Merge pull request #11415 from NixOS/mergify/bp/2.18-maintenance/pr-10919

install-darwin: fix _nixbld uids for macOS sequoia (backport #10919)

.clang-format

@@ -1,35 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 4
-BreakBeforeBraces: Custom
-BraceWrapping:
-  AfterStruct: true
-  AfterClass: true
-  AfterFunction: true
-  AfterUnion: true
-  SplitEmptyRecord: false
-PointerAlignment: Middle
-FixNamespaceComments: true
-SortIncludes: Never
-#IndentPPDirectives: BeforeHash
-SpaceAfterCStyleCast: true
-SpaceAfterTemplateKeyword: false
-AccessModifierOffset: -4
-AlignAfterOpenBracket: AlwaysBreak
-AlignEscapedNewlines: Left
-ColumnLimit: 120
-BreakStringLiterals: false
-BitFieldColonSpacing: None
-AllowShortFunctionsOnASingleLine: Empty
-AlwaysBreakTemplateDeclarations: Yes
-BinPackParameters: false
-BreakConstructorInitializers: BeforeComma
-EmptyLineAfterAccessModifier: Leave # change to always/never later?
-EmptyLineBeforeAccessModifier: Leave
-#PackConstructorInitializers: BinPack
-BreakBeforeBinaryOperators: NonAssignment
-AlwaysBreakBeforeMultilineStrings: true
-IndentPPDirectives: AfterHash
-PPIndentWidth: 2
-BinPackArguments: false
-BreakBeforeTernaryOperators: true
-SeparateDefinitionBlocks: Always

.clang-tidy

@@ -1,3 +0,0 @@
-# We use pointers to aggregates in a couple of places, intentionally.
-# void * would look weird.
-Checks: '-bugprone-sizeof-expression'

.coderabbit.yaml

@@ -1,18 +0,0 @@
-# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
-# Disable CodeRabbit auto-review to prevent verbose comments on PRs.
-# When enabled: false, CodeRabbit won't attempt reviews and won't post
-# "Review skipped" or other automated comments.
-reviews:
-  auto_review:
-    enabled: false
-  review_status: false
-  high_level_summary: false
-  poem: false
-  sequence_diagrams: false
-  changed_files_summary: false
-  tools:
-    github-checks:
-      enabled: false
-chat:
-  art: false
-  auto_reply: false

.editorconfig

@@ -4,20 +4,20 @@
 # Top-most EditorConfig file
 root = true
 
-# Unix-style newlines with a newline ending every file, UTF-8 charset
+# Unix-style newlines with a newline ending every file, utf-8 charset
 [*]
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
 charset = utf-8
 
-# Match Nix files, set indent to spaces with width of two
+# Match nix files, set indent to spaces with width of two
 [*.nix]
 indent_style = space
 indent_size = 2
 
-# Match C++/C/shell/Perl, set indent to spaces with width of four
-[*.{hpp,cc,hh,c,h,sh,pl,xs}]
+# Match c++/shell/perl, set indent to spaces with width of four
+[*.{hpp,cc,hh,sh,pl}]
 indent_style = space
 indent_size = 4
 

.git-blame-ignore-revs

@@ -1,6 +0,0 @@
-# bulk initial re-formatting with clang-format
-e4f62e46088919428a68bd8014201dc8e379fed7 # !autorebase ./maintainers/format.sh --until-stable
-# meson re-formatting
-385e2c3542c707d95e3784f7f6d623f67e77ab61 # !autorebase ./maintainers/format.sh --until-stable
-# nixfmt 1.0.0
-1d943f581908f35075a84a3d89c2eba3ff35067f # !autorebase ./maintainers/format.sh --until-stable

.github/CODEOWNERS

@@ -10,8 +10,9 @@
 # This file
 .github/CODEOWNERS @edolstra
 
-# Documentation of built-in functions
-src/libexpr/primops.cc @roberth
+# Public documentation
+/doc @fricklerhandwerk
+*.md @fricklerhandwerk
 
 # Libstore layer
-/src/libstore @ericson2314
+/src/libstore @thufschmitt

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,54 +1,36 @@
 ---
 name: Bug report
-about: Report unexpected or incorrect behaviour
+about: Create a report to help us improve
 title: ''
 labels: bug
 assignees: ''
 
 ---
 
-## Describe the bug
+**Describe the bug**
 
-<!--
-  A clear and concise description of what the bug is.
+A clear and concise description of what the bug is.
 
-  If you have a problem with a specific package or NixOS,
-  you probably want to file an issue at https://github.com/NixOS/nixpkgs/issues.
--->
+If you have a problem with a specific package or NixOS,
+you probably want to file an issue at https://github.com/NixOS/nixpkgs/issues. 
 
-## Steps To Reproduce
+**Steps To Reproduce**
 
-<!--
-  Example:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
 
-  1. Clone this repository: ...
-  2. Run `nix-... ...`
-  3. Observe unexpected behaviour
--->
+**Expected behavior**
 
-## Expected behavior
+A clear and concise description of what you expected to happen.
 
-<!-- A clear and concise description of what you expected to happen. -->
+**`nix-env --version` output**
 
-## Metadata
+**Additional context**
 
-<!-- Please insert the output of running `nix-env --version` below this line -->
+Add any other context about the problem here.
 
-## Additional context
-
-<!-- Add any other context about the problem here. -->
-
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open bug issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open bug issues and pull requests]: https://github.com/NixOS/nix/labels/bug
-
----
+**Priorities**
 
 Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,39 +1,24 @@
 ---
 name: Feature request
-about: Suggest a new feature
+about: Suggest an idea for this project
 title: ''
 labels: feature
 assignees: ''
 
 ---
 
-## Is your feature request related to a problem?
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 
-<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
 
-## Proposed solution
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
 
-<!-- A clear and concise description of what you want to happen. -->
+**Additional context**
+Add any other context or screenshots about the feature request here.
 
-## Alternative solutions
-
-<!-- A clear and concise description of any alternative solutions or features you've considered. -->
-
-## Additional context
-
-<!-- Add any other context or screenshots about the feature request here. -->
-
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open feature issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open feature issues and pull requests]: https://github.com/NixOS/nix/labels/feature
-
----
+**Priorities**
 
 Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/installer.md

@@ -23,25 +23,14 @@ assignees: ''
 
 <details><summary>Output</summary>
 
-<!-- paste console output inside the below code block -->
-
 ```log
 
+<!-- paste console output here and remove this comment -->
+
 ```
 
 </details>
 
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open installer issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open installer issues and pull requests]: https://github.com/NixOS/nix/labels/installer
-
----
+## Priorities
 
 Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/missing_documentation.md

@@ -22,10 +22,10 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open documentation issues and pull requests] for possible duplicates
 
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
+[source]: https://github.com/NixOS/nix/tree/master/doc/manual/src
 [open documentation issues and pull requests]: https://github.com/NixOS/nix/labels/documentation
 
----
+## Priorities
 
 Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,32 +1,7 @@
-<!--
-
-IMPORTANT
-
-Nix is a non-trivial project, so for your contribution to be successful,
-it really is important to follow the contributing guidelines:
-
-https://github.com/NixOS/nix/blob/master/CONTRIBUTING.md
-
-Even if you've contributed to open source before, take a moment to read it,
-so you understand the process and the expectations.
-
-- what information to include in commit messages
-- proper attribution
-- volunteering contributions effectively
-- how to get help and our review process.
-
-PR stuck in review? We have two Nix team meetings per week online that are open for everyone in a jitsi conference:
-
-- https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com
-
--->
-
-## Motivation
-
+# Motivation
 <!-- Briefly explain what the change is about and why it is desirable. -->
 
-## Context
-
+# Context
 <!-- Provide context. Reference open issues if available. -->
 
 <!-- Non-trivial change: Briefly outline the implementation strategy. -->
@@ -35,8 +10,6 @@ PR stuck in review? We have two Nix team meetings per week online that are open
 
 <!-- Large change: Provide instructions to reviewers how to read the diff. -->
 
----
+# Priorities
 
 Add :+1: to [pull requests you find important](https://github.com/NixOS/nix/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc).
-
-The Nix maintainer team uses a [GitHub project board](https://github.com/orgs/NixOS/projects/19) to [schedule and track reviews](https://github.com/NixOS/nix/tree/master/maintainers#project-board-protocol). 

.github/STALE-BOT.md

@@ -3,7 +3,7 @@
 - Thanks for your contribution!
 - To remove the stale label, just leave a new comment.
 - _How to find the right people to ping?_ → [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.)
-- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on [Matrix - #users:nixos.org](https://matrix.to/#/#users:nixos.org).
+- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on [Matrix - #nix:nixos.org](https://matrix.to/#/#nix:nixos.org).
 
 ## Suggestions for PRs
 

.github/actions/install-nix-action/action.yaml

@@ -1,131 +0,0 @@
-name: "Install Nix"
-description: "Helper action for installing Nix with support for dogfooding from master"
-inputs:
-  dogfood:
-    description: "Whether to use Nix installed from the latest artifact from master branch"
-    required: true # Be explicit about the fact that we are using unreleased artifacts
-  experimental-installer:
-    description: "Whether to use the experimental installer to install Nix"
-    default: false
-  experimental-installer-version:
-    description: "Version of the experimental installer to use. If `latest`, the newest artifact from the default branch is used."
-    # TODO: This should probably be pinned to a release after https://github.com/NixOS/experimental-nix-installer/pull/49 lands in one
-    default: "latest"
-  extra_nix_config:
-    description: "Gets appended to `/etc/nix/nix.conf` if passed."
-  install_url:
-    description: "URL of the Nix installer"
-    required: false
-    default: "https://releases.nixos.org/nix/nix-2.32.1/install"
-  tarball_url:
-    description: "URL of the Nix tarball to use with the experimental installer"
-    required: false
-  github_token:
-    description: "Github token"
-    required: true
-  use_cache:
-    description: "Whether to setup magic-nix-cache"
-    default: true
-    required: false
-runs:
-  using: "composite"
-  steps:
-    - name: "Download nix install artifact from master"
-      shell: bash
-      id: download-nix-installer
-      if: inputs.dogfood == 'true'
-      run: |
-        RUN_ID=$(gh run list --repo "$DOGFOOD_REPO" --workflow ci.yml --branch master --status success --json databaseId --jq ".[0].databaseId")
-
-        if [ "$RUNNER_OS" == "Linux" ]; then
-          INSTALLER_ARTIFACT="installer-linux"
-        elif [ "$RUNNER_OS" == "macOS" ]; then
-          INSTALLER_ARTIFACT="installer-darwin"
-        else
-          echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS"
-          exit 1
-        fi
-
-        INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$INSTALLER_ARTIFACT"
-        mkdir -p "$INSTALLER_DOWNLOAD_DIR"
-
-        gh run download "$RUN_ID" --repo "$DOGFOOD_REPO" -n "$INSTALLER_ARTIFACT" -D "$INSTALLER_DOWNLOAD_DIR"
-        echo "installer-path=file://$INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-        TARBALL_PATH="$(find "$INSTALLER_DOWNLOAD_DIR" -name 'nix*.tar.xz' -print | head -n 1)"
-        echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
-
-        echo "::notice ::Dogfooding Nix installer from master (https://github.com/$DOGFOOD_REPO/actions/runs/$RUN_ID)"
-      env:
-        GH_TOKEN: ${{ inputs.github_token }}
-        DOGFOOD_REPO: "NixOS/nix"
-    - name: "Gather system info for experimental installer"
-      shell: bash
-      if: ${{ inputs.experimental-installer == 'true' }}
-      run: |
-        echo "::notice Using experimental installer from $EXPERIMENTAL_INSTALLER_REPO (https://github.com/$EXPERIMENTAL_INSTALLER_REPO)"
-
-        if [ "$RUNNER_OS" == "Linux" ]; then
-          EXPERIMENTAL_INSTALLER_SYSTEM="linux"
-          echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-        elif [ "$RUNNER_OS" == "macOS" ]; then
-          EXPERIMENTAL_INSTALLER_SYSTEM="darwin"
-          echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-        else
-          echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS"
-          exit 1
-        fi
-
-        if [ "$RUNNER_ARCH" == "X64" ]; then
-          EXPERIMENTAL_INSTALLER_ARCH=x86_64
-          echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV"
-        elif [ "$RUNNER_ARCH" == "ARM64" ]; then
-          EXPERIMENTAL_INSTALLER_ARCH=aarch64
-          echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV"
-        else
-          echo "::error ::Unsupported RUNNER_ARCH: $RUNNER_ARCH"
-          exit 1
-        fi
-
-        echo "EXPERIMENTAL_INSTALLER_ARTIFACT=nix-installer-$EXPERIMENTAL_INSTALLER_ARCH-$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-      env:
-        EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer"
-    - name: "Download latest experimental installer"
-      shell: bash
-      id: download-latest-experimental-installer
-      if: ${{ inputs.experimental-installer == 'true' && inputs.experimental-installer-version == 'latest' }}
-      run: |
-        RUN_ID=$(gh run list --repo "$EXPERIMENTAL_INSTALLER_REPO" --workflow ci.yml --branch main --status success --json databaseId --jq ".[0].databaseId")
-
-        EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$EXPERIMENTAL_INSTALLER_ARTIFACT"
-        mkdir -p "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR"
-
-        gh run download "$RUN_ID" --repo "$EXPERIMENTAL_INSTALLER_REPO" -n "$EXPERIMENTAL_INSTALLER_ARTIFACT" -D "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR"
-        # Executable permissions are lost in artifacts
-        find $EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR -type f -exec chmod +x {} +
-        echo "installer-path=$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-      env:
-        GH_TOKEN: ${{ inputs.github_token }}
-        EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer"
-    - uses: cachix/install-nix-action@c134e4c9e34bac6cab09cf239815f9339aaaf84e # v31.5.1
-      if: ${{ inputs.experimental-installer != 'true' }}
-      with:
-        # Ternary operator in GHA: https://www.github.com/actions/runner/issues/409#issuecomment-752775072
-        install_url: ${{ inputs.dogfood == 'true' && format('{0}/install', steps.download-nix-installer.outputs.installer-path) || inputs.install_url }}
-        install_options: ${{ inputs.dogfood == 'true' && format('--tarball-url-prefix {0}', steps.download-nix-installer.outputs.installer-path) || '' }}
-        extra_nix_config: ${{ inputs.extra_nix_config }}
-    - uses: DeterminateSystems/nix-installer-action@786fff0690178f1234e4e1fe9b536e94f5433196 # v20
-      if: ${{ inputs.experimental-installer == 'true' }}
-      with:
-        diagnostic-endpoint: ""
-        # TODO: It'd be nice to use `artifacts.nixos.org` for both of these, maybe through an `/experimental-installer/latest` endpoint? or `/commit/<hash>`?
-        local-root: ${{ inputs.experimental-installer-version == 'latest' && steps.download-latest-experimental-installer.outputs.installer-path || '' }}
-        source-url: ${{ inputs.experimental-installer-version != 'latest' && 'https://artifacts.nixos.org/experimental-installer/tag/${{ inputs.experimental-installer-version }}/${{ env.EXPERIMENTAL_INSTALLER_ARTIFACT }}' || '' }}
-        nix-package-url: ${{ inputs.dogfood == 'true' && steps.download-nix-installer.outputs.tarball-path || (inputs.tarball_url || '') }}
-        extra-conf: ${{ inputs.extra_nix_config }}
-    - uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13
-      if: ${{ inputs.use_cache == 'true' }}
-      with:
-        diagnostic-endpoint: ''
-        use-flakehub: false
-        use-gha-cache: true
-        source-revision: 92d9581367be2233c2d5714a2640e1339f4087d8 # main

.github/labeler.yml

@@ -1,43 +1,23 @@
-"c api":
-  - changed-files:
-    - any-glob-to-any-file: "src/lib*-c/**/*"
-    - any-glob-to-any-file: "src/*test*/**/nix_api_*"
-    - any-glob-to-any-file: "doc/external-api/**/*"
-
-"contributor-experience":
-  - changed-files:
-    - any-glob-to-any-file: "CONTRIBUTING.md"
-    - any-glob-to-any-file: ".github/ISSUE_TEMPLATE/*"
-    - any-glob-to-any-file: ".github/PULL_REQUEST_TEMPLATE.md"
-    - any-glob-to-any-file: "doc/manual/source/contributing/**"
-
 "documentation":
-  - changed-files:
-    - any-glob-to-any-file: "doc/manual/**/*"
-    - any-glob-to-any-file: "src/nix/**/*.md"
+  - doc/manual/*
+  - src/nix/**/*.md
 
 "store":
-  - changed-files:
-    - any-glob-to-any-file: "src/libstore/store-api.*"
-    - any-glob-to-any-file: "src/libstore/*-store.*"
+  - src/libstore/store-api.*
+  - src/libstore/*-store.*
 
 "fetching":
-  - changed-files:
-    - any-glob-to-any-file: "src/libfetchers/**/*"
+  - src/libfetchers/**/*
 
 "repl":
-  - changed-files:
-    - any-glob-to-any-file: "src/libcmd/repl.*"
-    - any-glob-to-any-file: "src/nix/repl.*"
+  - src/libcmd/repl.*
+  - src/nix/repl.*
 
 "new-cli":
-  - changed-files:
-    - any-glob-to-any-file: "src/nix/**/*"
+  - src/nix/**/*
 
 "with-tests":
-  - changed-files:
-    # Unit tests
-    - any-glob-to-any-file: "src/*/tests/**/*"
-    # Functional and integration tests
-    - any-glob-to-any-file: "tests/functional/**/*"
-
+  # Unit tests
+  - src/*/tests/**/*
+  # Functional and integration tests
+  - tests/functional/**/*

.github/workflows/backport.yml

@@ -8,30 +8,25 @@ jobs:
   backport:
     name: Backport Pull Request
     permissions:
-      # for korthout/backport-action
+      # for zeebe-io/backport-action
       contents: write
       pull-requests: write
     if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
-    runs-on: ubuntu-24.04-arm
+    runs-on: ubuntu-latest
     steps:
-      - name: Generate GitHub App token
-        id: generate-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.CI_APP_ID }}
-          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           # required to find all branches
           fetch-depth: 0
       - name: Create backport PRs
-        uses: korthout/backport-action@d07416681cab29bf2661702f925f020aaa962997 # v3.4.1
-        id: backport
+        # should be kept in sync with `version`
+        uses: zeebe-io/backport-action@v1.4.0
         with:
-          # Config README: https://github.com/korthout/backport-action#backport-action
-          github_token: ${{ steps.generate-token.outputs.token }}
+          # Config README: https://github.com/zeebe-io/backport-action#backport-action
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           github_workspace: ${{ github.workspace }}
-          auto_merge_enabled: true
           pull_description: |-
             Automatic backport to `${target_branch}`, triggered by a label in #${pull_number}.
+          # should be kept in sync with `uses`
+          version: v0.0.5

.github/workflows/ci.yml

@@ -2,194 +2,96 @@ name: "CI"
 
 on:
   pull_request:
-  merge_group:
   push:
-    branches:
-      - master
-  workflow_dispatch:
-    inputs:
-      dogfood:
-        description: 'Use dogfood Nix build'
-        required: false
-        default: true
-        type: boolean
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
 
 permissions: read-all
 
 jobs:
-  eval:
-    runs-on: ubuntu-24.04
-    steps:
-    - uses: actions/checkout@v5
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        extra_nix_config:
-          experimental-features = nix-command flakes
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        use_cache: false
-    - run: nix flake show --all-systems --json
-
-  pre-commit-checks:
-    name: pre-commit checks
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: actions/checkout@v5
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-          extra_nix_config: experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - run: ./ci/gha/tests/pre-commit-checks
-
-  basic-checks:
-    name: aggregate basic checks
-    if: ${{ always() }}
-    runs-on: ubuntu-24.04
-    needs: [pre-commit-checks, eval]
-    steps:
-      - name: Exit with any errors
-        if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
-        run: |
-          exit 1
 
   tests:
-    needs: basic-checks
+    needs: [check_secrets]
     strategy:
       fail-fast: false
       matrix:
-        include:
-          - scenario: on ubuntu
-            runs-on: ubuntu-24.04
-            os: linux
-            instrumented: false
-            primary: true
-            stdenv: stdenv
-          - scenario: on macos
-            runs-on: macos-14
-            os: darwin
-            instrumented: false
-            primary: true
-            stdenv: stdenv
-          - scenario: on ubuntu (with sanitizers / coverage)
-            runs-on: ubuntu-24.04
-            os: linux
-            instrumented: true
-            primary: false
-            stdenv: clangStdenv
-    name: tests ${{ matrix.scenario }}
-    runs-on: ${{ matrix.runs-on }}
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 60
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
+    - uses: cachix/install-nix-action@v23
       with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
         # The sandbox would otherwise be disabled by default on Darwin
         extra_nix_config: "sandbox = true"
-    # Since ubuntu 22.30, unprivileged usernamespaces are no longer allowed to map to the root user:
-    # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
-    - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
-      if: matrix.os == 'linux'
-    - name: Run component tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix componentTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-    - name: Run VM tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix vmTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-      if: ${{ matrix.os == 'linux' }}
-    - name: Run flake checks and prepare the installer tarball
-      run: |
-        ci/gha/tests/build-checks
-        ci/gha/tests/prepare-installer-for-github-actions
-      if: ${{ matrix.primary }}
-    - name: Collect code coverage
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix codeCoverage.coverageReports -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}" \
-          --out-link coverage-reports
-        cat coverage-reports/index.txt >> $GITHUB_STEP_SUMMARY
-      if: ${{ matrix.instrumented }}
-    - name: Upload coverage reports
-      uses: actions/upload-artifact@v5
+    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
+    - uses: cachix/cachix-action@v12
+      if: needs.check_secrets.outputs.cachix == 'true'
       with:
-        name: coverage-reports
-        path: coverage-reports/
-      if: ${{ matrix.instrumented }}
-    - name: Upload installer tarball
-      uses: actions/upload-artifact@v5
+        name: '${{ env.CACHIX_NAME }}'
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    - run: nix --experimental-features 'nix-command flakes' flake check -L
+
+  check_secrets:
+    permissions:
+      contents: none
+    name: Check Cachix and Docker secrets present for installer tests
+    runs-on: ubuntu-latest
+    outputs:
+      cachix: ${{ steps.secret.outputs.cachix }}
+      docker: ${{ steps.secret.outputs.docker }}
+    steps:
+      - name: Check for secrets
+        id: secret
+        env:
+          _CACHIX_SECRETS: ${{ secrets.CACHIX_SIGNING_KEY }}${{ secrets.CACHIX_AUTH_TOKEN }}
+          _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
+        run: |
+          echo "::set-output name=cachix::${{ env._CACHIX_SECRETS != '' }}"
+          echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
+
+  installer:
+    needs: [tests, check_secrets]
+    if: github.event_name == 'push' && needs.check_secrets.outputs.cachix == 'true'
+    runs-on: ubuntu-latest
+    outputs:
+      installerURL: ${{ steps.prepare-installer.outputs.installerURL }}
+    steps:
+    - uses: actions/checkout@v4
       with:
-        name: installer-${{matrix.os}}
-        path: out/*
-      if: ${{ matrix.primary }}
+        fetch-depth: 0
+    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
+    - uses: cachix/install-nix-action@v23
+      with:
+        install_url: https://releases.nixos.org/nix/nix-2.13.3/install
+    - uses: cachix/cachix-action@v12
+      with:
+        name: '${{ env.CACHIX_NAME }}'
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    - id: prepare-installer
+      run: scripts/prepare-installer-for-github-actions
 
   installer_test:
-    needs: [tests]
+    needs: [installer, check_secrets]
+    if: github.event_name == 'push' && needs.check_secrets.outputs.cachix == 'true'
     strategy:
       fail-fast: false
       matrix:
-        include:
-          - scenario: on ubuntu
-            runs-on: ubuntu-24.04
-            os: linux
-            experimental-installer: false
-          - scenario: on macos
-            runs-on: macos-14
-            os: darwin
-            experimental-installer: false
-          - scenario: on ubuntu (experimental)
-            runs-on: ubuntu-24.04
-            os: linux
-            experimental-installer: true
-          - scenario: on macos (experimental)
-            runs-on: macos-14
-            os: darwin
-            experimental-installer: true
-    name: installer test ${{ matrix.scenario }}
-    runs-on: ${{ matrix.runs-on }}
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v5
-    - name: Download installer tarball
-      uses: actions/download-artifact@v6
+    - uses: actions/checkout@v4
+    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
+    - uses: cachix/install-nix-action@v23
       with:
-        name: installer-${{matrix.os}}
-        path: out
-    - name: Looking up the installer tarball URL
-      id: installer-tarball-url
-      run: |
-        echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT"
-        TARBALL_PATH="$(find "$GITHUB_WORKSPACE/out" -name 'nix*.tar.xz' -print | head -n 1)"
-        echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
-    - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31.8.4
-      if: ${{ !matrix.experimental-installer }}
-      with:
-        install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }}
-        install_options: ${{ format('--tarball-url-prefix {0}', steps.installer-tarball-url.outputs.installer-url) }}
-    - uses: ./.github/actions/install-nix-action
-      if: ${{ matrix.experimental-installer }}
-      with:
-        dogfood: false
-        experimental-installer: true
-        tarball_url: ${{ steps.installer-tarball-url.outputs.tarball-path }}
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        install_url: '${{needs.installer.outputs.installerURL}}'
+        install_options: "--tarball-url-prefix https://${{ env.CACHIX_NAME }}.cachix.org/serve"
     - run: sudo apt install fish zsh
-      if: matrix.os == 'linux'
+      if: matrix.os == 'ubuntu-latest'
     - run: brew install fish
-      if: matrix.os == 'darwin'
+      if: matrix.os == 'macos-latest'
     - run: exec bash -c "nix-instantiate -E 'builtins.currentTime' --eval"
     - run: exec sh -c "nix-instantiate -E 'builtins.currentTime' --eval"
     - run: exec zsh -c "nix-instantiate -E 'builtins.currentTime' --eval"
@@ -197,122 +99,37 @@ jobs:
     - run: exec bash -c "nix-channel --add https://releases.nixos.org/nixos/unstable/nixos-23.05pre466020.60c1d71f2ba nixpkgs"
     - run: exec bash -c "nix-channel --update && nix-env -iA nixpkgs.hello && hello"
 
-  # Steps to test CI automation in your own fork.
-  # 1. Sign-up for https://hub.docker.com/
-  # 2. Store your dockerhub username as DOCKERHUB_USERNAME in "Repository secrets" of your fork repository settings (https://github.com/$githubuser/nix/settings/secrets/actions)
-  # 3. Create an access token in https://hub.docker.com/settings/security and store it as DOCKERHUB_TOKEN in "Repository secrets" of your fork
-  check_secrets:
-    permissions:
-      contents: none
-    name: Check presence of secrets
-    runs-on: ubuntu-24.04
-    outputs:
-      docker: ${{ steps.secret.outputs.docker }}
-    steps:
-      - name: Check for DockerHub secrets
-        id: secret
-        env:
-          _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
-        run: |
-          echo "docker=${{ env._DOCKER_SECRETS != '' }}" >> $GITHUB_OUTPUT
-
   docker_push_image:
-    needs: [tests, check_secrets]
-    permissions:
-      contents: read
-      packages: write
+    needs: [check_secrets, tests]
     if: >-
-      needs.check_secrets.outputs.docker == 'true' &&
       github.event_name == 'push' &&
-      github.ref_name == 'master'
-    runs-on: ubuntu-24.04
+      github.ref_name == 'master' &&
+      needs.check_secrets.outputs.cachix == 'true' &&
+      needs.check_secrets.outputs.docker == 'true'
+    runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
+    - uses: cachix/install-nix-action@v23
       with:
-        dogfood: false
-        extra_nix_config: |
-          experimental-features = flakes nix-command
-    - run: echo NIX_VERSION="$(nix eval .\#nix.version | tr -d \")" >> $GITHUB_ENV
-    - run: nix build .#dockerImage -L
+        install_url: https://releases.nixos.org/nix/nix-2.13.3/install
+    - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
+    - run: echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#default.version | tr -d \")" >> $GITHUB_ENV
+    - uses: cachix/cachix-action@v12
+      if: needs.check_secrets.outputs.cachix == 'true'
+      with:
+        name: '${{ env.CACHIX_NAME }}'
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    - run: nix --experimental-features 'nix-command flakes' build .#dockerImage -L
     - run: docker load -i ./result/image.tar.gz
-    - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
-    - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
-    # We'll deploy the newly built image to both Docker Hub and Github Container Registry.
-    #
-    # Push to Docker Hub first
+    - run: docker tag nix:$NIX_VERSION nixos/nix:$NIX_VERSION
+    - run: docker tag nix:$NIX_VERSION nixos/nix:master
     - name: Login to Docker Hub
       uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
-    - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
-    - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
-    # Push to GitHub Container Registry as well
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-    - name: Push image
-      run: |
-        IMAGE_ID=ghcr.io/${{ github.repository_owner }}/nix
-        # Change all uppercase to lowercase
-        IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
-
-        docker tag nix:$NIX_VERSION $IMAGE_ID:$NIX_VERSION
-        docker tag nix:$NIX_VERSION $IMAGE_ID:latest
-        docker push $IMAGE_ID:$NIX_VERSION
-        docker push $IMAGE_ID:latest
-        # deprecated 2024-02-24
-        docker tag nix:$NIX_VERSION $IMAGE_ID:master
-        docker push $IMAGE_ID:master
-
-  flake_regressions:
-    needs: tests
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout nix
-        uses: actions/checkout@v5
-      - name: Checkout flake-regressions
-        uses: actions/checkout@v5
-        with:
-          repository: NixOS/flake-regressions
-          path: flake-regressions
-      - name: Checkout flake-regressions-data
-        uses: actions/checkout@v5
-        with:
-          repository: NixOS/flake-regressions-data
-          path: flake-regressions/tests
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-          extra_nix_config:
-            experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh
-
-  profile_build:
-    needs: tests
-    runs-on: ubuntu-24.04
-    timeout-minutes: 60
-    if: >-
-      github.event_name == 'push' &&
-      github.ref_name == 'master'
-    steps:
-    - uses: actions/checkout@v5
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        extra_nix_config: |
-          experimental-features = flakes nix-command ca-derivations impure-derivations
-          max-jobs = 1
-    - run: |
-        nix build -L --file ./ci/gha/profile-build buildTimeReport --out-link build-time-report.md
-        cat build-time-report.md >> $GITHUB_STEP_SUMMARY
+    - run: docker push nixos/nix:$NIX_VERSION
+    - run: docker push nixos/nix:master

.github/workflows/hydra_status.yml

@@ -0,0 +1,20 @@
+name: Hydra status
+
+permissions: read-all
+
+on:
+  schedule:
+    - cron: "12,42 * * * *"
+  workflow_dispatch:
+
+jobs:
+  check_hydra_status:
+    name: Check Hydra status
+    if: github.repository_owner == 'NixOS'
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - run: bash scripts/check-hydra-status.sh
+

.github/workflows/labels.yml

@@ -15,10 +15,10 @@ permissions:
 
 jobs:
   labels:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     steps:
-    - uses: actions/labeler@v6
+    - uses: actions/labeler@v4
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         sync-labels: false

.gitignore

@@ -1,12 +1,96 @@
-# Default meson build dir
-/build
+Makefile.config
+perl/Makefile.config
+
+# /
+/aclocal.m4
+/autom4te.cache
+/precompiled-headers.h.gch
+/config.*
+/configure
+/stamp-h1
+/svn-revision
+/libtool
+
+# /doc/manual/
+/doc/manual/*.1
+/doc/manual/*.5
+/doc/manual/*.8
+/doc/manual/generated/*
+/doc/manual/nix.json
+/doc/manual/conf-file.json
+/doc/manual/language.json
+/doc/manual/xp-features.json
+/doc/manual/src/SUMMARY.md
+/doc/manual/src/command-ref/new-cli
+/doc/manual/src/command-ref/conf-file.md
+/doc/manual/src/command-ref/experimental-features-shortlist.md
+/doc/manual/src/contributing/experimental-feature-descriptions.md
+/doc/manual/src/language/builtins.md
+/doc/manual/src/language/builtin-constants.md
+
+# /scripts/
+/scripts/nix-profile.sh
+/scripts/nix-profile-daemon.sh
+/scripts/nix-profile.fish
+/scripts/nix-profile-daemon.fish
+
+# /src/libexpr/
+/src/libexpr/lexer-tab.cc
+/src/libexpr/lexer-tab.hh
+/src/libexpr/parser-tab.cc
+/src/libexpr/parser-tab.hh
+/src/libexpr/parser-tab.output
+/src/libexpr/nix.tbl
+/tests/unit/libexpr/libnixexpr-tests
+
+# /src/libstore/
+*.gen.*
+/tests/unit/libstore/libnixstore-tests
+
+# /src/libutil/
+/tests/unit/libutil/libnixutil-tests
+
+/src/nix/nix
+
+/src/nix/doc
+
+# /src/nix-env/
+/src/nix-env/nix-env
+
+# /src/nix-instantiate/
+/src/nix-instantiate/nix-instantiate
+
+# /src/nix-store/
+/src/nix-store/nix-store
+
+/src/nix-prefetch-url/nix-prefetch-url
+
+/src/nix-collect-garbage/nix-collect-garbage
+
+# /src/nix-channel/
+/src/nix-channel/nix-channel
+
+# /src/nix-build/
+/src/nix-build/nix-build
+
+/src/nix-copy-closure/nix-copy-closure
+
+/src/error-demo/error-demo
+
+/src/build-remote/build-remote
 
 # /tests/functional/
-/tests/functional/common/subst-vars.sh
+/tests/functional/test-tmp
+/tests/functional/common/vars-and-functions.sh
+/tests/functional/result*
 /tests/functional/restricted-innocent
-/tests/functional/debugger-test-out
+/tests/functional/shell
+/tests/functional/shell.drv
+/tests/functional/config.nix
+/tests/functional/ca/config.nix
+/tests/functional/dyn-drv/config.nix
+/tests/functional/repl-result-out
 /tests/functional/test-libstoreconsumer/test-libstoreconsumer
-/tests/functional/nix-shell
 
 # /tests/functional/lang/
 /tests/functional/lang/*.out
@@ -14,9 +98,29 @@
 /tests/functional/lang/*.err
 /tests/functional/lang/*.ast
 
-/outputs
+/perl/lib/Nix/Config.pm
+/perl/lib/Nix/Store.cc
 
+/misc/systemd/nix-daemon.service
+/misc/systemd/nix-daemon.socket
+/misc/systemd/nix-daemon.conf
+/misc/upstart/nix-daemon.conf
+
+/src/resolve-system-dependencies/resolve-system-dependencies
+
+outputs/
+
+*.a
+*.o
+*.o.tmp
+*.so
+*.dylib
+*.dll
+*.exe
+*.dep
 *~
+*.pc
+*.plist
 
 # GNU Global
 GPATH
@@ -29,24 +133,12 @@ GTAGS
 
 # auto-generated compilation database
 compile_commands.json
-*.compile_commands.json
+
+nix-rust/target
 
 result
-result-*
 
-# IDE
 .vscode/
-.idea/
-
-.pre-commit-config.yaml
 
 # clangd and possibly more
 .cache/
-
-# Mac OS
-.DS_Store
-
-flake-regressions
-
-# direnv
-.direnv/

.shellcheckrc

@@ -1,4 +0,0 @@
-external-sources=true
-source-path=SCRIPTDIR
-# Hack for scripts in e.g. tests/functional/ca
-source-path=SCRIPTDIR/..

