downloads the Nix expressions of all subscribed
+    channels, makes them the default for <command>nix-env</command>
+    operations (by symlinking them in the directory
+    <filename>~/.nix-defexpr</filename>), and performs a
+    <command>nix-pull</command> on the manifests of all channels to
+    make pre-built binaries available.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+<para>Note that <option>--add</option> and <option>--remove</option>
+do not automatically perform an update.</para>
+
+<para>The list of subscribed channels is stored in
+<filename>~/.nix-channels</filename>.</para>
+
+<para>A channel consists of two elements: a bzipped Tar archive
+containing the Nix expressions, and a manifest created by
+<command>nix-push</command>.  These must be stored under
+<literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal> and
+<literal><replaceable>url</replaceable>/MANIFEST</literal>,
+respectively.</para>
+
+</refsection>
+
+</refentry>

doc/manual/nix-collect-garbage.xml

@@ -0,0 +1,58 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-collect-garbage</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-collect-garbage</refname>
+  <refpurpose>delete unreachable store paths</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-collect-garbage</command>
+    <arg><option>--delete-old</option></arg>
+    <arg><option>-d</option></arg>
+    <group choice='opt'>
+      <arg choice='plain'><option>--print-roots</option></arg>
+      <arg choice='plain'><option>--print-live</option></arg>
+      <arg choice='plain'><option>--print-dead</option></arg>
+      <arg choice='plain'><option>--delete</option></arg>
+    </group>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-collect-garbage</command> is mostly an
+alias of <link linkend="rsec-nix-store-gc"><command>nix-store
+--gc</command></link>, that is, it deletes all unreachable paths in
+the Nix store to clean up your system.  However, it provides an
+additional option <option>-d</option> (<option>--delete-old</option>)
+that deletes all old generations of all profiles in
+<filename>/nix/var/nix/profiles</filename> by invoking
+<literal>nix-env --delete-generations old</literal> on all profiles.
+Of course, this makes rollbacks to previous configurations
+impossible.</para>
+
+</refsection>
+
+<refsection><title>Example</title>
+
+<para>To delete from the Nix store everything that is not used by the
+current generations of each profile, do
+
+<screen>
+$ nix-collect-garbage -d</screen>
+
+</para>
+
+</refsection>
+
+</refentry>

doc/manual/nix-copy-closure.xml

@@ -0,0 +1,151 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-copy-closure</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-copy-closure</refname>
+  <refpurpose>copy a closure to or from a remote machine via SSH</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-copy-closure</command>
+    <group>
+      <arg choice='plain'><option>--to</option></arg>
+      <arg choice='plain'><option>--from</option></arg>
+    </group>
+    <arg><option>--sign</option></arg>
+    <arg><option>--gzip</option></arg>
+    <arg choice='plain'>
+      <arg><replaceable>user@</replaceable></arg><replaceable>machine</replaceable>
+    </arg>
+    <arg choice='plain'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para><command>nix-copy-closure</command> gives you an easy and
+efficient way to exchange software between machines.  Given one or
+more Nix store paths <replaceable>paths</replaceable> on the local
+machine, <command>nix-copy-closure</command> computes the closure of
+those paths (i.e. all their dependencies in the Nix store), and copies
+all paths in the closure to the remote machine via the
+<command>ssh</command> (Secure Shell) command.  With the
+<option>--from</option>, the direction is reversed:
+the closure of <replaceable>paths</replaceable> on a remote machine is
+copied to the Nix store on the local machine.</para>
+
+<para>This command is efficient because it only sends the store paths
+that are missing on the target machine.</para>
+
+<para>Since <command>nix-copy-closure</command> calls
+<command>ssh</command>, you may be asked to type in the appropriate
+password or passphrase.  In fact, you may be asked
+<emphasis>twice</emphasis> because <command>nix-copy-closure</command>
+currently connects twice to the remote machine, first to get the set
+of paths missing on the target machine, and second to send the dump of
+those paths.  If this bothers you, use
+<command>ssh-agent</command>.</para>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+  
+  <varlistentry><term><option>--to</option></term>
+
+    <listitem><para>Copy the closure of
+    <replaceable>paths</replaceable> from the local Nix store to the
+    Nix store on <replaceable>machine</replaceable>.  This is the
+    default.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--from</option></term>
+
+    <listitem><para>Copy the closure of
+    <replaceable>paths</replaceable> from the Nix store on
+    <replaceable>machine</replaceable> to the local Nix
+    store.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--sign</option></term>
+
+    <listitem><para>Let the sending machine cryptographically sign the
+    dump of each path with the key in
+    <filename>/nix/etc/nix/signing-key.sec</filename>.  If the user on
+    the target machine does not have direct access to the Nix store
+    (i.e., if the target machine has a multi-user Nix installation),
+    then the target machine will check the dump against
+    <filename>/nix/etc/nix/signing-key.pub</filename> before unpacking
+    it in its Nix store.  This allows secure sharing of store paths
+    between untrusted users on two machines, provided that there is a
+    trust relation between the Nix installations on both machines
+    (namely, they have matching public/secret keys).</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--gzip</option></term>
+
+    <listitem><para>Compress the dump of each path with
+    <command>gzip</command> before sending it.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Environment variables</title>
+
+<variablelist>
+
+  <varlistentry><term><envar>NIX_SSHOPTS</envar></term>
+
+    <listitem><para>Additional options to be passed to
+    <command>ssh</command> on the command line.</para></listitem>
+
+  </varlistentry>
+  
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>Copy Firefox with all its dependencies to a remote machine:
+
+<screen>
+$ nix-copy-closure --to alice@itchy.labs $(type -tP firefox)</screen>
+
+</para>
+
+<para>Copy Subversion from a remote machine and then install it into a
+user environment:
+
+<screen>
+$ nix-copy-closure --from alice@itchy.labs \
+    /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
+$ nix-env -i /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
+</screen>
+
+</para>
+
+</refsection>
+
+
+</refsection>
+
+</refentry>

doc/manual/nix-hash.xml

@@ -0,0 +1,162 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-hash</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-hash</refname>
+  <refpurpose>compute the cryptographic hash of a path</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-hash</command>
+    <arg><option>--flat</option></arg>
+    <arg><option>--base32</option></arg>
+    <arg><option>--truncate</option></arg>
+    <arg><option>--type</option> <replaceable>hashAlgo</replaceable></arg>
+    <arg choice='plain' rep='repeat'><replaceable>path</replaceable></arg>
+  </cmdsynopsis>
+  <cmdsynopsis>
+    <command>nix-hash</command>
+    <arg choice='plain'><option>--to-base16</option></arg>
+    <arg choice='plain' rep='repeat'><replaceable>hash</replaceable></arg>
+  </cmdsynopsis>
+  <cmdsynopsis>
+    <command>nix-hash</command>
+    <arg choice='plain'><option>--to-base32</option></arg>
+    <arg choice='plain' rep='repeat'><replaceable>hash</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-hash</command> computes the
+cryptographic hash of the contents of each
+<replaceable>path</replaceable> and prints it on standard output.  By
+default, it computes an MD5 hash, but other hash algorithms are
+available as well.  The hash is printed in hexadecimal.</para>
+
+<para>The hash is computed over a <emphasis>serialisation</emphasis>
+of each path: a dump of the file system tree rooted at the path.  This
+allows directories and symlinks to be hashed as well as regular files.
+The dump is in the <emphasis>NAR format</emphasis> produced by <link
+linkend="refsec-nix-store-dump"><command>nix-store</command>
+<option>--dump</option></link>.  Thus, <literal>nix-hash
+<replaceable>path</replaceable></literal> yields the same
+cryptographic hash as <literal>nix-store --dump
+<replaceable>path</replaceable> | md5sum</literal>.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+  
+  <varlistentry><term><option>--flat</option></term>
+
+    <listitem><para>Print the cryptographic hash of the contents of
+    each regular file <replaceable>path</replaceable>.  That is, do
+    not compute the hash over the dump of
+    <replaceable>path</replaceable>.  The result is identical to that
+    produced by the GNU commands <command>md5sum</command> and
+    <command>sha1sum</command>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--base32</option></term>
+
+    <listitem><para>Print the hash in a base-32 representation rather
+    than hexadecimal.  This base-32 representation is more compact and
+    can be used in Nix expressions (such as in calls to
+    <function>fetchurl</function>).</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--truncate</option></term>
+
+    <listitem><para>Truncate hashes longer than 160 bits (such as
+    SHA-256) to 160 bits.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--type</option> <replaceable>hashAlgo</replaceable></term>
+
+    <listitem><para>Specify a cryptographic hash, which can be one of
+    <literal>md5</literal>, <literal>sha1</literal>, and
+    <literal>sha256</literal>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--to-base16</option></term>
+
+    <listitem><para>Don’t hash anything, but convert the base-32 hash
+    representation <replaceable>hash</replaceable> to
+    hexadecimal.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--to-base32</option></term>
+
+    <listitem><para>Don’t hash anything, but convert the hexadecimal
+    hash representation <replaceable>hash</replaceable> to
+    base-32.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>Computing hashes:
+
+<screen>
+$ mkdir test
+$ echo "hello" > test/world
+
+$ nix-hash test/ <lineannotation>(MD5 hash; default)</lineannotation>
+8179d3caeff1869b5ba1744e5a245c04
+
+$ nix-store --dump test/ | md5sum <lineannotation>(for comparison)</lineannotation>
+8179d3caeff1869b5ba1744e5a245c04  -
+
+$ nix-hash --type sha1 test/
+e4fd8ba5f7bbeaea5ace89fe10255536cd60dab6
+
+$ nix-hash --type sha1 --base32 test/
+nvd61k9nalji1zl9rrdfmsmvyyjqpzg4
+
+$ nix-hash --type sha256 --flat test/
+error: reading file `test/': Is a directory
+
+$ nix-hash --type sha256 --flat test/world
+5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03</screen>
+
+</para>
+
+<para>Converting between hexadecimal and base-32:
+
+<screen>
+$ nix-hash --type sha1 --to-base32 e4fd8ba5f7bbeaea5ace89fe10255536cd60dab6
+nvd61k9nalji1zl9rrdfmsmvyyjqpzg4
+
+$ nix-hash --type sha1 --to-base16 nvd61k9nalji1zl9rrdfmsmvyyjqpzg4
+e4fd8ba5f7bbeaea5ace89fe10255536cd60dab6</screen>
+
+</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-install-package.xml

@@ -0,0 +1,197 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-install-package</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-install-package</refname>
+  <refpurpose>install a Nix Package file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-install-package</command>
+    <arg><option>--non-interactive</option></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--profile</option></arg>
+        <arg choice='plain'><option>-p</option></arg>
+      </group>
+      <replaceable>path</replaceable>
+    </arg>
+    <sbr />
+    <group choice='req'>
+      <arg choice='req'>
+        <option>--url</option>
+        <arg choice='plain'><replaceable>url</replaceable></arg>
+      </arg>
+      <arg choice='req'>
+        <arg choice='plain'><replaceable>file</replaceable></arg>
+      </arg>
+    </group>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-install-package</command> interactively
+installs a Nix Package file (<filename>*.nixpkg</filename>), which is
+a small file that contains a store path to be installed along with the
+URL of a <link linkend="sec-nix-push"><command>nix-push</command>
+manifest</link>.  The Nix Package file is either
+<replaceable>file</replaceable>, or automatically downloaded from
+<replaceable>url</replaceable> if the <option>--url</option> switch is
+used.</para>
+
+<para><command>nix-install-package</command> is used in <link
+linkend="sec-one-click">one-click installs</link> to download and
+install pre-built binary packages with all necessary dependencies.
+<command>nix-install-package</command> is intended to be associated
+with the MIME type <literal>application/nix-package</literal> in a web
+browser so that it is invoked automatically when you click on
+<filename>*.nixpkg</filename> files.  When invoked, it restarts itself
+in a terminal window (since otherwise it would be invisible when run
+from a browser), asks the user to confirm whether to install the
+package, and if so downloads and installs the package into the user’s
+current profile.</para>
+
+<para>To obtain a window, <command>nix-install-package</command> tries
+to restart itself with <command>xterm</command>,
+<command>konsole</command> and
+<command>gnome-terminal</command>.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+  
+  <varlistentry><term><option>--non-interactive</option></term>
+
+    <listitem><para>Do not open a new terminal window and do not ask
+    for confirmation.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--profile</option></term>
+    <term><option>-p</option></term>
+
+    <listitem><para>Install the package into the specified profile
+    rather than the user’s current profile.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To install <filename>subversion-1.4.0.nixpkg</filename> into the
+user’s current profile, without any prompting:
+
+<screen>
+$ nix-install-package --non-interactive subversion-1.4.0.nixpkg</screen>
+
+</para>
+
+<para>To install the same package from some URL into a different
+profile:
+
+<screen>
+$ nix-install-package --non-interactive -p /nix/var/nix/profiles/eelco \
+    --url http://nix.cs.uu.nl/dist/nix/nixpkgs-0.10pre6622/pkgs/subversion-1.4.0-i686-linux.nixpkg</screen>
+
+</para>
+
+</refsection>
+
+
+<refsection><title>Format of <literal>nixpkg</literal> files</title>
+
+<para>A Nix Package file consists of a single line with the following
+format:
+
+<screen>
+NIXPKG1 <replaceable>manifestURL</replaceable> <replaceable>name</replaceable> <replaceable>system</replaceable> <replaceable>drvPath</replaceable> <replaceable>outPath</replaceable></screen>
+
+The elemens are as follows:
+
+<variablelist>
+
+  <varlistentry><term><literal>NIXPKG1</literal></term>
+  
+    <listitem><para>The version of the Nix Package
+    file.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>manifestURL</replaceable></term>
+  
+    <listitem><para>The manifest to be pulled by
+    <command>nix-pull</command>.  The manifest must contain
+    <replaceable>outPath</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>name</replaceable></term>
+  
+    <listitem><para>The symbolic name and version of the
+    package.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>system</replaceable></term>
+  
+    <listitem><para>The platform identifier of the platform for which
+    this binary package is intended.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>drvPath</replaceable></term>
+  
+    <listitem><para>The path in the Nix store of the derivation from
+    which <replaceable>outPath</replaceable> was built.  Not currently
+    used.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>outPath</replaceable></term>
+  
+    <listitem><para>The path in the Nix store of the package.  After
+    <command>nix-install-package</command> has obtained the manifest
+    from <replaceable>manifestURL</replaceable>, it performs a
+    <literal>nix-env -i</literal> <replaceable>outPath</replaceable>
+    to install the binary package.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+  
+</para>
+
+<para>An example follows:
+
+<screen>
+NIXPKG1 http://.../nixpkgs-0.10pre6622/MANIFEST subversion-1.4.0 i686-darwin \
+  /nix/store/4kh60jkp...-subversion-1.4.0.drv \
+  /nix/store/nkw7wpgb...-subversion-1.4.0</screen>
+
+(The line breaks (<literal>\</literal>) are for presentation purposes
+and not part of the actual file.)
+
+</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-instantiate.xml

@@ -0,0 +1,200 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-instantiate</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-instantiate</refname>
+  <refpurpose>instantiate store derivations from Nix expressions</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-instantiate</command>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="opt-common-syn.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(/db:nop/*)" />
+    <arg><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--attr</option></arg>
+        <arg choice='plain'><option>-A</option></arg>
+      </group>
+      <replaceable>attrPath</replaceable>
+    </arg>
+    <arg><option>--add-root</option> <replaceable>path</replaceable></arg>
+    <arg><option>--indirect</option></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--parse-only</option></arg>
+        <arg choice='plain'>
+          <option>--eval-only</option>
+          <arg><option>--strict</option></arg>
+        </arg>
+      </group>
+      <arg><option>--xml</option></arg>
+    </arg>
+    <arg choice='plain' rep='repeat'><replaceable>files</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-instantiate</command> generates <link
+linkend="gloss-derivation">store derivations</link> from (high-level)
+Nix expressions.  It loads and evaluates the Nix expressions in each
+of <replaceable>files</replaceable>.  Each top-level expression should
+evaluate to a derivation, a list of derivations, or a set of
+derivations.  The paths of the resulting store derivations are printed
+on standard output.</para>
+
+<para>If <replaceable>files</replaceable> is the character
+<literal>-</literal>, then a Nix expression will be read from standard
+input.</para>
+
+<para>Most users and developers don’t need to use this command
+(<command>nix-env</command> and <command>nix-build</command> perform
+store derivation instantiation from Nix expressions automatically).
+It is most commonly used for implementing new deployment
+policies.</para>
+
+<para>See also <xref linkend="sec-common-options" /> for a list of
+common options.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+
+  <varlistentry>
+    <term><option>--add-root</option> <replaceable>path</replaceable></term>
+    <term><option>--indirect</option></term>
+
+    <listitem><para>See the <link linkend="opt-add-root">corresponding
+    options</link> in <command>nix-store</command>.</para></listitem>
+
+  </varlistentry>
+
+    
+  <varlistentry><term><option>--parse-only</option></term>
+  
+    <listitem><para>Just parse the input files, and print their
+    abstract syntax trees on standard output in ATerm
+    format.</para></listitem>
+    
+  </varlistentry>
+      
+  <varlistentry><term><option>--eval-only</option></term>
+  
+    <listitem><para>Just parse and evaluate the input files, and print
+    the resulting values on standard output.  No instantiation of
+    store derivations takes place.</para></listitem>
+    
+  </varlistentry>
+
+  <varlistentry><term><option>--xml</option></term>
+
+    <listitem><para>When used with <option>--parse-only</option> and
+    <option>--eval-only</option>, print the resulting expression as an
+    XML representation of the abstract syntax tree rather than as an
+    ATerm.  The schema is the same as that used by the <link
+    linkend="builtin-toXML"><function>toXML</function>
+    built-in</link>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--strict</option></term>
+
+    <listitem><para>When used with <option>--eval-only</option>,
+    recursively evaluate list elements and attributes.  Normally, such
+    sub-expressions are left unevaluated (since the Nix expression
+    language is lazy).</para>
+
+    <warning><para>This option can cause non-termination, because lazy
+    data structures can be infinitely large.</para></warning>
+
+    </listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>Instantiating store derivations from a Nix expression, and
+building them using <command>nix-store</command>:
+
+<screen>
+$ nix-instantiate test.nix <lineannotation>(instantiate)</lineannotation>
+/nix/store/cigxbmvy6dzix98dxxh9b6shg7ar5bvs-perl-BerkeleyDB-0.26.drv
+
+$ nix-store -r $(nix-instantiate test.nix) <lineannotation>(build)</lineannotation>
+<replaceable>...</replaceable>
+/nix/store/qhqk4n8ci095g3sdp93x7rgwyh9rdvgk-perl-BerkeleyDB-0.26 <lineannotation>(output path)</lineannotation>
+
+$ ls -l /nix/store/qhqk4n8ci095g3sdp93x7rgwyh9rdvgk-perl-BerkeleyDB-0.26
+dr-xr-xr-x    2 eelco    users        4096 1970-01-01 01:00 lib
+...</screen>
+
+</para>
+
+<para>Parsing and evaluating Nix expressions:
+
+<screen>
+$ echo '"foo" + "bar"' | nix-instantiate --parse-only -
+OpPlus(Str("foo"),Str("bar"))
+
+$ echo '"foo" + "bar"' | nix-instantiate --eval-only -
+Str("foobar")
+
+$ echo '"foo" + "bar"' | nix-instantiate --eval-only --xml -
+<![CDATA[<?xml version='1.0' encoding='utf-8'?>
+<expr>
+  <string value="foobar" />
+</expr>]]></screen>
+
+</para>
+
+<para>The difference between non-strict and strict evaluation:
+
+<screen>
+$ echo 'rec { x = "foo"; y = x; }' | nix-instantiate --eval-only --xml -
+<replaceable>...</replaceable><![CDATA[
+    <attr name="x">
+      <string value="foo" />
+    </attr>
+    <attr name="y">
+      <unevaluated />
+    </attr>]]>
+<replaceable>...</replaceable></screen>
+
+Note that <varname>y</varname> is left unevaluated (the XML
+representation doesn’t attempt to show non-normal forms).
+
+<screen>
+$ echo 'rec { x = "foo"; y = x; }' | nix-instantiate --eval-only --xml --strict -
+<replaceable>...</replaceable><![CDATA[
+    <attr name="x">
+      <string value="foo" />
+    </attr>
+    <attr name="y">
+      <string value="foo" />
+    </attr>]]>
+<replaceable>...</replaceable></screen>
+
+</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-lang-ref.xml