.version

@@ -1 +1 @@
-2.33.0
+2.18.6

CITATION.cff

@@ -1,42 +0,0 @@
-cff-version: 1.2.0
-title: Nix
-message: >-
-  If you use this software, please cite it using the
-  metadata from this file.
-type: software
-authors:
-  - given-names: Eelco
-    family-names: Dolstra
-    email: edolstra@gmail.com
-  - name: The Nix contributors
-    website: 'https://github.com/NixOS/nix'
-references:
-  - title: The Purely Functional Software Deployment Model
-    authors:
-    - family-names: Dolstra
-      given-names: Eelco
-    year: 2006
-    type: thesis
-    thesis-type: PhD thesis
-    isbn: 90-393-4130-3
-    url: https://dspace.library.uu.nl/handle/1874/7540
-    database-provider: Utrecht University Repository
-    institution:
-      name: Utrecht University
-    keywords:
-    - configuration management
-    - software deployment
-    - purely functional
-    - component-based software engineering
-repository-code: 'https://github.com/NixOS/nix'
-url: 'https://nixos.org/'
-abstract: >-
-  Nix, a purely functional package manager, is a powerful
-  package manager for Linux and other Unix systems that
-  makes package management reliable and reproducible.
-keywords:
-  - reproducibility
-  - open-source
-  - c++
-  - functional
-license: LGPL-2.1

CONTRIBUTING.md

@@ -24,49 +24,25 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).
 
 ## Making changes to Nix
 
-1. Search for related issues that cover what you're going to work on.
-   It could help to mention there that you will work on the issue.
-
-   We strongly recommend first-time contributors not to propose new features but rather fix tightly-scoped problems in order to build trust and a working relationship with maintainers.
-
-   Issues labeled [good first issue](https://github.com/NixOS/nix/labels/good%20first%20issue) should be relatively easy to fix and are likely to get merged quickly.
-   Pull requests addressing issues labeled [idea approved](https://github.com/NixOS/nix/labels/idea%20approved) or [RFC](https://github.com/NixOS/nix/labels/RFC) are especially welcomed by maintainers and will receive prioritised review.
-
-   If you are proficient with C++, addressing one of the [popular issues](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc) will be highly appreciated by maintainers and Nix users all over the world.
-   For far-reaching changes, please investigate possible blockers and design implications, and coordinate with maintainers before investing too much time in writing code that may not end up getting merged.
-
-   If there is no relevant issue yet and you're not sure whether your change is likely to be accepted, [open an issue](https://github.com/NixOS/nix/issues/new/choose) yourself.
-
-2. Check for [pull requests](https://github.com/NixOS/nix/pulls) that might already cover the contribution you are about to make.
-   There are many open pull requests that might already do what you intend to work on.
+1. Check for [pull requests](https://github.com/NixOS/nix/pulls) that might already cover the contribution you are about to make.
+   There are many open pull requests that might already do what you intent to work on.
    You can use [labels](https://github.com/NixOS/nix/labels) to filter for relevant topics.
 
-3. Check the [Nix reference manual](https://nix.dev/manual/nix/development/development/building.html) for information on building Nix and running its tests.
+2. Search for related issues that cover what you're going to work on. It could help to mention there that you will work on the issue.
 
-   For contributions to the command line interface, please check the [CLI guidelines](https://nix.dev/manual/nix/development/development/cli-guideline.html).
+   Issues labeled [good first issue](https://github.com/NixOS/nix/labels/good-first-issue) should be relatively easy to fix and are likely to get merged quickly.
+   Pull requests addressing issues labeled [idea approved](https://github.com/NixOS/nix/labels/idea%20approved) are especially welcomed by maintainers and will receive prioritised review.
 
-4. Make your change!
+3. Check the [Nix reference manual](https://nixos.org/manual/nix/unstable/contributing/hacking.html) for information on building Nix and running its tests.
+
+   For contributions to the command line interface, please check the [CLI guidelines](https://nixos.org/manual/nix/unstable/contributing/cli-guideline.html).
+
+4. Make your changes!
 
 5. [Create a pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) for your changes.
-   * Clearly explain the problem that you're solving.
-
-     Link related issues to inform interested parties and future contributors about your change.
-     If your pull request closes one or multiple issues, mention that in the description using `Closes: #<number>`, as it will then happen automatically when your change is merged.
-   * Credit original authors when you're reusing or building on their work.
-   * Link to relevant changes in other projects, so that others can understand the full context of the change in the future when you or someone else will change or troubleshoot the code.
-     This is especially important when your change is based on work done in other repositories.
-
-     Example:
-     ```
-     This is based on the work of @user in <url>.
-     This solution took inspiration from <url>.
-
-     Co-authored-by: User Name <user@example.com>
-     ```
-
-     When cherry-picking from a different repository, use the `-x` flag, and then amend the commits to turn the hashes into URLs.
-
+   * Link related issues in your pull request to inform interested parties and future contributors about your change.
    * Make sure to have [a clean history of commits on your branch by using rebase](https://www.digitalocean.com/community/tutorials/how-to-rebase-and-update-a-pull-request).
+     If your pull request closes one or multiple issues, note that in the description using `Closes: #<number>`, as it will then happen automatically when your change is merged.
    * [Mark the pull request as draft](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request) if you're not done with the changes.
 
 6. Do not expect your pull request to be reviewed immediately.
@@ -79,22 +55,22 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).
      - Functional tests – [`tests/functional/**.sh`](./tests/functional)
      - Unit tests – [`src/*/tests`](./src/)
      - Integration tests – [`tests/nixos/*`](./tests/nixos)
-   - [ ] User documentation in the [manual](./doc/manual/source)
+   - [ ] User documentation in the [manual](..doc/manual/src)
    - [ ] API documentation in header files
    - [ ] Code and comments are self-explanatory
    - [ ] Commit message explains **why** the change was made
-   - [ ] New feature or incompatible change: [add a release note](https://nix.dev/manual/nix/development/development/contributing.html#add-a-release-note)
+   - [ ] New feature or incompatible change: updated [release notes](./doc/manual/src/release-notes/rl-next.md)
 
 7. If you need additional feedback or help to getting pull request into shape, ask other contributors using [@mentions](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#mentioning-people-and-teams).
 
 ## Making changes to the Nix manual
 
-The Nix reference manual is hosted on https://nix.dev/manual/nix.
-The underlying source files are located in [`doc/manual/source`](./doc/manual/source).
+The Nix reference manual is hosted on https://nixos.org/manual/nix.
+The underlying source files are located in [`doc/manual/src`](./doc/manual/src).
 For small changes you can [use GitHub to edit these files](https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files)
-For larger changes see the [Nix reference manual](https://nix.dev/manual/nix/development/development/contributing.html).
+For larger changes see the [Nix reference manual](https://nixos.org/manual/nix/unstable/contributing/hacking.html).
 
 ## Getting help
 
 Whenever you're stuck or do not know how to proceed, you can always ask for help.
-We invite you to use our [Matrix room](https://matrix.to/#/#nix-dev:nixos.org) to ask questions.
+The appropriate channels to do so can be found on the [NixOS Community](https://nixos.org/community/) page.

COPYING

@@ -1,8 +1,8 @@
-                  GNU LESSER GENERAL PUBLIC LICENSE
-                       Version 2.1, February 1999
+		  GNU LESSER GENERAL PUBLIC LICENSE
+		       Version 2.1, February 1999
 
  Copyright (C) 1991, 1999 Free Software Foundation, Inc.
- <https://fsf.org/>
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -10,7 +10,7 @@
  as the successor of the GNU Library Public License, version 2, hence
  the version number 2.1.]
 
-                            Preamble
+			    Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -112,7 +112,7 @@ modification follow.  Pay close attention to the difference between a
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
 
-                  GNU LESSER GENERAL PUBLIC LICENSE
+		  GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License Agreement applies to any software library or other
@@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
 on the Library (independent of the use of the Library in a tool for
 writing it).  Whether that is true depends on what the Library does
 and what the program that uses the Library does.
-
+  
   1. You may copy and distribute verbatim copies of the Library's
 complete source code as you receive it, in any medium, provided that
 you conspicuously and appropriately publish on each copy an
@@ -432,7 +432,7 @@ decision will be guided by the two goals of preserving the free status
 of all derivatives of our free software and of promoting the sharing
 and reuse of software generally.
 
-                            NO WARRANTY
+			    NO WARRANTY
 
   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
 WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
@@ -455,7 +455,7 @@ FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
 SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
 
-                     END OF TERMS AND CONDITIONS
+		     END OF TERMS AND CONDITIONS
 
            How to Apply These Terms to Your New Libraries
 
@@ -484,7 +484,8 @@ convey the exclusion of warranty; and each file should have at least the
     Lesser General Public License for more details.
 
     You should have received a copy of the GNU Lesser General Public
-    License along with this library; if not, see <https://www.gnu.org/licenses/>.
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -495,7 +496,9 @@ necessary.  Here is a sample; alter the names:
   Yoyodyne, Inc., hereby disclaims all copyright interest in the
   library `Frob' (a library for tweaking knobs) written by James Random Hacker.
 
-  <signature of Moe Ghoul>, 1 April 1990
-  Moe Ghoul, President of Vice
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
 
 That's all there is to it!
+
+

HACKING.md

@@ -1 +0,0 @@
-doc/manual/source/development/building.md

Makefile

@@ -0,0 +1,53 @@
+makefiles = \
+  mk/precompiled-headers.mk \
+  local.mk \
+  src/libutil/local.mk \
+  src/libstore/local.mk \
+  src/libfetchers/local.mk \
+  src/libmain/local.mk \
+  src/libexpr/local.mk \
+  src/libcmd/local.mk \
+  src/nix/local.mk \
+  src/resolve-system-dependencies/local.mk \
+  scripts/local.mk \
+  misc/bash/local.mk \
+  misc/fish/local.mk \
+  misc/zsh/local.mk \
+  misc/systemd/local.mk \
+  misc/launchd/local.mk \
+  misc/upstart/local.mk \
+  doc/manual/local.mk \
+  doc/internal-api/local.mk
+
+-include Makefile.config
+
+ifeq ($(tests), yes)
+makefiles += \
+  tests/unit/libutil/local.mk \
+  tests/unit/libutil-support/local.mk \
+  tests/unit/libstore/local.mk \
+  tests/unit/libstore-support/local.mk \
+  tests/unit/libexpr/local.mk \
+  tests/unit/libexpr-support/local.mk \
+  tests/functional/local.mk \
+  tests/functional/ca/local.mk \
+  tests/functional/dyn-drv/local.mk \
+  tests/functional/test-libstoreconsumer/local.mk \
+  tests/functional/plugins/local.mk
+else
+makefiles += \
+  mk/disable-tests.mk
+endif
+
+OPTIMIZE = 1
+
+ifeq ($(OPTIMIZE), 1)
+  GLOBAL_CXXFLAGS += -O3 $(CXXLTO)
+  GLOBAL_LDFLAGS += $(CXXLTO)
+else
+  GLOBAL_CXXFLAGS += -O0 -U_FORTIFY_SOURCE
+endif
+
+include mk/lib.mk
+
+GLOBAL_CXXFLAGS += -g -Wall -include config.h -std=c++2a -I src

Makefile.config.in

@@ -0,0 +1,50 @@
+AR = @AR@
+BDW_GC_LIBS = @BDW_GC_LIBS@
+BOOST_LDFLAGS = @BOOST_LDFLAGS@
+BUILD_SHARED_LIBS = @BUILD_SHARED_LIBS@
+CC = @CC@
+CFLAGS = @CFLAGS@
+CXX = @CXX@
+CXXFLAGS = @CXXFLAGS@
+CXXLTO = @CXXLTO@
+EDITLINE_LIBS = @EDITLINE_LIBS@
+ENABLE_S3 = @ENABLE_S3@
+GTEST_LIBS = @GTEST_LIBS@
+HAVE_LIBCPUID = @HAVE_LIBCPUID@
+HAVE_SECCOMP = @HAVE_SECCOMP@
+HOST_OS = @host_os@
+LDFLAGS = @LDFLAGS@
+LIBARCHIVE_LIBS = @LIBARCHIVE_LIBS@
+LIBBROTLI_LIBS = @LIBBROTLI_LIBS@
+LIBCURL_LIBS = @LIBCURL_LIBS@
+LIBSECCOMP_LIBS = @LIBSECCOMP_LIBS@
+LOWDOWN_LIBS = @LOWDOWN_LIBS@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+RAPIDCHECK_HEADERS = @RAPIDCHECK_HEADERS@
+SHELL = @bash@
+SODIUM_LIBS = @SODIUM_LIBS@
+SQLITE3_LIBS = @SQLITE3_LIBS@
+bash = @bash@
+bindir = @bindir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+doc_generate = @doc_generate@
+docdir = @docdir@
+embedded_sandbox_shell = @embedded_sandbox_shell@
+exec_prefix = @exec_prefix@
+includedir = @includedir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+lsof = @lsof@
+mandir = @mandir@
+pkglibdir = $(libdir)/$(PACKAGE_NAME)
+prefix = @prefix@
+sandbox_shell = @sandbox_shell@
+storedir = @storedir@
+sysconfdir = @sysconfdir@
+system = @system@
+tests = @tests@
+internal_api_docs = @internal_api_docs@

README.md

@@ -1,37 +1,35 @@
 # Nix
 
 [![Open Collective supporters](https://opencollective.com/nixos/tiers/supporter/badge.svg?label=Supporters&color=brightgreen)](https://opencollective.com/nixos)
-[![CI](https://github.com/NixOS/nix/workflows/CI/badge.svg)](https://github.com/NixOS/nix/actions/workflows/ci.yml)
+[![Test](https://github.com/NixOS/nix/workflows/Test/badge.svg)](https://github.com/NixOS/nix/actions)
 
 Nix is a powerful package manager for Linux and other Unix systems that makes package
-management reliable and reproducible. Please refer to the [Nix manual](https://nix.dev/reference/nix-manual)
+management reliable and reproducible. Please refer to the [Nix manual](https://nixos.org/nix/manual)
 for more details.
 
-## Installation and first steps
+## Installation
 
-Visit [nix.dev](https://nix.dev) for [installation instructions](https://nix.dev/tutorials/install-nix) and [beginner tutorials](https://nix.dev/tutorials/first-steps).
+On Linux and macOS the easiest way to install Nix is to run the following shell command
+(as a user other than root):
 
-Full reference documentation can be found in the [Nix manual](https://nix.dev/reference/nix-manual).
+```console
+$ curl -L https://nixos.org/nix/install | sh
+```
 
-## Building and developing
+Information on additional installation methods is available on the [Nix download page](https://nixos.org/download.html).
 
-Follow instructions in the Nix reference manual to [set up a development environment and build Nix from source](https://nix.dev/manual/nix/development/development/building.html).
+## Building And Developing
 
-## Contributing
+See our [Hacking guide](https://nixos.org/manual/nix/unstable/contributing/hacking.html) in our manual for instruction on how to
+to set up a development environment and build Nix from source.
 
-Check the [contributing guide](./CONTRIBUTING.md) if you want to get involved with developing Nix.
+## Additional Resources
 
-## Additional resources
-
-Nix was created by Eelco Dolstra and developed as the subject of his PhD thesis [The Purely Functional Software Deployment Model](https://edolstra.github.io/pubs/phd-thesis.pdf), published 2006.
-Today, a world-wide developer community contributes to Nix and the ecosystem that has grown around it.
-
-- [The Nix, Nixpkgs, NixOS Community on nixos.org](https://nixos.org/)
-- [Official documentation on nix.dev](https://nix.dev)
-- [Nixpkgs](https://github.com/NixOS/nixpkgs) is [the largest, most up-to-date free software repository in the world](https://repology.org/repositories/graphs)
-- [NixOS](https://github.com/NixOS/nixpkgs/tree/master/nixos) is a Linux distribution that can be configured fully declaratively
-- [Discourse](https://discourse.nixos.org/)
-- Matrix: [#users:nixos.org](https://matrix.to/#/#users:nixos.org) for user support and [#nix-dev:nixos.org](https://matrix.to/#/#nix-dev:nixos.org) for development
+- [Nix manual](https://nixos.org/nix/manual)
+- [Nix jobsets on hydra.nixos.org](https://hydra.nixos.org/project/nix)
+- [NixOS Discourse](https://discourse.nixos.org/)
+- [Matrix - #nix:nixos.org](https://matrix.to/#/#nix:nixos.org)
+- [IRC - #nixos on libera.chat](irc://irc.libera.chat/#nixos)
 
 ## License
 

boehmgc-coroutine-sp-fallback.diff

@@ -0,0 +1,93 @@
+diff --git a/darwin_stop_world.c b/darwin_stop_world.c
+index 0468aaec..b348d869 100644
+--- a/darwin_stop_world.c
++++ b/darwin_stop_world.c
+@@ -356,6 +356,7 @@ GC_INNER void GC_push_all_stacks(void)
+   int nthreads = 0;
+   word total_size = 0;
+   mach_msg_type_number_t listcount = (mach_msg_type_number_t)THREAD_TABLE_SZ;
++  size_t stack_limit;
+   if (!EXPECT(GC_thr_initialized, TRUE))
+     GC_thr_init();
+ 
+@@ -411,6 +412,19 @@ GC_INNER void GC_push_all_stacks(void)
+             GC_push_all_stack_sections(lo, hi, p->traced_stack_sect);
+           }
+           if (altstack_lo) {
++            // When a thread goes into a coroutine, we lose its original sp until
++            // control flow returns to the thread.
++            // While in the coroutine, the sp points outside the thread stack,
++            // so we can detect this and push the entire thread stack instead,
++            // as an approximation.
++            // We assume that the coroutine has similarly added its entire stack.
++            // This could be made accurate by cooperating with the application
++            // via new functions and/or callbacks.
++            stack_limit = pthread_get_stacksize_np(p->id);
++            if (altstack_lo >= altstack_hi || altstack_lo < altstack_hi - stack_limit) { // sp outside stack
++              altstack_lo = altstack_hi - stack_limit;
++            }
++
+             total_size += altstack_hi - altstack_lo;
+             GC_push_all_stack(altstack_lo, altstack_hi);
+           }
+diff --git a/include/gc.h b/include/gc.h
+index edab6c22..f2c61282 100644
+--- a/include/gc.h
++++ b/include/gc.h
+@@ -2172,6 +2172,11 @@ GC_API void GC_CALL GC_win32_free_heap(void);
+         (*GC_amiga_allocwrapper_do)(a,GC_malloc_atomic_ignore_off_page)
+ #endif /* _AMIGA && !GC_AMIGA_MAKINGLIB */
+ 
++#if !__APPLE__
++/* Patch doesn't work on apple */
++#define NIX_BOEHM_PATCH_VERSION 1
++#endif
++
+ #ifdef __cplusplus
+   } /* extern "C" */
+ #endif
+diff --git a/pthread_stop_world.c b/pthread_stop_world.c
+index b5d71e62..aed7b0bf 100644
+--- a/pthread_stop_world.c
++++ b/pthread_stop_world.c
+@@ -768,6 +768,8 @@ STATIC void GC_restart_handler(int sig)
+ /* world is stopped.  Should not fail if it isn't.                      */
+ GC_INNER void GC_push_all_stacks(void)
+ {
++    size_t stack_limit;
++    pthread_attr_t pattr;
+     GC_bool found_me = FALSE;
+     size_t nthreads = 0;
+     int i;
+@@ -851,6 +853,31 @@ GC_INNER void GC_push_all_stacks(void)
+           hi = p->altstack + p->altstack_size;
+           /* FIXME: Need to scan the normal stack too, but how ? */
+           /* FIXME: Assume stack grows down */
++        } else {
++          if (pthread_getattr_np(p->id, &pattr)) {
++            ABORT("GC_push_all_stacks: pthread_getattr_np failed!");
++          }
++          if (pthread_attr_getstacksize(&pattr, &stack_limit)) {
++            ABORT("GC_push_all_stacks: pthread_attr_getstacksize failed!");
++          }
++          if (pthread_attr_destroy(&pattr)) {
++            ABORT("GC_push_all_stacks: pthread_attr_destroy failed!");
++          }
++          // When a thread goes into a coroutine, we lose its original sp until
++          // control flow returns to the thread.
++          // While in the coroutine, the sp points outside the thread stack,
++          // so we can detect this and push the entire thread stack instead,
++          // as an approximation.
++          // We assume that the coroutine has similarly added its entire stack.
++          // This could be made accurate by cooperating with the application
++          // via new functions and/or callbacks.
++          #ifndef STACK_GROWS_UP
++            if (lo >= hi || lo < hi - stack_limit) { // sp outside stack
++              lo = hi - stack_limit;
++            }
++          #else
++          #error "STACK_GROWS_UP not supported in boost_coroutine2 (as of june 2021), so we don't support it in Nix."
++          #endif
+         }
+         GC_push_all_stack_sections(lo, hi, traced_stack_sect);
+ #       ifdef STACK_GROWS_UP

bootstrap.sh

@@ -0,0 +1,4 @@
+#! /bin/sh -e
+rm -f aclocal.m4
+mkdir -p config
+exec autoreconf -vfi

ci/gha/profile-build/default.nix

@@ -1,101 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-}:
-
-let
-  inherit (pkgs) lib;
-
-  nixComponentsInstrumented =
-    (nixFlake.lib.makeComponents {
-      inherit pkgs;
-      getStdenv = p: p.clangStdenv;
-    }).overrideScope
-      (
-        _: _: {
-          mesonComponentOverrides = finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "buildprofile" ];
-            nativeBuildInputs = [ pkgs.clangbuildanalyzer ] ++ prevAttrs.nativeBuildInputs or [ ];
-            __impure = true;
-
-            env = {
-              CFLAGS = "-ftime-trace";
-              CXXFLAGS = "-ftime-trace";
-            };
-
-            preBuild = ''
-              ClangBuildAnalyzer --start $PWD
-            '';
-
-            postBuild = ''
-              ClangBuildAnalyzer --stop $PWD $buildprofile
-            '';
-          };
-        }
-      );
-
-  componentsToProfile = {
-    "nix-util" = { };
-    "nix-util-c" = { };
-    "nix-util-test-support" = { };
-    "nix-util-tests" = { };
-    "nix-store" = { };
-    "nix-store-c" = { };
-    "nix-store-test-support" = { };
-    "nix-store-tests" = { };
-    "nix-fetchers" = { };
-    "nix-fetchers-c" = { };
-    "nix-fetchers-tests" = { };
-    "nix-expr" = { };
-    "nix-expr-c" = { };
-    "nix-expr-test-support" = { };
-    "nix-expr-tests" = { };
-    "nix-flake" = { };
-    "nix-flake-c" = { };
-    "nix-flake-tests" = { };
-    "nix-main" = { };
-    "nix-main-c" = { };
-    "nix-cmd" = { };
-    "nix-cli" = { };
-  };
-
-  componentDerivationsToProfile = builtins.intersectAttrs componentsToProfile nixComponentsInstrumented;
-  componentBuildProfiles = lib.mapAttrs (
-    n: v: lib.getOutput "buildprofile" v
-  ) componentDerivationsToProfile;
-
-  buildTimeReport =
-    pkgs.runCommand "build-time-report"
-      {
-        __impure = true;
-        __structuredAttrs = true;
-        nativeBuildInputs = [ pkgs.clangbuildanalyzer ];
-        inherit componentBuildProfiles;
-      }
-      ''
-        {
-          echo "# Build time performance profile for components:"
-          echo
-          echo "This reports the build profile collected via \`-ftime-trace\` for each component."
-          echo
-        } >> $out
-
-        for name in "''\${!componentBuildProfiles[@]}"; do
-          {
-            echo "<details><summary><strong>$name</strong></summary>"
-            echo
-            echo '````'
-            ClangBuildAnalyzer --analyze "''\${componentBuildProfiles[$name]}"
-            echo '````'
-            echo
-            echo "</details>"
-          } >> $out
-        done
-      '';
-in
-
-{
-  inherit buildTimeReport;
-  inherit componentDerivationsToProfile;
-}

ci/gha/tests/build-checks

@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-system=$(nix eval --raw --impure --expr builtins.currentSystem)
-nix eval --json ".#checks.$system" --apply builtins.attrNames | \
-  jq -r '.[]' | \
-  xargs -P0 -I '{}' sh -c "nix build -L .#checks.$system.{} || { echo 'FAILED: \033[0;31mnix build -L .#checks.$system.{}\\033[0m'; kill 0; }"

ci/gha/tests/default.nix

@@ -1,257 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  nixComponents ? (
-    nixFlake.lib.makeComponents {
-      inherit pkgs;
-      inherit getStdenv;
-    }
-  ),
-  getStdenv ? p: p.stdenv,
-  componentTestsPrefix ? "",
-  withSanitizers ? false,
-  withCoverage ? false,
-  ...
-}:
-
-let
-  inherit (pkgs) lib;
-  hydraJobs = nixFlake.hydraJobs;
-  packages' = nixFlake.packages.${system};
-  stdenv = (getStdenv pkgs);
-
-  collectCoverageLayer = finalAttrs: prevAttrs: {
-    env =
-      let
-        # https://clang.llvm.org/docs/SourceBasedCodeCoverage.html#the-code-coverage-workflow
-        coverageFlags = [
-          "-fprofile-instr-generate"
-          "-fcoverage-mapping"
-        ];
-      in
-      {
-        CFLAGS = toString coverageFlags;
-        CXXFLAGS = toString coverageFlags;
-      };
-
-    # Done in a pre-configure hook, because $NIX_BUILD_TOP needs to be substituted.
-    preConfigure = prevAttrs.preConfigure or "" + ''
-      mappingFlag=" -fcoverage-prefix-map=$NIX_BUILD_TOP/${finalAttrs.src.name}=${finalAttrs.src}"
-      CFLAGS+="$mappingFlag"
-      CXXFLAGS+="$mappingFlag"
-    '';
-  };
-
-  componentOverrides = (lib.optional withCoverage collectCoverageLayer);
-in
-
-rec {
-  nixComponentsInstrumented = nixComponents.overrideScope (
-    final: prev: {
-      withASan = withSanitizers;
-      withUBSan = withSanitizers;
-
-      nix-store-tests = prev.nix-store-tests.override { withBenchmarks = true; };
-      # Boehm is incompatible with ASAN.
-      nix-expr = prev.nix-expr.override { enableGC = !withSanitizers; };
-
-      mesonComponentOverrides = lib.composeManyExtensions componentOverrides;
-      # Unclear how to make Perl bindings work with a dynamically linked ASAN.
-      nix-perl-bindings = if withSanitizers then null else prev.nix-perl-bindings;
-    }
-  );
-
-  # Import NixOS tests using the instrumented components
-  nixosTests = import ../../../tests/nixos {
-    inherit lib pkgs;
-    nixComponents = nixComponentsInstrumented;
-    nixpkgs = nixFlake.inputs.nixpkgs;
-    inherit (nixFlake.inputs) nixpkgs-23-11;
-  };
-
-  /**
-    Top-level tests for the flake outputs, as they would be built by hydra.
-    These tests generally can't be overridden to run with sanitizers.
-  */
-  topLevel = {
-    installerScriptForGHA = hydraJobs.installerScriptForGHA.${system};
-    installTests = hydraJobs.installTests.${system};
-    nixpkgsLibTests = hydraJobs.tests.nixpkgsLibTests.${system};
-    rl-next = pkgs.buildPackages.runCommand "test-rl-next-release-notes" { } ''
-      LANG=C.UTF-8 ${pkgs.changelog-d}/bin/changelog-d ${../../../doc/manual/rl-next} >$out
-    '';
-    repl-completion = pkgs.callPackage ../../../tests/repl-completion.nix { inherit (packages') nix; };
-
-    /**
-      Checks for our packaging expressions.
-      This shouldn't build anything significant; just check that things
-      (including derivations) are _set up_ correctly.
-    */
-    packaging-overriding =
-      let
-        nix = packages'.nix;
-      in
-      assert (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src.patches == [ pkgs.emptyFile ];
-      if pkgs.stdenv.buildPlatform.isDarwin then
-        lib.warn "packaging-overriding check currently disabled because of a permissions issue on macOS" pkgs.emptyFile
-      else
-        # If this fails, something might be wrong with how we've wired the scope,
-        # or something could be broken in Nixpkgs.
-        pkgs.testers.testEqualContents {
-          assertion = "trivial patch does not change source contents";
-          expected = "${../../..}";
-          actual =
-            # Same for all components; nix-util is an arbitrary pick
-            (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src;
-        };
-  };
-
-  disable =
-    let
-      inherit (pkgs.stdenv) hostPlatform;
-    in
-    args@{
-      pkgName,
-      testName,
-      test,
-    }:
-    lib.any (b: b) [
-      # FIXME: Nix manual is impure and does not produce all settings on darwin
-      (hostPlatform.isDarwin && pkgName == "nix-manual" && testName == "linkcheck")
-    ];
-
-  componentTests =
-    (lib.concatMapAttrs (
-      pkgName: pkg:
-      lib.concatMapAttrs (
-        testName: test:
-        lib.optionalAttrs (!disable { inherit pkgName testName test; }) {
-          "${componentTestsPrefix}${pkgName}-${testName}" = test;
-        }
-      ) (pkg.tests or { })
-    ) nixComponentsInstrumented)
-    // lib.optionalAttrs (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) {
-      "${componentTestsPrefix}nix-functional-tests" = nixComponentsInstrumented.nix-functional-tests;
-      "${componentTestsPrefix}nix-json-schema-checks" = nixComponentsInstrumented.nix-json-schema-checks;
-    };
-
-  codeCoverage =
-    let
-      componentsTestsToProfile =
-        (builtins.mapAttrs (n: v: nixComponentsInstrumented.${n}.tests.run) {
-          "nix-util-tests" = { };
-          "nix-store-tests" = { };
-          "nix-fetchers-tests" = { };
-          "nix-expr-tests" = { };
-          "nix-flake-tests" = { };
-        })
-        // {
-          inherit (nixComponentsInstrumented) nix-functional-tests;
-        };
-
-      coverageProfileDrvs = lib.mapAttrs (
-        n: v:
-        v.overrideAttrs (
-          finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "profraw" ];
-            env = {
-              LLVM_PROFILE_FILE = "${placeholder "profraw"}/%m";
-            };
-          }
-        )
-      ) componentsTestsToProfile;
-
-      coverageProfiles = lib.mapAttrsToList (n: v: lib.getOutput "profraw" v) coverageProfileDrvs;
-
-      mergedProfdata =
-        pkgs.runCommand "merged-profdata"
-          {
-            __structuredAttrs = true;
-            nativeBuildInputs = [ pkgs.llvmPackages.libllvm ];
-            inherit coverageProfiles;
-          }
-          ''
-            rawProfiles=()
-            for dir in "''\${coverageProfiles[@]}"; do
-              rawProfiles+=($dir/*)
-            done
-            llvm-profdata merge -sparse -output $out "''\${rawProfiles[@]}"
-          '';
-
-      coverageReports =
-        let
-          nixComponentDrvs = lib.filter (lib.isDerivation) (lib.attrValues nixComponentsInstrumented);
-        in
-        pkgs.runCommand "code-coverage-report"
-          {
-            nativeBuildInputs = [
-              pkgs.llvmPackages.libllvm
-              pkgs.jq
-            ];
-            __structuredAttrs = true;
-            nixComponents = nixComponentDrvs;
-          }
-          ''
-            # ${toString (lib.map (v: v.src) nixComponentDrvs)}
-
-            binaryFiles=()
-            for dir in "''\${nixComponents[@]}"; do
-              readarray -t filesInDir < <(find "$dir" -type f -executable)
-              binaryFiles+=("''\${filesInDir[@]}")
-            done
-
-            arguments=$(concatStringsSep " -object " binaryFiles)
-            llvm-cov show $arguments -instr-profile ${mergedProfdata} -output-dir $out -format=html
-
-            {
-              echo "# Code coverage summary (generated via \`llvm-cov\`):"
-              echo
-              echo '```'
-              llvm-cov report $arguments -instr-profile ${mergedProfdata} -format=text -use-color=false
-              echo '```'
-              echo
-            } >> $out/index.txt
-
-            llvm-cov export $arguments -instr-profile ${mergedProfdata} -format=text > $out/coverage.json
-
-            mkdir -p $out/nix-support
-
-            coverageTotals=$(jq ".data[0].totals" $out/coverage.json)
-
-            # Mostly inline from pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh [1],
-            # which we can't use here, because we rely on LLVM's infra for source code coverage collection.
-            # [1]: https://github.com/NixOS/nixpkgs/blob/67bb48c4c8e327417d6d5aa7e538244b209e852b/pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh#L16
-            declare -A metricsArray=(["lineCoverage"]="lines" ["functionCoverage"]="functions" ["branchCoverage"]="branches")
-
-            for metricName in "''\${!metricsArray[@]}"; do
-              key="''\${metricsArray[$metricName]}"
-              metric=$(echo "$coverageTotals" | jq ".$key.percent * 10 | round / 10")
-              echo "$metricName $metric %" >> $out/nix-support/hydra-metrics
-            done
-
-            echo "report coverage $out" >> $out/nix-support/hydra-build-products
-          '';
-    in
-    assert withCoverage;
-    assert stdenv.cc.isClang;
-    {
-      inherit coverageProfileDrvs mergedProfdata coverageReports;
-    };
-
-  vmTests = {
-    inherit (nixosTests) s3-binary-cache-store;
-  }
-  // lib.optionalAttrs (!withSanitizers && !withCoverage) {
-    # evalNixpkgs uses non-instrumented components from hydraJobs, so only run it
-    # when not testing with sanitizers to avoid rebuilding nix
-    inherit (hydraJobs.tests) evalNixpkgs;
-    # FIXME: CI times out when building vm tests instrumented
-    inherit (nixosTests)
-      functional_user
-      githubFlakes
-      nix-docker
-      tarballFlakes
-      ;
-  };
-}