@@ -0,0 +1,277 @@
+<appendix>
+  <title>Nix Language Reference</title>
+
+  <sect1>
+    <title>Grammar</title>
+
+    <productionset>
+      <title>Expressions</title>
+      
+      <production id="nix.expr">
+        <lhs>Expr</lhs>
+        <rhs>
+          <nonterminal def="#nix.expr_function" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_function">
+        <lhs>ExprFunction</lhs>
+        <rhs>
+          '{' <nonterminal def="#nix.formals" /> '}' ':' <nonterminal def="#nix.expr_function" />
+          <sbr />|
+          <nonterminal def="#nix.expr_assert" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_assert">
+        <lhs>ExprAssert</lhs>
+        <rhs>
+          'assert' <nonterminal def="#nix.expr" /> ';' <nonterminal def="#nix.expr_assert" />
+          <sbr />|
+          <nonterminal def="#nix.expr_if" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_if">
+        <lhs>ExprIf</lhs>
+        <rhs>
+          'if' <nonterminal def="#nix.expr" /> 'then' <nonterminal def="#nix.expr" />
+          'else' <nonterminal def="#nix.expr" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_op">
+        <lhs>ExprOp</lhs>
+        <rhs>
+          '!' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '==' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '!=' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '&amp;&amp;' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '||' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '->' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '//' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '~' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '?' <nonterminal def="#nix.id" />
+          <sbr />|
+          <nonterminal def="#nix.expr_app" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_app">
+        <lhs>ExprApp</lhs>
+        <rhs>
+          <nonterminal def="#nix.expr_app" /> '.' <nonterminal def="#nix.expr_select" />
+          <sbr />|
+          <nonterminal def="#nix.expr_select" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_select">
+        <lhs>ExprSelect</lhs>
+        <rhs>
+          <nonterminal def="#nix.expr_select" /> <nonterminal def="#nix.id" />
+          <sbr />|
+          <nonterminal def="#nix.expr_simple" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_simple">
+        <lhs>ExprSimple</lhs>
+        <rhs>
+          <nonterminal def="#nix.id" /> |
+          <nonterminal def="#nix.int" /> |
+          <nonterminal def="#nix.str" /> |
+          <nonterminal def="#nix.path" /> |
+          <nonterminal def="#nix.uri" />
+          <sbr />|
+          'true' | 'false' | 'null'
+          <sbr />|
+          '(' <nonterminal def="#nix.expr" /> ')'
+          <sbr />|
+          '{' <nonterminal def="#nix.bind" />* '}'
+          <sbr />|
+          'let' '{' <nonterminal def="#nix.bind" />* '}'
+          <sbr />|
+          'rec' '{' <nonterminal def="#nix.bind" />* '}'
+          <sbr />|
+          '[' <nonterminal def="#nix.expr_select" />* ']'
+        </rhs>
+      </production>
+
+      <production id="nix.bind">
+        <lhs>Bind</lhs>
+        <rhs>
+          <nonterminal def="#nix.id" /> '=' <nonterminal def="#nix.expr" /> ';'
+          <sbr />|
+          'inherit' ('(' <nonterminal def="#nix.expr" /> ')')? <nonterminal def="#nix.id" />* ';'
+        </rhs>
+      </production>
+
+      <production id="nix.formals">
+        <lhs>Formals</lhs>
+        <rhs>
+          <nonterminal def="#nix.formal" /> ',' <nonterminal def="#nix.formals" />
+          | <nonterminal def="#nix.formal" />
+        </rhs>
+      </production>
+          
+      <production id="nix.formal">
+        <lhs>Formal</lhs>
+        <rhs>
+          <nonterminal def="#nix.id" />
+          <sbr />|
+          <nonterminal def="#nix.id" /> '?' <nonterminal def="#nix.expr" />
+        </rhs>
+      </production>
+          
+    </productionset>
+
+    <productionset>
+      <title>Terminals</title>
+
+      <production id="nix.id">
+        <lhs>Id</lhs>
+        <rhs>[a-zA-Z\_][a-zA-Z0-9\_\']*</rhs>
+      </production>
+    
+      <production id="nix.int">
+        <lhs>Int</lhs>
+        <rhs>[0-9]+</rhs>
+      </production>
+    
+      <production id="nix.str">
+        <lhs>Str</lhs>
+        <rhs>\"[^\n\"]*\"</rhs>
+      </production>
+
+      <production id="nix.path">
+        <lhs>Path</lhs>
+        <rhs>[a-zA-Z0-9\.\_\-\+]*(\/[a-zA-Z0-9\.\_\-\+]+)+</rhs>
+      </production>
+    
+      <production id="nix.uri">
+        <lhs>Uri</lhs>
+        <rhs>[a-zA-Z][a-zA-Z0-9\+\-\.]*\:[a-zA-Z0-9\%\/\?\:\@\&amp;\=\+\$\,\-\_\.\!\~\*\']+</rhs>
+      </production>
+
+      <production id="nix.ws">
+        <lhs>Whitespace</lhs>
+        <rhs>
+          [ \t\n]+
+          <sbr />|
+          \#[^\n]*
+          <sbr />|
+          \/\*(.|\n)*\*\/
+        </rhs>
+      </production>
+
+    </productionset>
+    
+  </sect1>
+  
+
+
+  <sect1>
+    <title>Semantics</title>
+
+
+    
+    <sect2>
+      <title>Built-in functions</title>
+
+      <para>
+        The Nix language provides the following built-in function
+        (<quote>primops</quote>):
+      </para>
+
+      <variablelist>
+
+        <varlistentry>
+          <term><function>import</function>
+          <replaceable>e</replaceable></term>
+          <listitem>
+            <para>
+              Evaluates the expression <replaceable>e</replaceable>,
+              which must yield a path value.  The Nix expression
+              stored at this path in the file system is then read,
+              parsed, and evaluated.  Returns the result of the
+              evaluation of the Nix expression just read.
+            </para>
+
+            <para>
+              Example: <literal>import ./foo.nix</literal> evaluates
+              the expression stored in <filename>foo.nix</filename>
+              (in the directory containing the expression in which the
+              <function>import</function> occurs).
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><function>derivation</function>
+          <replaceable>e</replaceable></term>
+          <listitem>
+            <para>
+              Evaluates the expression <replaceable>e</replaceable>,
+              which must yield an attribute set.  [...]
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><function>baseNameOf</function>
+          <replaceable>e</replaceable></term>
+          <listitem>
+            <para>
+              Evaluates the expression <replaceable>e</replaceable>,
+              which must yield a string value, and returns a string
+              representing its <emphasis>base name</emphasis>.  This
+              is the substring following the last path separator
+              (<literal>/</literal>).
+            </para>
+
+            <para>
+              Example: <literal>baseNameOf "/foo/bar"</literal>
+              returns <literal>"bar"</literal>, and
+              <literal>baseNameOf "/foo/bar/"</literal> returns
+              <literal>""</literal>.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><function>toString</function>
+          <replaceable>e</replaceable></term>
+          <listitem>
+            <para>
+              Evaluates the expression <replaceable>e</replaceable>
+              and coerces it into a string, if possible.  Only
+              strings, paths, and URIs can be so coerced.
+            </para>
+
+            <para>
+              Example: <literal>toString
+              http://www.cs.uu.nl/</literal> returns
+              <literal>"http://www.cs.uu.nl/"</literal>.
+            </para>
+          </listitem>
+        </varlistentry>
+            
+      </variablelist>
+
+    </sect2>
+
+  </sect1>
+  
+
+</appendix>

doc/manual/nix-prefetch-url.xml

@@ -0,0 +1,78 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-prefetch-url</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-prefetch-url</refname>
+  <refpurpose>copy a file from a URL into the store and print its MD5 hash</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-prefetch-url</command>
+    <arg choice='plain'><replaceable>url</replaceable></arg>
+    <arg><replaceable>hash</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-prefetch-url</command> downloads the
+file referenced by the URL <replaceable>url</replaceable>, prints its
+cryptographic hash, and copies it into the Nix store.  The file name
+in the store is
+<filename><replaceable>hash</replaceable>-<replaceable>baseName</replaceable></filename>,
+where <replaceable>baseName</replaceable> is everything following the
+final slash in <replaceable>url</replaceable>.</para>
+
+<para>This command is just a convenience for Nix expression writers.
+Often a Nix expression fetches some source distribution from the
+network using the <literal>fetchurl</literal> expression contained in
+Nixpkgs.  However, <literal>fetchurl</literal> requires a
+cryptographic hash.  If you don't know the hash, you would have to
+download the file first, and then <literal>fetchurl</literal> would
+download it again when you build your Nix expression.  Since
+<literal>fetchurl</literal> uses the same name for the downloaded file
+as <command>nix-prefetch-url</command>, the redundant download can be
+avoided.</para>
+
+<para>The environment variable <envar>NIX_HASH_ALGO</envar> specifies
+which hash algorithm to use.  It can be either <literal>md5</literal>,
+<literal>sha1</literal>, or <literal>sha256</literal>.  The default is
+<literal>sha256</literal>.</para>
+
+<para>If <replaceable>hash</replaceable> is specified, then a download
+is not performed if the Nix store already contains a file with the
+same hash and base name.  Otherwise, the file is downloaded, and an
+error if signaled if the actual hash of the file does not match the
+specified hash.</para>
+
+<para>This command prints the hash on standard output.  Additionally,
+if the environment variable <envar>PRINT_PATH</envar> is set, the path
+of the downloaded file in the Nix store is also printed.</para>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<screen>
+$ nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
+0bbd1df101bc0294d440471e50feca71
+
+$ PRINT_PATH=1 nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
+0bbd1df101bc0294d440471e50feca71
+/nix/store/wvyz8ifdn7wyz1p3pqyn0ra45ka2l492-make-3.80.tar.bz2</screen>
+
+</refsection>
+
+    
+</refentry>

doc/manual/nix-pull.xml

@@ -0,0 +1,49 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-pull</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-pull</refname>
+  <refpurpose>pull substitutes from a network cache</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-pull</command>
+    <arg choice='plain'><replaceable>url</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-pull</command> obtains a list of
+pre-built store paths from the URL <replaceable>url</replaceable>, and
+for each of these store paths, registers a substitute derivation that
+downloads and unpacks it into the Nix store.  This is used to speed up
+installations: if you attempt to install something that has already
+been built and stored into the network cache, Nix can transparently
+re-use the pre-built store paths.</para>
+
+<para>The file at <replaceable>url</replaceable> must be compatible
+with the files created by <replaceable>nix-push</replaceable>.</para>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<screen>
+$ nix-pull http://nix.cs.uu.nl/dist/nix/nixpkgs-0.5pre753/MANIFEST</screen>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-push.xml

@@ -0,0 +1,128 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-push</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-push</refname>
+  <refpurpose>push store paths onto a network cache</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-push</command>
+    <group choice='req'>
+      <arg choice='req'>
+        <arg choice='plain'><replaceable>archivesPutURL</replaceable></arg>
+        <arg choice='plain'><replaceable>archivesGetURL</replaceable></arg>
+        <arg choice='plain'><replaceable>manifestPutURL</replaceable></arg>
+      </arg>
+      <arg choice='req'>
+        <arg choice='plain'><option>--copy</option></arg>
+        <arg choice='plain'><replaceable>archivesDir</replaceable></arg>
+        <arg choice='plain'><replaceable>manifestFile</replaceable></arg>
+      </arg>
+    </group>
+    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-push</command> builds a set of store
+paths (if necessary), and then packages and uploads all store paths in
+the resulting closures to a server.  A network cache thus populated
+can subsequently be used to speed up software deployment on other
+machines using the <command>nix-pull</command> command.</para>
+
+<para><command>nix-push</command> performs the following actions.
+      
+<orderedlist>
+
+  <listitem><para>Each path in <replaceable>paths</replaceable> is
+  realised (using <link
+  linkend='rsec-nix-store-realise'><literal>nix-store
+  --realise</literal></link>).</para></listitem>
+
+  <listitem><para>All paths in the closure of the store expressions
+  stored in <replaceable>paths</replaceable> are determined (using
+  <literal>nix-store --query --requisites
+  --include-outputs</literal>).  It should be noted that since the
+  <option>--include-outputs</option> flag is used, you get a combined
+  source/binary distribution.</para></listitem>
+
+  <listitem><para>All store paths determined in the previous step are
+  packaged and compressed into a <command>bzip</command>ped NAR
+  archive (extension <filename>.nar.bz2</filename>).</para></listitem>
+
+  <listitem><para>A <emphasis>manifest</emphasis> is created that
+  contains information on the store paths, their eventual URLs in the
+  cache, and cryptographic hashes of the contents of the NAR
+  archives.</para></listitem>
+
+  <listitem><para>Each store path is uploaded to the remote directory
+  specified by <replaceable>archivesPutURL</replaceable>.  HTTP PUT
+  requests are used to do this.  However, before a file
+  <varname>x</varname> is uploaded to
+  <literal><replaceable>archivesPutURL</replaceable>/</literal><varname>x</varname>,
+  <command>nix-push</command> first determines whether this upload is
+  unnecessary by issuing a HTTP HEAD request on
+  <literal><replaceable>archivesGetURL</replaceable>/</literal><varname>x</varname>.
+  This allows a cache to be shared between many partially overlapping
+  <command>nix-push</command> invocations.  (We use two URLs because
+  the upload URL typically refers to a CGI script, while the download
+  URL just refers to a file system directory on the
+  server.)</para></listitem>
+
+  <listitem><para>The manifest is uploaded using an HTTP PUT request
+  to <replaceable>manifestPutURL</replaceable>.  The corresponding
+  URL to download the manifest can then be used by
+  <command>nix-pull</command>.</para></listitem>
+        
+</orderedlist>
+
+</para>
+
+<!--
+<para>TODO:  <option>- -copy</option></para>
+-->
+            
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To upload files there typically is some CGI script on the server
+side.  This script should be be protected with a password.  The
+following example uploads the store paths resulting from building the
+Nix expressions in <filename>foo.nix</filename>, passing appropriate
+authentication information:
+    
+<screen>
+$ nix-push \
+    http://foo@bar:server.domain/cgi-bin/upload.pl/cache \
+    http://server.domain/cache \
+    http://foo@bar:server.domain/cgi-bin/upload.pl/MANIFEST \
+    $(nix-instantiate foo.nix)</screen>
+
+This will push both sources and binaries (and any build-time
+dependencies used in the build, such as compilers).</para>
+
+<para>If we just want to push binaries, not sources and build-time
+dependencies, we can do:
+      
+<screen>
+$ nix-push <replaceable>urls</replaceable> $(nix-instantiate $(nix-store -r foo.nix))</screen>
+    
+</para>
+
+</refsection>
+    
+</refentry>

doc/manual/nix-worker.xml

@@ -0,0 +1,34 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-worker</refentrytitle>
+  <manvolnum>8</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-worker</refname>
+  <refpurpose>Nix multi-user support daemon</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-worker</command>
+    <arg choice="plain"><option>--daemon</option></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The Nix daemon is necessary in multi-user Nix installations.  It
+performs build actions and other operations on the Nix store on behalf
+of unprivileged users.</para>
+
+
+</refsection>
+
+</refentry>

doc/manual/opt-common-syn.xml

@@ -0,0 +1,30 @@
+<nop xmlns="http://docbook.org/ns/docbook">
+  
+<arg><option>--help</option></arg>
+<arg><option>--version</option></arg>
+<arg rep='repeat'><option>--verbose</option></arg>
+<arg rep='repeat'><option>-v</option></arg>
+<arg><option>--no-build-output</option></arg>
+<arg><option>-Q</option></arg>
+<arg>
+  <group choice='req'>
+    <arg choice='plain'><option>--max-jobs</option></arg>
+    <arg choice='plain'><option>-j</option></arg>
+  </group>
+  <replaceable>number</replaceable>
+</arg>
+<arg>
+  <arg><option>--max-silent-time</option></arg>
+  <replaceable>number</replaceable>
+</arg>
+<arg><option>--keep-going</option></arg>
+<arg><option>-k</option></arg>
+<arg><option>--keep-failed</option></arg>
+<arg><option>-K</option></arg>
+<arg><option>--fallback</option></arg>
+<arg><option>--readonly-mode</option></arg>
+<arg><option>--log-type</option> <replaceable>type</replaceable></arg>
+<arg><option>--show-trace</option></arg>
+<sbr />
+
+</nop>

doc/manual/opt-common.xml

@@ -0,0 +1,319 @@
+<section xmlns="http://docbook.org/ns/docbook" xml:id="sec-common-options">
+
+<title>Common options</title>
+
+
+<para>Most Nix commands accept the following command-line options:</para>
+
+<variablelist>
+
+<varlistentry><term><option>--help</option></term>
+  
+  <listitem><para>Prints out a summary of the command syntax and
+  exits.</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--version</option></term>
+  
+  <listitem><para>Prints out the Nix version number on standard output
+  and exits.</para></listitem>
+</varlistentry>
+
+
+<varlistentry><term><option>--verbose</option></term>
+  <term><option>-v</option></term>
+
+  <listitem>
+    
+  <para>Increases the level of verbosity of diagnostic messages
+  printed on standard error.  For each Nix operation, the information
+  printed on standard output is well-defined; any diagnostic
+  information is printed on standard error, never on standard
+  output.</para>
+
+  <para>This option may be specified repeatedly.  Currently, the
+  following verbosity levels exist:</para>
+
+  <variablelist>
+    
+    <varlistentry><term>0</term>
+    <listitem><para>“Errors only”: only print messages
+    explaining why the Nix invocation failed.</para></listitem>
+    </varlistentry>
+      
+    <varlistentry><term>1</term>
+    <listitem><para>“Informational”: print
+    <emphasis>useful</emphasis> messages about what Nix is doing.
+    This is the default.</para></listitem>
+    </varlistentry>
+      
+    <varlistentry><term>2</term>
+    <listitem><para>“Talkative”: print more informational
+    messages.</para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>3</term>
+    <listitem><para>“Chatty”: print even more
+    informational messages.</para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>4</term>
+    <listitem><para>“Debug”: print debug
+    information.</para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>5</term>
+    <listitem><para>“Vomit”: print vast amounts of debug
+    information.</para></listitem>
+    </varlistentry>
+    
+  </variablelist>
+
+  </listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--no-build-output</option></term>
+  <term><option>-Q</option></term>
+
+  <listitem><para>By default, output written by builders to standard
+  output and standard error is echoed to the Nix command's standard
+  error.  This option suppresses this behaviour.  Note that the
+  builder's standard output and error are always written to a log file
+  in
+  <filename><replaceable>prefix</replaceable>/nix/var/log/nix</filename>.</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry xml:id="opt-max-jobs"><term><option>--max-jobs</option></term>
+  <term><option>-j</option></term>
+
+  <listitem><para>Sets the maximum number of build jobs that Nix will
+  perform in parallel to the specified number.  The default is
+  specified by the <link
+  linkend='conf-build-max-jobs'><literal>build-max-jobs</literal></link>
+  configuration setting, which itself defaults to
+  <literal>1</literal>.  A higher value is useful on SMP systems or to
+  exploit I/O latency.  </para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry xml:id="opt-max-silent-time"><term><option>--max-silent-time</option></term>
+
+  <listitem><para>Sets the maximum number of seconds that a builder
+  can go without producing any data on standard output or standard
+  error.  The default is specified by the <link
+  linkend='conf-build-max-silent-time'><literal>build-max-silent-time</literal></link>
+  configuration setting.  <literal>0</literal> means no
+  time-out.</para></listitem>
+
+</varlistentry>
+
+<varlistentry><term><option>--keep-going</option></term>
+  <term><option>-k</option></term>
+
+  <listitem><para>Keep going in case of failed builds, to the
+  greatest extent possible.  That is, if building an input of some
+  derivation fails, Nix will still build the other inputs, but not the
+  derivation itself.  Without this option, Nix stops if any build
+  fails (except for builds of substitutes), possibly killing builds in
+  progress (in case of parallel or distributed builds).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--keep-failed</option></term>
+  <term><option>-K</option></term>
+
+  <listitem><para>Specifies that in case of a build failure, the
+  temporary directory (usually in <filename>/tmp</filename>) in which
+  the build takes place should not be deleted.  The path of the build
+  directory is printed as an informational message.
+    </para>
+  </listitem>
+</varlistentry>
+
+
+<varlistentry><term><option>--fallback</option></term>
+
+  <listitem>
+
+  <para>Whenever Nix attempts to build a derivation for which
+  substitutes are known for each output path, but realising the output
+  paths through the substitutes fails, fall back on building the
+  derivation.</para>
+
+  <para>The most common scenario in which this is useful is when we
+  have registered substitutes in order to perform binary distribution
+  from, say, a network repository.  If the repository is down, the
+  realisation of the derivation will fail.  When this option is
+  specified, Nix will build the derivation instead.  Thus,
+  installation from binaries falls back on nstallation from source.
+  This option is not the default since it is generally not desirable
+  for a transient failure in obtaining the substitutes to lead to a
+  full build from source (with the related consumption of
+  resources).</para>
+
+  </listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--readonly-mode</option></term>
+
+  <listitem><para>When this option is used, no attempt is made to open
+  the Nix database.  Most Nix operations do need database access, so
+  those operations will fail.</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry xml:id="opt-log-type"><term><option>--log-type</option>
+<replaceable>type</replaceable></term>
+
+  <listitem>
+
+  <para>This option determines how the output written to standard
+  error is formatted.  Nix’s diagnostic messages are typically
+  <emphasis>nested</emphasis>.  For instance, when tracing Nix
+  expression evaluation (<command>nix-env -vvvvv</command>, messages
+  from subexpressions are nested inside their parent expressions.  Nix
+  builder output is also often nested.  For instance, the Nix Packages
+  generic builder nests the various build tasks (unpack, configure,
+  compile, etc.), and the GNU Make in <literal>stdenv-linux</literal>
+  has been patched to provide nesting for recursive Make
+  invocations.</para>
+
+  <para><replaceable>type</replaceable> can be one of the
+  following:
+
+  <variablelist>
+
+    <varlistentry><term><literal>pretty</literal></term>
+
+      <listitem><para>Pretty-print the output, indicating different
+      nesting levels using spaces.  This is the
+      default.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>escapes</literal></term>
+
+      <listitem><para>Indicate nesting using escape codes that can be
+      interpreted by the <command>nix-log2xml</command> tool in the
+      Nix source distribution.  The resulting XML file can be fed into
+      the <command>log2html.xsl</command> stylesheet to create an HTML
+      file that can be browsed interactively, using Javascript to
+      expand and collapse parts of the output.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>flat</literal></term>
+
+      <listitem><para>Remove all nesting.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>    
+  
+  </para>
+
+  </listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></term>
+
+  <listitem><para>This option is accepted by
+  <command>nix-env</command>, <command>nix-instantiate</command> and
+  <command>nix-build</command>.  When evaluating Nix expressions, the
+  expression evaluator will automatically try to call functions that
+  it encounters.  It can automatically call functions for which every
+  argument has a <link linkend='ss-functions'>default value</link>
+  (e.g., <literal>{<replaceable>argName</replaceable> ?
+  <replaceable>defaultValue</replaceable>}:
+  <replaceable>...</replaceable></literal>).  With
+  <option>--arg</option>, you can also call functions that have
+  arguments without a default value (or override a default value).
+  That is, if the evaluator encounters a function with an argument
+  named <replaceable>name</replaceable>, it will call it with value
+  <replaceable>value</replaceable>.</para>
+
+  <para>For instance, the file
+  <literal>pkgs/top-level/all-packages.nix</literal> in Nixpkgs is
+  actually a function:
+
+<programlisting>
+{ # The system (e.g., `i686-linux') for which to build the packages.
+  system ? builtins.currentSystem
+  <replaceable>...</replaceable>
+}: <replaceable>...</replaceable></programlisting>
+
+  So if you call this Nix expression (e.g., when you do
+  <literal>nix-env -i <replaceable>pkgname</replaceable></literal>),
+  the function will be called automatically using the value <link
+  linkend='builtin-currentSystem'><literal>builtins.currentSystem</literal></link>
+  for the <literal>system</literal> argument.  You can override this
+  using <option>--arg</option>, e.g., <literal>nix-env -i
+  <replaceable>pkgname</replaceable> --arg system
+  \"i686-freebsd\"</literal>.  (Note that since the argument is a Nix
+  string literal, you have to escape the quotes.)</para></listitem>
+
+</varlistentry>
+
+
+<varlistentry><term><option>--argstr</option> <replaceable>name</replaceable> <replaceable>value</replaceable></term>
+
+  <listitem><para>This option is like <option>--arg</option>, only the
+  value is not a Nix expression but a string.  So instead of
+  <literal>--arg system \"i686-linux\"</literal> (the outer quotes are
+  to keep the shell happy) you can say <literal>--argstr system
+  i686-linux</literal>.</para></listitem>
+
+</varlistentry>
+
+
+<varlistentry xml:id="opt-attr"><term><option>--attr</option> / <option>-A</option>
+<replaceable>attrPath</replaceable></term>
+
+  <listitem><para>In <command>nix-env</command>,
+  <command>nix-instantiate</command> and <command>nix-build</command>,
+  <option>--attr</option> allows you to select an attribute from the
+  top-level Nix expression being evaluated.  The <emphasis>attribute
+  path</emphasis> <replaceable>attrPath</replaceable> is a sequence of
+  attribute names separated by dots.  For instance, given a top-level
+  Nix expression <replaceable>e</replaceable>, the attribute path
+  <literal>xorg.xorgserver</literal> would cause the expression
+  <literal><replaceable>e</replaceable>.xorg.xorgserver</literal> to
+  be used.  See <link
+  linkend='refsec-nix-env-install-examples'><command>nix-env
+  --install</command></link> for some concrete examples.</para>
+
+  <para>In addition to attribute names, you can also specify array
+  indices.  For instance, the attribute path
+  <literal>foo.3.bar</literal> selects the <literal>bar</literal>
+  attribute of the fourth element of the array in the
+  <literal>foo</literal> attribute of the top-level
+  expression.</para></listitem>
+
+</varlistentry>
+
+
+<varlistentry><term><option>--show-trace</option></term>
+  
+  <listitem><para>Causes Nix to print out a stack trace in case of Nix
+  expression evaluation errors.</para></listitem>
+  
+</varlistentry>
+
+
+</variablelist>
+
+
+</section>

doc/manual/opt-inst-syn.xml

@@ -0,0 +1,22 @@
+<nop xmlns="http://docbook.org/ns/docbook">
+  
+  <arg>
+    <group choice='req'>
+      <arg choice='plain'><option>--prebuilt-only</option></arg>
+      <arg choice='plain'><option>-b</option></arg>
+    </group>
+  </arg>
+  
+  <arg>
+    <group choice='req'>
+      <arg choice='plain'><option>--attr</option></arg>
+      <arg choice='plain'><option>-A</option></arg>
+    </group>
+  </arg>
+
+  <arg><option>--from-expression</option></arg>
+  <arg><option>-E</option></arg>
+    
+  <arg><option>--from-profile</option> <replaceable>path</replaceable></arg>
+
+</nop>