ci/gha/tests/pre-commit-checks

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-system=$(nix eval --raw --impure --expr builtins.currentSystem)
-
-echo "::group::Running pre-commit checks"
-
-if nix build ".#checks.$system.pre-commit" -L; then
-    echo "::endgroup::"
-    exit 0
-fi
-
-echo "::error ::Changes do not pass pre-commit checks"
-
-cat <<EOF
-The code isn't formatted or doesn't pass lints. You can run pre-commit locally with:
-
-    nix develop -c ./maintainers/format.sh
-EOF
-
-echo "::endgroup::"
-
-exit 1

ci/gha/tests/prepare-installer-for-github-actions

@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-nix build -L ".#installerScriptForGHA" ".#binaryTarball"
-
-mkdir -p out
-cp ./result/install "out/install"
-name="$(basename "$(realpath ./result-1)")"
-# everything before the first dash
-cp -r ./result-1 "out/${name%%-*}"

ci/gha/tests/wrapper.nix

@@ -1,16 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  stdenv ? "stdenv",
-  componentTestsPrefix ? "",
-  withInstrumentation ? false,
-}@args:
-import ./. (
-  args
-  // {
-    getStdenv = p: p.${stdenv};
-    withSanitizers = withInstrumentation;
-    withCoverage = withInstrumentation;
-  }
-)

config/install-sh

@@ -0,0 +1,527 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2011-11-20.07; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# 'make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	# Protect names problematic for 'test' and other utilities.
+	case $dst_arg in
+	  -* | [=\(\)!]) dst_arg=./$dst_arg;;
+	esac
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+    # Protect names problematic for 'test' and other utilities.
+    case $dst_arg in
+      -* | [=\(\)!]) dst_arg=./$dst_arg;;
+    esac
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call 'install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  do_exit='(exit $ret); exit $ret'
+  trap "ret=129; $do_exit" 1
+  trap "ret=130; $do_exit" 2
+  trap "ret=141; $do_exit" 13
+  trap "ret=143; $do_exit" 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names problematic for 'test' and other utilities.
+  case $src in
+    -* | [=\(\)!]) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+    dst=$dst_arg
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	[-=\(\)!]*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test X"$d" = X && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:

configure.ac

@@ -0,0 +1,388 @@
+AC_INIT([nix],[m4_esyscmd(bash -c "echo -n $(cat ./.version)$VERSION_SUFFIX")])
+AC_CONFIG_MACRO_DIRS([m4])
+AC_CONFIG_SRCDIR(README.md)
+AC_CONFIG_AUX_DIR(config)
+
+AC_PROG_SED
+
+# Construct a Nix system name (like "i686-linux"):
+# https://www.gnu.org/software/autoconf/manual/html_node/Canonicalizing.html#index-AC_005fCANONICAL_005fHOST-1
+# The inital value is produced by the `config/config.guess` script:
+# upstream: https://git.savannah.gnu.org/cgit/config.git/tree/config.guess
+# It has the following form, which is not documented anywhere:
+# <cpu>-<vendor>-<os>[<version>][-<abi>]
+# If `./configure` is passed any of the `--host`, `--build`, `--target` options, the value comes from `config/config.sub` instead:
+# upstream: https://git.savannah.gnu.org/cgit/config.git/tree/config.sub
+AC_CANONICAL_HOST
+AC_MSG_CHECKING([for the canonical Nix system name])
+
+AC_ARG_WITH(system, AS_HELP_STRING([--with-system=SYSTEM],[Platform identifier (e.g., `i686-linux').]),
+  [system=$withval],
+  [case "$host_cpu" in
+     i*86)
+        machine_name="i686";;
+     amd64)
+        machine_name="x86_64";;
+     armv6|armv7)
+        machine_name="${host_cpu}l";;
+     *)
+        machine_name="$host_cpu";;
+   esac
+
+   case "$host_os" in
+     linux-gnu*|linux-musl*)
+        # For backward compatibility, strip the `-gnu' part.
+        system="$machine_name-linux";;
+     *)
+        # Strip the version number from names such as `gnu0.3',
+        # `darwin10.2.0', etc.
+        system="$machine_name-`echo $host_os | "$SED" -e's/@<:@0-9.@:>@*$//g'`";;
+   esac])
+
+AC_MSG_RESULT($system)
+AC_SUBST(system)
+AC_DEFINE_UNQUOTED(SYSTEM, ["$system"], [platform identifier ('cpu-os')])
+
+
+# State should be stored in /nix/var, unless the user overrides it explicitly.
+test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var
+
+
+AC_PROG_CC
+AC_PROG_CXX
+AC_PROG_CPP
+
+AC_CHECK_TOOL([AR], [ar])
+
+# Use 64-bit file system calls so that we can support files > 2 GiB.
+AC_SYS_LARGEFILE
+
+
+# Solaris-specific stuff.
+AC_STRUCT_DIRENT_D_TYPE
+case "$host_os" in
+  solaris*)
+    # Solaris requires -lsocket -lnsl for network functions
+    LDFLAGS="-lsocket -lnsl $LDFLAGS"
+    ;;
+esac
+
+
+# Check for pubsetbuf.
+AC_MSG_CHECKING([for pubsetbuf])
+AC_LANG_PUSH(C++)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <iostream>
+using namespace std;
+static char buf[1024];]],
+    [[cerr.rdbuf()->pubsetbuf(buf, sizeof(buf));]])],
+    [AC_MSG_RESULT(yes) AC_DEFINE(HAVE_PUBSETBUF, 1, [Whether pubsetbuf is available.])],
+    AC_MSG_RESULT(no))
+AC_LANG_POP(C++)
+
+
+AC_CHECK_FUNCS([statvfs pipe2])
+
+
+# Check for lutimes, optionally used for changing the mtime of
+# symlinks.
+AC_CHECK_FUNCS([lutimes])
+
+
+# Check whether the store optimiser can optimise symlinks.
+AC_MSG_CHECKING([whether it is possible to create a link to a symlink])
+ln -s bla tmp_link
+if ln tmp_link tmp_link2 2> /dev/null; then
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(CAN_LINK_SYMLINK, 1, [Whether link() works on symlinks.])
+else
+    AC_MSG_RESULT(no)
+fi
+rm -f tmp_link tmp_link2
+
+
+# Check for <locale>.
+AC_LANG_PUSH(C++)
+AC_CHECK_HEADERS([locale])
+AC_LANG_POP(C++)
+
+
+AC_DEFUN([NEED_PROG],
+[
+AC_PATH_PROG($1, $2)
+if test -z "$$1"; then
+    AC_MSG_ERROR([$2 is required])
+fi
+])
+
+NEED_PROG(bash, bash)
+AC_PATH_PROG(flex, flex, false)
+AC_PATH_PROG(bison, bison, false)
+AC_PATH_PROG(dot, dot)
+AC_PATH_PROG(lsof, lsof, lsof)
+NEED_PROG(jq, jq)
+
+
+AC_SUBST(coreutils, [$(dirname $(type -p cat))])
+
+
+AC_ARG_WITH(store-dir, AS_HELP_STRING([--with-store-dir=PATH],[path of the Nix store (defaults to /nix/store)]),
+  storedir=$withval, storedir='/nix/store')
+AC_SUBST(storedir)
+
+
+# Look for boost, a required dependency.
+# Note that AX_BOOST_BASE only exports *CPP* BOOST_CPPFLAGS, no CXX flags,
+# and CPPFLAGS are not passed to the C++ compiler automatically.
+# Thus we append the returned CPPFLAGS to the CXXFLAGS here.
+AX_BOOST_BASE([1.66], [CXXFLAGS="$BOOST_CPPFLAGS $CXXFLAGS"], [AC_MSG_ERROR([Nix requires boost.])])
+# For unknown reasons, setting this directly in the ACTION-IF-FOUND above
+# ends up with LDFLAGS being empty, so we set it afterwards.
+LDFLAGS="$BOOST_LDFLAGS $LDFLAGS"
+
+# On some platforms, new-style atomics need a helper library
+AC_MSG_CHECKING(whether -latomic is needed)
+AC_LINK_IFELSE([AC_LANG_SOURCE([[
+#include <stdint.h>
+uint64_t v;
+int main() {
+    return (int)__atomic_load_n(&v, __ATOMIC_ACQUIRE);
+}]])], GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC=no, GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC=yes)
+AC_MSG_RESULT($GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC)
+if test "x$GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC" = xyes; then
+    LDFLAGS="-latomic $LDFLAGS"
+fi
+
+# Building without tests is useful for bootstrapping with a smaller footprint
+# or running the tests in a separate derivation. Otherwise, we do compile and
+# run them.
+AC_ARG_ENABLE(tests, AS_HELP_STRING([--disable-tests],[Do not build the tests]),
+  tests=$enableval, tests=yes)
+AC_SUBST(tests)
+
+# Building without API docs is the default as Nix' C++ interfaces are internal and unstable.
+AC_ARG_ENABLE(internal_api_docs, AS_HELP_STRING([--enable-internal-api-docs],[Build API docs for Nix's internal unstable C++ interfaces]),
+  internal_api_docs=$enableval, internal_api_docs=no)
+AC_SUBST(internal_api_docs)
+
+# LTO is currently broken with clang for unknown reasons; ld segfaults in the llvm plugin
+AC_ARG_ENABLE(lto, AS_HELP_STRING([--enable-lto],[Enable LTO (only supported with GCC) [default=no]]),
+  lto=$enableval, lto=no)
+if test "$lto" = yes; then
+    if $CXX --version | grep -q GCC; then
+        AC_SUBST(CXXLTO, [-flto=jobserver])
+    else
+        echo "error: LTO is only supported with GCC at the moment" >&2
+        exit 1
+    fi
+else
+    AC_SUBST(CXXLTO, [""])
+fi
+
+PKG_PROG_PKG_CONFIG
+
+AC_ARG_ENABLE(shared, AS_HELP_STRING([--enable-shared],[Build shared libraries for Nix [default=yes]]),
+  shared=$enableval, shared=yes)
+if test "$shared" = yes; then
+  AC_SUBST(BUILD_SHARED_LIBS, 1, [Whether to build shared libraries.])
+else
+  AC_SUBST(BUILD_SHARED_LIBS, 0, [Whether to build shared libraries.])
+  PKG_CONFIG="$PKG_CONFIG --static"
+fi
+
+# Look for OpenSSL, a required dependency. FIXME: this is only (maybe)
+# used by S3BinaryCacheStore.
+PKG_CHECK_MODULES([OPENSSL], [libcrypto >= 1.1.1], [CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"])
+
+
+# Look for libarchive.
+PKG_CHECK_MODULES([LIBARCHIVE], [libarchive >= 3.1.2], [CXXFLAGS="$LIBARCHIVE_CFLAGS $CXXFLAGS"])
+# Workaround until https://github.com/libarchive/libarchive/issues/1446 is fixed
+if test "$shared" != yes; then
+    LIBARCHIVE_LIBS+=' -lz'
+fi
+
+# Look for SQLite, a required dependency.
+PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"])
+
+# Look for libcurl, a required dependency.
+PKG_CHECK_MODULES([LIBCURL], [libcurl], [CXXFLAGS="$LIBCURL_CFLAGS $CXXFLAGS"])
+
+# Look for editline, a required dependency.
+# The the libeditline.pc file was added only in libeditline >= 1.15.2,
+# see https://github.com/troglobit/editline/commit/0a8f2ef4203c3a4a4726b9dd1336869cd0da8607,
+# but e.g. Ubuntu 16.04 has an older version, so we fall back to searching for
+# editline.h when the pkg-config approach fails.
+PKG_CHECK_MODULES([EDITLINE], [libeditline], [CXXFLAGS="$EDITLINE_CFLAGS $CXXFLAGS"], [
+  AC_CHECK_HEADERS([editline.h], [true],
+    [AC_MSG_ERROR([Nix requires libeditline; it was found neither via pkg-config nor its normal header.])])
+  AC_SEARCH_LIBS([readline read_history], [editline], [],
+    [AC_MSG_ERROR([Nix requires libeditline; it was not found via pkg-config, but via its header, but required functions do not work. Maybe it is too old? >= 1.14 is required.])])
+])
+
+# Look for libsodium.
+PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"])
+
+# Look for libbrotli{enc,dec}.
+PKG_CHECK_MODULES([LIBBROTLI], [libbrotlienc libbrotlidec], [CXXFLAGS="$LIBBROTLI_CFLAGS $CXXFLAGS"])
+
+# Look for libcpuid.
+have_libcpuid=
+if test "$machine_name" = "x86_64"; then
+    AC_ARG_ENABLE([cpuid],
+                  AS_HELP_STRING([--disable-cpuid], [Do not determine microarchitecture levels with libcpuid (relevant to x86_64 only)]))
+    if test "x$enable_cpuid" != "xno"; then
+      PKG_CHECK_MODULES([LIBCPUID], [libcpuid],
+        [CXXFLAGS="$LIBCPUID_CFLAGS $CXXFLAGS"
+         have_libcpuid=1
+         AC_DEFINE([HAVE_LIBCPUID], [1], [Use libcpuid])]
+      )
+    fi
+fi
+AC_SUBST(HAVE_LIBCPUID, [$have_libcpuid])
+
+
+# Look for libseccomp, required for Linux sandboxing.
+case "$host_os" in
+  linux*)
+    AC_ARG_ENABLE([seccomp-sandboxing],
+                  AS_HELP_STRING([--disable-seccomp-sandboxing],[Don't build support for seccomp sandboxing (only recommended if your arch doesn't support libseccomp yet!)
+                                ]))
+    if test "x$enable_seccomp_sandboxing" != "xno"; then
+      PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
+                        [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
+      have_seccomp=1
+      AC_DEFINE([HAVE_SECCOMP], [1], [Whether seccomp is available and should be used for sandboxing.])
+      AC_COMPILE_IFELSE([
+        AC_LANG_SOURCE([[
+          #include <seccomp.h>
+          #ifndef __SNR_fchmodat2
+          # error "Missing support for fchmodat2"
+          #endif
+        ]])
+      ], [], [
+        echo "libseccomp is missing __SNR_fchmodat2. Please provide libseccomp 2.5.5 or later"
+        exit 1
+      ])
+    else
+      have_seccomp=
+    fi
+    ;;
+  *)
+    have_seccomp=
+    ;;
+esac
+AC_SUBST(HAVE_SECCOMP, [$have_seccomp])
+
+
+# Look for aws-cpp-sdk-s3.
+AC_LANG_PUSH(C++)
+AC_CHECK_HEADERS([aws/s3/S3Client.h],
+  [AC_DEFINE([ENABLE_S3], [1], [Whether to enable S3 support via aws-sdk-cpp.]) enable_s3=1],
+  [AC_DEFINE([ENABLE_S3], [0], [Whether to enable S3 support via aws-sdk-cpp.]) enable_s3=])
+AC_SUBST(ENABLE_S3, [$enable_s3])
+AC_LANG_POP(C++)
+
+if test -n "$enable_s3"; then
+  declare -a aws_version_tokens=($(printf '#include <aws/core/VersionConfig.h>\nAWS_SDK_VERSION_STRING' | $CPP $CPPFLAGS - | grep -v '^#.*' | sed 's/"//g' | tr '.' ' '))
+  AC_DEFINE_UNQUOTED([AWS_VERSION_MAJOR], ${aws_version_tokens@<:@0@:>@}, [Major version of aws-sdk-cpp.])
+  AC_DEFINE_UNQUOTED([AWS_VERSION_MINOR], ${aws_version_tokens@<:@1@:>@}, [Minor version of aws-sdk-cpp.])
+  AC_DEFINE_UNQUOTED([AWS_VERSION_PATCH], ${aws_version_tokens@<:@2@:>@}, [Patch version of aws-sdk-cpp.])
+fi
+
+
+# Whether to use the Boehm garbage collector.
+AC_ARG_ENABLE(gc, AS_HELP_STRING([--enable-gc],[enable garbage collection in the Nix expression evaluator (requires Boehm GC) [default=yes]]),
+  gc=$enableval, gc=yes)
+if test "$gc" = yes; then
+  PKG_CHECK_MODULES([BDW_GC], [bdw-gc])
+  CXXFLAGS="$BDW_GC_CFLAGS $CXXFLAGS"
+  AC_DEFINE(HAVE_BOEHMGC, 1, [Whether to use the Boehm garbage collector.])
+fi
+
+
+if test "$tests" = yes; then
+
+# Look for gtest.
+PKG_CHECK_MODULES([GTEST], [gtest_main])
+
+
+# Look for rapidcheck.
+AC_ARG_VAR([RAPIDCHECK_HEADERS], [include path of gtest headers shipped by RAPIDCHECK])
+# No pkg-config yet, https://github.com/emil-e/rapidcheck/issues/302
+AC_LANG_PUSH(C++)
+AC_SUBST(RAPIDCHECK_HEADERS)
+[CXXFLAGS="-I $RAPIDCHECK_HEADERS $CXXFLAGS"]
+[LIBS="-lrapidcheck -lgtest $LIBS"]
+AC_CHECK_HEADERS([rapidcheck/gtest.h], [], [], [#include <gtest/gtest.h>])
+dnl AC_CHECK_LIB doesn't work for C++ libs with mangled symbols
+AC_LINK_IFELSE([
+    AC_LANG_PROGRAM([[
+      #include <gtest/gtest.h>
+      #include <rapidcheck/gtest.h>
+    ]], [[
+      return RUN_ALL_TESTS();
+    ]])
+  ],
+  [],
+  [AC_MSG_ERROR([librapidcheck is not found.])])
+AC_LANG_POP(C++)
+
+fi
+
+# Look for nlohmann/json.
+PKG_CHECK_MODULES([NLOHMANN_JSON], [nlohmann_json >= 3.9])
+
+
+# documentation generation switch
+AC_ARG_ENABLE(doc-gen, AS_HELP_STRING([--disable-doc-gen],[disable documentation generation]),
+  doc_generate=$enableval, doc_generate=yes)
+AC_SUBST(doc_generate)
+
+# Look for lowdown library.
+PKG_CHECK_MODULES([LOWDOWN], [lowdown >= 0.9.0], [CXXFLAGS="$LOWDOWN_CFLAGS $CXXFLAGS"])
+
+# Setuid installations.
+AC_CHECK_FUNCS([setresuid setreuid lchown])
+
+
+# Nice to have, but not essential.
+AC_CHECK_FUNCS([strsignal posix_fallocate sysconf])
+
+
+AC_ARG_WITH(sandbox-shell, AS_HELP_STRING([--with-sandbox-shell=PATH],[path of a statically-linked shell to use as /bin/sh in sandboxes]),
+  sandbox_shell=$withval)
+AC_SUBST(sandbox_shell)
+if test ${cross_compiling:-no} = no && ! test -z ${sandbox_shell+x}; then
+  AC_MSG_CHECKING([whether sandbox-shell has the standalone feature])
+  # busybox shell sometimes allows executing other busybox applets,
+  # even if they are not in the path, breaking our sandbox
+  if PATH= $sandbox_shell -c "busybox" 2>&1 | grep -qv "not found"; then
+    AC_MSG_RESULT(enabled)
+    AC_MSG_ERROR([Please disable busybox FEATURE_SH_STANDALONE])
+  else
+    AC_MSG_RESULT(disabled)
+  fi
+fi
+
+AC_ARG_ENABLE(embedded-sandbox-shell, AS_HELP_STRING([--enable-embedded-sandbox-shell],[include the sandbox shell in the Nix binary [default=no]]),
+  embedded_sandbox_shell=$enableval, embedded_sandbox_shell=no)
+AC_SUBST(embedded_sandbox_shell)
+if test "$embedded_sandbox_shell" = yes; then
+  AC_DEFINE(HAVE_EMBEDDED_SANDBOX_SHELL, 1, [Include the sandbox shell in the Nix binary.])
+fi
+
+
+# Expand all variables in config.status.
+test "$prefix" = NONE && prefix=$ac_default_prefix
+test "$exec_prefix" = NONE && exec_prefix='${prefix}'
+for name in $ac_subst_vars; do
+    declare $name="$(eval echo "${!name}")"
+    declare $name="$(eval echo "${!name}")"
+    declare $name="$(eval echo "${!name}")"
+done
+
+rm -f Makefile.config
+
+AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_FILES([])
+AC_OUTPUT

default.nix

@@ -1,9 +1,10 @@
-(import (
-  let
-    lock = builtins.fromJSON (builtins.readFile ./flake.lock);
-  in
-  fetchTarball {
-    url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
-    sha256 = lock.nodes.flake-compat.locked.narHash;
-  }
-) { src = ./.; }).defaultNix
+(import
+  (
+    let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
+    fetchTarball {
+      url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
+      sha256 = lock.nodes.flake-compat.locked.narHash;
+    }
+  )
+  { src = ./.; }
+).defaultNix

doc/internal-api/doxygen.cfg.in

@@ -12,15 +12,13 @@ PROJECT_NAME           = "Nix"
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         = @PROJECT_NUMBER@
-
-OUTPUT_DIRECTORY       = @OUTPUT_DIRECTORY@
+PROJECT_NUMBER         = @PACKAGE_VERSION@
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a
 # quick idea about the purpose of the project. Keep the description short.
 
-PROJECT_BRIEF          = "Nix, the purely functional package manager: C API (experimental)"
+PROJECT_BRIEF          = "Nix, the purely functional package manager; unstable internal interfaces"
 
 # If the GENERATE_LATEX tag is set to YES, doxygen will generate LaTeX output.
 # The default value is: YES.
@@ -38,13 +36,27 @@ GENERATE_LATEX         = NO
 # so they can expand variables despite configure variables.
 
 INPUT                  = \
-  @src@/src/libutil-c \
-  @src@/src/libexpr-c \
-  @src@/src/libflake-c \
-  @src@/src/libstore-c \
-  @src@/src/external-api-docs/README.md
-
-FILE_PATTERNS = nix_api_*.h *.md
+  src/libcmd \
+  src/libexpr \
+  src/libexpr/flake \
+  tests/unit/libexpr \
+  tests/unit/libexpr/value \
+  tests/unit/libexpr/test \
+  tests/unit/libexpr/test/value \
+  src/libexpr/value \
+  src/libfetchers \
+  src/libmain \
+  src/libstore \
+  src/libstore/build \
+  src/libstore/builtins \
+  tests/unit/libstore \
+  tests/unit/libstore/test \
+  src/libutil \
+  tests/unit/libutil \
+  tests/unit/libutil/test \
+  src/nix \
+  src/nix-env \
+  src/nix-store
 
 # The INCLUDE_PATH tag can be used to specify one or more directories that
 # contain include files that are not input files but should be processed by the
@@ -52,12 +64,4 @@ FILE_PATTERNS = nix_api_*.h *.md
 # RECURSIVE has no effect here.
 # This tag requires that the tag SEARCH_INCLUDES is set to YES.
 
-EXCLUDE_PATTERNS = *_internal.h
-GENERATE_TREEVIEW = YES
-OPTIMIZE_OUTPUT_FOR_C  = YES
-
-USE_MDFILE_AS_MAINPAGE = @src@/src/external-api-docs/README.md
-
-WARN_IF_UNDOCUMENTED = NO
-WARN_IF_INCOMPLETE_DOC = NO
-QUIET = YES
+INCLUDE_PATH           = @RAPIDCHECK_HEADERS@

doc/internal-api/local.mk

@@ -0,0 +1,19 @@
+.PHONY: internal-api-html
+
+ifeq ($(internal_api_docs), yes)
+
+$(docdir)/internal-api/html/index.html $(docdir)/internal-api/latex: $(d)/doxygen.cfg
+	mkdir -p $(docdir)/internal-api
+	{ cat $< ; echo "OUTPUT_DIRECTORY=$(docdir)/internal-api" ; } | doxygen -
+
+# Generate the HTML API docs for Nix's unstable internal interfaces.
+internal-api-html: $(docdir)/internal-api/html/index.html
+
+else
+
+# Make a nicer error message
+internal-api-html:
+	@echo "Internal API docs are disabled. Configure with '--enable-internal-api-docs', or avoid calling 'make internal-api-html'."
+	@exit 1
+
+endif

doc/manual/.version

@@ -1 +0,0 @@
-../../.version

doc/manual/anchors.jq

@@ -3,7 +3,7 @@
 
 
 def transform_anchors_html:
-    . | gsub($empty_anchor_regex; "<a id=\"" + .anchor + "\"></a>")
+    . | gsub($empty_anchor_regex; "<a name=\"" + .anchor + "\"></a>")
       | gsub($anchor_regex; "<a href=\"#" + .anchor + "\" id=\"" + .anchor + "\">" + .text + "</a>");
 
 

doc/manual/book.toml

@@ -0,0 +1,21 @@
+[book]
+title = "Nix Reference Manual"
+
+[output.html]
+additional-css = ["custom.css"]
+additional-js = ["redirects.js"]
+edit-url-template = "https://github.com/NixOS/nix/tree/master/doc/manual/{path}"
+git-repository-url = "https://github.com/NixOS/nix"
+
+[preprocessor.anchors]
+renderers = ["html"]
+command = "jq --from-file doc/manual/anchors.jq"
+
+[output.linkcheck]
+# no Internet during the build (in the sandbox)
+follow-web-links = false
+
+# mdbook-linkcheck does not understand [foo]{#bar} style links, resulting in
+# excessive "Potential incomplete link" warnings. No other kind of warning was
+# produced at the time of writing.
+warning-policy = "ignore"

doc/manual/book.toml.in

@@ -1,35 +0,0 @@
-[book]
-title = "Nix @version@ Reference Manual"
-src = "source"
-
-[output.html]
-additional-css = ["custom.css"]
-additional-js = ["redirects.js"]
-edit-url-template = "https://github.com/NixOS/nix/tree/master/doc/manual/{path}"
-git-repository-url = "https://github.com/NixOS/nix"
-mathjax-support = true
-
-# Handles replacing @docroot@ with a path to ./source relative to that markdown file,
-# {{#include handlebars}}, and the @generated@ syntax used within these. it mostly
-# but not entirely replaces the links preprocessor (which we cannot simply use due
-# to @generated@ files living in a different directory to make meson happy). we do
-# not want to disable the links preprocessor entirely though because that requires
-# disabling *all* built-in preprocessors and selectively reenabling those we want.
-[preprocessor.substitute]
-command = "python3 ./substitute.py"
-before = ["anchors", "links"]
-
-[preprocessor.anchors]
-renderers = ["html"]
-command = "jq --from-file ./anchors.jq"
-
-[output.markdown]
-
-[output.linkcheck]
-# no Internet during the build (in the sandbox)
-follow-web-links = false
-
-# mdbook-linkcheck does not understand [foo]{#bar} style links, resulting in
-# excessive "Potential incomplete link" warnings. No other kind of warning was
-# produced at the time of writing.
-warning-policy = "ignore"

doc/manual/custom.css

@@ -12,8 +12,8 @@ h1.menu-title::before {
 }
 
 
-.menu-bar {
-  padding: 0.5em 0em;
+h1.menu-title {
+  padding: 0.5em;
 }
 
 .sidebar .sidebar-scrollbox {

doc/manual/generate-builtin-constants.nix

@@ -0,0 +1,31 @@
+let
+  inherit (builtins) concatStringsSep attrValues mapAttrs;
+  inherit (import ./utils.nix) optionalString squash;
+in
+
+builtinsInfo:
+let
+  showBuiltin = name: { doc, type, impure-only }:
+    let
+      type' = optionalString (type != null) " (${type})";
+
+      impureNotice = optionalString impure-only ''
+        > **Note**
+        >
+        > Not available in [pure evaluation mode](@docroot@/command-ref/conf-file.md#conf-pure-eval).
+      '';
+    in
+    squash ''
+      <dt id="builtins-${name}">
+        <a href="#builtins-${name}"><code>${name}</code></a>${type'}
+      </dt>
+      <dd>
+
+      ${doc}
+
+      ${impureNotice}
+
+      </dd>
+    '';
+in
+concatStringsSep "\n" (attrValues (mapAttrs showBuiltin builtinsInfo))

doc/manual/generate-builtins.nix

@@ -1,53 +1,28 @@
 let
   inherit (builtins) concatStringsSep attrValues mapAttrs;
-  inherit (import <nix/utils.nix>) optionalString squash;
+  inherit (import ./utils.nix) optionalString squash;
 in
 
 builtinsInfo:
 let
-  showBuiltin =
-    name:
-    {
-      doc,
-      type ? null,
-      args ? [ ],
-      experimental-feature ? null,
-      impure-only ? false,
-    }:
+  showBuiltin = name: { doc, args, arity, experimental-feature }:
     let
-      type' = optionalString (type != null) " (${type})";
-
       experimentalNotice = optionalString (experimental-feature != null) ''
-        > **Note**
-        >
-        > This function is only available if the [`${experimental-feature}` experimental feature](@docroot@/development/experimental-features.md#xp-feature-${experimental-feature}) is enabled.
-        >
-        > For example, include the following in [`nix.conf`](@docroot@/command-ref/conf-file.md):
-        >
-        > ```
-        > extra-experimental-features = ${experimental-feature}
-        > ```
-      '';
-
-      impureNotice = optionalString impure-only ''
-        > **Note**
-        >
-        > Not available in [pure evaluation mode](@docroot@/command-ref/conf-file.md#conf-pure-eval).
+        This function is only available if the [${experimental-feature}](@docroot@/contributing/experimental-features.md#xp-feature-${experimental-feature}) experimental feature is enabled.
       '';
     in
     squash ''
       <dt id="builtins-${name}">
-        <a href="#builtins-${name}"><code>${name}${listArgs args}</code></a>${type'}
+        <a href="#builtins-${name}"><code>${name} ${listArgs args}</code></a>
       </dt>
       <dd>
 
-      ${experimentalNotice}
-
       ${doc}
 
-      ${impureNotice}
+      ${experimentalNotice}
+
       </dd>
     '';
-  listArgs = args: concatStringsSep "" (map (s: " <var>${s}</var>") args);
+  listArgs = args: concatStringsSep " " (map (s: "<var>${s}</var>") args);
 in
 concatStringsSep "\n" (attrValues (mapAttrs showBuiltin builtinsInfo))

doc/manual/generate-deps.py

@@ -1,22 +0,0 @@
-#!/usr/bin/env python3
-
-import glob
-import sys
-
-# meson expects makefile-style dependency declarations, i.e.
-#
-#   target: dependency...
-#
-# meson seems to pass depfiles straight on to ninja even though
-# it also parses the file itself (or at least has code to do so
-# in its tree), so we must live by ninja's rules: only slashes,
-# spaces and octothorpes can be escaped, anything else is taken
-# literally. since the rules for these aren't even the same for
-# all three we will just fail when we encounter any of them (if
-# asserts are off for some reason the depfile will likely point
-# to nonexistent paths, making everything phony and thus fine.)
-for path in glob.glob(sys.argv[1] + '/**', recursive=True):
-    assert '\\' not in path
-    assert ' ' not in path
-    assert '#' not in path
-    print("ignored:", path)

doc/manual/generate-manpage.nix

@@ -1,29 +1,8 @@
 let
   inherit (builtins)
-    attrNames
-    attrValues
-    concatMap
-    concatStringsSep
-    fromJSON
-    groupBy
-    length
-    lessThan
-    listToAttrs
-    mapAttrs
-    match
-    replaceStrings
-    sort
-    ;
-  inherit (import <nix/utils.nix>)
-    attrsToList
-    concatStrings
-    filterAttrs
-    optionalString
-    squash
-    trim
-    unique
-    ;
-  showStoreDocs = import <nix/generate-store-info.nix>;
+    attrNames attrValues fromJSON listToAttrs mapAttrs
+    concatStringsSep concatMap length lessThan replaceStrings sort;
+  inherit (import ./utils.nix) concatStrings optionalString filterAttrs trim squash unique showSettings;
 in
 
 inlineHTML: commandDump:
@@ -32,19 +11,13 @@ let
 
   commandInfo = fromJSON commandDump;
 
-  showCommand =
-    {
-      command,
-      details,
-      filename,
-      toplevel,
-    }:
+  showCommand = { command, details, filename, toplevel }:
     let
 
       result = ''
         > **Warning** \
         > This program is
-        > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
+        > [**experimental**](@docroot@/contributing/experimental-features.md#xp-feature-nix-command)
         > and its interface is subject to change.
 