doc/manual/package-management.xml

@@ -0,0 +1,609 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id='chap-package-management'>
+
+<title>Package Management</title>
+
+
+<para>This chapter discusses how to do package management with Nix,
+i.e., how to obtain, install, upgrade, and erase packages.  This is
+the “user’s” perspective of the Nix system — people
+who want to <emphasis>create</emphasis> packages should consult
+<xref linkend='chap-writing-nix-expressions' />.</para>
+
+
+<section><title>Basic package management</title>
+
+<para>The main command for package management is <link
+linkend="sec-nix-env"><command>nix-env</command></link>.  You can use
+it to install, upgrade, and erase packages, and to query what
+packages are installed or are available for installation.</para>
+
+<para>In Nix, different users can have different “views”
+on the set of installed applications.  That is, there might be lots of
+applications present on the system (possibly in many different
+versions), but users can have a specific selection of those active —
+where “active” just means that it appears in a directory
+in the user’s <envar>PATH</envar>.  Such a view on the set of
+installed applications is called a <emphasis>user
+environment</emphasis>, which is just a directory tree consisting of
+symlinks to the files of the active applications.  </para>
+
+<para>Components are installed from a set of <emphasis>Nix
+expressions</emphasis> that tell Nix how to build those packages,
+including, if necessary, their dependencies.  There is a collection of
+Nix expressions called the Nix Package collection that contains
+packages ranging from basic development stuff such as GCC and Glibc,
+to end-user applications like Mozilla Firefox.  (Nix is however not
+tied to the Nix Package collection; you could write your own Nix
+expressions based on it, or completely new ones.)  You can download
+the latest version from <link
+xlink:href='http://nixos.org/releases/full-index-nixpkgs.html' />.</para>
+
+<para>Assuming that you have downloaded and unpacked a release of Nix
+Packages, you can view the set of available packages in the release:
+
+<screen>
+$ nix-env -qaf nixpkgs-<replaceable>version</replaceable> '*'
+ant-blackdown-1.4.2
+aterm-2.2
+bash-3.0
+binutils-2.15
+bison-1.875d
+blackdown-1.4.2
+bzip2-1.0.2
+...</screen>
+
+where <literal>nixpkgs-<replaceable>version</replaceable></literal> is
+where you’ve unpacked the release.  The flag <option>-q</option>
+specifies a query operation; <option>-a</option> means that you want
+to show the “available” (i.e., installable) packages, as opposed to
+the installed packages; and <option>-f</option>
+<filename>nixpkgs-<replaceable>version</replaceable></filename>
+specifies the source of the packages.  The argument
+<literal>'*'</literal> shows all installable packages. (The quotes are
+necessary to prevent shell expansion.)  You can also select specific
+packages by name:
+
+<screen>
+$ nix-env -qaf nixpkgs-<replaceable>version</replaceable> gcc
+gcc-3.4.6
+gcc-4.0.3
+gcc-4.1.1</screen>
+
+</para>
+
+<para>It is also possible to see the <emphasis>status</emphasis> of
+available packages, i.e., whether they are installed into the user
+environment and/or present in the system:
+
+<screen>
+$ nix-env -qasf nixpkgs-<replaceable>version</replaceable> '*'
+...
+-PS bash-3.0
+--S binutils-2.15
+IPS bison-1.875d
+...</screen>
+
+The first character (<literal>I</literal>) indicates whether the
+package is installed in your current user environment.  The second
+(<literal>P</literal>) indicates whether it is present on your system
+(in which case installing it into your user environment would be a
+very quick operation).  The last one (<literal>S</literal>) indicates
+whether there is a so-called <emphasis>substitute</emphasis> for the
+package, which is Nix’s mechanism for doing binary deployment.  It
+just means that Nix knows that it can fetch a pre-built package from
+somewhere (typically a network server) instead of building it
+locally.</para>
+
+<para>So now that we have a set of Nix expressions we can build the
+packages contained in them.  This is done using <literal>nix-env
+-i</literal>.  For instance,
+
+<screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -i subversion</screen>
+
+will install the package called <literal>subversion</literal> (which
+is, of course, the <link
+xlink:href='http://subversion.tigris.org/'>Subversion version
+management system</link>).</para>
+
+<para>When you do this for the first time, Nix will start building
+Subversion and all its dependencies.  This will take quite a while —
+typically an hour or two on modern machines.  Fortunately, there is a
+faster way (so do a Ctrl-C on that install operation!): you just need
+to tell Nix that pre-built binaries of all those packages are
+available somewhere.  This is done using the
+<command>nix-pull</command> command, which must be supplied with a URL
+containing a <emphasis>manifest</emphasis> describing what binaries
+are available.  This URL should correspond to the Nix Packages release
+that you’re using.  For instance, if you obtained a release from <link
+xlink:href='http://nixos.org/releases/nixpkgs/nixpkgs-0.12pre11712-4lrp7j8x'
+/>, then you should do:
+
+<screen>
+$ nix-pull http://nixos.org/releases/nixpkgs/nixpkgs-0.12pre11712-4lrp7j8x/MANIFEST</screen>
+
+If you then issue the installation command, it should start
+downloading binaries from <systemitem
+class='fqdomainname'>nixos.org</systemitem>, instead of building
+them from source.  This might still take a while since all
+dependencies must be downloaded, but on a reasonably fast connection
+such as an DSL line it’s on the order of a few minutes.</para>
+
+<para>Naturally, packages can also be uninstalled:
+
+<screen>
+$ nix-env -e subversion</screen>
+
+</para>
+
+<para>Upgrading to a new version is just as easy.  If you have a new
+release of Nix Packages, you can do:
+
+<screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -u subversion</screen>
+
+This will <emphasis>only</emphasis> upgrade Subversion if there is a
+“newer” version in the new set of Nix expressions, as
+defined by some pretty arbitrary rules regarding ordering of version
+numbers (which generally do what you’d expect of them).  To just
+unconditionally replace Subversion with whatever version is in the Nix
+expressions, use <parameter>-i</parameter> instead of
+<parameter>-u</parameter>; <parameter>-i</parameter> will remove
+whatever version is already installed.</para>
+
+<para>You can also upgrade all packages for which there are newer
+versions:
+
+<screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -u '*'</screen>
+
+</para>
+
+<para>Sometimes it’s useful to be able to ask what
+<command>nix-env</command> would do, without actually doing it.  For
+instance, to find out what packages would be upgraded by
+<literal>nix-env -u '*'</literal>, you can do
+
+<screen>
+$ nix-env ... -u '*' --dry-run
+(dry run; not doing anything)
+upgrading `libxslt-1.1.0' to `libxslt-1.1.10'
+upgrading `graphviz-1.10' to `graphviz-1.12'
+upgrading `coreutils-5.0' to `coreutils-5.2.1'</screen>
+
+</para>
+
+<para>If you grow bored of specifying the Nix expressions using
+<parameter>-f</parameter> all the time, you can set a default
+location:
+
+<screen>
+$ nix-env -I nixpkgs-<replaceable>version</replaceable></screen>
+
+After this you can just say, for instance, <literal>nix-env -u
+'*'</literal>.<footnote><para>Setting a default using
+<parameter>-I</parameter> currently clashes with using Nix channels,
+since <literal>nix-channel --update</literal> calls <literal>nix-env
+-I</literal> to set the default to the Nix expressions it downloaded
+from the channel, replacing whatever default you had
+set.</para></footnote></para>
+
+</section>
+
+
+<section xml:id="sec-profiles"><title>Profiles</title>
+
+<para>Profiles and user environments are Nix’s mechanism for
+implementing the ability to allow different users to have different
+configurations, and to do atomic upgrades and rollbacks.  To
+understand how they work, it’s useful to know a bit about how Nix
+works.  In Nix, packages are stored in unique locations in the
+<emphasis>Nix store</emphasis> (typically,
+<filename>/nix/store</filename>).  For instance, a particular version
+of the Subversion package might be stored in a directory
+<filename>/nix/store/dpmvp969yhdqs7lm2r1a3gng7pyq6vy4-subversion-1.1.3/</filename>,
+while another version might be stored in
+<filename>/nix/store/5mq2jcn36ldlmh93yj1n8s9c95pj7c5s-subversion-1.1.2</filename>.
+The long strings prefixed to the directory names are cryptographic
+hashes<footnote><para>160-bit truncations of SHA-256 hashes encoded in
+a base-32 notation, to be precise.</para></footnote> of
+<emphasis>all</emphasis> inputs involved in building the package —
+sources, dependencies, compiler flags, and so on.  So if two
+packages differ in any way, they end up in different locations in
+the file system, so they don’t interfere with each other.  <xref
+linkend='fig-user-environments' /> shows a part of a typical Nix
+store.</para>
+
+<figure xml:id='fig-user-environments'><title>User environments</title>
+  <mediaobject>
+    <imageobject>
+      <imagedata fileref='figures/user-environments.png' format='PNG' />
+    </imageobject>
+  </mediaobject>
+</figure>
+
+<para>Of course, you wouldn’t want to type
+
+<screen>
+$ /nix/store/dpmvp969yhdq...-subversion-1.1.3/bin/svn</screen>
+
+every time you want to run Subversion.  Of course we could set up the
+<envar>PATH</envar> environment variable to include the
+<filename>bin</filename> directory of every package we want to use,
+but this is not very convenient since changing <envar>PATH</envar>
+doesn’t take effect for already existing processes.  The solution Nix
+uses is to create directory trees of symlinks to
+<emphasis>activated</emphasis> packages.  These are called
+<emphasis>user environments</emphasis> and they are packages
+themselves (though automatically generated by
+<command>nix-env</command>), so they too reside in the Nix store.  For
+instance, in <xref linkend='fig-user-environments' /> the user
+environment <filename>/nix/store/5mq2jcn36ldl...-user-env</filename>
+contains a symlink to just Subversion 1.1.2 (arrows in the figure
+indicate symlinks).  This would be what we would obtain if we had done
+
+<screen>
+$ nix-env -i subversion</screen>
+
+on a set of Nix expressions that contained Subversion 1.1.2.</para>
+
+<para>This doesn’t in itself solve the problem, of course; you
+wouldn’t want to type
+<filename>/nix/store/0c1p5z4kda11...-user-env/bin/svn</filename>
+either.  That’s why there are symlinks outside of the store that point
+to the user environments in the store; for instance, the symlinks
+<filename>default-42-link</filename> and
+<filename>default-43-link</filename> in the example.  These are called
+<emphasis>generations</emphasis> since every time you perform a
+<command>nix-env</command> operation, a new user environment is
+generated based on the current one.  For instance, generation 43 was
+created from generation 42 when we did
+
+<screen>
+$ nix-env -i subversion mozilla</screen>
+
+on a set of Nix expressions that contained Mozilla and a new version
+of Subversion.</para>
+
+<para>Generations are grouped together into
+<emphasis>profiles</emphasis> so that different users don’t interfere
+with each other if they don’t want to.  For example:
+
+<screen>
+$ ls -l /nix/var/nix/profiles/
+...
+lrwxrwxrwx  1 eelco ... default-42-link -> /nix/store/0c1p5z4kda11...-user-env
+lrwxrwxrwx  1 eelco ... default-43-link -> /nix/store/3aw2pdyx2jfc...-user-env
+lrwxrwxrwx  1 eelco ... default -> default-43-link</screen>
+
+This shows a profile called <filename>default</filename>.  The file
+<filename>default</filename> itself is actually a symlink that points
+to the current generation.  When we do a <command>nix-env</command>
+operation, a new user environment and generation link are created
+based on the current one, and finally the <filename>default</filename>
+symlink is made to point at the new generation.  This last step is
+atomic on Unix, which explains how we can do atomic upgrades.  (Note
+that the building/installing of new packages doesn’t interfere in
+any way with old packages, since they are stored in different
+locations in the Nix store.)</para>
+
+<para>If you find that you want to undo a <command>nix-env</command>
+operation, you can just do
+
+<screen>
+$ nix-env --rollback</screen>
+
+which will just make the current generation link point at the previous
+link.  E.g., <filename>default</filename> would be made to point at
+<filename>default-42-link</filename>.  You can also switch to a
+specific generation:
+
+<screen>
+$ nix-env --switch-generation 43</screen>
+
+which in this example would roll forward to generation 43 again.  You
+can also see all available generations:
+
+<screen>
+$ nix-env --list-generations</screen></para>
+
+<para>Actually, there is another level of indirection not shown in the
+figure above.  You generally wouldn’t have
+<filename>/nix/var/nix/profiles/<replaceable>some-profile</replaceable>/bin</filename>
+in your <envar>PATH</envar>.  Rather, there is a symlink
+<filename>~/.nix-profile</filename> that points to your current
+profile.  This means that you should put
+<filename>~/.nix-profile/bin</filename> in your <envar>PATH</envar>
+(and indeed, that’s what the initialisation script
+<filename>/nix/etc/profile.d/nix.sh</filename> does).  This makes it
+easier to switch to a different profile.  You can do that using the
+command <command>nix-env --switch-profile</command>:
+
+<screen>
+$ nix-env --switch-profile /nix/var/nix/profiles/my-profile
+
+$ nix-env --switch-profile /nix/var/nix/profiles/default</screen>
+
+These commands switch to the <filename>my-profile</filename> and
+default profile, respectively.  If the profile doesn’t exist, it will
+be created automatically.  You should be careful about storing a
+profile in another location than the <filename>profiles</filename>
+directory, since otherwise it might not be used as a root of the
+garbage collector (see section <xref linkend='sec-garbage-collection'
+/>).</para>
+
+<para>All <command>nix-env</command> operations work on the profile
+pointed to by <command>~/.nix-profile</command>, but you can override
+this using the <option>--profile</option> option (abbreviation
+<option>-p</option>):
+
+<screen>
+$ nix-env -p /nix/var/nix/profiles/other-profile -i subversion</screen>
+
+This will <emphasis>not</emphasis> change the
+<command>~/.nix-profile</command> symlink.</para>
+
+</section>
+
+
+<section xml:id='sec-garbage-collection'><title>Garbage collection</title>
+
+<para><command>nix-env</command> operations such as upgrades
+(<option>-u</option>) and uninstall (<option>-e</option>) never
+actually delete packages from the system.  All they do (as shown
+above) is to create a new user environment that no longer contains
+symlinks to the “deleted” packages.</para>
+
+<para>Of course, since disk space is not infinite, unused packages
+should be removed at some point.  You can do this by running the Nix
+garbage collector.  It will remove from the Nix store any package
+not used (directly or indirectly) by any generation of any
+profile.</para>
+
+<para>Note however that as long as old generations reference a
+package, it will not be deleted.  After all, we wouldn’t be able to
+do a rollback otherwise.  So in order for garbage collection to be
+effective, you should also delete (some) old generations.  Of course,
+this should only be done if you are certain that you will not need to
+roll back.</para>
+
+<para>To delete all old (non-current) generations of your current
+profile:
+
+<screen>
+$ nix-env --delete-generations old</screen>
+
+Instead of <literal>old</literal> you can also specify a list of
+generations, e.g.,
+
+<screen>
+$ nix-env --delete-generations 10 11 14</screen>
+
+</para>
+
+<para>After removing appropriate old generations you can run the
+garbage collector as follows:
+
+<screen>
+$ nix-store --gc</screen>
+
+If you are feeling uncertain, you can also first view what files would
+be deleted:
+
+<screen>
+$ nix-store --gc --print-dead</screen>
+
+Likewise, the option <option>--print-live</option> will show the paths
+that <emphasis>won’t</emphasis> be deleted.</para>
+
+<para>There is also a convenient little utility
+<command>nix-collect-garbage</command>, which when invoked with the
+<option>-d</option> (<option>--delete-old</option>) switch deletes all
+old generations of all profiles in
+<filename>/nix/var/nix/profiles</filename>.  So
+
+<screen>
+$ nix-collect-garbage -d</screen>
+
+is a quick and easy way to clean up your system.</para>
+
+
+
+
+<section xml:id="ssec-gc-roots"><title>Garbage collector roots</title>
+
+<para>The roots of the garbage collector are all store paths to which
+there are symlinks in the directory
+<filename><replaceable>prefix</replaceable>/nix/var/nix/gcroots</filename>.
+For instance, the following command makes the path
+<filename>/nix/store/d718ef...-foo</filename> a root of the collector:
+
+<screen>
+$ ln -s /nix/store/d718ef...-foo /nix/var/nix/gcroots/bar</screen>
+	
+That is, after this command, the garbage collector will not remove
+<filename>/nix/store/d718ef...-foo</filename> or any of its
+dependencies.</para>
+
+<para>Subdirectories of
+<filename><replaceable>prefix</replaceable>/nix/var/nix/gcroots</filename>
+are also searched for symlinks.  Symlinks to non-store paths are
+followed and searched for roots, but symlinks to non-store paths
+<emphasis>inside</emphasis> the paths reached in that way are not
+followed to prevent infinite recursion.</para>
+
+</section>
+
+</section>
+
+
+<section xml:id="sec-channels"><title>Channels</title>
+
+<para>If you want to stay up to date with a set of packages, it’s not
+very convenient to manually download the latest set of Nix expressions
+for those packages, use <command>nix-pull</command> to register
+pre-built binaries (if available), and upgrade using
+<command>nix-env</command>.  Fortunately, there’s a better way:
+<emphasis>Nix channels</emphasis>.</para>
+
+<para>A Nix channel is just a URL that points to a place that contains
+a set of Nix expressions and a manifest.  Using the command <link
+linkend="sec-nix-channel"><command>nix-channel</command></link> you
+can automatically stay up to date with whatever is available at that
+URL.</para>
+
+<para>You can “subscribe” to a channel using
+<command>nix-channel --add</command>, e.g.,
+
+<screen>
+$ nix-channel --add http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable</screen>
+
+subscribes you to a channel that always contains that latest version
+of the Nix Packages collection.  (Instead of
+<literal>nixpkgs-unstable</literal> you could also subscribe to
+<literal>nixpkgs-stable</literal>, which should have a higher level of
+stability, but right now is just outdated.)  Subscribing really just
+means that the URL is added to the file
+<filename>~/.nix-channels</filename>.  Right now there is no command
+to “unsubscribe”; you should just edit that file manually
+and delete the offending URL.</para>
+
+<para>To obtain the latest Nix expressions available in a channel, do
+
+<screen>
+$ nix-channel --update</screen>
+
+This downloads the Nix expressions in every channel (downloaded from
+<literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal>)
+and registers any available pre-built binaries in every channel
+(by <command>nix-pull</command>ing
+<literal><replaceable>url</replaceable>/MANIFEST</literal>).  It also
+makes the union of each channel’s Nix expressions the default for
+<command>nix-env</command> operations.  Consequently, you can then say
+
+<screen>
+$ nix-env -u '*'</screen>
+
+to upgrade all packages in your profile to the latest versions
+available in the subscribed channels.</para>
+
+</section>
+
+
+<section xml:id="sec-one-click"><title>One-click installs</title>
+
+<para>Often, when you want to install a specific package (e.g., from
+the <link
+xlink:href="http://nixos.org/releases/nixpkgs/nixpkgs-unstable/">Nix
+Packages collection</link>), subscribing to a channel is a bit
+cumbersome.  And channels don’t help you at all if you want to install
+an older version of a package than the one provided by the current
+contents of the channel, or a package that has been removed from the
+channel.  That’s when <emphasis>one-click installs</emphasis> come in
+handy: you can just go to the web page that contains the package,
+click on it, and it will be installed with all the necessary
+dependencies.</para>
+
+<para>For instance, you can go to <link
+xlink:href="http://nixos.org/releases/nixpkgs/nixpkgs-unstable/" /> —
+or to any older release of Nix Packages — and click on any link for
+the individual packages for your platform (say, <link
+xlink:href='http://nix.cs.uu.nl/dist/nix/nixpkgs-0.10pre6622/pkgs/subversion-1.4.0-i686-linux.nixpkg'><literal>subversion-1.4.0</literal>
+for <literal>i686-linux</literal></link>).  The first time you do
+this, your browser will ask what to do with
+<literal>application/nix-package</literal> files.  You should open
+them with <filename>/nix/bin/nix-install-package</filename>.  This
+will open a window that asks you to confirm that you want to install
+the package.  When you answer <literal>Y</literal>, the package and
+all its dependencies will be installed.  This is a binary deployment
+mechanism — you get packages pre-compiled for the selected platform
+type.</para>
+
+<para>You can also install <literal>application/nix-package</literal>
+files from the command line directly.  See <xref
+linkend='sec-nix-install-package' /> for details.</para>
+
+</section>
+
+
+<section xml:id="sec-sharing-packages"><title>Sharing packages between machines</title>
+
+<para>Sometimes you want to copy a package from one machine to
+another.  Or, you want to install some packages and you know that
+another machine already has some or all of those packages or their
+dependencies.  In that case there are mechanisms to quickly copy
+packages between machines.</para>
+
+<para>The command <command
+linkend="sec-nix-copy-closure">nix-copy-closure</command> copies a Nix
+store path along with all its dependencies to or from another machine
+via the SSH protocol.  It doesn’t copy store paths that are already
+present on the target machine.  For example, the following command
+copies Firefox with all its dependencies:
+
+<screen>
+$ nix-copy-closure --to alice@itchy.example.org $(type -p firefox)</screen>
+
+See <xref linkend='sec-nix-copy-closure' /> for details.</para>
+
+<para>With <command linkend='refsec-nix-store-export'>nix-store
+--export</command> and <command
+linkend='refsec-nix-store-import'>nix-store --import</command> you can
+write the closure of a store path (that is, the path and all its
+dependencies) to a file, and then unpack that file into another Nix
+store.  For example,
+
+<screen>
+$ nix-store --export $(type -p firefox) > firefox.closure</screen>
+
+writes the closure of Firefox to a file.  You can then copy this file
+to another machine and install the closure:
+
+<screen>
+$ nix-store --import &lt; firefox.closure</screen>
+
+Any store paths in the closure that are already present in the target
+store are ignored.  It is also possible to pipe the export into
+another command, e.g. to copy and install a closure directly to/on
+another machine:
+
+<screen>
+$ nix-store --export $(type -p firefox) | bzip2 | \
+    ssh alice@itchy.example.org "bunzip2 | nix-store --import"</screen>
+
+But note that <command>nix-copy-closure</command> is generally more
+efficient in this example because it only copies paths that are not
+already present in the target Nix store.</para>
+
+<para>Finally, if you can mount the Nix store of a remote machine in
+your local filesystem, Nix can copy paths from the remote Nix store to
+the local Nix store <emphasis>on demand</emphasis>.  For instance,
+suppose that you mount a remote machine containing a Nix store via
+<command
+xlink:href="http://fuse.sourceforge.net/sshfs.html">sshfs</command>:
+
+<screen>
+$ sshfs alice@itchy.example.org:/ /mnt</screen>
+
+You should then set the <envar>NIX_OTHER_STORES</envar> environment
+variable to tell Nix about this remote Nix store:
+
+<screen>
+$ export NIX_OTHER_STORES=/mnt/nix</screen>
+
+Then if you do any Nix operation, e.g.
+
+<screen>
+$ nix-env -i firefox</screen>
+
+and Nix has to build a path that it sees is already present in
+<filename>/mnt/nix</filename>, then it will just copy from there
+instead of building it from source.</para>
+ 
+
+</section>
+
+
+</chapter>

doc/manual/quick-start.xml

@@ -0,0 +1,136 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink">
+
+<title>Quick Start</title>
+
+
+<para>This chapter is for impatient people who don't like reading
+documentation.  For more in-depth information you are kindly referred
+to the following chapters.</para>
+
+<orderedlist>
+
+<listitem><para>Download a source tarball or RPM from <link
+xlink:href='http://nixos.org/'/>.  Build source
+distributions using the regular sequence:
+        
+<screen>
+$ tar xvfj nix-<replaceable>version</replaceable>.tar.bz2
+$ ./configure
+$ make
+$ make install <lineannotation>(as root)</lineannotation></screen>
+
+This will install Nix in <filename>/nix</filename>.  You shouldn't
+change the prefix if at all possible since that will make it
+impossible to use pre-built binaries from the Nixpkgs channel and
+other channels.  Alternatively, you could grab an RPM if you're on an
+RPM-based system.  You should also add
+<filename>/nix/etc/profile.d/nix.sh</filename> to your
+<filename>~/.bashrc</filename> (or some other login
+file).</para></listitem>
+
+<listitem><para>Subscribe to the Nix Packages channel.
+
+<screen>
+$ nix-channel --add \
+    http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable</screen>
+
+</para></listitem>
+
+<listitem><para>Download the latest Nix expressions available in the channel.
+<screen>
+$ nix-channel --update</screen>
+
+Note that this in itself doesn't download any packages, it just
+downloads the Nix expressions that build them and stores them
+somewhere (under <filename>~/.nix-defexpr</filename>, in case you're
+curious).  Also, it registers the fact that pre-built binaries are
+available remotely.</para></listitem>
+
+<listitem><para>See what installable packages are currently available
+in the channel:
+
+<screen>
+$ nix-env -qa ’*’ <lineannotation>(mind the quotes!)</lineannotation>
+docbook-xml-4.2
+firefox-1.0pre-PR-0.10.1
+hello-2.1.1
+libxslt-1.1.0
+<replaceable>...</replaceable></screen>
+
+</para></listitem>
+
+<listitem><para>Install some packages from the channel:
+        
+<screen>
+$ nix-env -i hello firefox <replaceable>...</replaceable> </screen>
+
+This should download pre-built packages; it should not build them
+locally (if it does, something went wrong).</para></listitem>
+
+<listitem><para>Test that they work:
+
+<screen>
+$ which hello
+/home/eelco/.nix-profile/bin/hello
+$ hello
+Hello, world!
+$ firefox
+<lineannotation>(read Slashdot or something)</lineannotation></screen>
+
+</para></listitem>
+    
+<listitem><para>Uninstall a package:
+
+<screen>
+$ nix-env -e hello</screen>
+
+</para></listitem>
+
+<listitem><para>To keep up-to-date with the channel, do:
+
+<screen>
+$ nix-channel --update
+$ nix-env -u '*'</screen>
+
+The latter command will upgrade each installed package for which there
+is a “newer” version (as determined by comparing the version
+numbers).</para></listitem>
+
+<listitem><para>You can also install specific packages directly from
+your web browser.  For instance, you can go to <link
+xlink:href="http://nix.cs.uu.nl/dist/nix/nixpkgs-unstable-latest/" />
+and click on any link for the individual packages for your platform.
+Associate <literal>application/nix-package</literal> with the program
+<filename>/nix/bin/nix-install-package</filename>.  A window should
+appear asking you whether it’s okay to install the package.  Say
+<literal>Y</literal>.  The package and all its dependencies will be
+installed.</para></listitem>
+
+<listitem><para>If you're unhappy with the result of a
+<command>nix-env</command> action (e.g., an upgraded package turned
+out not to work properly), you can go back:
+
+<screen>
+$ nix-env --rollback</screen>
+
+</para></listitem>
+
+<listitem><para>You should periodically run the Nix garbage collector
+to get rid of unused packages, since uninstalls or upgrades don't
+actually delete them:
+
+<screen>
+$ nix-collect-garbage -d</screen>
+
+<!--
+The first command deletes old “generations” of your profile (making
+rollbacks impossible, but also making the packages in those old
+generations available for garbage collection), while the second
+command actually deletes them.-->
+
+</para></listitem>
+
+</orderedlist>
+
+</chapter>

doc/manual/quote-literals.xsl

@@ -7,9 +7,9 @@
   extension-element-prefixes="str">
 
   <xsl:output method="xml"/>
-
+  
   <xsl:template match="function|command|literal|varname|filename|option|quote">`<xsl:apply-templates/>'</xsl:template>
-
+  
   <xsl:template match="token"><xsl:text>    </xsl:text><xsl:apply-templates /><xsl:text>
 </xsl:text></xsl:template>
 
@@ -21,7 +21,7 @@
     <section>
       <xsl:apply-templates />
       <screen><xsl:text>
-      </xsl:text></screen>
+      </xsl:text></screen>        
     </section>
   </xsl:template>
 
@@ -37,4 +37,8 @@
     </xsl:element>
   </xsl:template>
 
+  <xsl:template match="text()">
+    <xsl:value-of select="translate(., '‘’“”—', concat(&quot;`'&quot;, '&quot;&quot;-'))" />
+  </xsl:template>
+  
 </xsl:stylesheet>

doc/manual/schemas.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0"?>
+<locatingRules xmlns="http://thaiopensource.com/ns/locating-rules/1.0">
+  <uri pattern="*.xml" typeId="DocBook"/>
+</locatingRules>

doc/manual/src/SUMMARY.md

@@ -1,105 +0,0 @@
-# Table of Contents
-
-- [Introduction](introduction.md)
-- [Quick Start](quick-start.md)
-- [Installation](installation/installation.md)
-  - [Supported Platforms](installation/supported-platforms.md)
-  - [Installing a Binary Distribution](installation/installing-binary.md)
-  - [Installing Nix from Source](installation/installing-source.md)
-    - [Prerequisites](installation/prerequisites-source.md)
-    - [Obtaining a Source Distribution](installation/obtaining-source.md)
-    - [Building Nix from Source](installation/building-source.md)
-  - [Security](installation/nix-security.md)
-    - [Single-User Mode](installation/single-user.md)
-    - [Multi-User Mode](installation/multi-user.md)
-  - [Environment Variables](installation/env-variables.md)
-  - [Upgrading Nix](installation/upgrading.md)
-- [Package Management](package-management/package-management.md)
-  - [Basic Package Management](package-management/basic-package-mgmt.md)
-  - [Profiles](package-management/profiles.md)
-  - [Garbage Collection](package-management/garbage-collection.md)
-    - [Garbage Collector Roots](package-management/garbage-collector-roots.md)
-  - [Channels](package-management/channels.md)
-  - [Sharing Packages Between Machines](package-management/sharing-packages.md)
-    - [Serving a Nix store via HTTP](package-management/binary-cache-substituter.md)
-    - [Copying Closures via SSH](package-management/copy-closure.md)
-    - [Serving a Nix store via SSH](package-management/ssh-substituter.md)
-    - [Serving a Nix store via S3](package-management/s3-substituter.md)
-- [Writing Nix Expressions](expressions/writing-nix-expressions.md)
-  - [A Simple Nix Expression](expressions/simple-expression.md)
-    - [Expression Syntax](expressions/expression-syntax.md)
-    - [Build Script](expressions/build-script.md)
-    - [Arguments and Variables](expressions/arguments-variables.md)
-    - [Building and Testing](expressions/simple-building-testing.md)
-    - [Generic Builder Syntax](expressions/generic-builder.md)
-  - [Writing Nix Expressions](expressions/expression-language.md)
-    - [Values](expressions/language-values.md)
-    - [Language Constructs](expressions/language-constructs.md)
-    - [Operators](expressions/language-operators.md)
-    - [Derivations](expressions/derivations.md)
-      - [Advanced Attributes](expressions/advanced-attributes.md)
-    - [Built-in Constants](expressions/builtin-constants.md)
-    - [Built-in Functions](expressions/builtins.md)
-- [Advanced Topics](advanced-topics/advanced-topics.md)
-  - [Remote Builds](advanced-topics/distributed-builds.md)
-  - [Tuning Cores and Jobs](advanced-topics/cores-vs-jobs.md)
-  - [Verifying Build Reproducibility](advanced-topics/diff-hook.md)
-  - [Using the `post-build-hook`](advanced-topics/post-build-hook.md)
-- [Command Reference](command-ref/command-ref.md)
-  - [Common Options](command-ref/opt-common.md)
-  - [Common Environment Variables](command-ref/env-common.md)
-  - [Main Commands](command-ref/main-commands.md)
-    - [nix-env](command-ref/nix-env.md)
-    - [nix-build](command-ref/nix-build.md)
-    - [nix-shell](command-ref/nix-shell.md)
-    - [nix-store](command-ref/nix-store.md)
-  - [Utilities](command-ref/utilities.md)
-    - [nix-channel](command-ref/nix-channel.md)
-    - [nix-collect-garbage](command-ref/nix-collect-garbage.md)
-    - [nix-copy-closure](command-ref/nix-copy-closure.md)
-    - [nix-daemon](command-ref/nix-daemon.md)
-    - [nix-hash](command-ref/nix-hash.md)
-    - [nix-instantiate](command-ref/nix-instantiate.md)
-    - [nix-prefetch-url](command-ref/nix-prefetch-url.md)
-  - [Experimental Commands](command-ref/experimental-commands.md)
-    - [nix](command-ref/nix.md)
-  - [Files](command-ref/files.md)
-    - [nix.conf](command-ref/conf-file.md)
-- [Glossary](glossary.md)
-- [Hacking](hacking.md)
-- [Release Notes](release-notes/release-notes.md)
-  - [Release 2.3 (2019-09-04)](release-notes/rl-2.3.md)
-  - [Release 2.2 (2019-01-11)](release-notes/rl-2.2.md)
-  - [Release 2.1 (2018-09-02)](release-notes/rl-2.1.md)
-  - [Release 2.0 (2018-02-22)](release-notes/rl-2.0.md)
-  - [Release 1.11.10 (2017-06-12)](release-notes/rl-1.11.10.md)
-  - [Release 1.11 (2016-01-19)](release-notes/rl-1.11.md)
-  - [Release 1.10 (2015-09-03)](release-notes/rl-1.10.md)
-  - [Release 1.9 (2015-06-12)](release-notes/rl-1.9.md)
-  - [Release 1.8 (2014-12-14)](release-notes/rl-1.8.md)
-  - [Release 1.7 (2014-04-11)](release-notes/rl-1.7.md)
-  - [Release 1.6.1 (2013-10-28)](release-notes/rl-1.6.1.md)
-  - [Release 1.6 (2013-09-10)](release-notes/rl-1.6.md)
-  - [Release 1.5.2 (2013-05-13)](release-notes/rl-1.5.2.md)
-  - [Release 1.5 (2013-02-27)](release-notes/rl-1.5.md)
-  - [Release 1.4 (2013-02-26)](release-notes/rl-1.4.md)
-  - [Release 1.3 (2013-01-04)](release-notes/rl-1.3.md)
-  - [Release 1.2 (2012-12-06)](release-notes/rl-1.2.md)
-  - [Release 1.1 (2012-07-18)](release-notes/rl-1.1.md)
-  - [Release 1.0 (2012-05-11)](release-notes/rl-1.0.md)
-  - [Release 0.16 (2010-08-17)](release-notes/rl-0.16.md)
-  - [Release 0.15 (2010-03-17)](release-notes/rl-0.15.md)
-  - [Release 0.14 (2010-02-04)](release-notes/rl-0.14.md)
-  - [Release 0.13 (2009-11-05)](release-notes/rl-0.13.md)
-  - [Release 0.12 (2008-11-20)](release-notes/rl-0.12.md)
-  - [Release 0.11 (2007-12-31)](release-notes/rl-0.11.md)
-  - [Release 0.10.1 (2006-10-11)](release-notes/rl-0.10.1.md)
-  - [Release 0.10 (2006-10-06)](release-notes/rl-0.10.md)
-  - [Release 0.9.2 (2005-09-21)](release-notes/rl-0.9.2.md)
-  - [Release 0.9.1 (2005-09-20)](release-notes/rl-0.9.1.md)
-  - [Release 0.9 (2005-09-16)](release-notes/rl-0.9.md)
-  - [Release 0.8.1 (2005-04-13)](release-notes/rl-0.8.1.md)
-  - [Release 0.8 (2005-04-11)](release-notes/rl-0.8.md)
-  - [Release 0.7 (2005-01-12)](release-notes/rl-0.7.md)
-  - [Release 0.6 (2004-11-14)](release-notes/rl-0.6.md)
-  - [Release 0.5 and earlier](release-notes/rl-0.5.md)

doc/manual/src/advanced-topics/advanced-topics.md

@@ -1 +0,0 @@
-

doc/manual/src/advanced-topics/cores-vs-jobs.md

@@ -1,39 +0,0 @@
-# Tuning Cores and Jobs
-
-Nix has two relevant settings with regards to how your CPU cores will
-be utilized: `cores` and `max-jobs`. This chapter will talk about what
-they are, how they interact, and their configuration trade-offs.
-
-  - `max-jobs`  
-    Dictates how many separate derivations will be built at the same
-    time. If you set this to zero, the local machine will do no
-    builds.  Nix will still substitute from binary caches, and build
-    remotely if remote builders are configured.
-
-  - `cores`  
-    Suggests how many cores each derivation should use. Similar to
-    `make -j`.
-
-The `cores` setting determines the value of
-`NIX_BUILD_CORES`. `NIX_BUILD_CORES` is equal to `cores`, unless
-`cores` equals `0`, in which case `NIX_BUILD_CORES` will be the total
-number of cores in the system.
-
-The maximum number of consumed cores is a simple multiplication,
-`max-jobs` \* `NIX_BUILD_CORES`.
-
-The balance on how to set these two independent variables depends upon
-each builder's workload and hardware. Here are a few example scenarios
-on a machine with 24 cores:
-
-| `max-jobs` | `cores` | `NIX_BUILD_CORES` | Maximum Processes | Result                                                                                                                                                                                                                                                                                 |
-| --------------------- | ------------------ | ----------------- | ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| 1                     | 24                 | 24                | 24                | One derivation will be built at a time, each one can use 24 cores. Undersold if a job can’t use 24 cores.                                                                                                                                                                              |
-| 4                     | 6                  | 6                 | 24                | Four derivations will be built at once, each given access to six cores.                                                                                                                                                                                                                |
-| 12                    | 6                  | 6                 | 72                | 12 derivations will be built at once, each given access to six cores. This configuration is over-sold. If all 12 derivations being built simultaneously try to use all six cores, the machine's performance will be degraded due to extensive context switching between the 12 builds. |
-| 24                    | 1                  | 1                 | 24                | 24 derivations can build at the same time, each using a single core. Never oversold, but derivations which require many cores will be very slow to compile.                                                                                                                            |
-| 24                    | 0                  | 24                | 576               | 24 derivations can build at the same time, each using all the available cores of the machine. Very likely to be oversold, and very likely to suffer context switches.                                                                                                                  |
-
-It is up to the derivations' build script to respect host's requested
-cores-per-build by following the value of the `NIX_BUILD_CORES`
-environment variable.

doc/manual/src/advanced-topics/diff-hook.md

@@ -1,157 +0,0 @@
-# Verifying Build Reproducibility
-
-You can use Nix's `diff-hook` setting to compare build results. Note
-that this hook is only executed if the results differ; it is not used
-for determining if the results are the same.
-
-For purposes of demonstration, we'll use the following Nix file,
-`deterministic.nix` for testing:
-
-```nix
-let
-  inherit (import <nixpkgs> {}) runCommand;
-in {
-  stable = runCommand "stable" {} ''
-    touch $out
-  '';
-
-  unstable = runCommand "unstable" {} ''
-    echo $RANDOM > $out
-  '';
-}
-```
-
-Additionally, `nix.conf` contains:
-
-    diff-hook = /etc/nix/my-diff-hook
-    run-diff-hook = true
-
-where `/etc/nix/my-diff-hook` is an executable file containing:
-
-```bash
-#!/bin/sh
-exec >&2
-echo "For derivation $3:"
-/run/current-system/sw/bin/diff -r "$1" "$2"
-```
-
-The diff hook is executed by the same user and group who ran the build.
-However, the diff hook does not have write access to the store path just
-built.
-
-# Spot-Checking Build Determinism
-
-Verify a path which already exists in the Nix store by passing `--check`
-to the build command.
-
-If the build passes and is deterministic, Nix will exit with a status
-code of 0:
-
-```console
-$ nix-build ./deterministic.nix -A stable
-this derivation will be built:
-  /nix/store/z98fasz2jqy9gs0xbvdj939p27jwda38-stable.drv
-building '/nix/store/z98fasz2jqy9gs0xbvdj939p27jwda38-stable.drv'...
-/nix/store/yyxlzw3vqaas7wfp04g0b1xg51f2czgq-stable
-
-$ nix-build ./deterministic.nix -A stable --check
-checking outputs of '/nix/store/z98fasz2jqy9gs0xbvdj939p27jwda38-stable.drv'...
-/nix/store/yyxlzw3vqaas7wfp04g0b1xg51f2czgq-stable
-```
-
-If the build is not deterministic, Nix will exit with a status code of
-1:
-
-```console
-$ nix-build ./deterministic.nix -A unstable
-this derivation will be built:
-  /nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv
-building '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv'...
-/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable
-
-$ nix-build ./deterministic.nix -A unstable --check
-checking outputs of '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv'...
-error: derivation '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv' may
-not be deterministic: output '/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable' differs
-```
-
-In the Nix daemon's log, we will now see:
-
-```
-For derivation /nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv:
-1c1
-< 8108
----
-> 30204
-```
-
-Using `--check` with `--keep-failed` will cause Nix to keep the second
-build's output in a special, `.check` path:
-
-```console
-$ nix-build ./deterministic.nix -A unstable --check --keep-failed
-checking outputs of '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv'...
-note: keeping build directory '/tmp/nix-build-unstable.drv-0'
-error: derivation '/nix/store/cgl13lbj1w368r5z8gywipl1ifli7dhk-unstable.drv' may
-not be deterministic: output '/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable' differs
-from '/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable.check'
-```
-
-In particular, notice the
-`/nix/store/krpqk0l9ib0ibi1d2w52z293zw455cap-unstable.check` output. Nix
-has copied the build results to that directory where you can examine it.
-
-> **Note**
-> 
-> Check paths are not protected against garbage collection, and this
-> path will be deleted on the next garbage collection.
-> 
-> The path is guaranteed to be alive for the duration of
-> the `diff-hook`'s execution, but may be deleted any time after.
-> 
-> If the comparison is performed as part of automated tooling, please
-> use the diff-hook or author your tooling to handle the case where the
-> build was not deterministic and also a check path does not exist.
-
-`--check` is only usable if the derivation has been built on the system
-already. If the derivation has not been built Nix will fail with the
-error:
-
-    error: some outputs of '/nix/store/hzi1h60z2qf0nb85iwnpvrai3j2w7rr6-unstable.drv' 
-    are not valid, so checking is not possible
-
-Run the build without `--check`, and then try with `--check` again.
-
-# Automatic and Optionally Enforced Determinism Verification
-
-Automatically verify every build at build time by executing the build
-multiple times.
-
-Setting `repeat` and `enforce-determinism` in your `nix.conf` permits
-the automated verification of every build Nix performs.
-
-The following configuration will run each build three times, and will
-require the build to be deterministic:
-
-    enforce-determinism = true
-    repeat = 2
-
-Setting `enforce-determinism` to false as in the following
-configuration will run the build multiple times, execute the build
-hook, but will allow the build to succeed even if it does not build
-reproducibly:
-
-    enforce-determinism = false
-    repeat = 1
-
-An example output of this configuration:
-
-```console
-$ nix-build ./test.nix -A unstable
-this derivation will be built:
-  /nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv
-building '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' (round 1/2)...
-building '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' (round 2/2)...
-output '/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable' of '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' differs from '/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable.check' from previous round
-/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable
-```