         # Name
@@ -57,32 +30,31 @@ let
 
         ${maybeSubcommands}
 
-        ${maybeProse}
+        ${maybeStoreDocs}
 
         ${maybeOptions}
       '';
 
-      showSynopsis =
-        command: args:
+      showSynopsis = command: args:
         let
-          showArgument = arg: "*${arg.label}*" + optionalString (!arg ? arity) "...";
+          showArgument = arg: "*${arg.label}*" + optionalString (! arg ? arity) "...";
           arguments = concatStringsSep " " (map showArgument args);
-        in
-        ''
-          `${command}` [*option*...] ${arguments}
+        in ''
+         `${command}` [*option*...] ${arguments}
         '';
 
-      maybeSubcommands = optionalString (details ? commands && details.commands != { }) ''
-        where *subcommand* is one of the following:
+      maybeSubcommands = optionalString (details ? commands && details.commands != {})
+         ''
+           where *subcommand* is one of the following:
 
-        ${subcommands}
-      '';
+           ${subcommands}
+         '';
 
-      subcommands = if length categories > 1 then listCategories else listSubcommands details.commands;
+      subcommands = if length categories > 1
+        then listCategories
+        else listSubcommands details.commands;
 
-      categories = sort (x: y: x.id < y.id) (
-        unique (map (cmd: cmd.category) (attrValues details.commands))
-      );
+      categories = sort (x: y: x.id < y.id) (unique (map (cmd: cmd.category) (attrValues details.commands)));
 
       listCategories = concatStrings (map showCategory categories);
 
@@ -98,125 +70,61 @@ let
         * [`${command} ${name}`](./${appendName filename name}.md) - ${subcmd.description}
       '';
 
-      maybeProse =
-        # FIXME: this is a horrible hack to keep `nix help-stores` working.
+      maybeStoreDocs = optionalString
+        (details ? doc)
+        (replaceStrings ["@stores@"] [storeDocs] details.doc);
+
+      maybeOptions = optionalString (details.flags != {}) ''
+        # Options
+
+        ${showOptions details.flags toplevel.flags}
+      '';
+
+      showOptions = options: commonOptions:
         let
-          help-stores = ''
-            ${index}
+          allOptions = options // commonOptions;
+          showCategory = cat: ''
+            ${optionalString (cat != "") "**${cat}:**"}
 
-            ${allStores}
-          '';
-          index =
-            replaceStrings
-              [ "@store-types@" "./local-store.md" "./local-daemon-store.md" ]
-              [ storesOverview "#local-store" "#local-daemon-store" ]
-              details.doc;
-          storesOverview =
-            let
-              showEntry = store: "- [${store.name}](#${store.slug})";
-            in
-            concatStringsSep "\n" (map showEntry storesList) + "\n";
-          allStores = concatStringsSep "\n" (attrValues storePages);
-          storePages = listToAttrs (
-            map (s: {
-              name = s.filename;
-              value = s.page;
-            }) storesList
-          );
-          storesList = showStoreDocs {
-            storeInfo = commandInfo.stores;
-            inherit inlineHTML;
-          };
-          hasInfix =
-            infix: content:
-            builtins.stringLength content != builtins.stringLength (replaceStrings [ infix ] [ "" ] content);
-        in
-        optionalString (details ? doc) (
-          # An alternate implementation with builtins.match stack overflowed on some systems.
-          if hasInfix "@store-types@" details.doc then help-stores else details.doc
-        );
-
-      maybeOptions =
-        let
-          allVisibleOptions = filterAttrs (_: o: !o.hiddenCategory) (details.flags // toplevel.flags);
-        in
-        optionalString (allVisibleOptions != { }) ''
-          # Options
-
-          ${showOptions inlineHTML allVisibleOptions}
-
-          > **Note**
-          >
-          > See [`man nix.conf`](@docroot@/command-ref/conf-file.md#command-line-flags) for overriding configuration settings with command line flags.
-        '';
-
-      showOptions =
-        inlineHTML: allOptions:
-        let
-          showCategory = cat: opts: ''
-            ${optionalString (cat != "") "## ${cat}"}
-
-            ${concatStringsSep "\n" (attrValues (mapAttrs showOption opts))}
-          '';
-          showOption =
-            name: option:
+            ${listOptions (filterAttrs (n: v: v.category == cat) allOptions)}
+            '';
+          listOptions = opts: concatStringsSep "\n" (attrValues (mapAttrs showOption opts));
+          showOption = name: option:
             let
               result = trim ''
                 - ${item}
-
                   ${option.description}
               '';
-              item =
-                if inlineHTML then
-                  ''<span id="opt-${name}">[`--${name}`](#opt-${name})</span> ${shortName} ${labels}''
-                else
-                  "`--${name}` ${shortName} ${labels}";
-              shortName = optionalString (option ? shortName) ("/ `-${option.shortName}`");
-              labels = optionalString (option ? labels) (concatStringsSep " " (map (s: "*${s}*") option.labels));
-            in
-            result;
-          categories =
-            mapAttrs
-              # Convert each group from a list of key-value pairs back to an attrset
-              (_: listToAttrs)
-              (groupBy (cmd: cmd.value.category) (attrsToList allOptions));
-        in
-        concatStrings (attrValues (mapAttrs showCategory categories));
-    in
-    squash result;
+              item = if inlineHTML
+                then ''<span id="opt-${name}">[`--${name}`](#opt-${name})</span> ${shortName} ${labels}''
+                else "`--${name}` ${shortName} ${labels}";
+              shortName = optionalString
+                (option ? shortName)
+                ("/ `-${option.shortName}`");
+              labels = optionalString
+                (option ? labels)
+                (concatStringsSep " " (map (s: "*${s}*") option.labels));
+            in result;
+          categories = sort lessThan (unique (map (cmd: cmd.category) (attrValues allOptions)));
+        in concatStrings (map showCategory categories);
+    in squash result;
 
   appendName = filename: name: (if filename == "nix" then "nix3" else filename) + "-" + name;
 
-  processCommand =
-    {
-      command,
-      details,
-      filename,
-      toplevel,
-    }:
+  processCommand = { command, details, filename, toplevel }:
     let
       cmd = {
         inherit command;
         name = filename + ".md";
-        value = showCommand {
-          inherit
-            command
-            details
-            filename
-            toplevel
-            ;
-        };
+        value = showCommand { inherit command details filename toplevel; };
       };
-      subcommand =
-        subCmd:
-        processCommand {
-          command = command + " " + subCmd;
-          details = details.commands.${subCmd};
-          filename = appendName filename subCmd;
-          inherit toplevel;
-        };
-    in
-    [ cmd ] ++ concatMap subcommand (attrNames details.commands or { });
+      subcommand = subCmd: processCommand {
+        command = command + " " + subCmd;
+        details = details.commands.${subCmd};
+        filename = appendName filename subCmd;
+        inherit toplevel;
+      };
+    in [ cmd ] ++ concatMap subcommand (attrNames details.commands or {});
 
   manpages = processCommand {
     command = "nix";
@@ -225,11 +133,40 @@ let
     toplevel = commandInfo.args;
   };
 
-  tableOfContents =
-    let
-      showEntry = page: "    - [${page.command}](command-ref/new-cli/${page.name})";
-    in
-    concatStringsSep "\n" (map showEntry manpages) + "\n";
+  tableOfContents = let
+    showEntry = page:
+      "    - [${page.command}](command-ref/new-cli/${page.name})";
+    in concatStringsSep "\n" (map showEntry manpages) + "\n";
 
-in
-(listToAttrs manpages) // { "SUMMARY.md" = tableOfContents; }
+  storeDocs =
+    let
+      showStore = name: { settings, doc, experimentalFeature }:
+        let
+          experimentalFeatureNote = optionalString (experimentalFeature != null) ''
+            > **Warning**
+            > This store is part of an
+            > [experimental feature](@docroot@/contributing/experimental-features.md).
+
+            To use this store, you need to make sure the corresponding experimental feature,
+            [`${experimentalFeature}`](@docroot@/contributing/experimental-features.md#xp-feature-${experimentalFeature}),
+            is enabled.
+            For example, include the following in [`nix.conf`](#):
+
+            ```
+            extra-experimental-features = ${experimentalFeature}
+            ```
+          '';
+        in ''
+          ## ${name}
+
+          ${doc}
+
+          ${experimentalFeatureNote}
+
+          **Settings**:
+
+          ${showSettings { inherit inlineHTML; } settings}
+        '';
+    in concatStrings (attrValues (mapAttrs showStore commandInfo.stores));
+
+in (listToAttrs manpages) // { "SUMMARY.md" = tableOfContents; }

doc/manual/generate-settings.nix

@@ -1,99 +0,0 @@
-let
-  inherit (builtins)
-    attrValues
-    concatStringsSep
-    isAttrs
-    isBool
-    mapAttrs
-    ;
-  inherit (import <nix/utils.nix>)
-    concatStrings
-    indent
-    optionalString
-    squash
-    ;
-in
-
-# `inlineHTML` is a hack to accommodate inconsistent output from `lowdown`
-{
-  prefix,
-  inlineHTML ? true,
-}:
-settingsInfo:
-
-let
-
-  showSetting =
-    prefix: setting:
-    {
-      description,
-      documentDefault,
-      defaultValue,
-      aliases,
-      value,
-      experimentalFeature,
-    }:
-    let
-      result = squash ''
-        - ${item}
-
-        ${indent "  " body}
-      '';
-      item =
-        if inlineHTML then
-          ''<span id="${prefix}-${setting}">[`${setting}`](#${prefix}-${setting})</span>''
-        else
-          "`${setting}`";
-      # separate body to cleanly handle indentation
-      body = ''
-        ${experimentalFeatureNote}
-
-        ${description}
-
-        **Default:** ${showDefault documentDefault defaultValue}
-
-        ${showAliases aliases}
-      '';
-
-      experimentalFeatureNote = optionalString (experimentalFeature != null) ''
-        > **Warning**
-        >
-        > This setting is part of an
-        > [experimental feature](@docroot@/development/experimental-features.md).
-        >
-        > To change this setting, make sure the
-        > [`${experimentalFeature}` experimental feature](@docroot@/development/experimental-features.md#xp-feature-${experimentalFeature})
-        > is enabled.
-        > For example, include the following in [`nix.conf`](@docroot@/command-ref/conf-file.md):
-        >
-        > ```
-        > extra-experimental-features = ${experimentalFeature}
-        > ${setting} = ...
-        > ```
-      '';
-
-      showDefault =
-        documentDefault: defaultValue:
-        if documentDefault then
-          # a StringMap value type is specified as a string, but
-          # this shows the value type. The empty stringmap is `null` in
-          # JSON, but that converts to `{ }` here.
-          if defaultValue == "" || defaultValue == [ ] || isAttrs defaultValue then
-            "*empty*"
-          else if isBool defaultValue then
-            if defaultValue then "`true`" else "`false`"
-          else
-            "`${toString defaultValue}`"
-        else
-          "*machine-specific*";
-
-      showAliases =
-        aliases:
-        optionalString (aliases != [ ])
-          "**Deprecated alias:** ${(concatStringsSep ", " (map (s: "`${s}`") aliases))}";
-
-    in
-    result;
-
-in
-concatStrings (attrValues (mapAttrs (showSetting prefix) settingsInfo))

doc/manual/generate-store-info.nix

@@ -1,81 +0,0 @@
-let
-  inherit (builtins)
-    attrNames
-    listToAttrs
-    concatStringsSep
-    readFile
-    replaceStrings
-    ;
-  inherit (import <nix/utils.nix>)
-    optionalString
-    filterAttrs
-    trim
-    squash
-    toLower
-    unique
-    indent
-    ;
-  showSettings = import <nix/generate-settings.nix>;
-in
-
-{
-  # data structure describing all stores and their parameters
-  storeInfo,
-  # whether to add inline HTML tags
-  # `lowdown` does not eat those for one of the output modes
-  inlineHTML,
-}:
-
-let
-
-  showStore =
-    { name, slug }:
-    {
-      settings,
-      doc,
-      uri-schemes,
-      experimentalFeature,
-    }:
-    let
-      result = squash ''
-        # ${name}
-
-        ${experimentalFeatureNote}
-
-        ${doc}
-
-        ## Settings
-
-        ${showSettings {
-          prefix = "store-${slug}";
-          inherit inlineHTML;
-        } settings}
-      '';
-
-      experimentalFeatureNote = optionalString (experimentalFeature != null) ''
-        > **Warning**
-        >
-        > This store is part of an
-        > [experimental feature](@docroot@/development/experimental-features.md).
-        >
-        > To use this store, make sure the
-        > [`${experimentalFeature}` experimental feature](@docroot@/development/experimental-features.md#xp-feature-${experimentalFeature})
-        > is enabled.
-        > For example, include the following in [`nix.conf`](@docroot@/command-ref/conf-file.md):
-        >
-        > ```
-        > extra-experimental-features = ${experimentalFeature}
-        > ```
-      '';
-    in
-    result;
-
-  storesList = map (name: rec {
-    inherit name;
-    slug = replaceStrings [ " " ] [ "-" ] (toLower name);
-    filename = "${slug}.md";
-    page = showStore { inherit name slug; } storeInfo.${name};
-  }) (attrNames storeInfo);
-
-in
-storesList

doc/manual/generate-store-types.nix

@@ -1,47 +0,0 @@
-let
-  inherit (builtins)
-    attrNames
-    listToAttrs
-    concatStringsSep
-    readFile
-    replaceStrings
-    ;
-  showSettings = import <nix/generate-settings.nix>;
-  showStoreDocs = import <nix/generate-store-info.nix>;
-in
-
-storeInfo:
-
-let
-  storesList = showStoreDocs {
-    inherit storeInfo;
-    inlineHTML = true;
-  };
-
-  index =
-    let
-      showEntry = store: "- [${store.name}](./${store.filename})";
-    in
-    concatStringsSep "\n" (map showEntry storesList);
-
-  "index.md" = replaceStrings [ "@store-types@" ] [ index ] (
-    readFile ./source/store/types/index.md.in
-  );
-
-  tableOfContents =
-    let
-      showEntry = store: "    - [${store.name}](store/types/${store.filename})";
-    in
-    concatStringsSep "\n" (map showEntry storesList) + "\n";
-
-  "SUMMARY.md" = tableOfContents;
-
-  storePages = listToAttrs (
-    map (s: {
-      name = s.filename;
-      value = s.page;
-    }) storesList
-  );
-
-in
-storePages // { inherit "index.md" "SUMMARY.md"; }

doc/manual/generate-xp-features-shortlist.nix

@@ -1,9 +1,9 @@
 with builtins;
-with import <nix/utils.nix>;
+with import ./utils.nix;
 
 let
-  showExperimentalFeature = name: doc: ''
-    - [`${name}`](@docroot@/development/experimental-features.md#xp-feature-${name})
-  '';
-in
-xps: indent "  " (concatStrings (attrValues (mapAttrs showExperimentalFeature xps)))
+  showExperimentalFeature = name: doc:
+    ''
+      - [`${name}`](@docroot@/contributing/experimental-features.md#xp-feature-${name})
+    '';
+in xps: indent "  " (concatStrings (attrValues (mapAttrs showExperimentalFeature xps)))

doc/manual/generate-xp-features.nix

@@ -1,14 +1,11 @@
 with builtins;
-with import <nix/utils.nix>;
+with import ./utils.nix;
 
 let
-  showExperimentalFeature =
-    name: doc:
+  showExperimentalFeature = name: doc:
     squash ''
       ## [`${name}`]{#xp-feature-${name}}
 
       ${doc}
     '';
-in
-
-xps: (concatStringsSep "\n" (attrValues (mapAttrs showExperimentalFeature xps)))
+in xps: (concatStringsSep "\n" (attrValues (mapAttrs showExperimentalFeature xps)))

doc/manual/local.mk

@@ -0,0 +1,195 @@
+ifeq ($(doc_generate),yes)
+
+MANUAL_SRCS := \
+	$(call rwildcard, $(d)/src, *.md) \
+	$(call rwildcard, $(d)/src, */*.md)
+
+man-pages := $(foreach n, \
+	nix-env.1 nix-store.1 \
+	nix-build.1 nix-shell.1 nix-instantiate.1 \
+	nix-collect-garbage.1 \
+	nix-prefetch-url.1 nix-channel.1 \
+	nix-hash.1 nix-copy-closure.1 \
+	nix.conf.5 nix-daemon.8 \
+	nix-profiles.5 \
+, $(d)/$(n))
+
+# man pages for subcommands
+# convert from `$(d)/src/command-ref/nix-{1}/{2}.md` to `$(d)/nix-{1}-{2}.1`
+# FIXME: unify with how nix3-cli man pages are generated
+man-pages += $(foreach subcommand, \
+	$(filter-out %opt-common.md %env-common.md, $(wildcard $(d)/src/command-ref/nix-*/*.md)), \
+	$(d)/$(subst /,-,$(subst $(d)/src/command-ref/,,$(subst .md,.1,$(subcommand)))))
+
+clean-files += $(d)/*.1 $(d)/*.5 $(d)/*.8
+
+# Provide a dummy environment for nix, so that it will not access files outside the macOS sandbox.
+# Set cores to 0 because otherwise nix show-config resolves the cores based on the current machine
+dummy-env = env -i \
+	HOME=/dummy \
+	NIX_CONF_DIR=/dummy \
+	NIX_SSL_CERT_FILE=/dummy/no-ca-bundle.crt \
+	NIX_STATE_DIR=/dummy \
+	NIX_CONFIG='cores = 0'
+
+nix-eval = $(dummy-env) $(bindir)/nix eval --experimental-features nix-command -I nix/corepkgs=corepkgs --store dummy:// --impure --raw
+
+# re-implement mdBook's include directive to make it usable for terminal output and for proper @docroot@ substitution
+define process-includes
+	while read -r line; do \
+		set -euo pipefail; \
+		filename="$$(dirname $(1))/$$(sed 's/{{#include \(.*\)}}/\1/'<<< $$line)"; \
+		test -f "$$filename" || ( echo "#include-d file '$$filename' does not exist." >&2; exit 1; ); \
+		matchline="$$(sed 's|/|\\/|g' <<< $$line)"; \
+		sed -i "/$$matchline/r $$filename" $(2); \
+		sed -i "s/$$matchline//" $(2); \
+	done < <(grep '{{#include' $(1))
+endef
+
+$(d)/nix-env-%.1: $(d)/src/command-ref/nix-env/%.md
+	@printf "Title: %s\n\n" "$(subst nix-env-,nix-env --,$$(basename "$@" .1))" > $^.tmp
+	$(render-subcommand)
+
+$(d)/nix-store-%.1: $(d)/src/command-ref/nix-store/%.md
+	@printf -- 'Title: %s\n\n' "$(subst nix-store-,nix-store --,$$(basename "$@" .1))" > $^.tmp
+	$(render-subcommand)
+
+# FIXME: there surely is some more deduplication to be achieved here with even darker Make magic
+define render-subcommand
+  @cat $^ >> $^.tmp
+	@$(call process-includes,$^,$^.tmp)
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=1 $^.tmp -o $@
+	@# fix up `lowdown`'s automatic escaping of `--`
+	@# https://github.com/kristapsdz/lowdown/blob/edca6ce6d5336efb147321a43c47a698de41bb7c/entity.c#L202
+	@sed -i 's/\e\[u2013\]/--/' $@
+	@rm $^.tmp
+endef
+
+
+$(d)/%.1: $(d)/src/command-ref/%.md
+	@printf "Title: %s\n\n" "$$(basename $@ .1)" > $^.tmp
+	@cat $^ >> $^.tmp
+	@$(call process-includes,$^,$^.tmp)
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=1 $^.tmp -o $@
+	@rm $^.tmp
+
+$(d)/%.8: $(d)/src/command-ref/%.md
+	@printf "Title: %s\n\n" "$$(basename $@ .8)" > $^.tmp
+	@cat $^ >> $^.tmp
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=8 $^.tmp -o $@
+	@rm $^.tmp
+
+$(d)/nix.conf.5: $(d)/src/command-ref/conf-file.md
+	@printf "Title: %s\n\n" "$$(basename $@ .5)" > $^.tmp
+	@cat $^ >> $^.tmp
+	@$(call process-includes,$^,$^.tmp)
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=5 $^.tmp -o $@
+	@rm $^.tmp
+
+$(d)/nix-profiles.5: $(d)/src/command-ref/files/profiles.md
+	@printf "Title: %s\n\n" "$$(basename $@ .5)" > $^.tmp
+	@cat $^ >> $^.tmp
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=5 $^.tmp -o $@
+	@rm $^.tmp
+
+$(d)/src/SUMMARY.md: $(d)/src/SUMMARY.md.in $(d)/src/command-ref/new-cli $(d)/src/contributing/experimental-feature-descriptions.md
+	@cp $< $@
+	@$(call process-includes,$@,$@)
+
+$(d)/src/command-ref/new-cli: $(d)/nix.json $(d)/utils.nix $(d)/generate-manpage.nix $(bindir)/nix
+	@rm -rf $@ $@.tmp
+	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-manpage.nix true (builtins.readFile $<)'
+	@mv $@.tmp $@
+
+$(d)/src/command-ref/conf-file.md: $(d)/conf-file.json $(d)/utils.nix $(d)/src/command-ref/conf-file-prefix.md $(d)/src/command-ref/experimental-features-shortlist.md $(bindir)/nix
+	@cat doc/manual/src/command-ref/conf-file-prefix.md > $@.tmp
+	$(trace-gen) $(nix-eval) --expr '(import doc/manual/utils.nix).showSettings { inlineHTML = true; } (builtins.fromJSON (builtins.readFile $<))' >> $@.tmp;
+	@mv $@.tmp $@
+
+$(d)/nix.json: $(bindir)/nix
+	$(trace-gen) $(dummy-env) $(bindir)/nix __dump-cli > $@.tmp
+	@mv $@.tmp $@
+
+$(d)/conf-file.json: $(bindir)/nix
+	$(trace-gen) $(dummy-env) $(bindir)/nix show-config --json --experimental-features nix-command > $@.tmp
+	@mv $@.tmp $@
+
+$(d)/src/contributing/experimental-feature-descriptions.md: $(d)/xp-features.json $(d)/utils.nix $(d)/generate-xp-features.nix $(bindir)/nix
+	@rm -rf $@ $@.tmp
+	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-xp-features.nix (builtins.fromJSON (builtins.readFile $<))'
+	@mv $@.tmp $@
+
+$(d)/src/command-ref/experimental-features-shortlist.md: $(d)/xp-features.json $(d)/utils.nix $(d)/generate-xp-features-shortlist.nix $(bindir)/nix
+	@rm -rf $@ $@.tmp
+	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-xp-features-shortlist.nix (builtins.fromJSON (builtins.readFile $<))'
+	@mv $@.tmp $@
+
+$(d)/xp-features.json: $(bindir)/nix
+	$(trace-gen) $(dummy-env) NIX_PATH=nix/corepkgs=corepkgs $(bindir)/nix __dump-xp-features > $@.tmp
+	@mv $@.tmp $@
+
+$(d)/src/language/builtins.md: $(d)/language.json $(d)/generate-builtins.nix $(d)/src/language/builtins-prefix.md $(bindir)/nix
+	@cat doc/manual/src/language/builtins-prefix.md > $@.tmp
+	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtins.nix (builtins.fromJSON (builtins.readFile $<)).builtins' >> $@.tmp;
+	@cat doc/manual/src/language/builtins-suffix.md >> $@.tmp
+	@mv $@.tmp $@
+
+$(d)/src/language/builtin-constants.md: $(d)/language.json $(d)/generate-builtin-constants.nix $(d)/src/language/builtin-constants-prefix.md $(bindir)/nix
+	@cat doc/manual/src/language/builtin-constants-prefix.md > $@.tmp
+	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtin-constants.nix (builtins.fromJSON (builtins.readFile $<)).constants' >> $@.tmp;
+	@cat doc/manual/src/language/builtin-constants-suffix.md >> $@.tmp
+	@mv $@.tmp $@
+
+$(d)/language.json: $(bindir)/nix
+	$(trace-gen) $(dummy-env) NIX_PATH=nix/corepkgs=corepkgs $(bindir)/nix __dump-language > $@.tmp
+	@mv $@.tmp $@
+
+# Generate the HTML manual.
+.PHONY: manual-html
+manual-html: $(docdir)/manual/index.html
+install: $(docdir)/manual/index.html
+
+# Generate 'nix' manpages.
+install: $(mandir)/man1/nix3-manpages
+man: doc/manual/generated/man1/nix3-manpages
+all: doc/manual/generated/man1/nix3-manpages
+
+# FIXME: unify with how the other man pages are generated.
+# this one works differently and does not use any of the amenities provided by `/mk/lib.mk`.
+$(mandir)/man1/nix3-manpages: doc/manual/generated/man1/nix3-manpages
+	@mkdir -p $(DESTDIR)$$(dirname $@)
+	$(trace-install) install -m 0644 $$(dirname $<)/* $(DESTDIR)$$(dirname $@)
+
+doc/manual/generated/man1/nix3-manpages: $(d)/src/command-ref/new-cli
+	@mkdir -p $(DESTDIR)$$(dirname $@)
+	$(trace-gen) for i in doc/manual/src/command-ref/new-cli/*.md; do \
+		name=$$(basename $$i .md); \
+		tmpFile=$$(mktemp); \
+		if [[ $$name = SUMMARY ]]; then continue; fi; \
+		printf "Title: %s\n\n" "$$name" > $$tmpFile; \
+		cat $$i >> $$tmpFile; \
+		lowdown -sT man --nroff-nolinks -M section=1 $$tmpFile -o $(DESTDIR)$$(dirname $@)/$$name.1; \
+		rm $$tmpFile; \
+	done
+	@touch $@
+
+$(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/anchors.jq $(d)/custom.css $(d)/src/SUMMARY.md $(d)/src/command-ref/new-cli $(d)/src/contributing/experimental-feature-descriptions.md $(d)/src/command-ref/conf-file.md $(d)/src/language/builtins.md $(d)/src/language/builtin-constants.md $(d)/src/favicon.png $(d)/src/favicon.svg
+	$(trace-gen) \
+		tmp="$$(mktemp -d)"; \
+		cp -r doc/manual "$$tmp"; \
+		find "$$tmp" -name '*.md' | while read -r file; do \
+			$(call process-includes,$$file,$$file); \
+		done; \
+		find "$$tmp" -name '*.md' | while read -r file; do \
+			docroot="$$(realpath --relative-to="$$(dirname "$$file")" $$tmp/manual/src)"; \
+			sed -i "s,@docroot@,$$docroot,g" "$$file"; \
+		done; \
+		set -euo pipefail; \
+		RUST_LOG=warn mdbook build "$$tmp/manual" -d $(DESTDIR)$(docdir)/manual.tmp 2>&1 \
+			| { grep -Fv "because fragment resolution isn't implemented" || :; }; \
+		rm -rf "$$tmp/manual"
+	@rm -rf $(DESTDIR)$(docdir)/manual
+	@mv $(DESTDIR)$(docdir)/manual.tmp/html $(DESTDIR)$(docdir)/manual
+	@rm -rf $(DESTDIR)$(docdir)/manual.tmp
+
+endif

doc/manual/meson.build

@@ -1,368 +0,0 @@
-project(
-  'nix-manual',
-  version : files('.version'),
-  meson_version : '>= 1.1',
-  license : 'LGPL-2.1-or-later',
-)
-
-nix = find_program('nix', native : true)
-
-mdbook = find_program('mdbook', native : true)
-bash = find_program('bash', native : true)
-rsync = find_program('rsync', required : true, native : true)
-
-pymod = import('python')
-python = pymod.find_installation('python3')
-
-nix_env_for_docs = {
-  'HOME' : '/dummy',
-  'NIX_CONF_DIR' : '/dummy',
-  'NIX_SSL_CERT_FILE' : '/dummy/no-ca-bundle.crt',
-  'NIX_STATE_DIR' : '/dummy',
-  'NIX_CONFIG' : 'cores = 0',
-}
-
-nix_for_docs = [ nix, '--experimental-features', 'nix-command' ]
-nix_eval_for_docs_common = nix_for_docs + [
-  'eval',
-  '-I',
-  'nix=' + meson.current_source_dir(),
-  '--store', 'dummy://',
-  '--impure',
-]
-nix_eval_for_docs = nix_eval_for_docs_common + '--raw'
-
-conf_file_json = custom_target(
-  command : nix_for_docs + [ 'config', 'show', '--json' ],
-  capture : true,
-  output : 'conf-file.json',
-  env : nix_env_for_docs,
-)
-
-language_json = custom_target(
-  command : [ nix, '__dump-language' ],
-  output : 'language.json',
-  capture : true,
-  env : nix_env_for_docs,
-)
-
-nix3_cli_json = custom_target(
-  command : [ nix, '__dump-cli' ],
-  capture : true,
-  output : 'nix.json',
-  env : nix_env_for_docs,
-)
-
-generate_manual_deps = files(
-  'generate-deps.py',
-)
-
-# Generates types
-subdir('source/store')
-# Generates builtins.md and builtin-constants.md.
-subdir('source/language')
-# Generates new-cli pages, experimental-features-shortlist.md, and conf-file.md.
-subdir('source/command-ref')
-# Generates experimental-feature-descriptions.md.
-subdir('source/development')
-# Generates rl-next-generated.md.
-subdir('source/release-notes')
-subdir('source')
-
-# Hacky way to figure out if `nix` is an `ExternalProgram` or
-# `Executable`. Only the latter can occur in custom target input lists.
-if nix.full_path().startswith(meson.build_root())
-  nix_input = nix
-else
-  nix_input = []
-endif
-
-manual = custom_target(
-  'manual',
-  command : [
-    bash,
-    '-euo',
-    'pipefail',
-    '-c',
-    '''
-        @0@ @INPUT0@ @CURRENT_SOURCE_DIR@ > @DEPFILE@
-        @0@ @INPUT1@ summary @2@ < @CURRENT_SOURCE_DIR@/source/SUMMARY.md.in > @2@/source/SUMMARY.md
-        sed -e 's|@version@|@3@|g' < @INPUT2@ > @2@/book.toml
-        @4@ -r -L --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
-        (cd @2@; RUST_LOG=warn @1@ build -d @2@ 3>&2 2>&1 1>&3) | { grep -Fv "because fragment resolution isn't implemented" || :; } 3>&2 2>&1 1>&3
-        rm -rf @2@/manual
-        mv @2@/html @2@/manual
-        # Remove Mathjax 2.7, because we will actually use MathJax 3.x
-        find @2@/manual | grep .html | xargs sed -i -e '/2.7.1.MathJax.js/d'
-        find @2@/manual -iname meson.build -delete
-    '''.format(
-      python.full_path(),
-      mdbook.full_path(),
-      meson.current_build_dir(),
-      meson.project_version(),
-      rsync.full_path(),
-    ),
-  ],
-  input : [
-    generate_manual_deps,
-    'substitute.py',
-    'book.toml.in',
-    'anchors.jq',
-    'custom.css',
-    nix3_cli_files,
-    experimental_features_shortlist_md,
-    experimental_feature_descriptions_md,
-    types_dir,
-    conf_file_md,
-    builtins_md,
-    rl_next_generated,
-    summary_rl_next,
-    json_schema_generated_files,
-    nix_input,
-  ],
-  output : [
-    'manual',
-    'markdown',
-  ],
-  depfile : 'manual.d',
-  env : {
-    'RUST_LOG' : 'info',
-    'MDBOOK_SUBSTITUTE_SEARCH' : meson.current_build_dir() / 'source',
-  },
-)
-manual_html = manual[0]
-manual_md = manual[1]
-
-install_subdir(
-  manual_html.full_path(),
-  install_dir : get_option('datadir') / 'doc/nix',
-)
-
-nix_nested_manpages = [
-  [
-    'nix-env',
-    [
-      'delete-generations',
-      'install',
-      'list-generations',
-      'query',
-      'rollback',
-      'set-flag',
-      'set',
-      'switch-generation',
-      'switch-profile',
-      'uninstall',
-      'upgrade',
-    ],
-  ],
-  [
-    'nix-store',
-    [
-      'add-fixed',
-      'add',
-      'delete',
-      'dump-db',
-      'dump',
-      'export',
-      'gc',
-      'generate-binary-cache-key',
-      'import',
-      'load-db',
-      'optimise',
-      'print-env',
-      'query',
-      'read-log',
-      'realise',
-      'repair-path',
-      'restore',
-      'serve',
-      'verify',
-      'verify-path',
-    ],
-  ],
-]
-
-foreach command : nix_nested_manpages
-  foreach page : command[1]
-    title = command[0] + ' --' + page
-    section = '1'
-    custom_target(
-      command : [
-        bash,
-        files('./render-manpage.sh'),
-        '--out-no-smarty',
-        title,
-        section,
-        '@INPUT0@/command-ref' / command[0] / (page + '.md'),
-        '@OUTPUT0@',
-      ],
-      input : [
-        manual_md,
-        nix_input,
-      ],
-      output : command[0] + '-' + page + '.1',
-      install : true,
-      install_dir : get_option('mandir') / 'man1',
-    )
-  endforeach
-endforeach
-
-nix3_manpages = [
-  'nix3-build',
-  'nix3-bundle',
-  'nix3-config',
-  'nix3-config-check',
-  'nix3-config-show',
-  'nix3-copy',
-  'nix3-daemon',
-  'nix3-derivation-add',
-  'nix3-derivation',
-  'nix3-derivation-show',
-  'nix3-develop',
-  'nix3-edit',
-  'nix3-env-shell',
-  'nix3-eval',
-  'nix3-flake-archive',
-  'nix3-flake-check',
-  'nix3-flake-clone',
-  'nix3-flake-info',
-  'nix3-flake-init',
-  'nix3-flake-lock',
-  'nix3-flake',
-  'nix3-flake-metadata',
-  'nix3-flake-new',
-  'nix3-flake-prefetch',
-  'nix3-flake-show',
-  'nix3-flake-update',
-  'nix3-fmt',
-  'nix3-hash-file',
-  'nix3-hash',
-  'nix3-hash-convert',
-  'nix3-hash-path',
-  'nix3-hash-to-base16',
-  'nix3-hash-to-base32',
-  'nix3-hash-to-base64',
-  'nix3-hash-to-sri',
-  'nix3-help',
-  'nix3-help-stores',
-  'nix3-key-convert-secret-to-public',
-  'nix3-key-generate-secret',
-  'nix3-key',
-  'nix3-log',
-  'nix3-nar-cat',
-  'nix3-nar-dump-path',
-  'nix3-nar-ls',
-  'nix3-nar-pack',
-  'nix3-nar',
-  'nix3-path-info',
-  'nix3-print-dev-env',
-  'nix3-profile',
-  'nix3-profile-add',
-  'nix3-profile-diff-closures',
-  'nix3-profile-history',
-  'nix3-profile-list',
-  'nix3-profile-remove',
-  'nix3-profile-rollback',
-  'nix3-profile-upgrade',
-  'nix3-profile-wipe-history',
-  'nix3-realisation-info',
-  'nix3-realisation',
-  'nix3-registry-add',
-  'nix3-registry-list',
-  'nix3-registry',
-  'nix3-registry-pin',
-  'nix3-registry-remove',
-  'nix3-repl',
-  'nix3-run',
-  'nix3-search',
-  'nix3-store-add',
-  'nix3-store-add-file',
-  'nix3-store-add-path',
-  'nix3-store-cat',
-  'nix3-store-copy-log',
-  'nix3-store-copy-sigs',
-  'nix3-store-delete',
-  'nix3-store-diff-closures',
-  'nix3-store-dump-path',
-  'nix3-store-gc',
-  'nix3-store-info',
-  'nix3-store-ls',
-  'nix3-store-make-content-addressed',
-  'nix3-store',
-  'nix3-store-optimise',
-  'nix3-store-path-from-hash-part',
-  'nix3-store-prefetch-file',
-  'nix3-store-repair',
-  'nix3-store-sign',
-  'nix3-store-verify',
-  'nix3-upgrade-nix',
-  'nix3-why-depends',
-  'nix',
-]
-
-foreach page : nix3_manpages
-  section = '1'
-  custom_target(
-    command : [
-      bash,
-      '@INPUT0@',
-      page,
-      section,
-      '@INPUT1@/command-ref/new-cli/@0@.md'.format(page),
-      '@OUTPUT@',
-    ],
-    input : [
-      files('./render-manpage.sh'),
-      manual_md,
-      nix_input,
-    ],
-    output : page + '.1',
-    install : true,
-    install_dir : get_option('mandir') / 'man1',
-  )
-endforeach
-
-nix_manpages = [
-  [ 'nix-env', 1 ],
-  [ 'nix-store', 1 ],
-  [ 'nix-build', 1 ],
-  [ 'nix-shell', 1 ],
-  [ 'nix-instantiate', 1 ],
-  [ 'nix-collect-garbage', 1 ],
-  [ 'nix-prefetch-url', 1 ],
-  [ 'nix-channel', 1 ],
-  [ 'nix-hash', 1 ],
-  [ 'nix-copy-closure', 1 ],
-  [ 'nix.conf', 5, conf_file_md.full_path() ],
-  [ 'nix-daemon', 8 ],
-  [ 'nix-profiles', 5, 'files/profiles.md' ],
-]
-
-foreach entry : nix_manpages
-  title = entry[0]
-  # nix.conf.5 and nix-profiles.5 are based off of conf-file.md and files/profiles.md,
-  # rather than a stem identical to its mdbook source.
-  # Therefore we use an optional third element of this array to override the name pattern
-  md_file = entry.get(2, title + '.md')
-  section = entry[1].to_string()
-  md_file_resolved = join_paths('@INPUT1@/command-ref/', md_file)
-  custom_target(
-    command : [
-      bash,
-      '@INPUT0@',
-      title,
-      section,
-      md_file_resolved,
-      '@OUTPUT@',
-    ],
-    input : [
-      files('./render-manpage.sh'),
-      manual_md,
-      entry.get(3, []),
-      nix_input,
-    ],
-    output : '@0@.@1@'.format(entry[0], entry[1]),
-    install : true,
-    install_dir : get_option('mandir') / 'man@0@'.format(entry[1]),
-  )
-endforeach

doc/manual/package.nix

@@ -1,117 +0,0 @@
-{
-  lib,
-  mkMesonDerivation,
-
-  meson,
-  ninja,
-  lowdown-unsandboxed,
-  mdbook,
-  mdbook-linkcheck,
-  jq,
-  python3,
-  rsync,
-  nix-cli,
-  changelog-d,
-  json-schema-for-humans,
-  officialRelease,
-
-  # Configuration Options
-
-  version,
-
-  # `tests` attribute
-  testers,
-}:
-
-let
-  inherit (lib) fileset;
-in
-
-mkMesonDerivation (finalAttrs: {
-  pname = "nix-manual";
-  inherit version;
-
-  workDir = ./.;
-  fileset =
-    fileset.difference
-      (fileset.unions [
-        ../../.version
-        # For example JSON
-        ../../src/libutil-tests/data/hash
-        ../../src/libstore-tests/data/content-address
-        ../../src/libstore-tests/data/store-path
-        ../../src/libstore-tests/data/realisation
-        ../../src/libstore-tests/data/derived-path
-        ../../src/libstore-tests/data/path-info
-        ../../src/libstore-tests/data/nar-info
-        ../../src/libstore-tests/data/build-result
-        # Too many different types of files to filter for now
-        ../../doc/manual
-        ./.
-      ])
-      # Do a blacklist instead
-      ../../doc/manual/package.nix;
-
-  # TODO the man pages should probably be separate
-  outputs = [
-    "out"
-    "man"
-  ];
-
-  nativeBuildInputs = [
-    nix-cli
-    meson
-    ninja
-    (lib.getBin lowdown-unsandboxed)
-    mdbook
-    mdbook-linkcheck
-    jq
-    python3
-    rsync
-    json-schema-for-humans
-    changelog-d
-  ]
-  ++ lib.optionals (!officialRelease) [
-    # When not an official release, we likely have changelog entries that have
-    # yet to be rendered.
-    # When released, these are rendered into a committed file to save a dependency.
-    changelog-d
-  ];
-
-  preConfigure = ''
-    chmod u+w ./.version
-    echo ${finalAttrs.version} > ./.version
-  '';
-
-  postInstall = ''
-    mkdir -p ''$out/nix-support
-    echo "doc manual ''$out/share/doc/nix/manual" >> ''$out/nix-support/hydra-build-products
-  '';
-
-  /**
-    The root of the HTML manual.
-    E.g. "${nix-manual.site}/index.html" exists.
-  */
-  passthru.site = finalAttrs.finalPackage + "/share/doc/nix/manual";
-
-  passthru.tests = {
-    # https://nixos.org/manual/nixpkgs/stable/index.html#tester-lycheeLinkCheck
-    linkcheck = testers.lycheeLinkCheck {
-      inherit (finalAttrs.finalPackage) site;
-      extraConfig = {
-        exclude = [
-          # Exclude auto-generated JSON schema documentation which has
-          # auto-generated fragment IDs that don't match the link references
-          ".*/protocols/json/.*\\.html"
-          # Exclude undocumented builtins
-          ".*/language/builtins\\.html#builtins-addErrorContext"
-          ".*/language/builtins\\.html#builtins-appendContext"
-        ];
-      };
-    };
-  };
-
-  meta = {
-    platforms = lib.platforms.all;
-  };
-})

doc/manual/redirects.js

@@ -1,7 +1,7 @@
 // redirect rules for URL fragments (client-side) to prevent link rot.
 // this must be done on the client side, as web servers do not see the fragment part of the URL.
 // it will only work with JavaScript enabled in the browser, but this is the best we can do here.
-// see source/_redirects for path redirects (server-side)
+// see ./_redirects for path redirects (client-side)
 
 // redirects are declared as follows:
 // each entry has as its key a path matching the requested URL path, relative to the mdBook document root.
@@ -14,15 +14,15 @@
 
 const redirects = {
  "index.html": {
-    "part-advanced-topics": "advanced-topics/index.html",
+    "part-advanced-topics": "advanced-topics/advanced-topics.html",
     "chap-tuning-cores-and-jobs": "advanced-topics/cores-vs-jobs.html",
     "chap-diff-hook": "advanced-topics/diff-hook.html",
     "check-dirs-are-unregistered": "advanced-topics/diff-hook.html#check-dirs-are-unregistered",
-    "chap-distributed-builds": "command-ref/conf-file.html#conf-builders",
+    "chap-distributed-builds": "advanced-topics/distributed-builds.html",
     "chap-post-build-hook": "advanced-topics/post-build-hook.html",
     "chap-post-build-hook-caveats": "advanced-topics/post-build-hook.html#implementation-caveats",
     "chap-writing-nix-expressions": "language/index.html",
-    "part-command-ref": "command-ref/index.html",
+    "part-command-ref": "command-ref/command-ref.html",
     "conf-allow-import-from-derivation": "command-ref/conf-file.html#conf-allow-import-from-derivation",
     "conf-allow-new-privileges": "command-ref/conf-file.html#conf-allow-new-privileges",
     "conf-allowed-uris": "command-ref/conf-file.html#conf-allowed-uris",
@@ -143,7 +143,7 @@ const redirects = {
     "opt-timeout": "command-ref/opt-common.html#opt-timeout",
     "sec-common-options": "command-ref/opt-common.html",
     "ch-utilities": "command-ref/utilities.html",
-    "chap-hacking": "development/building.html",
+    "chap-hacking": "contributing/hacking.html",
     "adv-attr-allowSubstitutes": "language/advanced-attributes.html#adv-attr-allowSubstitutes",
     "adv-attr-allowedReferences": "language/advanced-attributes.html#adv-attr-allowedReferences",
     "adv-attr-allowedRequisites": "language/advanced-attributes.html#adv-attr-allowedRequisites",
@@ -238,12 +238,12 @@ const redirects = {
     "attr-system": "language/derivations.html#attr-system",
     "ssec-derivation": "language/derivations.html",
     "ch-expression-language": "language/index.html",
-    "sec-constructs": "language/syntax.html",
-    "sect-let-language": "language/syntax.html#let-expressions",
-    "ss-functions": "language/syntax.html#functions",
+    "sec-constructs": "language/constructs.html",
+    "sect-let-language": "language/constructs.html#let-language",
+    "ss-functions": "language/constructs.html#functions",
     "sec-language-operators": "language/operators.html",
     "table-operators": "language/operators.html",
-    "ssec-values": "language/types.html",
+    "ssec-values": "language/values.html",
     "gloss-closure": "glossary.html#gloss-closure",
     "gloss-derivation": "glossary.html#gloss-derivation",
     "gloss-deriver": "glossary.html#gloss-deriver",
@@ -261,7 +261,7 @@ const redirects = {
     "sec-installer-proxy-settings": "installation/env-variables.html#proxy-environment-variables",
     "sec-nix-ssl-cert-file": "installation/env-variables.html#nix_ssl_cert_file",
     "sec-nix-ssl-cert-file-with-nix-daemon-and-macos": "installation/env-variables.html#nix_ssl_cert_file-with-macos-and-the-nix-daemon",
-    "chap-installation": "installation/index.html",
+    "chap-installation": "installation/installation.html",
     "ch-installing-binary": "installation/installing-binary.html",
     "sect-macos-installation": "installation/installing-binary.html#macos-installation",
     "sect-macos-installation-change-store-prefix": "installation/installing-binary.html#macos-installation",
@@ -285,19 +285,19 @@ const redirects = {
     "ch-basic-package-mgmt": "package-management/basic-package-mgmt.html",
     "ssec-binary-cache-substituter": "package-management/binary-cache-substituter.html",
     "sec-channels": "command-ref/nix-channel.html",
-    "ssec-copy-closure": "command-ref/nix-copy-closure.html",
+    "ssec-copy-closure": "package-management/copy-closure.html",
     "sec-garbage-collection": "package-management/garbage-collection.html",
     "ssec-gc-roots": "package-management/garbage-collector-roots.html",
-    "chap-package-management": "package-management/index.html",
+    "chap-package-management": "package-management/package-management.html",
     "sec-profiles": "package-management/profiles.html",
-    "ssec-s3-substituter": "store/types/s3-substituter.html",
-    "ssec-s3-substituter-anonymous-reads": "store/types/s3-substituter.html#anonymous-reads-to-your-s3-compatible-binary-cache",
-    "ssec-s3-substituter-authenticated-reads": "store/types/s3-substituter.html#authenticated-reads-to-your-s3-binary-cache",
-    "ssec-s3-substituter-authenticated-writes": "store/types/s3-substituter.html#authenticated-writes-to-your-s3-compatible-binary-cache",
+    "ssec-s3-substituter": "package-management/s3-substituter.html",
+    "ssec-s3-substituter-anonymous-reads": "package-management/s3-substituter.html#anonymous-reads-to-your-s3-compatible-binary-cache",
+    "ssec-s3-substituter-authenticated-reads": "package-management/s3-substituter.html#authenticated-reads-to-your-s3-binary-cache",
+    "ssec-s3-substituter-authenticated-writes": "package-management/s3-substituter.html#authenticated-writes-to-your-s3-compatible-binary-cache",
     "sec-sharing-packages": "package-management/sharing-packages.html",
     "ssec-ssh-substituter": "package-management/ssh-substituter.html",
     "chap-quick-start": "quick-start.html",
-    "sec-relnotes": "release-notes/index.html",
+    "sec-relnotes": "release-notes/release-notes.html",
     "ch-relnotes-0.10.1": "release-notes/rl-0.10.1.html",
     "ch-relnotes-0.10": "release-notes/rl-0.10.html",
     "ssec-relnotes-0.11": "release-notes/rl-0.11.html",
@@ -335,26 +335,19 @@ const redirects = {
     "ssec-relnotes-2.2": "release-notes/rl-2.2.html",
     "ssec-relnotes-2.3": "release-notes/rl-2.3.html",
   },
-  "language/types.html": {
+  "language/values.html": {
     "simple-values": "#primitives",
     "lists": "#list",
     "strings": "#string",
+    "lists": "#list",
     "attribute-sets": "#attribute-set",
-    "type-number": "#type-int",
-  },
-  "language/syntax.html": {
-    "scoping-rules": "scoping.html",
-    "string-literal": "string-literals.html",
-  },
-  "language/derivations.md": {
-    "builder-execution": "store/drv/building.md#builder-execution",
   },
   "installation/installing-binary.html": {
     "linux": "uninstall.html#linux",
     "macos": "uninstall.html#macos",
     "uninstalling": "uninstall.html",
-  },
-  "development/building.html": {
+  }
+  "contributing/hacking.html": {
     "nix-with-flakes": "#building-nix-with-flakes",
     "classic-nix": "#building-nix",
     "running-tests": "testing.html#running-tests",
@@ -365,19 +358,7 @@ const redirects = {
     "installer-tests": "testing.html#installer-tests",
     "one-time-setup": "testing.html#one-time-setup",
     "using-the-ci-generated-installer-for-manual-testing": "testing.html#using-the-ci-generated-installer-for-manual-testing",
-    "characterization-testing": "testing.html#characterisation-testing-unit",
-    "add-a-release-note": "contributing.html#add-a-release-note",
-    "add-an-entry": "contributing.html#add-an-entry",
-    "build-process": "contributing.html#build-process",
-    "reverting": "contributing.html#reverting",
-    "branches": "contributing.html#branches",
-  },
-  "glossary.html": {
-    "gloss-local-store": "store/types/local-store.html",
-    "package-attribute-set": "#package",
-    "gloss-chroot-store": "store/types/local-store.html",
-    "gloss-content-addressed-derivation": "#gloss-content-addressing-derivation",
-  },
+  }
 };
 
 // the following code matches the current page's URL against the set of redirects.

doc/manual/remove_before_wrapper.py

@@ -1,33 +0,0 @@
-#!/usr/bin/env python3
-
-import os
-import subprocess
-import sys
-import shutil
-import typing as t
-
-def main():
-    if len(sys.argv) < 4 or '--' not in sys.argv:
-        print("Usage: remove-before-wrapper <output> -- <nix command...>")
-        sys.exit(1)
-
-    # Extract the parts
-    output: str = sys.argv[1]
-    nix_command_idx: int = sys.argv.index('--') + 1
-    nix_command: t.List[str] = sys.argv[nix_command_idx:]
-
-    output_temp: str = output + '.tmp'
-
-    # Remove the output and temp output in case they exist
-    shutil.rmtree(output, ignore_errors=True)
-    shutil.rmtree(output_temp, ignore_errors=True)
-
-    # Execute nix command with `--write-to` tempary output
-    nix_command_write_to = nix_command + ['--write-to', output_temp]
-    subprocess.run(nix_command_write_to, check=True)
-
-    # Move the temporary output to the intended location
-    os.rename(output_temp, output)
-
-if __name__ == "__main__":
-    main()

doc/manual/render-manpage.sh

@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-lowdown_args=
-
-if [ "$1" = --out-no-smarty ]; then
-    lowdown_args=--out-no-smarty
-    shift
-fi
-
-[ "$#" = 4 ] || {
-    echo "wrong number of args passed" >&2
-    exit 1
-}
-
-title="$1"
-section="$2"
-infile="$3"
-outfile="$4"
-
-(
-    printf "Title: %s\n\n" "$title"
-    cat "$infile"
-) | lowdown -sT man --nroff-nolinks $lowdown_args -M section="$section" -o "$outfile"

doc/manual/rl-next/channels-subdomain.md

@@ -1,9 +0,0 @@
----
-synopsis: Channel URLs migrated to channels.nixos.org subdomain
-prs: [14518]
-issues: [14517]
----
-
-Channel URLs have been updated from `https://nixos.org/channels/` to `https://channels.nixos.org/` throughout Nix.
-
-The subdomain provides better reliability with IPv6 support and improved CDN distribution. The old domain apex (`nixos.org/channels/`) currently redirects to the new location but may be deprecated in the future.

doc/manual/rl-next/config

@@ -1,2 +0,0 @@
-organization: NixOS
-repository: nix

doc/manual/rl-next/harden-user-sandboxing.md

@@ -0,0 +1,8 @@
+---
+synopsis: Harden the user sandboxing
+significance: significant
+issues:
+prs: <only provided once merged>
+---
+
+The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.

doc/manual/rl-next/json-format-changes.md

@@ -1,55 +0,0 @@
----
-synopsis: "JSON format changes for store path info and derivations"
-prs: []
-issues: []
----
-
-JSON formats for store path info and derivations have been updated with new versions and structured fields.
-
-## Store Path Info JSON (Version 2)
-
-The store path info JSON format has been updated from version 1 to version 2:
-
-- **Added `version` field**:
-
-  All store path info JSON now includes `"version": 2`.
-
-- **Structured `ca` field**:
-
-  Content address is now a structured JSON object instead of a string:
-
-  - Old: `"ca": "fixed:r:sha256:1abc..."`
-  - New: `"ca": {"method": "nar", "hash": {"algorithm": "sha256", "format": "base64", "hash": "EMIJ+giQ..."}}`
-  - Still `null` values for input-addressed store objects
-
-- **Structured hash fields**:
-
-  Hash values (`narHash` and `downloadHash`) are now structured JSON objects instead of strings:
-
-  - Old: `"narHash": "sha256:FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc="`
-  - New: `"narHash": {"algorithm": "sha256", "format": "base64", "hash": "FePFYIlM..."}`
-  - Same structure applies to `downloadHash` in NAR info contexts
-
-Nix currently only produces, and doesn't consume this format.
-
-**Affected command**: `nix path-info --json`
-
-## Derivation JSON (Version 4)
-
-The derivation JSON format has been updated from version 3 to version 4:
-
-- **Restructured inputs**:
-
-  Inputs are now nested under an `inputs` object:
-
-  - Old: `"inputSrcs": [...], "inputDrvs": {...}`
-  - New: `"inputs": {"srcs": [...], "drvs": {...}}`
-
-- **Consistent content addresses**:
-
-  Floating content-addressed outputs now use structured JSON format.
-  This is the same format as `ca` in in store path info (after the new version).
-
-Version 3 and earlier formats are *not* accepted when reading.
-
-**Affected command**: `nix derivation`, namely it's `show` and `add` sub-commands.

doc/manual/rl-next/leading-period.md

@@ -0,0 +1,10 @@
+---
+synopsis: Store paths are allowed to start with `.`
+issues: 912
+prs: 9867 9091 9095 9120 9121 9122 9130 9219 9224
+---
+
+Leading periods were allowed by accident in Nix 2.4. The Nix team has considered this to be a bug, but this behavior has since been relied on by users, leading to unnecessary difficulties.
+From now on, leading periods are officially, definitively supported. The names `.` and `..` are disallowed, as well as those starting with `.-` or `..-`.
+
+Nix versions that denied leading periods are documented [in the issue](https://github.com/NixOS/nix/issues/912#issuecomment-1919583286).

doc/manual/rl-next/s3-curl-implementation.md

@@ -1,40 +0,0 @@
----
-synopsis: "Improved S3 binary cache support via HTTP"
-prs: [13752, 13823, 14026, 14120, 14131, 14135, 14144, 14170, 14190, 14198, 14206, 14209, 14222, 14223, 14330, 14333, 14335, 14336, 14337, 14350, 14356, 14357, 14374, 14375, 14376, 14377, 14391, 14393, 14420, 14421]
-issues: [13084, 12671, 11748, 12403]
----
-
-S3 binary cache operations now happen via HTTP, leveraging `libcurl`'s native
-AWS SigV4 authentication instead of the AWS C++ SDK, providing significant
-improvements:
-
-- **Reduced memory usage**: Eliminates memory buffering issues that caused
-  segfaults with large files
-- **Fixed upload reliability**: Resolves AWS SDK chunking errors
-  (`InvalidChunkSizeError`)
-- **Lighter dependencies**: Uses lightweight `aws-crt-cpp` instead of full
-  `aws-cpp-sdk`, reducing build complexity
-
-The new implementation requires curl >= 7.75.0 and `aws-crt-cpp` for credential
-management.
-
-All existing S3 URL formats and parameters remain supported, however the store
-settings for configuring multipart uploads have changed:
-
-- **`multipart-upload`** (default: `false`): Enable multipart uploads for large
-  files. When enabled, files exceeding the multipart threshold will be uploaded
-  in multiple parts.
-
-- **`multipart-threshold`** (default: `100 MiB`): Minimum file size for using
-  multipart uploads. Files smaller than this will use regular PUT requests.
-  Only takes effect when `multipart-upload` is enabled.
-
-- **`multipart-chunk-size`** (default: `5 MiB`): Size of each part in multipart
-  uploads. Must be at least 5 MiB (AWS S3 requirement). Larger chunk sizes
-  reduce the number of requests but use more memory.
-
-- **`buffer-size`**: Has been replaced by `multipart-chunk-size` and is now an alias to it.
-
-Note that this change also means Nix now supports S3 binary cache stores even
-if built without `aws-crt-cpp`, but only for public buckets which do not
-require authentication.

doc/manual/rl-next/s3-object-versioning.md

@@ -1,14 +0,0 @@
----
-synopsis: "S3 URLs now support object versioning via versionId parameter"
-prs: [14274]
-issues: [13955]
----
-
-S3 URLs now support a `versionId` query parameter to fetch specific versions
-of objects from S3 buckets with versioning enabled. This allows pinning to
-exact object versions for reproducibility and protection against unexpected
-changes:
-
-```
-s3://bucket/key?region=us-east-1&versionId=abc123def456
-```

doc/manual/rl-next/s3-storage-class.md

@@ -1,21 +0,0 @@
----
-synopsis: "S3 binary cache stores now support storage class configuration"
-prs: [14464]
-issues: [7015]
----
-
-S3 binary cache stores now support configuring the storage class for uploaded objects via the `storage-class` parameter. This allows users to optimize costs by selecting appropriate storage tiers based on access patterns.
-
-Example usage:
-
-```bash
-# Use Glacier storage for long-term archival
-nix copy --to 's3://my-bucket?storage-class=GLACIER' /nix/store/...
-
-# Use Intelligent Tiering for automatic cost optimization
-nix copy --to 's3://my-bucket?storage-class=INTELLIGENT_TIERING' /nix/store/...
-```
-
-The storage class applies to both regular uploads and multipart uploads. When not specified, objects use the bucket's default storage class.
-
-See the [S3 storage classes documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html) for available storage classes and their characteristics.

doc/manual/source/_redirects

@@ -1,54 +0,0 @@
-# redirect rules for paths (server-side) to prevent link rot.
-# see ../redirects.js for redirects based on URL fragments (client-side)
-#
-# concrete user story this supports:
-# - user finds URL to the manual for Nix x.y
-# - Nix x.z (z > y) is the most recent release
-# - updating the version in the URL will show the right thing
-#
-# format documentation:
-# - https://docs.netlify.com/routing/redirects/#syntax-for-the-redirects-file
-# - https://docs.netlify.com/routing/redirects/redirect-options/
-#
-# conventions:
-# - always force (<CODE>!) since this allows re-using file names
-# - group related paths to ease readability
-# - keep in alphabetical/wildcards-last order, which will reduce version control conflicts
-# - redirects that should have been there but are missing can be inserted where they belong
-
-/advanced-topics/advanced-topics /advanced-topics 301!
-
-/command-ref/command-ref /command-ref 301!
-
-/contributing/contributing /development 301!
-/contributing /development 301!
-/contributing/hacking /development/building 301!
-/contributing/testing /development/testing 301!
-/contributing/documentation /development/documentation 301!
-/contributing/experimental-features /development/experimental-features 301!
-/contributing/cli-guideline /development/cli-guideline 301!
-/contributing/json-guideline /development/json-guideline 301!
-/contributing/cxx /development/cxx 301!
-
-/expressions/expression-language /language/ 301!
-/expressions/language-constructs /language/constructs 301!
-/expressions/language-operators /language/operators 301!
-/expressions/language-values /language/values 301!
-/expressions/* /language/:splat 301!
-/language/values /language/types 301!
-/language/constructs /language/syntax 301!
-/language/builtin-constants /language/builtins 301!
-
-/installation/installation /installation 301!
-
-/package-management/basic-package-mgmt /command-ref/nix-env 301!
-/package-management/channels /command-ref/nix-channel 301!
-/package-management/package-management /package-management 301!
-/package-management/s3-substituter /store/types/s3-binary-cache-store 301!
-
-/protocols/protocols /protocols 301!
-/json/* /protocols/json/:splat 301!
-
-/release-notes/release-notes /release-notes 301!
-
-/package-management/copy-closure /command-ref/nix-copy-closure 301!

doc/manual/source/advanced-topics/distributed-builds.md

@@ -1,110 +0,0 @@
-# Remote Builds
-
-A local Nix installation can forward Nix builds to other machines,
-this allows multiple builds to be performed in parallel.
-
-Remote builds also allow Nix to perform multi-platform builds in a
-semi-transparent way. For example, if you perform a build for a
-`x86_64-darwin` on an `i686-linux` machine, Nix can automatically
-forward the build to a `x86_64-darwin` machine, if one is available.
-
-## Requirements
-
-For a local machine to forward a build to a remote machine, the remote machine must:
-
-- Have Nix installed
-- Be running an SSH server, e.g. `sshd`
-- Be accessible via SSH from the local machine over the network
-- Have the local machine's public SSH key in `/etc/ssh/authorized_keys.d/<username>`
-- Have the username of the SSH user in the `trusted-users` setting in `nix.conf`
-
-## Testing
-
-To test connecting to a remote [Nix instance] (in this case `mac`), run:
-
-```console
-nix store info --store ssh://username@mac
-```
-
-To specify an SSH identity file as part of the remote store URI add a
-query parameter, e.g.
-
-```console
-nix store info --store ssh://username@mac?ssh-key=/home/alice/my-key
-```
-
-Since builds should be non-interactive, the key should not have a
-passphrase. Alternatively, you can load identities ahead of time into
-`ssh-agent` or `gpg-agent`.
-
-In a multi-user installation (default), builds are executed by the Nix
-Daemon. The Nix Daemon cannot prompt for a passphrase via the terminal
-or `ssh-agent`, so the SSH key must not have a passphrase.
-
-In addition, the Nix Daemon's user (typically root) needs to have SSH
-access to the remote builder.
-
-Access can be verified by running `sudo su`, and then validating SSH
-access, e.g. by running `ssh mac`. SSH identity files for root users
-are usually stored in `/root/.ssh/` (Linux) or `/var/root/.ssh` (MacOS).
-
-If you get the error
-
-```console
-bash: nix: command not found
-error: cannot connect to 'mac'
-```
-
-then you need to ensure that the `PATH` of non-interactive login shells
-contains Nix.
-
-The [list of remote build machines](@docroot@/command-ref/conf-file.md#conf-builders) can be specified on the command line or in the Nix configuration file.
-For example, the following command allows you to build a derivation for `x86_64-darwin` on a Linux machine:
-
-```console
-uname
-```
-
-```console
-Linux
-```
-
-```console
-nix build --impure \
- --expr '(with import <nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo" {} "uname > $out")' \
- --builders 'ssh://mac x86_64-darwin'
-```
-
-```console
-[1/0/1 built, 0.0 MiB DL] building foo on ssh://mac
-```
-
-```console
-cat ./result
-```
-
-```console
-Darwin
-```
-
-It is possible to specify multiple build machines separated by a semicolon or a newline, e.g.
-
-```console
-  --builders 'ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd'
-```
-
-Remote build machines can also be configured in [`nix.conf`](@docroot@/command-ref/conf-file.md), e.g.
-
-    builders = ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd
-
-After making changes to `nix.conf`, restart the Nix daemon for changes to take effect.
-
-Finally, remote build machines can be configured in a separate configuration
-file included in `builders` via the syntax `@/path/to/file`. For example,
-
-    builders = @/etc/nix/machines
-
-causes the list of machines in `/etc/nix/machines` to be included.
-(This is the default.)
-
-[Nix instance]: @docroot@/glossary.md#gloss-nix-instance

doc/manual/source/advanced-topics/eval-profiler.md

@@ -1,33 +0,0 @@
-# Using the `eval-profiler`
-
-Nix evaluator supports [evaluation](@docroot@/language/evaluation.md)
-[profiling](<https://en.wikipedia.org/wiki/Profiling_(computer_programming)>)
-compatible with `flamegraph.pl`. The profiler samples the nix
-function call stack at regular intervals. It can be enabled with the
-[`eval-profiler`](@docroot@/command-ref/conf-file.md#conf-eval-profiler)
-setting:
-
-```console
-$ nix-instantiate "<nixpkgs>" -A hello --eval-profiler flamegraph
-```
-
-Stack sampling frequency and the output file path can be configured with
-[`eval-profile-file`](@docroot@/command-ref/conf-file.md#conf-eval-profile-file)
-and [`eval-profiler-frequency`](@docroot@/command-ref/conf-file.md#conf-eval-profiler-frequency).
-By default the collected profile is saved to `nix.profile` file in the current working directory.
-
-The collected profile can be directly consumed by `flamegraph.pl`:
-
-```console
-$ flamegraph.pl nix.profile > flamegraph.svg
-```
-
-The line information in the profile contains the location of the [call
-site](https://en.wikipedia.org/wiki/Call_site) position and the name of the
-function being called (when available). For example:
-
-```
-/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5:primop import
-```
-
-Here `import` primop is called at `/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5`.