doc/manual/src/advanced-topics/distributed-builds.md

@@ -1,154 +0,0 @@
-# Remote Builds
-
-Nix supports remote builds, where a local Nix installation can forward
-Nix builds to other machines. This allows multiple builds to be
-performed in parallel and allows Nix to perform multi-platform builds in
-a semi-transparent way. For instance, if you perform a build for a
-`x86_64-darwin` on an `i686-linux` machine, Nix can automatically
-forward the build to a `x86_64-darwin` machine, if available.
-
-To forward a build to a remote machine, it’s required that the remote
-machine is accessible via SSH and that it has Nix installed. You can
-test whether connecting to the remote Nix instance works, e.g.
-
-```console
-$ nix ping-store --store ssh://mac
-```
-
-will try to connect to the machine named `mac`. It is possible to
-specify an SSH identity file as part of the remote store URI, e.g.
-
-```console
-$ nix ping-store --store ssh://mac?ssh-key=/home/alice/my-key
-```
-
-Since builds should be non-interactive, the key should not have a
-passphrase. Alternatively, you can load identities ahead of time into
-`ssh-agent` or `gpg-agent`.
-
-If you get the error
-
-```console
-bash: nix-store: command not found
-error: cannot connect to 'mac'
-```
-
-then you need to ensure that the `PATH` of non-interactive login shells
-contains Nix.
-
-> **Warning**
-> 
-> If you are building via the Nix daemon, it is the Nix daemon user
-> account (that is, `root`) that should have SSH access to the remote
-> machine. If you can’t or don’t want to configure `root` to be able to
-> access to remote machine, you can use a private Nix store instead by
-> passing e.g. `--store ~/my-nix`.
-
-The list of remote machines can be specified on the command line or in
-the Nix configuration file. The former is convenient for testing. For
-example, the following command allows you to build a derivation for
-`x86_64-darwin` on a Linux machine:
-
-```console
-$ uname
-Linux
-    
-$ nix build \
-  '(with import <nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo" {} "uname > $out")' \
-  --builders 'ssh://mac x86_64-darwin'
-[1/0/1 built, 0.0 MiB DL] building foo on ssh://mac
-
-$ cat ./result
-Darwin
-```
-
-It is possible to specify multiple builders separated by a semicolon or
-a newline, e.g.
-
-```console
-  --builders 'ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd'
-```
-
-Each machine specification consists of the following elements, separated
-by spaces. Only the first element is required. To leave a field at its
-default, set it to `-`.
-
-1.  The URI of the remote store in the format
-    `ssh://[username@]hostname`, e.g. `ssh://nix@mac` or `ssh://mac`.
-    For backward compatibility, `ssh://` may be omitted. The hostname
-    may be an alias defined in your `~/.ssh/config`.
-
-2.  A comma-separated list of Nix platform type identifiers, such as
-    `x86_64-darwin`. It is possible for a machine to support multiple
-    platform types, e.g., `i686-linux,x86_64-linux`. If omitted, this
-    defaults to the local platform type.
-
-3.  The SSH identity file to be used to log in to the remote machine. If
-    omitted, SSH will use its regular identities.
-
-4.  The maximum number of builds that Nix will execute in parallel on
-    the machine. Typically this should be equal to the number of CPU
-    cores. For instance, the machine `itchy` in the example will execute
-    up to 8 builds in parallel.
-
-5.  The “speed factor”, indicating the relative speed of the machine. If
-    there are multiple machines of the right type, Nix will prefer the
-    fastest, taking load into account.
-
-6.  A comma-separated list of *supported features*. If a derivation has
-    the `requiredSystemFeatures` attribute, then Nix will only perform
-    the derivation on a machine that has the specified features. For
-    instance, the attribute
-
-    ```nix
-    requiredSystemFeatures = [ "kvm" ];
-    ```
-    
-    will cause the build to be performed on a machine that has the `kvm`
-    feature.
-
-7.  A comma-separated list of *mandatory features*. A machine will only
-    be used to build a derivation if all of the machine’s mandatory
-    features appear in the derivation’s `requiredSystemFeatures`
-    attribute..
-
-For example, the machine specification
-
-    nix@scratchy.labs.cs.uu.nl  i686-linux      /home/nix/.ssh/id_scratchy_auto        8 1 kvm
-    nix@itchy.labs.cs.uu.nl     i686-linux      /home/nix/.ssh/id_scratchy_auto        8 2
-    nix@poochie.labs.cs.uu.nl   i686-linux      /home/nix/.ssh/id_scratchy_auto        1 2 kvm benchmark
-
-specifies several machines that can perform `i686-linux` builds.
-However, `poochie` will only do builds that have the attribute
-
-```nix
-requiredSystemFeatures = [ "benchmark" ];
-```
-
-or
-
-```nix
-requiredSystemFeatures = [ "benchmark" "kvm" ];
-```
-
-`itchy` cannot do builds that require `kvm`, but `scratchy` does support
-such builds. For regular builds, `itchy` will be preferred over
-`scratchy` because it has a higher speed factor.
-
-Remote builders can also be configured in `nix.conf`, e.g.
-
-    builders = ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd
-
-Finally, remote builders can be configured in a separate configuration
-file included in `builders` via the syntax `@file`. For example,
-
-    builders = @/etc/nix/machines
-
-causes the list of machines in `/etc/nix/machines` to be included. (This
-is the default.)
-
-If you want the builders to use caches, you likely want to set the
-option `builders-use-substitutes` in your local `nix.conf`.
-
-To build only on remote builders and disable building on the local
-machine, you can use the option `--max-jobs 0`.

doc/manual/src/advanced-topics/post-build-hook.md

@@ -1,123 +0,0 @@
-# Using the `post-build-hook`
-
-# Implementation Caveats
-
-Here we use the post-build hook to upload to a binary cache. This is a
-simple and working example, but it is not suitable for all use cases.
-
-The post build hook program runs after each executed build, and blocks
-the build loop. The build loop exits if the hook program fails.
-
-Concretely, this implementation will make Nix slow or unusable when the
-internet is slow or unreliable.
-
-A more advanced implementation might pass the store paths to a
-user-supplied daemon or queue for processing the store paths outside of
-the build loop.
-
-# Prerequisites
-
-This tutorial assumes you have [configured an S3-compatible binary
-cache](../package-management/s3-substituter.md), and that the `root`
-user's default AWS profile can upload to the bucket.
-
-# Set up a Signing Key
-
-Use `nix-store --generate-binary-cache-key` to create our public and
-private signing keys. We will sign paths with the private key, and
-distribute the public key for verifying the authenticity of the paths.
-
-```console
-# nix-store --generate-binary-cache-key example-nix-cache-1 /etc/nix/key.private /etc/nix/key.public
-# cat /etc/nix/key.public
-example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
-```
-
-Then, add the public key and the cache URL to your `nix.conf`'s
-`trusted-public-keys` and `substituters` options:
-
-    substituters = https://cache.nixos.org/ s3://example-nix-cache
-    trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
-
-We will restart the Nix daemon in a later step.
-
-# Implementing the build hook
-
-Write the following script to `/etc/nix/upload-to-cache.sh`:
-
-```bash
-#!/bin/sh
-
-set -eu
-set -f # disable globbing
-export IFS=' '
-
-echo "Signing paths" $OUT_PATHS
-nix sign-paths --key-file /etc/nix/key.private $OUT_PATHS
-echo "Uploading paths" $OUT_PATHS
-exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
-```
-
-> **Note**
-> 
-> The `$OUT_PATHS` variable is a space-separated list of Nix store
-> paths. In this case, we expect and want the shell to perform word
-> splitting to make each output path its own argument to `nix
-> sign-paths`. Nix guarantees the paths will not contain any spaces,
-> however a store path might contain glob characters. The `set -f`
-> disables globbing in the shell.
-
-Then make sure the hook program is executable by the `root` user:
-
-```console
-# chmod +x /etc/nix/upload-to-cache.sh
-```
-
-# Updating Nix Configuration
-
-Edit `/etc/nix/nix.conf` to run our hook, by adding the following
-configuration snippet at the end:
-
-    post-build-hook = /etc/nix/upload-to-cache.sh
-
-Then, restart the `nix-daemon`.
-
-# Testing
-
-Build any derivation, for example:
-
-```console
-$ nix-build -E '(import <nixpkgs> {}).writeText "example" (builtins.toString builtins.currentTime)'
-this derivation will be built:
-  /nix/store/s4pnfbkalzy5qz57qs6yybna8wylkig6-example.drv
-building '/nix/store/s4pnfbkalzy5qz57qs6yybna8wylkig6-example.drv'...
-running post-build-hook '/home/grahamc/projects/github.com/NixOS/nix/post-hook.sh'...
-post-build-hook: Signing paths /nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
-post-build-hook: Uploading paths /nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
-/nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
-```
-
-Then delete the path from the store, and try substituting it from the
-binary cache:
-
-```console
-$ rm ./result
-$ nix-store --delete /nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
-```
-
-Now, copy the path back from the cache:
-
-```console
-$ nix-store --realise /nix/store/ibcyipq5gf91838ldx40mjsp0b8w9n18-example
-copying path '/nix/store/m8bmqwrch6l3h8s0k3d673xpmipcdpsa-example from 's3://example-nix-cache'...
-warning: you did not specify '--add-root'; the result might be removed by the garbage collector
-/nix/store/m8bmqwrch6l3h8s0k3d673xpmipcdpsa-example
-```
-
-# Conclusion
-
-We now have a Nix installation configured to automatically sign and
-upload every local build to a remote binary cache.
-
-Before deploying this to production, be sure to consider the
-[implementation caveats](#implementation-caveats).

doc/manual/src/command-ref/command-ref.md

@@ -1,2 +0,0 @@
-This section lists commands and options that you can use when you work
-with Nix.

doc/manual/src/command-ref/conf-file-prefix.md

@@ -1,37 +0,0 @@
-# Name
-
-`nix.conf` - Nix configuration file
-
-# Description
-
-By default Nix reads settings from the following places:
-
-  - The system-wide configuration file `sysconfdir/nix/nix.conf` (i.e.
-    `/etc/nix/nix.conf` on most systems), or `$NIX_CONF_DIR/nix.conf` if
-    `NIX_CONF_DIR` is set. Values loaded in this file are not forwarded
-    to the Nix daemon. The client assumes that the daemon has already
-    loaded them.
-
-  - If `NIX_USER_CONF_FILES` is set, then each path separated by `:`
-    will be loaded in reverse order.
-
-    Otherwise it will look for `nix/nix.conf` files in `XDG_CONFIG_DIRS`
-    and `XDG_CONFIG_HOME`. If these are unset, it will look in
-    `$HOME/.config/nix.conf`.
-
-The configuration files consist of `name =
-value` pairs, one per line. Other files can be included with a line like
-`include
-path`, where *path* is interpreted relative to the current conf file and
-a missing file is an error unless `!include` is used instead. Comments
-start with a `#` character. Here is an example configuration file:
-
-    keep-outputs = true       # Nice for developers
-    keep-derivations = true   # Idem
-
-You can override settings on the command line using the `--option` flag,
-e.g. `--option keep-outputs
-false`.
-
-The following settings are currently available:
-

doc/manual/src/command-ref/env-common.md

@@ -1,115 +0,0 @@
-# Common Environment Variables
-
-Most Nix commands interpret the following environment variables:
-
-  - `IN_NIX_SHELL`  
-    Indicator that tells if the current environment was set up by
-    `nix-shell`. Since Nix 2.0 the values are `"pure"` and `"impure"`
-
-  - `NIX_PATH`  
-    A colon-separated list of directories used to look up Nix
-    expressions enclosed in angle brackets (i.e., `<path>`). For
-    instance, the value
-    
-        /home/eelco/Dev:/etc/nixos
-    
-    will cause Nix to look for paths relative to `/home/eelco/Dev` and
-    `/etc/nixos`, in this order. It is also possible to match paths
-    against a prefix. For example, the value
-    
-        nixpkgs=/home/eelco/Dev/nixpkgs-branch:/etc/nixos
-    
-    will cause Nix to search for `<nixpkgs/path>` in
-    `/home/eelco/Dev/nixpkgs-branch/path` and `/etc/nixos/nixpkgs/path`.
-    
-    If a path in the Nix search path starts with `http://` or
-    `https://`, it is interpreted as the URL of a tarball that will be
-    downloaded and unpacked to a temporary location. The tarball must
-    consist of a single top-level directory. For example, setting
-    `NIX_PATH` to
-    
-        nixpkgs=https://github.com/NixOS/nixpkgs/archive/nixos-15.09.tar.gz
-    
-    tells Nix to download the latest revision in the Nixpkgs/NixOS 15.09
-    channel.
-    
-    A following shorthand can be used to refer to the official channels:
-    
-        nixpkgs=channel:nixos-15.09
-    
-    The search path can be extended using the `-I` option, which takes
-    precedence over `NIX_PATH`.
-
-  - `NIX_IGNORE_SYMLINK_STORE`  
-    Normally, the Nix store directory (typically `/nix/store`) is not
-    allowed to contain any symlink components. This is to prevent
-    “impure” builds. Builders sometimes “canonicalise” paths by
-    resolving all symlink components. Thus, builds on different machines
-    (with `/nix/store` resolving to different locations) could yield
-    different results. This is generally not a problem, except when
-    builds are deployed to machines where `/nix/store` resolves
-    differently. If you are sure that you’re not going to do that, you
-    can set `NIX_IGNORE_SYMLINK_STORE` to `1`.
-    
-    Note that if you’re symlinking the Nix store so that you can put it
-    on another file system than the root file system, on Linux you’re
-    better off using `bind` mount points, e.g.,
-
-    ```console
-    $ mkdir /nix
-    $ mount -o bind /mnt/otherdisk/nix /nix
-    ```
-    
-    Consult the mount 8 manual page for details.
-
-  - `NIX_STORE_DIR`  
-    Overrides the location of the Nix store (default `prefix/store`).
-
-  - `NIX_DATA_DIR`  
-    Overrides the location of the Nix static data directory (default
-    `prefix/share`).
-
-  - `NIX_LOG_DIR`  
-    Overrides the location of the Nix log directory (default
-    `prefix/var/log/nix`).
-
-  - `NIX_STATE_DIR`  
-    Overrides the location of the Nix state directory (default
-    `prefix/var/nix`).
-
-  - `NIX_CONF_DIR`  
-    Overrides the location of the system Nix configuration directory
-    (default `prefix/etc/nix`).
-
-  - `NIX_USER_CONF_FILES`  
-    Overrides the location of the user Nix configuration files to load
-    from (defaults to the XDG spec locations). The variable is treated
-    as a list separated by the `:` token.
-
-  - `TMPDIR`  
-    Use the specified directory to store temporary files. In particular,
-    this includes temporary build directories; these can take up
-    substantial amounts of disk space. The default is `/tmp`.
-
-  - `NIX_REMOTE`  
-    This variable should be set to `daemon` if you want to use the Nix
-    daemon to execute Nix operations. This is necessary in [multi-user
-    Nix installations](../installation/multi-user.md). If the Nix
-    daemon's Unix socket is at some non-standard path, this variable
-    should be set to `unix://path/to/socket`. Otherwise, it should be
-    left unset.
-
-  - `NIX_SHOW_STATS`  
-    If set to `1`, Nix will print some evaluation statistics, such as
-    the number of values allocated.
-
-  - `NIX_COUNT_CALLS`  
-    If set to `1`, Nix will print how often functions were called during
-    Nix expression evaluation. This is useful for profiling your Nix
-    expressions.
-
-  - `GC_INITIAL_HEAP_SIZE`  
-    If Nix has been configured to use the Boehm garbage collector, this
-    variable sets the initial size of the heap in bytes. It defaults to
-    384 MiB. Setting it to a low value reduces memory consumption, but
-    will increase runtime due to the overhead of garbage collection.

doc/manual/src/command-ref/experimental-commands.md

@@ -1,8 +0,0 @@
-# Experimental Commands
-
-This section lists experimental commands.
-
-> **Warning**
->
-> These commands may be removed in the future, or their syntax may
-> change in incompatible ways.

doc/manual/src/command-ref/files.md

@@ -1,4 +0,0 @@
-# Files
-
-This section lists configuration files that you can use when you work
-with Nix.

doc/manual/src/command-ref/main-commands.md

@@ -1,4 +0,0 @@
-# Main Commands
-
-This section lists commands and options that you can use when you work
-with Nix.