doc/manual/source/c-api.md

@@ -1,16 +0,0 @@
-# C API
-
-Nix provides a C API with the intent of [_becoming_](https://github.com/NixOS/nix/milestone/52) a stable API, which it is currently not.
-It is in development.
-
-See:
-- C API documentation for a recent build of master
-  - [Getting Started]
-  - [Index]
-- [Matrix Room *Nix Bindings*](https://matrix.to/#/#nix-bindings:nixos.org) for discussion and questions.
-- [Stabilisation Milestone](https://github.com/NixOS/nix/milestone/52)
-- [Other C API PRs and issues](https://github.com/NixOS/nix/labels/c%20api)
-- [Contributing C API Documentation](development/documentation.md#c-api-documentation), including how to build it locally.
-
-[Getting Started]: https://hydra.nixos.org/job/nix/master/external-api-docs/latest/download-by-type/doc/external-api-docs
-[Index]: https://hydra.nixos.org/job/nix/master/external-api-docs/latest/download-by-type/doc/external-api-docs/globals.html

doc/manual/source/command-ref/env-common.md

@@ -1,156 +0,0 @@
-# Common Environment Variables
-
-Most Nix commands interpret the following environment variables:
-
-- <span id="env-IN_NIX_SHELL">[`IN_NIX_SHELL`](#env-IN_NIX_SHELL)</span>
-
-  Indicator that tells if the current environment was set up by
-  `nix-shell`. It can have the values `pure` or `impure`.
-
-- <span id="env-NIX_PATH">[`NIX_PATH`](#env-NIX_PATH)</span>
-
-  A colon-separated list of search path entries used to resolve [lookup paths](@docroot@/language/constructs/lookup-path.md).
-
-  This environment variable overrides the value of the [`nix-path` configuration setting](@docroot@/command-ref/conf-file.md#conf-nix-path).
-
-  It can be extended using the [`-I` option](@docroot@/command-ref/opt-common.md#opt-I).
-
-  > **Example**
-  >
-  > ```bash
-  > $ export NIX_PATH=`/home/eelco/Dev:nixos-config=/etc/nixos
-  > ```
-
-  If `NIX_PATH` is set to an empty string, resolving search paths will always fail.
-
-  > **Example**
-  >
-  > ```bash
-  > $ NIX_PATH= nix-instantiate --eval '<nixpkgs>'
-  > error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
-  > ```
-
-- <span id="env-NIX_IGNORE_SYMLINK_STORE">[`NIX_IGNORE_SYMLINK_STORE`](#env-NIX_IGNORE_SYMLINK_STORE)</span>
-
-  Normally, the Nix store directory (typically `/nix/store`) is not
-  allowed to contain any symlink components. This is to prevent
-  “impure” builds. Builders sometimes “canonicalise” paths by
-  resolving all symlink components. Thus, builds on different machines
-  (with `/nix/store` resolving to different locations) could yield
-  different results. This is generally not a problem, except when
-  builds are deployed to machines where `/nix/store` resolves
-  differently. If you are sure that you’re not going to do that, you
-  can set `NIX_IGNORE_SYMLINK_STORE` to `1`.
-
-  Note that if you’re symlinking the Nix store so that you can put it
-  on another file system than the root file system, on Linux you’re
-  better off using `bind` mount points, e.g.,
-
-  ```console
-  $ mkdir /nix
-  $ mount -o bind /mnt/otherdisk/nix /nix
-  ```
-
-  Consult the mount 8 manual page for details.
-
-- <span id="env-NIX_STORE_DIR">[`NIX_STORE_DIR`](#env-NIX_STORE_DIR)</span>
-
-  Overrides the location of the Nix store (default `prefix/store`).
-
-- <span id="env-NIX_DATA_DIR">[`NIX_DATA_DIR`](#env-NIX_DATA_DIR)</span>
-
-  Overrides the location of the Nix static data directory (default
-  `prefix/share`).
-
-- <span id="env-NIX_LOG_DIR">[`NIX_LOG_DIR`](#env-NIX_LOG_DIR)</span>
-
-  Overrides the location of the Nix log directory (default
-  `prefix/var/log/nix`).
-
-- <span id="env-NIX_STATE_DIR">[`NIX_STATE_DIR`](#env-NIX_STATE_DIR)</span>
-
-  Overrides the location of the Nix state directory (default
-  `prefix/var/nix`).
-
-- <span id="env-NIX_CONF_DIR">[`NIX_CONF_DIR`](#env-NIX_CONF_DIR)</span>
-
-  Overrides the location of the system Nix configuration directory
-  (default `sysconfdir/nix`, i.e. `/etc/nix` on most systems).
-
-- <span id="env-NIX_CONFIG">[`NIX_CONFIG`](#env-NIX_CONFIG)</span>
-
-  Applies settings from Nix configuration from the environment.
-  The content is treated as if it was read from a Nix configuration file.
-  Settings are separated by the newline character.
-
-- <span id="env-NIX_USER_CONF_FILES">[`NIX_USER_CONF_FILES`](#env-NIX_USER_CONF_FILES)</span>
-
-  Overrides the location of the Nix user configuration files to load from.
-
-  The default are the locations according to the [XDG Base Directory Specification].
-  See the [XDG Base Directories](#xdg-base-directories) sub-section for details.
-
-  The variable is treated as a list separated by the `:` token.
-
-- <span id="env-TMPDIR">[`TMPDIR`](#env-TMPDIR)</span>
-
-  Use the specified directory to store temporary files. In particular,
-  this includes temporary build directories; these can take up
-  substantial amounts of disk space. The default is `/tmp`.
-
-- <span id="env-NIX_REMOTE">[`NIX_REMOTE`](#env-NIX_REMOTE)</span>
-
-  This variable should be set to `daemon` if you want to use the Nix
-  daemon to execute Nix operations. This is necessary in [multi-user
-  Nix installations](@docroot@/installation/multi-user.md). If the Nix
-  daemon's Unix socket is at some non-standard path, this variable
-  should be set to `unix://path/to/socket`. Otherwise, it should be
-  left unset.
-
-- <span id="env-NIX_SHOW_STATS">[`NIX_SHOW_STATS`](#env-NIX_SHOW_STATS)</span>
-
-  If set to `1`, Nix will print some evaluation statistics, such as
-  the number of values allocated.
-
-- <span id="env-NIX_COUNT_CALLS">[`NIX_COUNT_CALLS`](#env-NIX_COUNT_CALLS)</span>
-
-  If set to `1`, Nix will print how often functions were called during
-  Nix expression evaluation. This is useful for profiling your Nix
-  expressions.
-
-- <span id="env-GC_INITIAL_HEAP_SIZE">[`GC_INITIAL_HEAP_SIZE`](#env-GC_INITIAL_HEAP_SIZE)</span>
-
-  If Nix has been configured to use the Boehm garbage collector, this
-  variable sets the initial size of the heap in bytes. It defaults to
-  384 MiB. Setting it to a low value reduces memory consumption, but
-  will increase runtime due to the overhead of garbage collection.
-
-## XDG Base Directories
-
-Nix follows the [XDG Base Directory Specification].
-
-For backwards compatibility, Nix commands will follow the standard only when [`use-xdg-base-directories`] is enabled.
-[New Nix commands](@docroot@/command-ref/new-cli/nix.md) (experimental) conform to the standard by default.
-
-The following environment variables are used to determine locations of various state and configuration files:
-
-- [`XDG_CONFIG_HOME`]{#env-XDG_CONFIG_HOME} (default `~/.config`)
-- [`XDG_STATE_HOME`]{#env-XDG_STATE_HOME} (default `~/.local/state`)
-- [`XDG_CACHE_HOME`]{#env-XDG_CACHE_HOME} (default `~/.cache`)
-
-[XDG Base Directory Specification]: https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
-[`use-xdg-base-directories`]: @docroot@/command-ref/conf-file.md#conf-use-xdg-base-directories
-
-In addition, setting the following environment variables overrides the XDG base directories:
-
-- [`NIX_CONFIG_HOME`]{#env-NIX_CONFIG_HOME} (default `$XDG_CONFIG_HOME/nix`)
-- [`NIX_STATE_HOME`]{#env-NIX_STATE_HOME} (default `$XDG_STATE_HOME/nix`)
-- [`NIX_CACHE_HOME`]{#env-NIX_CACHE_HOME} (default `$XDG_CACHE_HOME/nix`)
-
-When [`use-xdg-base-directories`] is enabled, the configuration directory is:
-
-1. `$NIX_CONFIG_HOME`, if it is defined
-2. Otherwise, `$XDG_CONFIG_HOME/nix`, if `XDG_CONFIG_HOME` is defined
-3. Otherwise, `~/.config/nix`.
-
-Likewise for the state and cache directories.

doc/manual/source/command-ref/meson.build

@@ -1,56 +0,0 @@
-xp_features_json = custom_target(
-  command : [ nix, '__dump-xp-features' ],
-  capture : true,
-  output : 'xp-features.json',
-  env : nix_env_for_docs,
-)
-
-experimental_features_shortlist_md = custom_target(
-  command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
-  ],
-  input : [
-    '../../generate-xp-features-shortlist.nix',
-    xp_features_json,
-  ],
-  output : 'experimental-features-shortlist.md',
-  capture : true,
-  env : nix_env_for_docs,
-)
-
-nix3_cli_files = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', 'import @INPUT1@ true (builtins.readFile ./@INPUT2@)',
-  ],
-  input : [
-    '../../remove_before_wrapper.py',
-    '../../generate-manpage.nix',
-    nix3_cli_json,
-  ],
-  output : 'new-cli',
-  env : nix_env_for_docs,
-)
-
-conf_file_md_body = custom_target(
-  command : [
-    nix_eval_for_docs,
-    '--expr', 'import @INPUT0@ { prefix = "conf"; } (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
-  ],
-  capture : true,
-  input : [
-    '../../generate-settings.nix',
-    conf_file_json,
-  ],
-  output : 'conf-file.body.md',
-  env : nix_env_for_docs,
-)
-
-conf_file_md = custom_target(
-  command : [ 'cat', '@INPUT0@', '@INPUT1@' ],
-  capture : true,
-  input : [
-    'conf-file-prefix.md',
-    conf_file_md_body,
-  ],
-  output : 'conf-file.md',
-)

doc/manual/source/command-ref/nix-copy-closure.md

@@ -1,91 +0,0 @@
-# Name
-
-`nix-copy-closure` - copy store objects to or from a remote machine via SSH
-
-# Synopsis
-
-`nix-copy-closure`
-  [`--to` | `--from` ]
-  [`--gzip`]
-  [`--include-outputs`]
-  [`--use-substitutes` | `-s`]
-  [`-v`]
-  [_user_@]_machine_[:_port_] _paths_
-
-# Description
-
-Given _paths_ from one machine, `nix-copy-closure` computes the [closure](@docroot@/glossary.md#gloss-closure) of those paths (i.e. all their dependencies in the Nix store), and copies [store objects](@docroot@/glossary.md#gloss-store-object) in that closure to another machine via SSH.
-It doesn’t copy store objects that are already present on the other machine.
-
-> **Note**
->
-> While the Nix store to use on the local machine can be specified on the command line with the [`--store`](@docroot@/command-ref/conf-file.md#conf-store) option, the Nix store to be accessed on the remote machine can only be [configured statically](@docroot@/command-ref/conf-file.md#configuration-file) on that remote machine.
-
-Since `nix-copy-closure` calls `ssh`, you may need to authenticate with the remote machine.
-In fact, you may be asked for authentication _twice_ because `nix-copy-closure` currently connects twice to the remote machine: first to get the set of paths missing on the target machine, and second to send the dump of those paths.
-When using public key authentication, you can avoid typing the passphrase with `ssh-agent`.
-
-# Options
-
-- `--to`
-
-  Copy the closure of _paths_ from a Nix store accessible from the local machine to the Nix store on the remote _machine_.
-  This is the default behavior.
-
-- `--from`
-
-  Copy the closure of _paths_ from the Nix store on the remote _machine_ to the local machine's specified Nix store.
-
-- `--gzip`
-
-  Enable compression of the SSH connection.
-
-- `--include-outputs`
-
-  Also copy the outputs of [store derivation]s included in the closure.
-
-  [store derivation]: @docroot@/glossary.md#gloss-store-derivation
-
-- `--use-substitutes` / `-s`
-
-  Attempt to download missing store objects on the target from [substituters](@docroot@/command-ref/conf-file.md#conf-substituters).
-  Any store objects that cannot be substituted on the target are still copied normally from the source.
-  This is useful, for instance, if the connection between the source and target machine is slow, but the connection between the target machine and `cache.nixos.org` (the default binary cache server) is fast.
-
-{{#include ./opt-common.md}}
-
-# Environment variables
-
-- `NIX_SSHOPTS`
-
-  Additional options to be passed to `ssh` on the command line.
-
-{{#include ./env-common.md}}
-
-# Examples
-
-> **Example**
->
-> Copy GNU Hello with all its dependencies to a remote machine:
->
-> ```shell-session
-> $ storePath="$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)"
-> $ nix-copy-closure --to alice@itchy.example.org "$storePath"
-> copying 5 paths...
-> copying path '/nix/store/nrwkk6ak3rgkrxbqhsscb01jpzmslf2r-xgcc-13.2.0-libgcc' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/gm61h1y42pqyl6178g90x8zm22n6pyy5-libunistring-1.1' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/ddfzjdykw67s20c35i7a6624by3iz5jv-libidn2-2.3.7' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/apab5i73dqa09wx0q27b6fbhd1r18ihl-glibc-2.39-31' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/g1n2vryg06amvcc1avb2mcq36faly0mh-hello-2.12.1' to 'ssh://alice@itchy.example.org'...
-> ```
-
-> **Example**
->
-> Copy GNU Hello from a remote machine using a known store path, and run it:
->
-> ```shell-session
-> $ storePath="$(nix-instantiate --eval --raw '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello.outPath)"
-> $ nix-copy-closure --from alice@itchy.example.org "$storePath"
-> $ "$storePath"/bin/hello
-> Hello, world!
-> ```

doc/manual/source/command-ref/nix-env.md

@@ -1,134 +0,0 @@
-# Name
-
-`nix-env` - manipulate or query Nix user environments
-
-# Synopsis
-
-`nix-env` *operation* [*options*] [*arguments…*]
-  [`--option` *name* *value*]
-  [`--arg` *name* *value*]
-  [`--argstr` *name* *value*]
-  [{`--file` | `-f`} *path*]
-  [{`--profile` | `-p`} *path*]
-  [`--system-filter` *system*]
-  [`--dry-run`]
-
-# Description
-
-The command `nix-env` is used to manipulate Nix user environments. User
-environments are sets of software packages available to a user at some
-point in time. In other words, they are a synthesised view of the
-programs available in the Nix store. There may be many user
-environments: different users can have different environments, and
-individual users can switch between different environments.
-
-`nix-env` takes exactly one *operation* flag which indicates the
-subcommand to be performed. The following operations are available:
-
-- [`--install`](./nix-env/install.md)
-- [`--upgrade`](./nix-env/upgrade.md)
-- [`--uninstall`](./nix-env/uninstall.md)
-- [`--set`](./nix-env/set.md)
-- [`--set-flag`](./nix-env/set-flag.md)
-- [`--query`](./nix-env/query.md)
-- [`--switch-profile`](./nix-env/switch-profile.md)
-- [`--list-generations`](./nix-env/list-generations.md)
-- [`--delete-generations`](./nix-env/delete-generations.md)
-- [`--switch-generation`](./nix-env/switch-generation.md)
-- [`--rollback`](./nix-env/rollback.md)
-
-These pages can be viewed offline:
-
-- `man nix-env-<operation>`.
-
-  Example: `man nix-env-install`
-
-- `nix-env --help --<operation>`
-
-  Example: `nix-env --help --install`
-
-# Package sources
-
-`nix-env` can obtain packages from multiple sources:
-
-- An attribute set of derivations from:
-  - The [default Nix expression](@docroot@/command-ref/files/default-nix-expression.md) (by default)
-  - A Nix file, specified via `--file`
-  - A [profile](@docroot@/command-ref/files/profiles.md), specified via `--from-profile`
-  - A Nix expression that is a function which takes default expression as argument, specified via `--from-expression`
-- A [store path](@docroot@/store/store-path.md)
-
-# Selectors
-
-Several operations, such as [`nix-env --query`](./nix-env/query.md) and [`nix-env --install`](./nix-env/install.md), take a list of *arguments* that specify the packages on which to operate.
-
-Packages are identified based on a `name` part and a `version` part of a [symbolic derivation name](@docroot@/language/derivations.md#attr-name):
-
-- `name`: Everything up to but not including the first dash (`-`) that is *not* followed by a letter.
-- `version`: The rest, excluding the separating dash.
-
-> **Example**
->
-> `nix-env` parses the symbolic derivation name `apache-httpd-2.0.48` as:
->
-> ```json
-> {
->   "name": "apache-httpd",
->   "version": "2.0.48"
-> }
-> ```
-
-> **Example**
->
-> `nix-env` parses the symbolic derivation name `firefox.*` as:
->
-> ```json
-> {
->   "name": "firefox.*",
->   "version": ""
-> }
-> ```
-
-The `name` parts of the *arguments* to `nix-env` are treated as extended regular expressions and matched against the `name` parts of derivation names in the package source.
-The match is case-sensitive.
-The regular expression can optionally be followed by a dash (`-`) and a version number; if omitted, any version of the package will match.
-For details on regular expressions, see [**regex**(7)](https://linux.die.net/man/7/regex).
-
-> **Example**
->
-> Common patterns for finding package names with `nix-env`:
->
-> - `firefox`
->
->   Matches the package name `firefox` and any version.
->
-> - `firefox-32.0`
->
->   Matches the package name `firefox` and version `32.0`.
->
-> - `gtk\\+`
->
->   Matches the package name `gtk+`.
->   The `+` character must be escaped using a backslash (`\`) to prevent it from being interpreted as a quantifier, and the backslash must be escaped in turn with another backslash to ensure that the shell passes it on.
->
-> - `.\*`
->
->   Matches any package name.
->   This is the default for most commands.
->
-> - `'.*zip.*'`
->
->   Matches any package name containing the string `zip`.
->   Note the dots: `'*zip*'` does not work, because in a regular expression, the character `*` is interpreted as a quantifier.
->
-> - `'.*(firefox|chromium).*'`
->
->   Matches any package name containing the strings `firefox` or `chromium`.
-
-# Files
-
-`nix-env` operates on the following files.
-
-{{#include ./files/default-nix-expression.md}}
-
-{{#include ./files/profiles.md}}

doc/manual/source/command-ref/nix-env/install.md

@@ -1,244 +0,0 @@
-# Name
-
-`nix-env --install` - add packages to user environment
-
-# Synopsis
-
-`nix-env` {`--install` | `-i`} *args…*
-  [{`--prebuilt-only` | `-b`}]
-  [{`--attr` | `-A`}]
-  [`--from-expression`] [`-E`]
-  [`--from-profile` *path*]
-  [`--preserve-installed` | `-P`]
-  [`--remove-all` | `-r`]
-  [`--priority` *priority*]
-
-# Description
-
-The `--install` operation creates a new user environment.
-It is based on the current generation of the active [profile](@docroot@/command-ref/files/profiles.md), to which a set of [store paths] described by *args* is added.
-
-[store paths]: @docroot@/store/store-path.md
-
-The arguments *args* map to store paths in a number of possible ways:
-
-- By default, *args* is a set of names denoting derivations in the [default Nix expression].
-  These are [realised], and the resulting output paths are installed.
-  Currently installed derivations with a name equal to the name of a derivation being added are removed unless the option `--preserve-installed` is specified.
-
-  [derivation expression]: @docroot@/glossary.md#gloss-derivation-expression
-  [default Nix expression]: @docroot@/command-ref/files/default-nix-expression.md
-  [realised]: @docroot@/glossary.md#gloss-realise
-
-  If there are multiple derivations matching a name in *args* that
-  have the same name (e.g., `gcc-3.3.6` and `gcc-4.1.1`), then the
-  derivation with the highest *priority* is used. A derivation can
-  define a priority by declaring the `meta.priority` attribute. This
-  attribute should be a number, with a higher value denoting a lower
-  priority. The default priority is `5`.
-
-  If there are multiple matching derivations with the same priority,
-  then the derivation with the highest version will be installed.
-
-  You can force the installation of multiple derivations with the same
-  name by being specific about the versions. For instance, `nix-env --install
-  gcc-3.3.6 gcc-4.1.1` will install both version of GCC (and will
-  probably cause a user environment conflict\!).
-
-- If [`--attr`](#opt-attr) / `-A` is specified, the arguments are *attribute paths* that select attributes from the [default Nix expression].
-  This is faster than using derivation names and unambiguous.
-  Show the attribute paths of available packages with [`nix-env --query`](./query.md):
-
-  ```console
-  nix-env --query --available --attr-path
-  ```
-
-- If `--from-profile` *path* is given, *args* is a set of names
-  denoting installed [store paths] in the profile *path*. This is an
-  easy way to copy user environment elements from one profile to
-  another.
-
-- If `--from-expression` is given, *args* are [Nix language functions](@docroot@/language/syntax.md#functions) that are called with the [default Nix expression] as their single argument.
-  The derivations returned by those function calls are installed.
-  This allows derivations to be specified in an unambiguous way, which is necessary if there are multiple derivations with the same name.
-
-- If `--priority` *priority* is given, the priority of the derivations being installed is set to *priority*.
-  This can be used to override the priority of the derivations being installed.
-  This is useful if *args* are [store paths], which don't have any priority information.
-
-- If *args* are [store paths] that point to [store derivations][store derivation], then those store derivations are [realised], and the resulting output paths are installed.
-
-- If *args* are [store paths] that do not point to store derivations, then these are [realised] and installed.
-
-- By default all [outputs](@docroot@/language/derivations.md#attr-outputs) are installed for each [store derivation].
-  This can be overridden by adding a `meta.outputsToInstall` attribute on the derivation listing a subset of the output names.
-
-  Example:
-
-  The file `example.nix` defines a derivation with two outputs `foo` and `bar`, each containing a file.
-
-  ```nix
-  # example.nix
-  let
-    pkgs = import <nixpkgs> {};
-    command = ''
-      ${pkgs.coreutils}/bin/mkdir -p $foo $bar
-      echo foo > $foo/foo-file
-      echo bar > $bar/bar-file
-    '';
-  in
-  derivation {
-    name = "example";
-    builder = "${pkgs.bash}/bin/bash";
-    args = [ "-c" command ];
-    outputs = [ "foo" "bar" ];
-    system = builtins.currentSystem;
-  }
-  ```
-
-  Installing from this Nix expression will make files from both outputs appear in the current profile.
-
-  ```console
-  $ nix-env --install --file example.nix
-  installing 'example'
-  $ ls ~/.nix-profile
-  foo-file
-  bar-file
-  manifest.nix
-  ```
-
-  Adding `meta.outputsToInstall` to that derivation will make `nix-env` only install files from the specified outputs.
-
-  ```nix
-  # example-outputs.nix
-  import ./example.nix // { meta.outputsToInstall = [ "bar" ]; }
-  ```
-
-  ```console
-  $ nix-env --install --file example-outputs.nix
-  installing 'example'
-  $ ls ~/.nix-profile
-  bar-file
-  manifest.nix
-  ```
-
-[store derivation]: @docroot@/glossary.md#gloss-store-derivation
-
-# Options
-
-- `--prebuilt-only` / `-b`
-
-  Use only derivations for which a substitute is registered, i.e.,
-  there is a pre-built binary available that can be downloaded in lieu
-  of building the derivation. Thus, no packages will be built from
-  source.
-
-- `--preserve-installed` / `-P`
-
-  Do not remove derivations with a name matching one of the
-  derivations being installed. Usually, trying to have two versions of
-  the same package installed in the same generation of a profile will
-  lead to an error in building the generation, due to file name
-  clashes between the two versions. However, this is not the case for
-  all packages.
-
-- `--remove-all` / `-r`
-
-  Remove all previously installed packages first. This is equivalent
-  to running `nix-env --uninstall '.*'` first, except that everything happens
-  in a single transaction.
-
-{{#include ./opt-common.md}}
-
-{{#include ../opt-common.md}}
-
-{{#include ./env-common.md}}
-
-{{#include ../env-common.md}}
-
-# Examples
-
-To install a package using a specific attribute path from the active Nix expression:
-
-```console
-$ nix-env --install --attr gcc40mips
-installing `gcc-4.0.2'
-$ nix-env --install --attr xorg.xorgserver
-installing `xorg-server-1.2.0'
-```
-
-To install a specific version of `gcc` using the derivation name:
-
-```console
-$ nix-env --install gcc-3.3.2
-installing `gcc-3.3.2'
-uninstalling `gcc-3.1'
-```
-
-Using attribute path for selecting a package is preferred,
-as it is much faster and there will not be multiple matches.
-
-Note the previously installed version is removed, since
-`--preserve-installed` was not specified.
-
-To install an arbitrary version:
-
-```console
-$ nix-env --install gcc
-installing `gcc-3.3.2'
-```
-
-To install all derivations in the Nix expression `foo.nix`:
-
-```console
-$ nix-env --file ~/foo.nix --install '.*'
-```
-
-To copy the store path with symbolic name `gcc` from another profile:
-
-```console
-$ nix-env --install --from-profile /nix/var/nix/profiles/foo gcc
-```
-
-To install a specific [store derivation] (typically created by
-`nix-instantiate`):
-
-```console
-$ nix-env --install /nix/store/fibjb1bfbpm5mrsxc4mh2d8n37sxh91i-gcc-3.4.3.drv
-```
-
-To install a specific output path:
-
-```console
-$ nix-env --install /nix/store/y3cgx0xj1p4iv9x0pnnmdhr8iyg741vk-gcc-3.4.3
-```
-
-To install from a Nix expression specified on the command-line:
-
-```console
-$ nix-env --file ./foo.nix --install --expr \
-    'f: (f {system = "i686-linux";}).subversionWithJava'
-```
-
-I.e., this evaluates to `(f: (f {system =
-"i686-linux";}).subversionWithJava) (import ./foo.nix)`, thus selecting
-the `subversionWithJava` attribute from the set returned by calling the
-function defined in `./foo.nix`.
-
-A dry-run tells you which paths will be downloaded or built from source:
-
-```console
-$ nix-env --file '<nixpkgs>' --install --attr hello --dry-run
-(dry run; not doing anything)
-installing ‘hello-2.10’
-this path will be fetched (0.04 MiB download, 0.19 MiB unpacked):
-  /nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10
-  ...
-```
-
-To install Firefox from the latest revision in the Nixpkgs/NixOS 14.12
-channel:
-
-```console
-$ nix-env --file https://github.com/NixOS/nixpkgs/archive/nixos-14.12.tar.gz --install --attr firefox
-```

doc/manual/source/command-ref/nix-env/opt-common.md

@@ -1,38 +0,0 @@
-# Options
-
-The following options are allowed for all `nix-env` operations, but may not always have an effect.
-
-- `--file` / `-f` *path*
-
-  Specifies the Nix expression (designated below as the *active Nix
-  expression*) used by the `--install`, `--upgrade`, and `--query
-  --available` operations to obtain derivations. The default is
-  `~/.nix-defexpr`.
-
-  If the argument starts with `http://` or `https://`, it is
-  interpreted as the URL of a tarball that will be downloaded and
-  unpacked to a temporary location. The tarball must include a single
-  top-level directory containing at least a file named `default.nix`.
-
-- `--profile` / `-p` *path*
-
-  Specifies the profile to be used by those operations that operate on
-  a profile (designated below as the *active profile*). A profile is a
-  sequence of user environments called *generations*, one of which is
-  the *current generation*.
-
-- `--dry-run`
-
-  For the `--install`, `--upgrade`, `--uninstall`,
-  `--switch-generation`, `--delete-generations` and `--rollback`
-  operations, this flag will cause `nix-env` to print what *would* be
-  done if this flag had not been specified, without actually doing it.
-
-  `--dry-run` also prints out which paths will be
-  [substituted](@docroot@/glossary.md) (i.e., downloaded) and which paths
-  will be built from source (because no substitute is available).
-
-- `--system-filter` *system*
-
-  By default, operations such as `--query --available` show derivations matching any platform. This option
-  allows you to use derivations for the specified platform *system*.

doc/manual/source/command-ref/nix-instantiate.md

@@ -1,207 +0,0 @@
-# Name
-
-`nix-instantiate` - instantiate store derivations from Nix expressions
-
-# Synopsis
-
-`nix-instantiate`
-  [`--parse` | `--eval` [`--strict`] [`--raw` | `--json` | `--xml`] ]
-  [`--read-write-mode`]
-  [`--arg` *name* *value*]
-  [{`--attr`| `-A`} *attrPath*]
-  [`--add-root` *path*]
-  [`--expr` | `-E`]
-  *files…*
-
-`nix-instantiate` `--find-file` *files…*
-
-# Description
-
-The command `nix-instantiate` produces [store derivation]s from (high-level) Nix expressions.
-It evaluates the Nix expressions in each of *files* (which defaults to
-*./default.nix*). Each top-level expression should evaluate to a
-derivation, a list of derivations, or a set of derivations. The paths
-of the resulting store derivations are printed on standard output.
-
-[store derivation]: @docroot@/glossary.md#gloss-store-derivation
-
-If *files* is the character `-`, then a Nix expression will be read from
-standard input.
-
-# Options
-
-- `--add-root` *path*
-
-  See the [corresponding option](./nix-store.md) in `nix-store`.
-
-- `--parse`
-
-  Just parse the input files, and print their abstract syntax trees on
-  standard output as a Nix expression.
-
-- `--eval`
-
-  Just parse and evaluate the input files, and print the resulting
-  values on standard output.
-  Store derivations are not serialized and written to the store, but instead just hashed and discarded.
-
-  > **Warning**
-  >
-  > This option produces output which can be parsed as a Nix expression which
-  > will produce a different result than the input expression when evaluated.
-  > For example, these two Nix expressions print the same result despite
-  > having different meaning:
-  >
-  > ```console
-  > $ nix-instantiate --eval --expr '{ a = {}; }'
-  > { a = <CODE>; }
-  > $ nix-instantiate --eval --expr '{ a = <CODE>; }'
-  > { a = <CODE>; }
-  > ```
-  >
-  > For human-readable output, `nix eval` (experimental) is more informative:
-  >
-  > ```console
-  > $ nix-instantiate --eval --expr 'a: a'
-  > <LAMBDA>
-  > $ nix eval --expr 'a: a'
-  > «lambda @ «string»:1:1»
-  > ```
-  >
-  > For machine-readable output, the `--xml` option produces unambiguous
-  > output:
-  >
-  > ```console
-  > $ nix-instantiate --eval --xml --expr '{ foo = <CODE>; }'
-  > <?xml version='1.0' encoding='utf-8'?>
-  > <expr>
-  >   <attrs>
-  >     <attr column="3" line="1" name="foo">
-  >       <unevaluated />
-  >     </attr>
-  >   </attrs>
-  > </expr>
-  > ```
-
-- `--find-file`
-
-  Look up the given files in Nix’s search path (as specified by the
-  `NIX_PATH` environment variable). If found, print the corresponding
-  absolute paths on standard output. For instance, if `NIX_PATH` is
-  `nixpkgs=/home/alice/nixpkgs`, then `nix-instantiate --find-file
-  nixpkgs/default.nix` will print `/home/alice/nixpkgs/default.nix`.
-
-- `--strict`
-
-  When used with `--eval`, recursively evaluate list elements and
-  attributes. Normally, such sub-expressions are left unevaluated
-  (since the Nix language is lazy).
-
-  > **Warning**
-  >
-  > This option can cause non-termination, because lazy data
-  > structures can be infinitely large.
-
-- `--raw`
-
-  When used with `--eval`, the evaluation result must be a string,
-  which is printed verbatim, without quoting, escaping or trailing newline.
-
-- `--json`
-
-  When used with `--eval`, print the resulting value as an JSON
-  representation of the abstract syntax tree rather than as a Nix expression.
-
-- `--xml`
-
-  When used with `--eval`, print the resulting value as an XML
-  representation of the abstract syntax tree rather than as a Nix expression.
-  The schema is the same as that used by the [`toXML`
-  built-in](../language/builtins.md).
-
-- `--read-write-mode`
-
-  When used with `--eval`, perform evaluation in read/write mode so
-  nix language features that require it will still work (at the cost
-  of needing to do instantiation of every evaluated derivation). If
-  this option is not enabled, there may be uninstantiated store paths
-  in the final output.
-
-{{#include ./opt-common.md}}
-
-{{#include ./env-common.md}}
-
-# Examples
-
-Instantiate [store derivation]s from a Nix expression, and build them using `nix-store`:
-
-```console
-$ nix-instantiate test.nix (instantiate)
-/nix/store/cigxbmvy6dzix98dxxh9b6shg7ar5bvs-perl-BerkeleyDB-0.26.drv
-
-$ nix-store --realise $(nix-instantiate test.nix) (build)
-...
-/nix/store/qhqk4n8ci095g3sdp93x7rgwyh9rdvgk-perl-BerkeleyDB-0.26 (output path)
-
-$ ls -l /nix/store/qhqk4n8ci095g3sdp93x7rgwyh9rdvgk-perl-BerkeleyDB-0.26
-dr-xr-xr-x    2 eelco    users        4096 1970-01-01 01:00 lib
-...
-```
-
-You can also give a Nix expression on the command line:
-
-```console
-$ nix-instantiate --expr 'with import <nixpkgs> { }; hello'
-/nix/store/j8s4zyv75a724q38cb0r87rlczaiag4y-hello-2.8.drv
-```
-
-This is equivalent to:
-
-```console
-$ nix-instantiate '<nixpkgs>' --attr hello
-```
-
-Parsing and evaluating Nix expressions:
-
-```console
-$ nix-instantiate --parse --expr '1 + 2'
-1 + 2
-```
-
-```console
-$ nix-instantiate --eval --expr '1 + 2'
-3
-```
-
-```console
-$ nix-instantiate --eval --xml --expr '1 + 2'
-<?xml version='1.0' encoding='utf-8'?>
-<expr>
-  <int value="3" />
-</expr>
-```
-
-The difference between non-strict and strict evaluation:
-
-```console
-$ nix-instantiate --eval --xml --expr '{ x = {}; }'
-<?xml version='1.0' encoding='utf-8'?>
-<expr>
-  <attrs>
-    <attr column="3" line="1" name="x">
-      <unevaluated />
-    </attr>
-  </attrs>
-</expr>
-
-$ nix-instantiate --eval --xml --strict --expr '{ x = {}; }'
-<?xml version='1.0' encoding='utf-8'?>
-<expr>
-  <attrs>
-    <attr column="3" line="1" name="x">
-      <attrs>
-      </attrs>
-    </attr>
-  </attrs>
-</expr>
-```

doc/manual/source/command-ref/nix-store/export.md

@@ -1,53 +0,0 @@
-# Name
-
-`nix-store --export` - export store paths to a [Nix Archive]
-
-## Synopsis
-
-`nix-store` `--export` *paths…*
-
-## Description
-
-The operation `--export` writes a serialisation of the given [store objects](@docroot@/glossary.md#gloss-store-object) to standard output in a format that can be imported into another [Nix store](@docroot@/store/index.md) with [`nix-store --import`](./import.md).
-
-> **Warning**
->
-> This command *does not* produce a [closure](@docroot@/glossary.md#gloss-closure) of the specified store paths.
-> Trying to import a store object that refers to store paths not available in the target Nix store will fail.
->
-> Use [`nix-store --query`](@docroot@/command-ref/nix-store/query.md) to obtain the closure of a store path.
-
-This command is different from [`nix-store --dump`](./dump.md), which produces a [Nix archive](@docroot@/glossary.md#gloss-nar) that *does not* contain the set of [references](@docroot@/glossary.md#gloss-reference) of a given store path.
-
-> **Note**
->
-> For efficient transfer of closures to remote machines over SSH, use [`nix-copy-closure`](@docroot@/command-ref/nix-copy-closure.md).
-
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
-
-{{#include ./opt-common.md}}
-
-{{#include ../opt-common.md}}
-
-{{#include ../env-common.md}}
-
-# Examples
-
-> **Example**
->
-> Deploy GNU Hello to an airgapped machine via USB stick.
->
-> Write the closure to the block device on a machine with internet connection:
->
-> ```shell-session
-> [alice@itchy]$ storePath=$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)
-> [alice@itchy]$ nix-store --export $(nix-store --query --requisites $storePath) | sudo dd of=/dev/usb
-> ```
->
-> Read the closure from the block device on the machine without internet connection:
->
-> ```shell-session
-> [bob@scratchy]$ hello=$(sudo dd if=/dev/usb | nix-store --import | tail -1)
-> [bob@scratchy]$ $hello/bin/hello
-> Hello, world!
-> ```