doc/manual/src/command-ref/nix-build.md

@@ -1,111 +0,0 @@
-# Name
-
-`nix-build` - build a Nix expression
-
-# Synopsis
-
-`nix-build` [*paths…*]
-  [`--arg` *name* *value*]
-  [`--argstr` *name* *value*]
-  [{`--attr` | `-A`} *attrPath*]
-  [`--no-out-link`]
-  [`--dry-run`]
-  [{`--out-link` | `-o`} *outlink*]
-
-# Description
-
-The `nix-build` command builds the derivations described by the Nix
-expressions in *paths*. If the build succeeds, it places a symlink to
-the result in the current directory. The symlink is called `result`. If
-there are multiple Nix expressions, or the Nix expressions evaluate to
-multiple derivations, multiple sequentially numbered symlinks are
-created (`result`, `result-2`, and so on).
-
-If no *paths* are specified, then `nix-build` will use `default.nix` in
-the current directory, if it exists.
-
-If an element of *paths* starts with `http://` or `https://`, it is
-interpreted as the URL of a tarball that will be downloaded and unpacked
-to a temporary location. The tarball must include a single top-level
-directory containing at least a file named `default.nix`.
-
-`nix-build` is essentially a wrapper around
-[`nix-instantiate`](nix-instantiate.md) (to translate a high-level Nix
-expression to a low-level store derivation) and [`nix-store
---realise`](nix-store.md#operation---realise) (to build the store
-derivation).
-
-> **Warning**
->
-> The result of the build is automatically registered as a root of the
-> Nix garbage collector. This root disappears automatically when the
-> `result` symlink is deleted or renamed. So don’t rename the symlink.
-
-# Options
-
-All options not listed here are passed to `nix-store
---realise`, except for `--arg` and `--attr` / `-A` which are passed to
-`nix-instantiate`.
-
-  - `--no-out-link`  
-    Do not create a symlink to the output path. Note that as a result
-    the output does not become a root of the garbage collector, and so
-    might be deleted by `nix-store
-                    --gc`.
-
-  - `--dry-run`  
-    Show what store paths would be built or downloaded.
-
-  - `--out-link` / `-o` *outlink*  
-    Change the name of the symlink to the output path created from
-    `result` to *outlink*.
-
-The following common options are supported:
-
-# Examples
-
-```console
-$ nix-build '<nixpkgs>' -A firefox
-store derivation is /nix/store/qybprl8sz2lc...-firefox-1.5.0.7.drv
-/nix/store/d18hyl92g30l...-firefox-1.5.0.7
-
-$ ls -l result
-lrwxrwxrwx  ...  result -> /nix/store/d18hyl92g30l...-firefox-1.5.0.7
-
-$ ls ./result/bin/
-firefox  firefox-config
-```
-
-If a derivation has multiple outputs, `nix-build` will build the default
-(first) output. You can also build all outputs:
-
-```console
-$ nix-build '<nixpkgs>' -A openssl.all
-```
-
-This will create a symlink for each output named `result-outputname`.
-The suffix is omitted if the output name is `out`. So if `openssl` has
-outputs `out`, `bin` and `man`, `nix-build` will create symlinks
-`result`, `result-bin` and `result-man`. It’s also possible to build a
-specific output:
-
-```console
-$ nix-build '<nixpkgs>' -A openssl.man
-```
-
-This will create a symlink `result-man`.
-
-Build a Nix expression given on the command line:
-
-```console
-$ nix-build -E 'with import <nixpkgs> { }; runCommand "foo" { } "echo bar > $out"'
-$ cat ./result
-bar
-```
-
-Build the GNU Hello package from the latest revision of the master
-branch of Nixpkgs:
-
-```console
-$ nix-build https://github.com/NixOS/nixpkgs/archive/master.tar.gz -A hello
-```

doc/manual/src/command-ref/nix-channel.md

@@ -1,96 +0,0 @@
-# Name
-
-`nix-channel` - manage Nix channels
-
-# Synopsis
-
-`nix-channel` {`--add` url [*name*] | `--remove` *name* | `--list` | `--update` [*names…*] | `--rollback` [*generation*] }
-
-# Description
-
-A Nix channel is a mechanism that allows you to automatically stay
-up-to-date with a set of pre-built Nix expressions. A Nix channel is
-just a URL that points to a place containing a set of Nix expressions.
-
-To see the list of official NixOS channels, visit
-<https://nixos.org/channels>.
-
-This command has the following operations:
-
-  - `--add` *url* \[*name*\]  
-    Adds a channel named *name* with URL *url* to the list of subscribed
-    channels. If *name* is omitted, it defaults to the last component of
-    *url*, with the suffixes `-stable` or `-unstable` removed.
-
-  - `--remove` *name*  
-    Removes the channel named *name* from the list of subscribed
-    channels.
-
-  - `--list`  
-    Prints the names and URLs of all subscribed channels on standard
-    output.
-
-  - `--update` \[*names*…\]  
-    Downloads the Nix expressions of all subscribed channels (or only
-    those included in *names* if specified) and makes them the default
-    for `nix-env` operations (by symlinking them from the directory
-    `~/.nix-defexpr`).
-
-  - `--rollback` \[*generation*\]  
-    Reverts the previous call to `nix-channel
-                    --update`. Optionally, you can specify a specific channel generation
-    number to restore.
-
-Note that `--add` does not automatically perform an update.
-
-The list of subscribed channels is stored in `~/.nix-channels`.
-
-# Examples
-
-To subscribe to the Nixpkgs channel and install the GNU Hello package:
-
-```console
-$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable
-$ nix-channel --update
-$ nix-env -iA nixpkgs.hello
-```
-
-You can revert channel updates using `--rollback`:
-
-```console
-$ nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
-"14.04.527.0e935f1"
-
-$ nix-channel --rollback
-switching from generation 483 to 482
-
-$ nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
-"14.04.526.dbadfad"
-```
-
-# Files
-
-  - `/nix/var/nix/profiles/per-user/username/channels`  
-    `nix-channel` uses a `nix-env` profile to keep track of previous
-    versions of the subscribed channels. Every time you run `nix-channel
-    --update`, a new channel generation (that is, a symlink to the
-    channel Nix expressions in the Nix store) is created. This enables
-    `nix-channel --rollback` to revert to previous versions.
-
-  - `~/.nix-defexpr/channels`  
-    This is a symlink to
-    `/nix/var/nix/profiles/per-user/username/channels`. It ensures that
-    `nix-env` can find your channels. In a multi-user installation, you
-    may also have `~/.nix-defexpr/channels_root`, which links to the
-    channels of the root user.
-
-# Channel format
-
-A channel URL should point to a directory containing the following
-files:
-
-  - `nixexprs.tar.xz`  
-    A tarball containing Nix expressions and files referenced by them
-    (such as build scripts and patches). At the top level, the tarball
-    should contain a single directory. That directory must contain a
-    file `default.nix` that serves as the channel’s “entry point”.

doc/manual/src/command-ref/nix-collect-garbage.md

@@ -1,30 +0,0 @@
-# Name
-
-`nix-collect-garbage` - delete unreachable store paths
-
-# Synopsis
-
-`nix-collect-garbage` [`--delete-old`] [`-d`] [`--delete-older-than` *period*] [`--max-freed` *bytes*] [`--dry-run`]
-
-# Description
-
-The command `nix-collect-garbage` is mostly an alias of [`nix-store
---gc`](nix-store.md#operation---gc), that is, it deletes all
-unreachable paths in the Nix store to clean up your system. However,
-it provides two additional options: `-d` (`--delete-old`), which
-deletes all old generations of all profiles in `/nix/var/nix/profiles`
-by invoking `nix-env --delete-generations old` on all profiles (of
-course, this makes rollbacks to previous configurations impossible);
-and `--delete-older-than` *period*, where period is a value such as
-`30d`, which deletes all generations older than the specified number
-of days in all profiles in `/nix/var/nix/profiles` (except for the
-generations that were active at that point in time).
-
-# Example
-
-To delete from the Nix store everything that is not used by the current
-generations of each profile, do
-
-```console
-$ nix-collect-garbage -d
-```

doc/manual/src/command-ref/nix-copy-closure.md

@@ -1,85 +0,0 @@
-# Name
-
-`nix-copy-closure` - copy a closure to or from a remote machine via SSH
-
-# Synopsis
-
-`nix-copy-closure`
-  [`--to` | `--from`]
-  [`--gzip`]
-  [`--include-outputs`]
-  [`--use-substitutes` | `-s`]
-  [`-v`]
-  _user@machine_ _paths_
-
-# Description
-
-`nix-copy-closure` gives you an easy and efficient way to exchange
-software between machines.  Given one or more Nix store _paths_ on the
-local machine, `nix-copy-closure` computes the closure of those paths
-(i.e. all their dependencies in the Nix store), and copies all paths
-in the closure to the remote machine via the `ssh` (Secure Shell)
-command.  With the `--from` option, the direction is reversed: the
-closure of _paths_ on a remote machine is copied to the Nix store on
-the local machine.
-
-This command is efficient because it only sends the store paths
-that are missing on the target machine.
-
-Since `nix-copy-closure` calls `ssh`, you may be asked to type in the
-appropriate password or passphrase.  In fact, you may be asked _twice_
-because `nix-copy-closure` currently connects twice to the remote
-machine, first to get the set of paths missing on the target machine,
-and second to send the dump of those paths.  If this bothers you, use
-`ssh-agent`.
-
-# Options
-
-  - `--to`  
-    Copy the closure of _paths_ from the local Nix store to the Nix
-    store on _machine_. This is the default.
-
-  - `--from`  
-    Copy the closure of _paths_ from the Nix store on _machine_ to the
-    local Nix store.
-
-  - `--gzip`  
-    Enable compression of the SSH connection.
-
-  - `--include-outputs`  
-    Also copy the outputs of store derivations included in the closure.
-
-  - `--use-substitutes` / `-s`  
-    Attempt to download missing paths on the target machine using Nix’s
-    substitute mechanism.  Any paths that cannot be substituted on the
-    target are still copied normally from the source.  This is useful,
-    for instance, if the connection between the source and target
-    machine is slow, but the connection between the target machine and
-    `nixos.org` (the default binary cache server) is
-    fast.
-
-  - `-v`  
-    Show verbose output.
-
-# Environment variables
-
-  - `NIX_SSHOPTS`  
-    Additional options to be passed to `ssh` on the command
-    line.
-
-# Examples
-
-Copy Firefox with all its dependencies to a remote machine:
-
-```console
-$ nix-copy-closure --to alice@itchy.labs $(type -tP firefox)
-```
-
-Copy Subversion from a remote machine and then install it into a user
-environment:
-
-```console
-$ nix-copy-closure --from alice@itchy.labs \
-    /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
-$ nix-env -i /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
-```

doc/manual/src/command-ref/nix-daemon.md

@@ -1,13 +0,0 @@
-# Name
-
-`nix-daemon` - Nix multi-user support daemon
-
-# Synopsis
-
-`nix-daemon`
-
-# Description
-
-The Nix daemon is necessary in multi-user Nix installations. It performs
-build actions and other operations on the Nix store on behalf of
-unprivileged users.

doc/manual/src/command-ref/nix-env.md

@@ -1,880 +0,0 @@
-# Name
-
-`nix-env` - manipulate or query Nix user environments
-
-# Synopsis
-
-`nix-env`
-  [`--option` *name* *value*]
-  [`--arg` *name* *value*]
-  [`--argstr` *name* *value*]
-  [{`--file` | `-f`} *path*]
-  [{`--profile` | `-p`} *path(]
-  [`--system-filter` *system*]
-  [`--dry-run`]
-  *operation* [*options…*] [*arguments…*]
-
-# Description
-
-The command `nix-env` is used to manipulate Nix user environments. User
-environments are sets of software packages available to a user at some
-point in time. In other words, they are a synthesised view of the
-programs available in the Nix store. There may be many user
-environments: different users can have different environments, and
-individual users can switch between different environments.
-
-`nix-env` takes exactly one *operation* flag which indicates the
-subcommand to be performed. These are documented below.
-
-# Selectors
-
-Several commands, such as `nix-env -q` and `nix-env -i`, take a list of
-arguments that specify the packages on which to operate. These are
-extended regular expressions that must match the entire name of the
-package. (For details on regular expressions, see regex7.) The match is
-case-sensitive. The regular expression can optionally be followed by a
-dash and a version number; if omitted, any version of the package will
-match. Here are some examples:
-
-  - `firefox`  
-    Matches the package name `firefox` and any version.
-
-  - `firefox-32.0`  
-    Matches the package name `firefox` and version `32.0`.
-
-  - `gtk\\+`  
-    Matches the package name `gtk+`. The `+` character must be escaped
-    using a backslash to prevent it from being interpreted as a
-    quantifier, and the backslash must be escaped in turn with another
-    backslash to ensure that the shell passes it on.
-
-  - `.\*`  
-    Matches any package name. This is the default for most commands.
-
-  - `'.*zip.*'`  
-    Matches any package name containing the string `zip`. Note the dots:
-    `'*zip*'` does not work, because in a regular expression, the
-    character `*` is interpreted as a quantifier.
-
-  - `'.*(firefox|chromium).*'`  
-    Matches any package name containing the strings `firefox` or
-    `chromium`.
-
-# Common options
-
-This section lists the options that are common to all operations. These
-options are allowed for every subcommand, though they may not always
-have an effect.
-
-  - `--file` / `-f` *path*  
-    Specifies the Nix expression (designated below as the *active Nix
-    expression*) used by the `--install`, `--upgrade`, and `--query
-    --available` operations to obtain derivations. The default is
-    `~/.nix-defexpr`.
-
-    If the argument starts with `http://` or `https://`, it is
-    interpreted as the URL of a tarball that will be downloaded and
-    unpacked to a temporary location. The tarball must include a single
-    top-level directory containing at least a file named `default.nix`.
-
-  - `--profile` / `-p` *path*  
-    Specifies the profile to be used by those operations that operate on
-    a profile (designated below as the *active profile*). A profile is a
-    sequence of user environments called *generations*, one of which is
-    the *current generation*.
-
-  - `--dry-run`  
-    For the `--install`, `--upgrade`, `--uninstall`,
-    `--switch-generation`, `--delete-generations` and `--rollback`
-    operations, this flag will cause `nix-env` to print what *would* be
-    done if this flag had not been specified, without actually doing it.
-
-    `--dry-run` also prints out which paths will be
-    [substituted](../glossary.md) (i.e., downloaded) and which paths
-    will be built from source (because no substitute is available).
-
-  - `--system-filter` *system*  
-    By default, operations such as `--query
-                    --available` show derivations matching any platform. This option
-    allows you to use derivations for the specified platform *system*.
-
-<!-- end list -->
-
-# Files
-
-  - `~/.nix-defexpr`  
-    The source for the default Nix expressions used by the
-    `--install`, `--upgrade`, and `--query --available` operations to
-    obtain derivations. The `--file` option may be used to override
-    this default.
-
-    If `~/.nix-defexpr` is a file, it is loaded as a Nix expression. If
-    the expression is a set, it is used as the default Nix expression.
-    If the expression is a function, an empty set is passed as argument
-    and the return value is used as the default Nix expression.
-
-    If `~/.nix-defexpr` is a directory containing a `default.nix` file,
-    that file is loaded as in the above paragraph.
-
-    If `~/.nix-defexpr` is a directory without a `default.nix` file,
-    then its contents (both files and subdirectories) are loaded as Nix
-    expressions. The expressions are combined into a single set, each
-    expression under an attribute with the same name as the original
-    file or subdirectory.
-
-    For example, if `~/.nix-defexpr` contains two files, `foo.nix` and
-    `bar.nix`, then the default Nix expression will essentially be
-
-    ```nix
-    {
-      foo = import ~/.nix-defexpr/foo.nix;
-      bar = import ~/.nix-defexpr/bar.nix;
-    }
-    ```
-
-    The file `manifest.nix` is always ignored. Subdirectories without a
-    `default.nix` file are traversed recursively in search of more Nix
-    expressions, but the names of these intermediate directories are not
-    added to the attribute paths of the default Nix expression.
-
-    The command `nix-channel` places symlinks to the downloaded Nix
-    expressions from each subscribed channel in this directory.
-
-  - `~/.nix-profile`  
-    A symbolic link to the user's current profile. By default, this
-    symlink points to `prefix/var/nix/profiles/default`. The `PATH`
-    environment variable should include `~/.nix-profile/bin` for the
-    user environment to be visible to the user.
-
-# Operation `--install`
-
-## Synopsis
-
-`nix-env` {`--install` | `-i`} *args…*
-  [{`--prebuilt-only` | `-b`}]
-  [{`--attr` | `-A`}]
-  [`--from-expression`] [`-E`]
-  [`--from-profile` *path*]
-  [`--preserve-installed` | `-P`]
-  [`--remove-all` | `-r`]
-
-## Description
-
-The install operation creates a new user environment, based on the
-current generation of the active profile, to which a set of store paths
-described by *args* is added. The arguments *args* map to store paths in
-a number of possible ways:
-
-  - By default, *args* is a set of derivation names denoting derivations
-    in the active Nix expression. These are realised, and the resulting
-    output paths are installed. Currently installed derivations with a
-    name equal to the name of a derivation being added are removed
-    unless the option `--preserve-installed` is specified.
-
-    If there are multiple derivations matching a name in *args* that
-    have the same name (e.g., `gcc-3.3.6` and `gcc-4.1.1`), then the
-    derivation with the highest *priority* is used. A derivation can
-    define a priority by declaring the `meta.priority` attribute. This
-    attribute should be a number, with a higher value denoting a lower
-    priority. The default priority is `0`.
-
-    If there are multiple matching derivations with the same priority,
-    then the derivation with the highest version will be installed.
-
-    You can force the installation of multiple derivations with the same
-    name by being specific about the versions. For instance, `nix-env -i
-    gcc-3.3.6 gcc-4.1.1` will install both version of GCC (and will
-    probably cause a user environment conflict\!).
-
-  - If `--attr` (`-A`) is specified, the arguments are *attribute
-    paths* that select attributes from the top-level Nix
-    expression. This is faster than using derivation names and
-    unambiguous. To find out the attribute paths of available
-    packages, use `nix-env -qaP`.
-
-  - If `--from-profile` *path* is given, *args* is a set of names
-    denoting installed store paths in the profile *path*. This is an
-    easy way to copy user environment elements from one profile to
-    another.
-
-  - If `--from-expression` is given, *args* are Nix
-    [functions](../expressions/language-constructs.md#functions)
-    that are called with the active Nix expression as their single
-    argument. The derivations returned by those function calls are
-    installed. This allows derivations to be specified in an
-    unambiguous way, which is necessary if there are multiple
-    derivations with the same name.
-
-  - If *args* are store derivations, then these are
-    [realised](nix-store.md#operation---realise), and the resulting output paths
-    are installed.
-
-  - If *args* are store paths that are not store derivations, then these
-    are [realised](nix-store.md#operation---realise) and installed.
-
-  - By default all outputs are installed for each derivation. That can
-    be reduced by setting `meta.outputsToInstall`.
-
-## Flags
-
-  - `--prebuilt-only` / `-b`  
-    Use only derivations for which a substitute is registered, i.e.,
-    there is a pre-built binary available that can be downloaded in lieu
-    of building the derivation. Thus, no packages will be built from
-    source.
-
-  - `--preserve-installed`; `-P`  
-    Do not remove derivations with a name matching one of the
-    derivations being installed. Usually, trying to have two versions of
-    the same package installed in the same generation of a profile will
-    lead to an error in building the generation, due to file name
-    clashes between the two versions. However, this is not the case for
-    all packages.
-
-  - `--remove-all`; `-r`  
-    Remove all previously installed packages first. This is equivalent
-    to running `nix-env -e '.*'` first, except that everything happens
-    in a single transaction.
-
-## Examples
-
-To install a specific version of `gcc` from the active Nix expression:
-
-```console
-$ nix-env --install gcc-3.3.2
-installing `gcc-3.3.2'
-uninstalling `gcc-3.1'
-```
-
-Note the previously installed version is removed, since
-`--preserve-installed` was not specified.
-
-To install an arbitrary version:
-
-```console
-$ nix-env --install gcc
-installing `gcc-3.3.2'
-```
-
-To install using a specific attribute:
-
-```console
-$ nix-env -i -A gcc40mips
-$ nix-env -i -A xorg.xorgserver
-```
-
-To install all derivations in the Nix expression `foo.nix`:
-
-```console
-$ nix-env -f ~/foo.nix -i '.*'
-```
-
-To copy the store path with symbolic name `gcc` from another profile:
-
-```console
-$ nix-env -i --from-profile /nix/var/nix/profiles/foo gcc
-```
-
-To install a specific store derivation (typically created by
-`nix-instantiate`):
-
-```console
-$ nix-env -i /nix/store/fibjb1bfbpm5mrsxc4mh2d8n37sxh91i-gcc-3.4.3.drv
-```
-
-To install a specific output path:
-
-```console
-$ nix-env -i /nix/store/y3cgx0xj1p4iv9x0pnnmdhr8iyg741vk-gcc-3.4.3
-```
-
-To install from a Nix expression specified on the command-line:
-
-```console
-$ nix-env -f ./foo.nix -i -E \
-    'f: (f {system = "i686-linux";}).subversionWithJava'
-```
-
-I.e., this evaluates to `(f: (f {system =
-"i686-linux";}).subversionWithJava) (import ./foo.nix)`, thus selecting
-the `subversionWithJava` attribute from the set returned by calling the
-function defined in `./foo.nix`.
-
-A dry-run tells you which paths will be downloaded or built from source:
-
-```console
-$ nix-env -f '<nixpkgs>' -iA hello --dry-run
-(dry run; not doing anything)
-installing ‘hello-2.10’
-this path will be fetched (0.04 MiB download, 0.19 MiB unpacked):
-  /nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10
-  ...
-```
-
-To install Firefox from the latest revision in the Nixpkgs/NixOS 14.12
-channel:
-
-```console
-$ nix-env -f https://github.com/NixOS/nixpkgs/archive/nixos-14.12.tar.gz -iA firefox
-```
-
-# Operation `--upgrade`
-
-## Synopsis
-
-`nix-env` {`--upgrade` | `-u`} *args*
-  [`--lt` | `--leq` | `--eq` | `--always`]
-  [{`--prebuilt-only` | `-b`}]
-  [{`--attr` | `-A`}]
-  [`--from-expression`] [`-E`]
-  [`--from-profile` *path*]
-  [`--preserve-installed` | `-P`]
-
-## Description
-
-The upgrade operation creates a new user environment, based on the
-current generation of the active profile, in which all store paths are
-replaced for which there are newer versions in the set of paths
-described by *args*. Paths for which there are no newer versions are
-left untouched; this is not an error. It is also not an error if an
-element of *args* matches no installed derivations.
-
-For a description of how *args* is mapped to a set of store paths, see
-[`--install`](#operation---install). If *args* describes multiple
-store paths with the same symbolic name, only the one with the highest
-version is installed.
-
-## Flags
-
-  - `--lt`  
-    Only upgrade a derivation to newer versions. This is the default.
-
-  - `--leq`  
-    In addition to upgrading to newer versions, also “upgrade” to
-    derivations that have the same version. Version are not a unique
-    identification of a derivation, so there may be many derivations
-    that have the same version. This flag may be useful to force
-    “synchronisation” between the installed and available derivations.
-
-  - `--eq`  
-    *Only* “upgrade” to derivations that have the same version. This may
-    not seem very useful, but it actually is, e.g., when there is a new
-    release of Nixpkgs and you want to replace installed applications
-    with the same versions built against newer dependencies (to reduce
-    the number of dependencies floating around on your system).
-
-  - `--always`  
-    In addition to upgrading to newer versions, also “upgrade” to
-    derivations that have the same or a lower version. I.e., derivations
-    may actually be downgraded depending on what is available in the
-    active Nix expression.
-
-For the other flags, see `--install`.
-
-## Examples
-
-```console
-$ nix-env --upgrade gcc
-upgrading `gcc-3.3.1' to `gcc-3.4'
-```
-
-```console
-$ nix-env -u gcc-3.3.2 --always (switch to a specific version)
-upgrading `gcc-3.4' to `gcc-3.3.2'
-```
-
-```console
-$ nix-env --upgrade pan
-(no upgrades available, so nothing happens)
-```
-
-```console
-$ nix-env -u (try to upgrade everything)
-upgrading `hello-2.1.2' to `hello-2.1.3'
-upgrading `mozilla-1.2' to `mozilla-1.4'
-```
-
-## Versions
-
-The upgrade operation determines whether a derivation `y` is an upgrade
-of a derivation `x` by looking at their respective `name` attributes.
-The names (e.g., `gcc-3.3.1` are split into two parts: the package name
-(`gcc`), and the version (`3.3.1`). The version part starts after the
-first dash not followed by a letter. `x` is considered an upgrade of `y`
-if their package names match, and the version of `y` is higher that that
-of `x`.
-
-The versions are compared by splitting them into contiguous components
-of numbers and letters. E.g., `3.3.1pre5` is split into `[3, 3, 1,
-"pre", 5]`. These lists are then compared lexicographically (from left
-to right). Corresponding components `a` and `b` are compared as follows.
-If they are both numbers, integer comparison is used. If `a` is an empty
-string and `b` is a number, `a` is considered less than `b`. The special
-string component `pre` (for *pre-release*) is considered to be less than
-other components. String components are considered less than number
-components. Otherwise, they are compared lexicographically (i.e., using
-case-sensitive string comparison).
-
-This is illustrated by the following examples:
-
-    1.0 < 2.3
-    2.1 < 2.3
-    2.3 = 2.3
-    2.5 > 2.3
-    3.1 > 2.3
-    2.3.1 > 2.3
-    2.3.1 > 2.3a
-    2.3pre1 < 2.3
-    2.3pre3 < 2.3pre12
-    2.3a < 2.3c
-    2.3pre1 < 2.3c
-    2.3pre1 < 2.3q
-
-# Operation `--uninstall`
-
-## Synopsis
-
-`nix-env` {`--uninstall` | `-e`} *drvnames…*
-
-## Description
-
-The uninstall operation creates a new user environment, based on the
-current generation of the active profile, from which the store paths
-designated by the symbolic names *drvnames* are removed.
-
-## Examples
-
-```console
-$ nix-env --uninstall gcc
-$ nix-env -e '.*' (remove everything)
-```
-
-# Operation `--set`
-
-## Synopsis
-
-`nix-env` `--set` *drvname*
-
-## Description
-
-The `--set` operation modifies the current generation of a profile so
-that it contains exactly the specified derivation, and nothing else.
-
-## Examples
-
-The following updates a profile such that its current generation will
-contain just Firefox:
-
-```console
-$ nix-env -p /nix/var/nix/profiles/browser --set firefox
-```
-
-# Operation `--set-flag`
-
-## Synopsis
-
-`nix-env` `--set-flag` *name* *value* *drvnames*
-
-## Description
-
-The `--set-flag` operation allows meta attributes of installed packages
-to be modified. There are several attributes that can be usefully
-modified, because they affect the behaviour of `nix-env` or the user
-environment build script:
-
-  - `priority` can be changed to resolve filename clashes. The user
-    environment build script uses the `meta.priority` attribute of
-    derivations to resolve filename collisions between packages. Lower
-    priority values denote a higher priority. For instance, the GCC
-    wrapper package and the Binutils package in Nixpkgs both have a file
-    `bin/ld`, so previously if you tried to install both you would get a
-    collision. Now, on the other hand, the GCC wrapper declares a higher
-    priority than Binutils, so the former’s `bin/ld` is symlinked in the
-    user environment.
-
-  - `keep` can be set to `true` to prevent the package from being
-    upgraded or replaced. This is useful if you want to hang on to an
-    older version of a package.
-
-  - `active` can be set to `false` to “disable” the package. That is, no
-    symlinks will be generated to the files of the package, but it
-    remains part of the profile (so it won’t be garbage-collected). It
-    can be set back to `true` to re-enable the package.
-
-## Examples
-
-To prevent the currently installed Firefox from being upgraded:
-
-```console
-$ nix-env --set-flag keep true firefox
-```
-
-After this, `nix-env -u` will ignore Firefox.
-
-To disable the currently installed Firefox, then install a new Firefox
-while the old remains part of the profile:
-
-```console
-$ nix-env -q
-firefox-2.0.0.9 (the current one)
-
-$ nix-env --preserve-installed -i firefox-2.0.0.11
-installing `firefox-2.0.0.11'
-building path(s) `/nix/store/myy0y59q3ig70dgq37jqwg1j0rsapzsl-user-environment'
-collision between `/nix/store/...-firefox-2.0.0.11/bin/firefox'
-  and `/nix/store/...-firefox-2.0.0.9/bin/firefox'.
-(i.e., can’t have two active at the same time)
-
-$ nix-env --set-flag active false firefox
-setting flag on `firefox-2.0.0.9'
-
-$ nix-env --preserve-installed -i firefox-2.0.0.11
-installing `firefox-2.0.0.11'
-
-$ nix-env -q
-firefox-2.0.0.11 (the enabled one)
-firefox-2.0.0.9 (the disabled one)
-```
-
-To make files from `binutils` take precedence over files from `gcc`:
-
-```console
-$ nix-env --set-flag priority 5 binutils
-$ nix-env --set-flag priority 10 gcc
-```
-
-# Operation `--query`
-
-## Synopsis
-
-`nix-env` {`--query` | `-q`} *names…*
-  [`--installed` | `--available` | `-a`]
-  [{`--status` | `-s`}]
-  [{`--attr-path` | `-P`}]
-  [`--no-name`]
-  [{`--compare-versions` | `-c`}]
-  [`--system`]
-  [`--drv-path`]
-  [`--out-path`]
-  [`--description`]
-  [`--meta`]
-  [`--xml`]
-  [`--json`]
-  [{`--prebuilt-only` | `-b`}]
-  [{`--attr` | `-A`} *attribute-path*]
-
-## Description
-
-The query operation displays information about either the store paths
-that are installed in the current generation of the active profile
-(`--installed`), or the derivations that are available for installation
-in the active Nix expression (`--available`). It only prints information
-about derivations whose symbolic name matches one of *names*.
-
-The derivations are sorted by their `name` attributes.
-
-## Source selection
-
-The following flags specify the set of things on which the query
-operates.
-
-  - `--installed`  
-    The query operates on the store paths that are installed in the
-    current generation of the active profile. This is the default.
-
-  - `--available`; `-a`  
-    The query operates on the derivations that are available in the
-    active Nix expression.
-
-## Queries
-
-The following flags specify what information to display about the
-selected derivations. Multiple flags may be specified, in which case the
-information is shown in the order given here. Note that the name of the
-derivation is shown unless `--no-name` is specified.
-
-  - `--xml`  
-    Print the result in an XML representation suitable for automatic
-    processing by other tools. The root element is called `items`, which
-    contains a `item` element for each available or installed
-    derivation. The fields discussed below are all stored in attributes
-    of the `item` elements.
-
-  - `--json`  
-    Print the result in a JSON representation suitable for automatic
-    processing by other tools.
-
-  - `--prebuilt-only` / `-b`  
-    Show only derivations for which a substitute is registered, i.e.,
-    there is a pre-built binary available that can be downloaded in lieu
-    of building the derivation. Thus, this shows all packages that
-    probably can be installed quickly.
-
-  - `--status`; `-s`  
-    Print the *status* of the derivation. The status consists of three
-    characters. The first is `I` or `-`, indicating whether the
-    derivation is currently installed in the current generation of the
-    active profile. This is by definition the case for `--installed`,
-    but not for `--available`. The second is `P` or `-`, indicating
-    whether the derivation is present on the system. This indicates
-    whether installation of an available derivation will require the
-    derivation to be built. The third is `S` or `-`, indicating whether
-    a substitute is available for the derivation.
-
-  - `--attr-path`; `-P`  
-    Print the *attribute path* of the derivation, which can be used to
-    unambiguously select it using the `--attr` option available in
-    commands that install derivations like `nix-env --install`. This
-    option only works together with `--available`
-
-  - `--no-name`  
-    Suppress printing of the `name` attribute of each derivation.
-
-  - `--compare-versions` / `-c`  
-    Compare installed versions to available versions, or vice versa (if
-    `--available` is given). This is useful for quickly seeing whether
-    upgrades for installed packages are available in a Nix expression. A
-    column is added with the following meaning:
-
-      - `<` *version*  
-        A newer version of the package is available or installed.
-
-      - `=` *version*  
-        At most the same version of the package is available or
-        installed.
-
-      - `>` *version*  
-        Only older versions of the package are available or installed.
-
-      - `- ?`  
-        No version of the package is available or installed.
-
-  - `--system`  
-    Print the `system` attribute of the derivation.
-
-  - `--drv-path`  
-    Print the path of the store derivation.
-
-  - `--out-path`  
-    Print the output path of the derivation.
-
-  - `--description`  
-    Print a short (one-line) description of the derivation, if
-    available. The description is taken from the `meta.description`
-    attribute of the derivation.
-
-  - `--meta`  
-    Print all of the meta-attributes of the derivation. This option is
-    only available with `--xml` or `--json`.
-
-## Examples
-
-To show installed packages:
-
-```console
-$ nix-env -q
-bison-1.875c
-docbook-xml-4.2
-firefox-1.0.4
-MPlayer-1.0pre7
-ORBit2-2.8.3
-…
-```
-
-To show available packages:
-
-```console
-$ nix-env -qa
-firefox-1.0.7
-GConf-2.4.0.1
-MPlayer-1.0pre7
-ORBit2-2.8.3
-…
-```
-
-To show the status of available packages:
-
-```console
-$ nix-env -qas
--P- firefox-1.0.7   (not installed but present)
---S GConf-2.4.0.1   (not present, but there is a substitute for fast installation)
---S MPlayer-1.0pre3 (i.e., this is not the installed MPlayer, even though the version is the same!)
-IP- ORBit2-2.8.3    (installed and by definition present)
-…
-```
-
-To show available packages in the Nix expression `foo.nix`:
-
-```console
-$ nix-env -f ./foo.nix -qa
-foo-1.2.3
-```
-
-To compare installed versions to what’s available:
-
-```console
-$ nix-env -qc
-...
-acrobat-reader-7.0 - ?      (package is not available at all)
-autoconf-2.59      = 2.59   (same version)
-firefox-1.0.4      < 1.0.7  (a more recent version is available)
-...
-```
-
-To show all packages with “`zip`” in the name:
-
-```console
-$ nix-env -qa '.*zip.*'
-bzip2-1.0.6
-gzip-1.6
-zip-3.0
-…
-```
-
-To show all packages with “`firefox`” or “`chromium`” in the name:
-
-```console
-$ nix-env -qa '.*(firefox|chromium).*'
-chromium-37.0.2062.94
-chromium-beta-38.0.2125.24
-firefox-32.0.3
-firefox-with-plugins-13.0.1
-…
-```
-
-To show all packages in the latest revision of the Nixpkgs repository:
-
-```console
-$ nix-env -f https://github.com/NixOS/nixpkgs/archive/master.tar.gz -qa
-```
-
-# Operation `--switch-profile`
-
-## Synopsis
-
-`nix-env` {`--switch-profile` | `-S`} *path*
-
-## Description
-
-This operation makes *path* the current profile for the user. That is,
-the symlink `~/.nix-profile` is made to point to *path*.
-
-## Examples
-
-```console
-$ nix-env -S ~/my-profile
-```
-
-# Operation `--list-generations`
-
-## Synopsis
-
-`nix-env` `--list-generations`
-
-## Description
-
-This operation print a list of all the currently existing generations
-for the active profile. These may be switched to using the
-`--switch-generation` operation. It also prints the creation date of the
-generation, and indicates the current generation.
-
-## Examples
-
-```console
-$ nix-env --list-generations
-  95   2004-02-06 11:48:24
-  96   2004-02-06 11:49:01
-  97   2004-02-06 16:22:45
-  98   2004-02-06 16:24:33   (current)
-```
-
-# Operation `--delete-generations`
-
-## Synopsis
-
-`nix-env` `--delete-generations` *generations*
-
-## Description
-
-This operation deletes the specified generations of the current profile.
-The generations can be a list of generation numbers, the special value
-`old` to delete all non-current generations, a value such as `30d` to
-delete all generations older than the specified number of days (except
-for the generation that was active at that point in time), or a value
-such as `+5` to keep the last `5` generations ignoring any newer than
-current, e.g., if `30` is the current generation `+5` will delete
-generation `25` and all older generations. Periodically deleting old
-generations is important to make garbage collection effective.
-
-## Examples
-
-```console
-$ nix-env --delete-generations 3 4 8
-```
-
-```console
-$ nix-env --delete-generations +5
-```
-
-```console
-$ nix-env --delete-generations 30d
-```
-
-```console
-$ nix-env -p other_profile --delete-generations old
-```
-
-# Operation `--switch-generation`
-
-## Synopsis
-
-`nix-env` {`--switch-generation` | `-G`} *generation*
-
-## Description
-
-This operation makes generation number *generation* the current
-generation of the active profile. That is, if the `profile` is the path
-to the active profile, then the symlink `profile` is made to point to
-`profile-generation-link`, which is in turn a symlink to the actual user
-environment in the Nix store.
-
-Switching will fail if the specified generation does not exist.
-
-## Examples
-
-```console
-$ nix-env -G 42
-switching from generation 50 to 42
-```
-
-# Operation `--rollback`
-
-## Synopsis
-
-`nix-env` `--rollback`
-
-## Description
-
-This operation switches to the “previous” generation of the active
-profile, that is, the highest numbered generation lower than the current
-generation, if it exists. It is just a convenience wrapper around
-`--list-generations` and `--switch-generation`.
-
-## Examples
-
-```console
-$ nix-env --rollback
-switching from generation 92 to 91
-```
-
-```console
-$ nix-env --rollback
-error: no generation older than the current (91) exists
-```
-
-# Environment variables
-
-  - `NIX_PROFILE`  
-    Location of the Nix profile. Defaults to the target of the symlink
-    `~/.nix-profile`, if it exists, or `/nix/var/nix/profiles/default`
-    otherwise.