doc/manual/source/command-ref/nix-store/import.md

@@ -1,43 +0,0 @@
-# Name
-
-`nix-store --import` - import [Nix Archive] into the store
-
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
-
-# Synopsis
-
-`nix-store` `--import`
-
-# Description
-
-The operation `--import` reads a serialisation of a set of [store objects](@docroot@/glossary.md#gloss-store-object) produced by [`nix-store --export`](./export.md) from standard input, and adds those store objects to the specified [Nix store](@docroot@/store/index.md).
-Paths that already exist in the target Nix store are ignored.
-If a path [refers](@docroot@/glossary.md#gloss-reference) to another path that doesn’t exist in the target Nix store, the import fails.
-
-> **Note**
->
-> For efficient transfer of closures to remote machines over SSH, use [`nix-copy-closure`](@docroot@/command-ref/nix-copy-closure.md).
-
-{{#include ./opt-common.md}}
-
-{{#include ../opt-common.md}}
-
-{{#include ../env-common.md}}
-
-# Examples
-
-> **Example**
->
-> Given a closure of GNU Hello as a file:
->
-> ```shell-session
-> $ storePath="$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)"
-> $ nix-store --export $(nix-store --query --requisites $storePath) > hello.closure
-> ```
->
-> Import the closure into a [remote SSH store](@docroot@/store/types/ssh-store.md) using the [`--store`](@docroot@/command-ref/conf-file.md#conf-store) option:
->
-> ```console
-> $ nix-store --import --store ssh://alice@itchy.example.org < hello.closure
-> ```
-

doc/manual/source/command-ref/nix-store/query.md

@@ -1,248 +0,0 @@
-# Name
-
-`nix-store --query` - display information about store paths
-
-# Synopsis
-
-`nix-store` {`--query` | `-q`}
-  {`--outputs` | `--requisites` | `-R` | `--references` | `--referrers` |
-  `--referrers-closure` | `--deriver` | `-d` | `--valid-derivers` |
-  `--graph` | `--tree` | `--binding` *name* | `-b` *name* | `--hash` |
-  `--size` | `--roots`}
-  [`--use-output`] [`-u`] [`--force-realise`] [`-f`]
-  *paths…*
-
-# Description
-
-The operation `--query` displays various bits of information about the
-store paths . The queries are described below. At most one query can be
-specified. The default query is `--outputs`.
-
-The paths *paths* may also be symlinks from outside of the Nix store, to
-the Nix store. In that case, the query is applied to the target of the
-symlink.
-
-# Common query options
-
-- `--use-output` / `-u`
-
-  For each argument to the query that is a [store derivation], apply the
-  query to the output path of the derivation instead.
-
-- `--force-realise` / `-f`
-
-  Realise each argument to the query first (see [`nix-store --realise`](./realise.md)).
-
-[store derivation]: @docroot@/glossary.md#gloss-store-derivation
-
-# Queries
-
-- `--outputs`
-
-  Prints out the [output paths] of the store
-  derivations *paths*. These are the paths that will be produced when
-  the derivation is built.
-
-  [output paths]: @docroot@/glossary.md#gloss-output-path
-
-- `--references`
-
-  Prints the set of [references] of the store paths
-  *paths*, that is, their immediate dependencies. (For *all*
-  dependencies, use `--requisites`.)
-
-  [references]: @docroot@/glossary.md#gloss-reference
-
-- `--requisites` / `-R`
-
-  Prints out the set of [*requisites*][requisite] (better known as the [closure]) of the store path *paths*.
-
-  [requisite]: @docroot@/glossary.md#gloss-requisite
-  [closure]: @docroot@/glossary.md#gloss-closure
-
-  This query has one option:
-
-    - `--include-outputs`
-      Also include the existing output paths of [store derivation]s,
-      and their closures.
-
-  This query can be used to implement various kinds of deployment. A
-  *source deployment* is obtained by distributing the closure of a
-  store derivation. A *binary deployment* is obtained by distributing
-  the closure of an output path. A *cache deployment* (combined
-  source/binary deployment, including binaries of build-time-only
-  dependencies) is obtained by distributing the closure of a store
-  derivation and specifying the option `--include-outputs`.
-
-- `--referrers`
-
-  Prints the set of [*referrers*][referrer] of the store paths *paths*, that is,
-  the store paths currently existing in the Nix store that refer to
-  one of *paths*. Note that contrary to the references, the set of
-  referrers is not constant; it can change as store paths are added or
-  removed.
-
-  [referrer]: @docroot@/glossary.md#gloss-referrer
-
-- `--referrers-closure`
-
-  Prints the closure of the set of store paths *paths* under the
-  [referrers relation][referrer]; that is, all store paths that directly or
-  indirectly refer to one of *paths*. These are all the path currently
-  in the Nix store that are dependent on *paths*.
-
-  [referrer]: @docroot@/glossary.md#gloss-referrer
-
-- `--deriver` / `-d`
-
-  Prints the [deriver] that was used to build the store paths *paths*. If
-  the path has no deriver (e.g., if it is a source file), or if the
-  deriver is not known (e.g., in the case of a binary-only
-  deployment), the string `unknown-deriver` is printed.
-  The returned deriver is not guaranteed to exist in the local store, for
-  example when *paths* were substituted from a binary cache.
-  Use `--valid-derivers` instead to obtain valid paths only.
-
-  [deriver]: @docroot@/glossary.md#gloss-deriver
-
-- `--valid-derivers`
-
-  Prints a set of derivation files (`.drv`) which are supposed produce
-  said paths when realized. Might print nothing, for example for source paths
-  or paths substituted from a binary cache.
-
-- `--graph`
-
-  Prints the references graph of the store paths *paths* in the format
-  of the `dot` tool of AT\&T's [Graphviz
-  package](http://www.graphviz.org/). This can be used to visualise
-  dependency graphs. To obtain a build-time dependency graph, apply
-  this to a store derivation. To obtain a runtime dependency graph,
-  apply it to an output path.
-
-- `--tree`
-
-  Prints the references graph of the store paths *paths* as a nested
-  ASCII tree. References are ordered by descending closure size; this
-  tends to flatten the tree, making it more readable. The query only
-  recurses into a store path when it is first encountered; this
-  prevents a blowup of the tree representation of the graph.
-
-- `--graphml`
-
-  Prints the references graph of the store paths *paths* in the
-  [GraphML](http://graphml.graphdrawing.org/) file format. This can be
-  used to visualise dependency graphs. To obtain a build-time
-  dependency graph, apply this to a [store derivation]. To obtain a
-  runtime dependency graph, apply it to an output path.
-
-- `--binding` *name* / `-b` *name*
-
-  Prints the value of the attribute *name* (i.e., environment
-  variable) of the [store derivation]s *paths*. It is an error for a
-  derivation to not have the specified attribute.
-
-- `--hash`
-
-  Prints the SHA-256 hash of the contents of the store paths *paths*
-  (that is, the hash of the output of `nix-store --dump` on the given
-  paths). Since the hash is stored in the Nix database, this is a fast
-  operation.
-
-- `--size`
-
-  Prints the size in bytes of the contents of the store paths *paths*
-  — to be precise, the size of the output of `nix-store --dump` on
-  the given paths. Note that the actual disk space required by the
-  store paths may be higher, especially on filesystems with large
-  cluster sizes.
-
-- `--roots`
-
-  Prints the garbage collector roots that point, directly or
-  indirectly, at the store paths *paths*.
-
-{{#include ./opt-common.md}}
-
-{{#include ../opt-common.md}}
-
-{{#include ../env-common.md}}
-
-# Examples
-
-Print the closure (runtime dependencies) of the `svn` program in the
-current user environment:
-
-```console
-$ nix-store --query --requisites $(which svn)
-/nix/store/5mbglq5ldqld8sj57273aljwkfvj22mc-subversion-1.1.4
-/nix/store/9lz9yc6zgmc0vlqmn2ipcpkjlmbi51vv-glibc-2.3.4
-...
-```
-
-Print the build-time dependencies of `svn`:
-
-```console
-$ nix-store --query --requisites $(nix-store --query --deriver $(which svn))
-/nix/store/02iizgn86m42q905rddvg4ja975bk2i4-grep-2.5.1.tar.bz2.drv
-/nix/store/07a2bzxmzwz5hp58nf03pahrv2ygwgs3-gcc-wrapper.sh
-/nix/store/0ma7c9wsbaxahwwl04gbw3fcd806ski4-glibc-2.3.4.drv
-... lots of other paths ...
-```
-
-The difference with the previous example is that we ask the closure of
-the derivation (`-qd`), not the closure of the output path that contains
-`svn`.
-
-Show the build-time dependencies as a tree:
-
-```console
-$ nix-store --query --tree $(nix-store --query --deriver $(which svn))
-/nix/store/7i5082kfb6yjbqdbiwdhhza0am2xvh6c-subversion-1.1.4.drv
-+---/nix/store/d8afh10z72n8l1cr5w42366abiblgn54-builder.sh
-+---/nix/store/fmzxmpjx2lh849ph0l36snfj9zdibw67-bash-3.0.drv
-|   +---/nix/store/570hmhmx3v57605cqg9yfvvyh0nnb8k8-bash
-|   +---/nix/store/p3srsbd8dx44v2pg6nbnszab5mcwx03v-builder.sh
-...
-```
-
-Show all paths that depend on the same OpenSSL library as `svn`:
-
-```console
-$ nix-store --query --referrers $(nix-store --query --binding openssl $(nix-store --query --deriver $(which svn)))
-/nix/store/23ny9l9wixx21632y2wi4p585qhva1q8-sylpheed-1.0.0
-/nix/store/5mbglq5ldqld8sj57273aljwkfvj22mc-subversion-1.1.4
-/nix/store/dpmvp969yhdqs7lm2r1a3gng7pyq6vy4-subversion-1.1.3
-/nix/store/l51240xqsgg8a7yrbqdx1rfzyv6l26fx-lynx-2.8.5
-```
-
-Show all paths that directly or indirectly depend on the Glibc (C
-library) used by `svn`:
-
-```console
-$ nix-store --query --referrers-closure $(ldd $(which svn) | grep /libc.so | awk '{print $3}')
-/nix/store/034a6h4vpz9kds5r6kzb9lhh81mscw43-libgnomeprintui-2.8.2
-/nix/store/15l3yi0d45prm7a82pcrknxdh6nzmxza-gawk-3.1.4
-...
-```
-
-Note that `ldd` is a command that prints out the dynamic libraries used
-by an ELF executable.
-
-Make a picture of the runtime dependency graph of the current user
-environment:
-
-```console
-$ nix-store --query --graph ~/.nix-profile | dot -Tps > graph.ps
-$ gv graph.ps
-```
-
-Show every garbage collector root that points to a store path that
-depends on `svn`:
-
-```console
-$ nix-store --query --roots $(which svn)
-/nix/var/nix/profiles/default-81-link
-/nix/var/nix/profiles/default-82-link
-/home/eelco/.local/state/nix/profiles/profile-97-link
-```

doc/manual/source/development/benchmarking.md

@@ -1,187 +0,0 @@
-# Running Benchmarks
-
-This guide explains how to build and run performance benchmarks in the Nix codebase.
-
-## Overview
-
-Nix uses the [Google Benchmark](https://github.com/google/benchmark) framework for performance testing. Benchmarks help measure and track the performance of critical operations like derivation parsing.
-
-## Building Benchmarks
-
-Benchmarks are disabled by default and must be explicitly enabled during the build configuration. For accurate results, use a debug-optimized release build.
-
-### Development Environment Setup
-
-First, enter the development shell which includes the necessary dependencies:
-
-```bash
-nix develop .#native-ccacheStdenv
-```
-
-### Configure Build with Benchmarks
-
-From the project root, configure the build with benchmarks enabled and optimization:
-
-```bash
-cd build
-meson configure -Dbenchmarks=true -Dbuildtype=debugoptimized
-```
-
-The `debugoptimized` build type provides:
-- Compiler optimizations for realistic performance measurements
-- Debug symbols for profiling and analysis
-- Balance between performance and debuggability
-
-### Build the Benchmarks
-
-Build the project including benchmarks:
-
-```bash
-ninja
-```
-
-This will create benchmark executables in the build directory. Currently available:
-- `build/src/libstore-tests/nix-store-benchmarks` - Store-related performance benchmarks
-
-Additional benchmark executables will be created as more benchmarks are added to the codebase.
-
-## Running Benchmarks
-
-### Basic Usage
-
-Run benchmark executables directly. For example, to run store benchmarks:
-
-```bash
-./build/src/libstore-tests/nix-store-benchmarks
-```
-
-As more benchmark executables are added, run them similarly from their respective build directories.
-
-### Filtering Benchmarks
-
-Run specific benchmarks using regex patterns:
-
-```bash
-# Run only derivation parser benchmarks
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter="derivation.*"
-
-# Run only benchmarks for hello.drv
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter=".*hello.*"
-```
-
-### Output Formats
-
-Generate benchmark results in different formats:
-
-```bash
-# JSON output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > results.json
-
-# CSV output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=csv > results.csv
-```
-
-### Advanced Options
-
-```bash
-# Run benchmarks multiple times for better statistics
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_repetitions=10
-
-# Set minimum benchmark time (useful for micro-benchmarks)
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_min_time=2
-
-# Compare against baseline
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-
-# Display time in custom units
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_time_unit=ms
-```
-
-## Writing New Benchmarks
-
-To add new benchmarks:
-
-1. Create a new `.cc` file in the appropriate `*-tests` directory
-2. Include the benchmark header:
-   ```cpp
-   #include <benchmark/benchmark.h>
-   ```
-
-3. Write benchmark functions:
-   ```cpp
-   static void BM_YourBenchmark(benchmark::State & state)
-   {
-       // Setup code here
-
-       for (auto _ : state) {
-           // Code to benchmark
-       }
-   }
-   BENCHMARK(BM_YourBenchmark);
-   ```
-
-4. Add the file to the corresponding `meson.build`:
-   ```meson
-   benchmarks_sources = files(
-       'your-benchmark.cc',
-       # existing benchmarks...
-   )
-   ```
-
-## Profiling with Benchmarks
-
-For deeper performance analysis, combine benchmarks with profiling tools:
-
-```bash
-# Using Linux perf
-perf record ./build/src/libstore-tests/nix-store-benchmarks
-perf report
-```
-
-### Using Valgrind Callgrind
-
-Valgrind's callgrind tool provides detailed profiling information that can be visualized with kcachegrind:
-
-```bash
-# Profile with callgrind
-valgrind --tool=callgrind ./build/src/libstore-tests/nix-store-benchmarks
-
-# Visualize the results with kcachegrind
-kcachegrind callgrind.out.*
-```
-
-This provides:
-- Function call graphs
-- Instruction-level profiling
-- Source code annotation
-- Interactive visualization of performance bottlenecks
-
-## Continuous Performance Testing
-
-```bash
-# Save baseline results
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > baseline.json
-
-# Compare against baseline in CI
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-```
-
-## Troubleshooting
-
-### Benchmarks not building
-
-Ensure benchmarks are enabled:
-```bash
-meson configure build | grep benchmarks
-# Should show: benchmarks true
-```
-
-### Inconsistent results
-
-- Ensure your system is not under heavy load
-- Disable CPU frequency scaling for consistent results
-- Run benchmarks multiple times with `--benchmark_repetitions`
-
-## See Also
-
-- [Google Benchmark documentation](https://github.com/google/benchmark/blob/main/docs/user_guide.md)

doc/manual/source/development/building.md

@@ -1,323 +0,0 @@
-# Building Nix
-
-This section provides some notes on how to start hacking on Nix.
-To get the latest version of Nix from GitHub:
-
-```console
-$ git clone https://github.com/NixOS/nix.git
-$ cd nix
-```
-
-> **Note**
->
-> The following instructions assume you already have some version of Nix installed locally, so that you can use it to set up the development environment.
-> If you don't have it installed, follow the [installation instructions](../installation/index.md).
-
-
-To build all dependencies and start a shell in which all environment variables are set up so that those dependencies can be found:
-
-```console
-$ nix-shell
-```
-
-To get a shell with one of the other [supported compilation environments](#compilation-environments):
-
-```console
-$ nix-shell --attr devShells.x86_64-linux.native-clangStdenv
-```
-
-> **Note**
->
-> You can use `native-ccacheStdenv` to drastically improve rebuild time.
-> By default, [ccache](https://ccache.dev) keeps artifacts in `~/.cache/ccache/`.
-
-To build Nix itself in this shell:
-
-```console
-[nix-shell]$ out="$(pwd)/outputs/out" dev=$out debug=$out mesonFlags+=" --prefix=${out}"
-[nix-shell]$ dontAddPrefix=1 configurePhase
-[nix-shell]$ buildPhase
-```
-
-To test it:
-
-```console
-[nix-shell]$ checkPhase
-```
-
-To install it in `$(pwd)/outputs`:
-
-```console
-[nix-shell]$ installPhase
-[nix-shell]$ ./outputs/out/bin/nix --version
-nix (Nix) 2.12
-```
-
-To build a release version of Nix for the current operating system and CPU architecture:
-
-```console
-$ nix-build
-```
-
-You can also build Nix for one of the [supported platforms](#platforms).
-
-## Building Nix with flakes
-
-This section assumes you are using Nix with the [`flakes`] and [`nix-command`] experimental features enabled.
-
-[`flakes`]: @docroot@/development/experimental-features.md#xp-feature-flakes
-[`nix-command`]: @docroot@/development/experimental-features.md#xp-feature-nix-command
-
-To build all dependencies and start a shell in which all environment variables are set up so that those dependencies can be found:
-
-```console
-$ nix develop
-```
-
-This shell also adds `./outputs/bin/nix` to your `$PATH` so you can run `nix` immediately after building it.
-
-To get a shell with one of the other [supported compilation environments](#compilation-environments):
-
-```console
-$ nix develop .#native-clangStdenv
-```
-
-> **Note**
->
-> Use `ccacheStdenv` to drastically improve rebuild time.
-> By default, [ccache](https://ccache.dev) keeps artifacts in `~/.cache/ccache/`.
-
-To build Nix itself in this shell:
-
-```console
-[nix-shell]$ configurePhase
-[nix-shell]$ buildPhase
-```
-
-To test it:
-
-```console
-[nix-shell]$ checkPhase
-```
-
-To install it in `$(pwd)/outputs`:
-
-```console
-[nix-shell]$ installPhase
-[nix-shell]$ nix --version
-nix (Nix) 2.12
-```
-
-For more information on running and filtering tests, see
-[`testing.md`](./testing.md).
-
-To build a release version of Nix for the current operating system and CPU architecture:
-
-```console
-$ nix build
-```
-
-You can also build Nix for one of the [supported platforms](#platforms).
-
-## Platforms
-
-Nix can be built for various platforms, as specified in [`flake.nix`]:
-
-[`flake.nix`]: https://github.com/nixos/nix/blob/master/flake.nix
-
-- `x86_64-linux`
-- `x86_64-darwin`
-- `i686-linux`
-- `aarch64-linux`
-- `aarch64-darwin`
-- `armv6l-linux`
-- `armv7l-linux`
-- `riscv64-linux`
-
-In order to build Nix for a different platform than the one you're currently
-on, you need a way for your current Nix installation to build code for that
-platform. Common solutions include [remote build machines] and [binary format emulation]
-(only supported on NixOS).
-
-[remote builders]: @docroot@/language/derivations.md#attr-builder
-[binary format emulation]: https://nixos.org/manual/nixos/stable/options.html#opt-boot.binfmt.emulatedSystems
-
-Given such a setup, executing the build only requires selecting the respective attribute.
-For example, to compile for `aarch64-linux`:
-
-```console
-$ nix-build --attr packages.aarch64-linux.default
-```
-
-or for Nix with the [`flakes`] and [`nix-command`] experimental features enabled:
-
-```console
-$ nix build .#packages.aarch64-linux.default
-```
-
-Cross-compiled builds are available for:
-- `armv6l-linux`
-- `armv7l-linux`
-- `riscv64-linux`
-Add more [system types](#system-type) to `crossSystems` in `flake.nix` to bootstrap Nix on unsupported platforms.
-
-### Building for multiple platforms at once
-
-It is useful to perform multiple cross and native builds on the same source tree,
-for example to ensure that better support for one platform doesn't break the build for another.
-Meson thankfully makes this very easy by confining all build products to the build directory --- one simple shares the source directory between multiple build directories, each of which contains the build for Nix to a different platform.
-
-Here's how to do that:
-
-1. Instruct Nixpkgs's infra where we want Meson to put its build directory
-
-   ```bash
-   mesonBuildDir=build-my-variant-name
-   ```
-
-1. Configure as usual
-
-   ```bash
-   configurePhase
-   ```
-
-3. Build as usual
-
-   ```bash
-   buildPhase
-   ```
-
-## System type
-
-Nix uses a string with the following format to identify the *system type* or *platform* it runs on:
-
-```
-<cpu>-<os>[-<abi>]
-```
-
-It is set when Nix is compiled for the given system, and based on the output of Meson's [`host_machine` information](https://mesonbuild.com/Reference-manual_builtin_host_machine.html)>
-
-```
-<cpu>-<vendor>-<os>[<version>][-<abi>]
-```
-
-When cross-compiling Nix with Meson for local development, you need to specify a [cross-file](https://mesonbuild.com/Cross-compilation.html) using the `--cross-file` option. Cross-files define the target architecture and toolchain. When cross-compiling Nix with Nix, Nixpkgs takes care of this for you.
-
-In the nix flake we also have some cross-compilation targets available:
-
-```
-nix build .#nix-everything-riscv64-unknown-linux-gnu
-nix build .#nix-everything-armv7l-unknown-linux-gnueabihf
-nix build .#nix-everything-armv7l-unknown-linux-gnueabihf
-nix build .#nix-everything-x86_64-unknown-freebsd
-nix build .#nix-everything-x86_64-w64-mingw32
-```
-
-For historic reasons and backward-compatibility, some CPU and OS identifiers are translated as follows:
-
-| `host_machine.cpu_family()` | `host_machine.endian()` | Nix                 |
-|-----------------------------|-------------------------|---------------------|
-| `x86`                       |                         | `i686`              |
-| `arm`                       |                         | `host_machine.cpu()`|
-| `ppc`                       | `little`                | `powerpcle`         |
-| `ppc64`                     | `little`                | `powerpc64le`       |
-| `ppc`                       | `big`                   | `powerpc`           |
-| `ppc64`                     | `big`                   | `powerpc64`         |
-| `mips`                      | `little`                | `mipsel`            |
-| `mips64`                    | `little`                | `mips64el`          |
-| `mips`                      | `big`                   | `mips`              |
-| `mips64`                    | `big`                   | `mips64`            |
-
-## Compilation environments
-
-Nix can be compiled using multiple environments:
-
-- `stdenv`: default;
-- `gccStdenv`: force the use of `gcc` compiler;
-- `clangStdenv`: force the use of `clang` compiler;
-- `ccacheStdenv`: enable [ccache], a compiler cache to speed up compilation.
-
-To build with one of those environments, you can use
-
-```console
-$ nix build .#nix-cli-ccacheStdenv
-```
-
-for flake-enabled Nix, or
-
-```console
-$ nix-build --attr nix-cli-ccacheStdenv
-```
-
-for classic Nix.
-
-You can use any of the other supported environments in place of `nix-cli-ccacheStdenv`.
-
-## Editor integration
-
-The `clangd` LSP server is installed by default on the `clang`-based `devShell`s.
-See [supported compilation environments](#compilation-environments) and instructions how to set up a shell [with flakes](#building-nix-with-flakes) or in [classic Nix](#building-nix).
-
-To use the LSP with your editor, you will want a `compile_commands.json` file telling `clangd` how we are compiling the code.
-Meson's configure always produces this inside the build directory.
-
-Configure your editor to use the `clangd` from the `.#native-clangStdenv` shell.
-You can do that either by running it inside the development shell, or by using [nix-direnv](https://github.com/nix-community/nix-direnv) and [the appropriate editor plugin](https://github.com/direnv/direnv/wiki#editor-integration).
-
-> **Note**
->
-> For some editors (e.g. Visual Studio Code), you may need to install a [special extension](https://open-vsx.org/extension/llvm-vs-code-extensions/vscode-clangd) for the editor to interact with `clangd`.
-> Some other editors (e.g. Emacs, Vim) need a plugin to support LSP servers in general (e.g. [lsp-mode](https://github.com/emacs-lsp/lsp-mode) for Emacs and [vim-lsp](https://github.com/prabirshrestha/vim-lsp) for vim).
-> Editor-specific setup is typically opinionated, so we will not cover it here in more detail.
-
-## Formatting and pre-commit hooks
-
-You may run the formatters as a one-off using:
-
-```console
-./maintainers/format.sh
-```
-
-### Pre-commit hooks
-
-If you'd like to run the formatters before every commit, install the hooks:
-
-```
-pre-commit-hooks-install
-```
-
-This installs [pre-commit](https://pre-commit.com) using [cachix/git-hooks.nix](https://github.com/cachix/git-hooks.nix).
-
-When making a commit, pay attention to the console output.
-If it fails, run `git add --patch` to approve the suggestions _and commit again_.
-
-To refresh pre-commit hook's config file, do the following:
-1. Exit the development shell and start it again by running `nix develop`.
-2. If you also use the pre-commit hook, also run `pre-commit-hooks-install` again.
-
-### VSCode
-
-Insert the following json into your `.vscode/settings.json` file to configure `nixfmt`.
-This will be picked up by the _Format Document_ command, `"editor.formatOnSave"`, etc.
-
-```json
-{
-  "nix.formatterPath": "nixfmt",
-  "nix.serverSettings": {
-    "nixd": {
-      "formatting": {
-        "command": [
-          "nixfmt"
-        ],
-      },
-    },
-    "nil": {
-      "formatting": {
-        "command": [
-          "nixfmt"
-        ],
-      },
-    },
-  },
-}
-```

doc/manual/source/development/contributing.md

@@ -1,80 +0,0 @@
-# Contributing
-
-## Add a release note
-
-`doc/manual/rl-next` contains release notes entries for all unreleased changes.
-
-User-visible changes should come with a release note.
-
-### Add an entry
-
-Here's what a complete entry looks like. The file name is not incorporated in the document.
-
-```
----
-synopsis: Basically a title
-issues: 1234
-prs: 1238
----
-
-Here's one or more paragraphs that describe the change.
-
-- It's markdown
-- Add references to the manual using [links like this](@_at_docroot@/example.md)
-```
-<!-- for the raw markdown readers: that means using @docroot@ -->
-
-Significant changes should add the following header, which moves them to the top.
-
-```
-significance: significant
-```
-
-<!-- Keep an eye on https://codeberg.org/fgaz/changelog-d/issues/1 -->
-See also the [format documentation](https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#changelog).
-
-### Build process
-
-Releases have a precomputed `rl-MAJOR.MINOR.md`, and no `rl-next.md`.
-
-## Branches
-
-- [`master`](https://github.com/NixOS/nix/commits/master)
-
-  The main development branch. All changes are approved and merged here.
-  When developing a change, create a branch based on the latest `master`.
-
-  Maintainers try to [keep it in a release-worthy state](#reverting).
-
-- [`maintenance-*.*`](https://github.com/NixOS/nix/branches/all?query=maintenance)
-
-  These branches are the subject of backports only, and are
-  also [kept](#reverting) in a release-worthy state.
-
-  See [`maintainers/backporting.md`](https://github.com/NixOS/nix/blob/master/maintainers/backporting.md)
-
-- [`latest-release`](https://github.com/NixOS/nix/tree/latest-release)
-
-  The latest patch release of the latest minor version.
-
-  See [`maintainers/release-process.md`](https://github.com/NixOS/nix/blob/master/maintainers/release-process.md)
-
-- [`backport-*-to-*`](https://github.com/NixOS/nix/branches/all?query=backport)
-
-  Generally branches created by the backport action.
-
-  See [`maintainers/backporting.md`](https://github.com/NixOS/nix/blob/master/maintainers/backporting.md)
-
-- [_other_](https://github.com/NixOS/nix/branches/all)
-
-  Branches that do not conform to the above patterns should be feature branches.
-
-## Reverting
-
-If a change turns out to be merged by mistake, or contain a regression, it may be reverted.
-A revert is not a rejection of the contribution, but merely part of an effective development process.
-It makes sure that development keeps running smoothly, with minimal uncertainty, and less overhead.
-If maintainers have to worry too much about avoiding reverts, they would not be able to merge as much.
-By embracing reverts as a good part of the development process, everyone wins.
-
-However, taking a step back may be frustrating, so maintainers will be extra supportive on the next try.

doc/manual/source/development/debugging.md

@@ -1,86 +0,0 @@
-# Debugging Nix
-
-This section shows how to build and debug Nix with debug symbols enabled.
-
-Additionally, see [Testing Nix](./testing.md) for further instructions on how to debug Nix in the context of a unit test or functional test.
-
-## Building Nix with Debug Symbols
-
-In the development shell, set the `mesonBuildType` environment variable to `debug` before configuring the build:
-
-```console
-[nix-shell]$ export mesonBuildType=debugoptimized
-```
-
-Then, proceed to build Nix as described in [Building Nix](./building.md).
-This will build Nix with debug symbols, which are essential for effective debugging.
-
-It is also possible to build without debugging for faster build:
-
-```console
-[nix-shell]$ NIX_HARDENING_ENABLE=$(printLines $NIX_HARDENING_ENABLE | grep -v fortify)
-[nix-shell]$ export mesonBuildType=debug
-```
-
-(The first line is needed because `fortify` hardening requires at least some optimization.)
-
-## Building Nix with sanitizers
-
-Nix can be built with [Address](https://clang.llvm.org/docs/AddressSanitizer.html) and
-[UB](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html) sanitizers using LLVM
-or GCC. This is useful when debugging memory corruption issues.
-
-```console
-[nix-shell]$ export mesonBuildType=debugoptimized
-[nix-shell]$ appendToVar mesonFlags "-Dlibexpr:gc=disabled" # Disable Boehm
-[nix-shell]$ appendToVar mesonFlags "-Dbindings=false" # Disable nix-perl
-[nix-shell]$ appendToVar mesonFlags "-Db_sanitize=address,undefined"
-```
-
-## Debugging the Nix Binary
-
-Obtain your preferred debugger within the development shell:
-
-```console
-[nix-shell]$ nix-shell -p gdb
-```
-
-On macOS, use `lldb`:
-
-```console
-[nix-shell]$ nix-shell -p lldb
-```
-
-### Launching the Debugger
-
-To debug the Nix binary, run:
-
-```console
-[nix-shell]$ gdb --args ../outputs/out/bin/nix
-```
-
-On macOS, use `lldb`:
-
-```console
-[nix-shell]$ lldb -- ../outputs/out/bin/nix
-```
-
-### Using the Debugger
-
-Inside the debugger, you can set breakpoints, run the program, and inspect variables.
-
-```gdb
-(gdb) break main
-(gdb) run <arguments>
-```
-
-Refer to the [GDB Documentation](https://www.gnu.org/software/gdb/documentation/) for comprehensive usage instructions.
-
-On macOS, use `lldb`:
-
-```lldb
-(lldb) breakpoint set --name main
-(lldb) process launch -- <arguments>
-```
-
-Refer to the [LLDB Tutorial](https://lldb.llvm.org/use/tutorial.html) for comprehensive usage instructions.

doc/manual/source/development/documentation.md

@@ -1,248 +0,0 @@
-# Contributing documentation
-
-Improvements to documentation are very much appreciated, and a good way to start out with contributing to Nix.
-
-This is how you can help:
-- Address [open issues with documentation](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+label%3Adocumentation)
-- Review [pull requests concerning documentation](https://github.com/NixOS/nix/pulls?q=is%3Apr+is%3Aopen+label%3Adocumentation)
-
-Incremental refactorings of the documentation build setup to make it faster or easier to understand and maintain are also welcome.
-
-## Building the manual
-
-Build the manual from scratch:
-
-```console
-nix-build -E '(import ./.).packages.${builtins.currentSystem}.nix.doc'
-```
-
-or
-
-```console
-nix build .#nix-manual
-```
-
-and open `./result/share/doc/nix/manual/index.html`.
-
-
-To build the manual incrementally, [enter the development shell](./building.md) and configure with `doc-gen` enabled:
-
-**If using interactive `nix develop`:**
-
-```console
-$ nix develop
-$ mesonFlags="$mesonFlags -Ddoc-gen=true" mesonConfigurePhase
-```
-
-**If using direnv:**
-
-```console
-$ direnv allow
-$ bash -c 'source $stdenv/setup && mesonFlags="$mesonFlags -Ddoc-gen=true" mesonConfigurePhase'
-```
-
-Then build the manual:
-
-```console
-$ cd build
-$ meson compile manual
-```
-
-The HTML manual will be generated at `build/src/nix-manual/manual/index.html`.
-
-## Style guide
-
-The goal of this style guide is to make it such that
-- The manual is easy to search and skim for relevant information
-- Documentation sources are easy to edit
-- Changes to documentation are easy to review
-
-You will notice that this is not implemented consistently yet.
-Please follow the guide when making additions or changes to existing documentation.
-Do not make sweeping changes, unless they are programmatic and can be validated easily.
-
-### Language
-
-This manual is [reference documentation](https://diataxis.fr/reference/).
-The typical usage pattern is to look up isolated pieces of information.
-It should therefore aim to be correct, consistent, complete, and easy to navigate at a glance.
-
-- Aim for clarity and brevity.
-
-  Please take the time to read the [plain language guidelines](https://www.plainlanguage.gov/guidelines/) for details.
-
-- Describe the subject factually.
-
-  In particular, do not make value judgements or recommendations.
-  Check the code or add tests if in doubt.
-
-- Provide complete, minimal examples, and explain them.
-
-  Readers should be able to try examples verbatim and get the same results as shown in the manual.
-  Always describe in words what a given example does.
-
-  Non-trivial examples may need additional explanation, especially if they use concepts from outside the given context.
-
-- Always explain code examples in the text.
-
-  Use comments in code samples very sparingly, for instance to highlight a particular aspect.
-  Readers tend to glance over large amounts of code when scanning for information.
-
-  Especially beginners will likely find reading more complex-looking code strenuous and may therefore avoid it altogether.
-
-  If a code sample appears to require a lot of inline explanation, consider replacing it with a simpler one.
-  If that's not possible, break the example down into multiple parts, explain them separately, and then show the combined result at the end.
-  This should be a last resort, as that would amount to writing a [tutorial](https://diataxis.fr/tutorials/) on the given subject.
-
-- Use British English.
-
-  This is a somewhat arbitrary choice to force consistency, and accounts for the fact that a majority of Nix users and developers are from Europe.
-
-### Links and anchors
-
-Reference documentation must be readable in arbitrary order.
-Readers cannot be expected to have any particular prerequisite knowledge about Nix.
-While the table of contents can provide guidance and full-text search can help, they are most likely to find what they need by following sensible cross-references.
-
-- Link to technical terms
-
-  When mentioning Nix-specific concepts, commands, options, settings, etc., link to appropriate documentation.
-  Also link to external tools or concepts, especially if their meaning may be ambiguous.
-  You may also want to link to definitions of less common technical terms.
-
-  Then readers won't have to actively search for definitions and are more likely to discover relevant information on their own.
-
-  > **Note**
-  >
-  > `man` and `--help` pages don't display links.
-  > Use appropriate link texts such that readers of terminal output can infer search terms.
-
-- Do not break existing URLs between releases.
-
-  There are countless links in the wild pointing to old versions of the manual.
-  We want people to find up-to-date documentation when following popular advice.
-
-  - When moving files, update [redirects on nixos.org](https://github.com/NixOS/nixos-homepage/blob/master/netlify.toml).
-
-    This is especially important when moving information out of the Nix manual to other resources.
-
-  - When changing anchors, update [client-side redirects](https://github.com/NixOS/nix/blob/master/doc/manual/redirects.js)
-
-  The current setup is cumbersome, and help making better automation is appreciated.
-
-The build checks for broken internal links with.
-This happens late in the process, so [building the whole manual](#building-the-manual) is not suitable for iterating quickly.
-[`mdbook-linkcheck`] does not implement checking [URI fragments] yet.
-
-[`mdbook-linkcheck`]: https://github.com/Michael-F-Bryan/mdbook-linkcheck
-[URI fragments]: https://en.wikipedia.org/wiki/URI_fragment
-
-### Markdown conventions
-
-The manual is written in markdown, and rendered with [mdBook](https://github.com/rust-lang/mdBook) for the web and with [lowdown](https://github.com/kristapsdz/lowdown) for `man` pages and `--help` output.
-
-For supported markdown features, refer to:
-- [mdBook documentation](https://rust-lang.github.io/mdBook/format/markdown.html)
-- [lowdown documentation](https://kristaps.bsd.lv/lowdown/)
-
-Please observe these guidelines to ease reviews:
-
-- Write one sentence per line.
-
-  This makes long sentences immediately visible, and makes it easier to review changes and make direct suggestions.
-
-- Use reference links – sparingly – to ease source readability.
-  Put definitions close to their first use.
-
-  Example:
-
-  ```
-  A [store object] contains a [file system object] and [references] to other store objects.
-
-  [store object]: @docroot@/store/store-object.md
-  [file system object]: @docroot@/architecture/file-system-object.md
-  [references]: @docroot@/glossary.md#gloss-reference
-  ```
-
-- Use admonitions of the following form:
-
-  ```
-  > **Note**
-  >
-  > This is a note.
-  ```
-
-  Highlight examples as such:
-
-  ````
-  > **Example**
-  >
-  > ```console
-  > $ nix --version
-  > ```
-  ````
-
-  Highlight syntax definitions as such, using [EBNF](https://en.wikipedia.org/wiki/Extended_Backus%E2%80%93Naur_form) notation:
-
-  ````
-  > **Syntax**
-  >
-  > *attribute-set* = `{` [ *attribute-name* `=` *expression* `;` ... ] `}`
-  ````
-
-### The `@docroot@` variable
-
-`@docroot@` provides a base path for links that occur in reusable snippets or other documentation that doesn't have a base path of its own.
-
-If a broken link occurs in a snippet that was inserted into multiple generated files in different directories, use `@docroot@` to reference the `doc/manual/source` directory.
-
-If the `@docroot@` literal appears in an error message from the [`mdbook-linkcheck`] tool, the `@docroot@` replacement needs to be applied to the generated source file that mentions it.
-See existing `@docroot@` logic in the [Makefile for the manual].
-Regular markdown files used for the manual have a base path of their own and they can use relative paths instead of `@docroot@`.
-
-## API documentation
-
-[Doxygen API documentation] is available online.
-You can also build and view it yourself:
-
-[Doxygen API documentation]: https://hydra.nixos.org/job/nix/master/internal-api-docs/latest/download-by-type/doc/internal-api-docs
-
-```console
-$ nix build .#hydraJobs.internal-api-docs
-$ xdg-open ./result/share/doc/nix/internal-api/html/index.html
-```
-
-or inside `nix-shell` or `nix develop`:
-
-```console
-$ configurePhase
-$ ninja src/internal-api-docs/html
-$ xdg-open src/internal-api-docs/html/index.html
-```
-
-## C API documentation
-
-Note that the C API is not yet stable.
-[C API documentation] is available online.
-You can also build and view it yourself:
-
-[C API documentation]: https://hydra.nixos.org/job/nix/master/external-api-docs/latest/download-by-type/doc/external-api-docs
-
-```console
-$ nix build .#hydraJobs.external-api-docs
-$ xdg-open ./result/share/doc/nix/external-api/html/index.html
-```
-
-or inside `nix-shell` or `nix develop`:
-
-```
-$ configurePhase
-$ ninja src/external-api-docs/html
-$ xdg-open src/external-api-docs/html/index.html
-```
-
-If you use direnv, or otherwise want to run `configurePhase` in a transient shell, use:
-
-```bash
-nix-shell -A devShells.x86_64-linux.native-clangStdenv --command 'appendToVar mesonFlags "-Ddoc-gen=true"; mesonConfigurePhase'
-```

doc/manual/source/development/index.md

@@ -1,8 +0,0 @@
-# Development
-
-Nix is developed on GitHub.
-Check the [contributing guide](https://github.com/NixOS/nix/blob/master/CONTRIBUTING.md) if you want to get involved.
-
-This chapter is a collection of guides for making changes to the code and documentation.
-
-If you're not sure where to start, try to [compile Nix from source](./building.md) and consider [making improvements to documentation](./documentation.md).

doc/manual/source/development/json-guideline.md

@@ -1,128 +0,0 @@
-# JSON guideline
-
-Nix consumes and produces JSON in a variety of contexts.
-These guidelines ensure consistent practices for all our JSON interfaces, for ease of use, and so that experience in one part carries over to another.
-
-## Extensibility
-
-The schema of JSON input and output should allow for backwards compatible extension.
-This section explains how to achieve this.
-
-Two definitions are helpful here, because while JSON only defines one "key-value" object type, we use it to cover two use cases:
-
- - **dictionary**: a map from names to value that all have the same type.
-   In C++ this would be a `std::map` with string keys.
-
- - **record**: a fixed set of attributes each with their own type.
-   In C++, this would be represented by a `struct`.
-
-It is best not to mix these use cases, as that may lead to incompatibilities when the schema changes.
-For example, adding a record field to a dictionary breaks consumers that assume all JSON object fields to have the same meaning and type, and dictionary items with a colliding name can not be represented anymore.
-
-This leads to the following guidelines:
-
- - The top-level (root) value must be a record.
-
-   Otherwise, one can not change the structure of a command's output.
-
- - The value of a dictionary item must be a record.
-
-   Otherwise, the item type can not be extended.
-
- - List items should be records.
-
-   Otherwise, one can not change the structure of the list items.
-
-   If the order of the items does not matter, and each item has a unique key that is a string, consider representing the list as a dictionary instead.
-   If the order of the items needs to be preserved, return a list of records.
-
- - Streaming JSON should return records.
-
-   An example of a streaming JSON format is [JSON lines](https://jsonlines.org/), where each line represents a JSON value.
-   These JSON values can be considered top-level values or list items, and they must be records.
-
-### Examples
-
-This is bad, because all keys must be assumed to be store types:
-
-```json
-{
-  "local": { ... },
-  "remote": { ... },
-  "http": { ... }
-}
-```
-
-This is good, because the it is extensible at the root, and is somewhat self-documenting:
-
-```json
-{
-  "storeTypes": { "local": { ... }, ... },
-  "pluginSupport": true
-}
-```
-
-While the dictionary of store types seems like a very complete response at first, a use case may arise that warrants returning additional information.
-For example, the presence of plugin support may be crucial information for a client to proceed when their desired store type is missing.
-
-
-
-The following representation is bad because it is not extensible:
-
-```json
-{ "outputs": [ "out" "bin" ] }
-```
-
-However, simply converting everything to records is not enough, because the order of outputs must be preserved:
-
-```json
-{ "outputs": { "bin": {}, "out": {} } }
-```
-
-The first item is the default output. Deriving this information from the outputs ordering is not great, but this is how Nix currently happens to work.
-While it is possible for a JSON parser to preserve the order of fields, we can not rely on this capability to be present in all JSON libraries.
-
-This representation is extensible and preserves the ordering:
-
-```json
-{ "outputs": [ { "outputName": "out" }, { "outputName": "bin" } ] }
-```
-
-## Self-describing values
-
-As described in the previous section, it's crucial that schemas can be extended with new fields without breaking compatibility.
-However, that should *not* mean we use the presence/absence of fields to indicate optional information *within* a version of the schema.
-Instead, always include the field, and use `null` to indicate the "nothing" case.
-
-### Examples
-
-Here are two JSON objects:
-
-```json
-{
-  "foo": {}
-}
-```
-```json
-{
-  "foo": {},
-  "bar": {}
-}
-```
-
-Since they differ in which fields they contain, they should *not* both be valid values of the same schema.
-At most, they can match two different schemas where the second (with `foo` and `bar`) is considered a newer version of the first (with just `foo`).
-Within each version, all fields are mandatory (always `foo`, and always `foo` and `bar`).
-Only *between* each version, `bar` gets added as a new mandatory field.
-
-Here are another two JSON objects:
-
-```json
-{ "foo": null }
-```
-```json
-{ "foo": { "bar": 1 } }
-```
-
-Since they both contain a `foo` field, they could be valid values of the same schema.
-The schema would have `foo` has an optional field, which is either `null` or an object where `bar` is an integer.

doc/manual/source/development/meson.build

@@ -1,12 +0,0 @@
-experimental_feature_descriptions_md = custom_target(
-  command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
-  ],
-  input : [
-    '../../generate-xp-features.nix',
-    xp_features_json,
-  ],
-  capture : true,
-  env : nix_env_for_docs,
-  output : 'experimental-feature-descriptions.md',
-)

doc/manual/source/development/testing.md

@@ -1,382 +0,0 @@
-# Running tests
-
-## Coverage analysis
-
-A [coverage analysis report] is available online
-You can build it yourself:
-
-[coverage analysis report]: https://hydra.nixos.org/job/nix/master/coverage/latest/download-by-type/report/coverage
-
-```
-# nix build .#hydraJobs.coverage
-# xdg-open ./result/coverage/index.html
-```
-
-[Extensive records of build metrics](https://hydra.nixos.org/job/nix/master/coverage#tabs-charts), such as test coverage over time, are also available online.
-
-## Unit-tests
-
-The unit tests are defined using the [googletest] and [rapidcheck] frameworks.
-
-[googletest]: https://google.github.io/googletest/
-[rapidcheck]: https://github.com/emil-e/rapidcheck
-[property testing]: https://en.wikipedia.org/wiki/Property_testing
-
-### Source and header layout
-
-> An example of some files, demonstrating much of what is described below
->
-> ```
-> src
-> ├── libexpr
-> │   ├── meson.build
-> │   ├── include/nix/expr/value/context.hh
-> │   ├── value/context.cc
-> │   …
-> │
-> ├── tests
-> │   │
-> │   …
-> │   ├── libutil-tests
-> │   │   ├── meson.build
-> │   │   …
-> │   │   └── data
-> │   │       ├── git/tree.txt
-> │   │       …
-> │   │
-> │   ├── libexpr-test-support
-> │   │   ├── meson.build
-> │   │   ├── include/nix/expr
-> │   │   │   ├── meson.build
-> │   │   │   └── tests
-> │   │   │       ├── value/context.hh
-> │   │   │       …
-> │   │   └── tests
-> │   │       ├── value/context.cc
-> │   │       …
-> │   │
-> │   ├── libexpr-tests
-> │   …   ├── meson.build
-> │       ├── value/context.cc
-> │       …
-> …
-> ```
-
-The tests for each Nix library (`libnixexpr`, `libnixstore`, etc..) live inside a directory `src/${library_name_without-nix}-test`.
-Given an interface (header) and implementation pair in the original library, say, `src/libexpr/include/nix/expr/value/context.hh` and `src/libexpr/value/context.cc`, we write tests for it in `src/libexpr-tests/value/context.cc`, and (possibly) declare/define additional interfaces for testing purposes in `src/libexpr-test-support/include/nix/expr/tests/value/context.hh` and `src/libexpr-test-support/tests/value/context.cc`.
-
-Data for unit tests is stored in a `data` subdir of the directory for each unit test executable.
-For example, `libnixstore` code is in `src/libstore`, and its test data is in `src/libstore-tests/data`.
-The path to the `src/${library_name_without-nix}-test/data` directory is passed to the unit test executable with the environment variable `_NIX_TEST_UNIT_DATA`.
-Note that each executable only gets the data for its tests.
-
-The unit test libraries are in `src/${library_name_without-nix}-test-support`.
-All headers are in a `tests` subdirectory so they are included with `#include "nix/tests/"`.
-
-The use of all these separate directories for the unit tests might seem inconvenient, as for example the tests are not "right next to" the part of the code they are testing.
-But organizing the tests this way has one big benefit:
-there is no risk of any build-system wildcards for the library accidentally picking up test code that should not built and installed as part of the library.
-
-### Running tests
-
-You can run the whole testsuite with `meson test` from the Meson build directory, or the tests for a specific component with `meson test nix-store-tests`.
-A environment variables that Google Test accepts are also worth knowing:
-
-1. [`GTEST_FILTER`](https://google.github.io/googletest/advanced.html#running-a-subset-of-the-tests)
-
-   This is used for finer-grained filtering of which tests to run.
-
-
-2. [`GTEST_BRIEF`](https://google.github.io/googletest/advanced.html#suppressing-test-passes)
-
-   This is used to avoid logging passing tests.
-
-3. [`GTEST_BREAK_ON_FAILURE`](https://google.github.io/googletest/advanced.html#turning-assertion-failures-into-break-points)
-
-   This is used to create a debugger breakpoint when an assertion failure occurs.
-
-Putting the first two together, one might run
-
-```bash
-GTEST_BRIEF=1 GTEST_FILTER='ErrorTraceTest.*' meson test nix-expr-tests -v
-```
-
-for short but comprensive output.
-
-### Debugging tests
-
-For debugging, it is useful to combine the third option above with Meson's [`--gdb`](https://mesonbuild.com/Unit-tests.html#other-test-options) flag:
-
-```bash
-GTEST_BRIEF=1 GTEST_FILTER='Group.my-failing-test' meson test nix-expr-tests --gdb
-```
-
-This will:
-
-1. Run the unit test with GDB
-
-2. Run just `Group.my-failing-test`
-
-3. Stop the program when the test fails, allowing the user to then issue arbitrary commands to GDB.
-
-### Characterisation testing { #characterisation-testing-unit }
-
-See [functional characterisation testing](#characterisation-testing-functional) for a broader discussion of characterisation testing.
-
-Like with the functional characterisation, `_NIX_TEST_ACCEPT=1` is also used.
-For example:
-```shell-session
-$ _NIX_TEST_ACCEPT=1 meson test nix-store-tests -v
-...
-[  SKIPPED ] WorkerProtoTest.string_read
-[  SKIPPED ] WorkerProtoTest.string_write
-[  SKIPPED ] WorkerProtoTest.storePath_read
-[  SKIPPED ] WorkerProtoTest.storePath_write
-...
-```
-will regenerate the "golden master" expected result for the `libnixstore` characterisation tests.
-The characterisation tests will mark themselves "skipped" since they regenerated the expected result instead of actually testing anything.
-
-### Unit test support libraries
-
-There are headers and code which are not just used to test the library in question, but also downstream libraries.
-For example, we do [property testing] with the [rapidcheck] library.
-This requires writing `Arbitrary` "instances", which are used to describe how to generate values of a given type for the sake of running property tests.
-Because types contain other types, `Arbitrary` "instances" for some type are not just useful for testing that type, but also any other type that contains it.
-Downstream types frequently contain upstream types, so it is very important that we share arbitrary instances so that downstream libraries' property tests can also use them.
-
-It is important that these testing libraries don't contain any actual tests themselves.
-On some platforms they would be run as part of every test executable that uses them, which is redundant.
-On other platforms they wouldn't be run at all.
-
-## Functional tests
-
-The functional tests reside under the `tests/functional` directory and are listed in `tests/functional/meson.build`.
-Each test is a bash script.
-
-Functional tests are run during `installCheck` in the `nix` package build, as well as separately from the build, in VM tests.
-
-### Running the whole test suite
-
-The whole test suite (functional and unit tests) can be run with:
-
-```shell-session
-$ checkPhase
-```
-
-### Grouping tests
-
-Sometimes it is useful to group related tests so they can be easily run together without running the entire test suite.
-Each test group is in a subdirectory of `tests`.
-For example, `tests/functional/ca/meson.build` defines a `ca` test group for content-addressing derivation outputs.
-
-That test group can be run like this:
-
-```shell-session
-$ meson test --suite ca
-ninja: Entering directory `/home/jcericson/src/nix/master/build'
-ninja: no work to do.
-[1-20/20] 🌑 nix-functional-tests:ca / ca/why-depends                                1/20 nix-functional-tests:ca / ca/nix-run                                  OK               0.16s
-[2-20/20] 🌒 nix-functional-tests:ca / ca/why-depends                                2/20 nix-functional-tests:ca / ca/import-derivation                        OK               0.17s
-```
-
-### Running individual tests
-
-Individual tests can be run with `meson`:
-
-```shell-session
-$ meson test --verbose ${testName}
-ninja: Entering directory `/home/jcericson/src/nix/master/build'
-ninja: no work to do.
-1/1 nix-functional-tests:main / ${testName}        OK               0.41s
-
-Ok:                 1
-Expected Fail:      0
-Fail:               0
-Unexpected Pass:    0
-Skipped:            0
-Timeout:            0
-
-Full log written to /home/jcericson/src/nix/master/build/meson-logs/testlog.txt
-```
-
-The `--verbose` flag will make Meson also show the console output of each test for easier debugging.
-The test script will then be traced with `set -x` and the output displayed as it happens,
-regardless of whether the test succeeds or fails.
-
-Tests can be also run directly without `meson`:
-
-```shell-session
-$ TEST_NAME=${testName} NIX_REMOTE='' PS4='+(${BASH_SOURCE[0]-$0}:$LINENO) tests/functional/${testName}.sh
-+(${testName}.sh:1) foo
-output from foo
-+(${testName}.sh:2) bar
-output from bar
-...
-```
-
-### Debugging failing functional tests
-
-When a functional test fails, it usually does so somewhere in the middle of the script.
-
-To figure out what's wrong, it is convenient to run the test regularly up to the failing `nix` command, and then run that command with a debugger like GDB.
-
-For example, if the script looks like:
-
-```bash
-foo
-nix blah blub
-bar
-```
-edit it like so:
-
-```diff
- foo
--nix blah blub
-+gdb --args nix blah blub
- bar
-```
-
-Then, running the test with [`--interactive`](https://mesonbuild.com/Unit-tests.html#other-test-options) will prevent Meson from hijacking the terminal so you can drop you into GDB once the script reaches that point:
-
-```shell-session
-$ meson test ${testName} --interactive
-...
-+ gdb blash blub
-GNU gdb (GDB) 12.1
-...
-(gdb)
-```
-
-One can debug the Nix invocation in all the usual ways.
-For example, enter `run` to start the Nix invocation.
-
-### Troubleshooting
-
-Sometimes running tests in the development shell may leave artefacts in the local repository.
-To remove any traces of that:
-
-```console
-git clean -x --force tests
-```
-
-### Characterisation testing { #characterisation-testing-functional }
-
-Occasionally, Nix utilizes a technique called [Characterisation Testing](https://en.wikipedia.org/wiki/Characterization_test) as part of the functional tests.
-This technique is to include the exact output/behavior of a former version of Nix in a test in order to check that Nix continues to produce the same behavior going forward.
-
-For example, this technique is used for the language tests, to check both the printed final value if evaluation was successful, and any errors and warnings encountered.
-
-It is frequently useful to regenerate the expected output.
-To do that, rerun the failed test(s) with `_NIX_TEST_ACCEPT=1`.
-For example:
-```bash
-_NIX_TEST_ACCEPT=1 meson test lang
-```
-This convention is shared with the [characterisation unit tests](#characterisation-testing-unit) too.
-
-An interesting situation to document is the case when these tests are "overfitted".
-The language tests are, again, an example of this.
-The expected successful output of evaluation is supposed to be highly stable – we do not intend to make breaking changes to (the stable parts of) the Nix language.
-However, the errors and warnings during evaluation (successful or not) are not stable in this way.
-We are free to change how they are displayed at any time.
-
-It may be surprising that we would test non-normative behavior like diagnostic outputs.
-Diagnostic outputs are indeed not a stable interface, but they still are important to users.
-By recording the expected output, the test suite guards against accidental changes, and ensure the *result* (not just the code that implements it) of the diagnostic code paths are under code review.
-Regressions are caught, and improvements always show up in code review.
-
-To ensure that characterisation testing doesn't make it harder to intentionally change these interfaces, there always must be an easy way to regenerate the expected output, as we do with `_NIX_TEST_ACCEPT=1`.
-
-### Running functional tests on NixOS
-
-We run the functional tests not just in the build, but also in VM tests.
-This helps us ensure that Nix works correctly on NixOS, and environments that have similar characteristics that are hard to reproduce in a build environment.
-
-These can be run with:
-
-```shell
-nix build .#hydraJobs.tests.functional_user
-```
-
-Generally, this build is sufficient, but in nightly or CI we also test the attributes `functional_root` and `functional_trusted`, in which the test suite is run with different levels of authorization.
-
-## Integration tests
-
-The integration tests are defined in the Nix flake under the `hydraJobs.tests` attribute.
-These tests include everything that needs to interact with external services or run Nix in a non-trivial distributed setup.
-Because these tests are expensive and require more than what the standard github-actions setup provides, they only run on the master branch (on <https://hydra.nixos.org/jobset/nix/master>).
-
-You can run them manually with `nix build .#hydraJobs.tests.{testName}` or `nix-build -A hydraJobs.tests.{testName}`.
-
-## Installer tests
-
-After a one-time setup, the Nix repository's GitHub Actions continuous integration (CI) workflow can test the installer each time you push to a branch.
-
-Creating a Cachix cache for your installer tests and adding its authorisation token to GitHub enables [two installer-specific jobs in the CI workflow](https://github.com/NixOS/nix/blob/88a45d6149c0e304f6eb2efcc2d7a4d0d569f8af/.github/workflows/ci.yml#L50-L91):
-
-- The `installer` job generates installers for the platforms below and uploads them to your Cachix cache:
-  - `x86_64-linux`
-  - `armv6l-linux`
-  - `armv7l-linux`
-  - `x86_64-darwin`
-
-- The `installer_test` job (which runs on `ubuntu-24.04` and `macos-14`) will try to install Nix with the cached installer and run a trivial Nix command.
-
-### One-time setup
-
-1. Have a GitHub account with a fork of the [Nix repository](https://github.com/NixOS/nix).
-2. At cachix.org:
-    - Create or log in to an account.
-    - Create a Cachix cache using the format `<github-username>-nix-install-tests`.
-    - Navigate to the new cache > Settings > Auth Tokens.
-    - Generate a new Cachix auth token and copy the generated value.
-3. At github.com:
-    - Navigate to your Nix fork > Settings > Secrets > Actions > New repository secret.
-    - Name the secret `CACHIX_AUTH_TOKEN`.
-    - Paste the copied value of the Cachix cache auth token.
-
-## Working on documentation
-
-### Using the CI-generated installer for manual testing
-
-After the CI run completes, you can check the output to extract the installer URL:
-1. Click into the detailed view of the CI run.
-2. Click into any `installer_test` run (the URL you're here to extract will be the same in all of them).
-3. Click into the `Run cachix/install-nix-action@v...` step and click the detail triangle next to the first log line (it will also be `Run cachix/install-nix-action@v...`)
-4. Copy the value of `install_url`
-5. To generate an install command, plug this `install_url` and your GitHub username into this template:
-
-    ```console
-    curl -L <install_url> | sh -s -- --tarball-url-prefix https://<github-username>-nix-install-tests.cachix.org/serve
-    ```
-
-<!-- #### Manually generating test installers
-
-There's obviously a manual way to do this, and it's still the only way for
-platforms that lack GA runners.
-
-I did do this back in Fall 2020 (before the GA approach encouraged here). I'll
-sketch what I recall in case it encourages someone to fill in detail, but: I
-didn't know what I was doing at the time and had to fumble/ask around a lot--
-so I don't want to uphold any of it as "right". It may have been dumb or
-the _hard_ way from the getgo. Fundamentals may have changed since.
-
-Here's the build command I used to do this on and for x86_64-darwin:
-nix build --out-link /tmp/foo ".#checks.x86_64-darwin.binaryTarball"
-
-I used the stable out-link to make it easier to script the next steps:
-link=$(readlink /tmp/foo)
-cp $link/*-darwin.tar.xz ~/somewheres
-
-I've lost the last steps and am just going from memory:
-
-From here, I think I had to extract and modify the `install` script to point
-it at this tarball (which I scped to my own site, but it might make more sense
-to just share them locally). I extracted this script once and then just
-search/replaced in it for each new build.
-
-The installer now supports a `--tarball-url-prefix` flag which _may_ have
-solved this need?
--->
-

doc/manual/source/glossary.md

@@ -1,415 +0,0 @@
-# Glossary
-
-- [build system]{#gloss-build-system}
-
-  Generic term for software that facilitates the building of software by automating the invocation of compilers, linkers, and other tools.
-
-  Nix can be used as a generic build system.
-  It has no knowledge of any particular programming language or toolchain.
-  These details are specified in [derivation expressions](#gloss-derivation-expression).
-
-- [content address]{#gloss-content-address}
-
-  A
-  [*content address*](https://en.wikipedia.org/wiki/Content-addressable_storage)
-  is a secure way to reference immutable data.
-  The reference is calculated directly from the content of the data being referenced, which means the reference is
-  [*tamper proof*](https://en.wikipedia.org/wiki/Tamperproofing)
-  --- variations of the data should always calculate to distinct content addresses.
-
-  For how Nix uses content addresses, see:
-
-    - [Content-Addressing File System Objects](@docroot@/store/file-system-object/content-address.md)
-    - [Content-Addressing Store Objects](@docroot@/store/store-object/content-address.md)
-    - [content-addressing derivation](#gloss-content-addressing-derivation)
-
-  Software Heritage's writing on [*Intrinsic and Extrinsic identifiers*](https://www.softwareheritage.org/2020/07/09/intrinsic-vs-extrinsic-identifiers) is also a good introduction to the value of content-addressing over other referencing schemes.
-
-  Besides content addressing, the Nix store also uses [input addressing](#gloss-input-addressed-store-object).
-
-- [content-addressed storage]{#gloss-content-addressed-store}
-
-  The industry term for storage and retrieval systems using [content addressing](#gloss-content-address). A Nix store also has [input addressing](#gloss-input-addressed-store-object), and metadata.
-
-- [derivation]{#gloss-derivation}
-
-  A derivation can be thought of as a [pure function](https://en.wikipedia.org/wiki/Pure_function) that produces new [store objects][store object] from existing store objects.
-
-  Derivations are implemented as [operating system processes that run in a sandbox](@docroot@/store/building.md#builder-execution).
-  This sandbox by default only allows reading from store objects specified as inputs, and only allows writing to designated [outputs][output] to be [captured as store objects](@docroot@/store/building.md#processing-outputs).
-
-  A derivation is typically specified as a [derivation expression] in the [Nix language], and [instantiated][instantiate] to a [store derivation].
-  There are multiple ways of obtaining store objects from store derivatons, collectively called [realisation][realise].
-
-  [derivation]: #gloss-derivation
-
-- [store derivation]{#gloss-store-derivation}
-
-  A [derivation] represented as a [store object].
-
-  See [Store Derivation](@docroot@/store/derivation/index.md#store-derivation) for details.
-
-  [store derivation]: #gloss-store-derivation
-
-- [directed acyclic graph]{#gloss-directed-acyclic-graph}
-
-  A [directed acyclic graph](https://en.wikipedia.org/wiki/Directed_acyclic_graph) (DAG) is graph whose edges are given a direction ("a to b" is not the same edge as "b to a"), and for which no possible path (created by joining together edges) forms a cycle.
-
-  DAGs are very important to Nix.
-  In particular, the non-self-[references][reference] of [store object][store object] form a cycle.
-
-- [derivation path]{#gloss-derivation-path}
-
-  A [store path] which uniquely identifies a [store derivation].
-
-  See [Referencing Store Derivations](@docroot@/store/derivation/index.md#derivation-path) for details.
-
-  Not to be confused with [deriving path].
-
-  [derivation path]: #gloss-derivation-path
-
-- [derivation expression]{#gloss-derivation-expression}
-
-  A description of a [store derivation] using the [`derivation` primitive](./language/derivations.md) in the [Nix language].
-
-  [derivation expression]: #gloss-derivation-expression
-
-- [instantiate]{#gloss-instantiate}, instantiation
-
-  Translate a [derivation expression] into a [store derivation].
-
-  See [`nix-instantiate`](./command-ref/nix-instantiate.md), which produces a store derivation from a Nix expression that evaluates to a derivation.
-
-  [instantiate]: #gloss-instantiate
-
-- [realise]{#gloss-realise}, realisation
-
-  Ensure a [store path] is [valid][validity].
-
-  This can be achieved by:
-  - Fetching a pre-built [store object] from a [substituter]
-  - [Building](@docroot@/store/building.md) the corresponding [store derivation]
-  - Delegating to a [remote machine](@docroot@/command-ref/conf-file.md#conf-builders) and retrieving the outputs
-
-  See [`nix-store --realise`](@docroot@/command-ref/nix-store/realise.md) for a detailed description of the algorithm.
-
-  See also [`nix-build`](./command-ref/nix-build.md) and [`nix build`](./command-ref/new-cli/nix3-build.md) (experimental).
-
-  [realise]: #gloss-realise
-
-- [content-addressing derivation]{#gloss-content-addressing-derivation}
-
-  A derivation which has the
-  [`__contentAddressed`](./language/advanced-attributes.md#adv-attr-__contentAddressed)
-  attribute set to `true`.
-
-- [fixed-output derivation]{#gloss-fixed-output-derivation} (FOD)
-
-  A [store derivation] where a cryptographic hash of the [output] is determined in advance using the [`outputHash`](./language/advanced-attributes.md#adv-attr-outputHash) attribute, and where the [`builder`](@docroot@/language/derivations.md#attr-builder) executable has access to the network.
-
-- [store]{#gloss-store}
-
-  A collection of [store objects][store object], with operations to manipulate that collection.
-  See [Nix Store](./store/index.md) for details.
-
-  There are many types of stores, see [Store Types](./store/types/index.md) for details.
-
-  [store]: #gloss-store
-
-- [Nix instance]{#gloss-nix-instance}
-  <!-- ambiguous -->
-  1. An installation of Nix, which includes the presence of a [store], and the Nix package manager which operates on that store.
-     A local Nix installation and a [remote builder](@docroot@/advanced-topics/distributed-builds.md) are two examples of Nix instances.
-  2. A running Nix process, such as the `nix` command.
-
-- [binary cache]{#gloss-binary-cache}
-
-  A *binary cache* is a Nix store which uses a different format: its
-  metadata and signatures are kept in `.narinfo` files rather than in a
-  [Nix database]. This different format simplifies serving store objects
-  over the network, but cannot host builds. Examples of binary caches
-  include S3 buckets and the [NixOS binary cache](https://cache.nixos.org).
-
-- [store path]{#gloss-store-path}
-
-  The location of a [store object] in the file system, i.e., an immediate child of the Nix store directory.
-
-  > **Example**
-  >
-  > `/nix/store/a040m110amc4h71lds2jmr8qrkj2jhxd-git-2.38.1`
-
-  See [Store Path](@docroot@/store/store-path.md) for details.
-
-  [store path]: #gloss-store-path
-
-- [file system object]{#gloss-file-system-object}
-
-  The Nix data model for representing simplified file system data.
-
-  See [File System Object](@docroot@/store/file-system-object.md) for details.
-
-  [file system object]: #gloss-file-system-object
-
-- [store object]{#gloss-store-object}
-
-  Part of the contents of a [store].
-
-  A store object consists of a [file system object], [references][reference] to other store objects, and other metadata.
-  It can be referred to by a [store path].
-
-  See [Store Object](@docroot@/store/store-object.md) for details.
-
-  [store object]: #gloss-store-object
-
-- [IFD]{#gloss-ifd}
-
-  [Import From Derivation](./language/import-from-derivation.md)
-
-- [input-addressed store object]{#gloss-input-addressed-store-object}
-
-  A store object produced by building a
-  non-[content-addressed](#gloss-content-addressing-derivation),
-  non-[fixed-output](#gloss-fixed-output-derivation)
-  derivation.
-
-  See [input-addressing derivation outputs](store/derivation/outputs/input-address.md) for details.
-
-- [content-addressed store object]{#gloss-content-addressed-store-object}
-
-  A [store object] which is [content-addressed](#gloss-content-address),
-  i.e. whose [store path] is determined by its contents.
-  This includes derivations, the outputs of [content-addressing derivations](#gloss-content-addressing-derivation), and the outputs of [fixed-output derivations](#gloss-fixed-output-derivation).
-
-  See [Content-Addressing Store Objects](@docroot@/store/store-object/content-address.md) for details.
-
-- [substitute]{#gloss-substitute}
-
-  A substitute is a command invocation stored in the [Nix database] that
-  describes how to build a store object, bypassing the normal build
-  mechanism (i.e., derivations). Typically, the substitute builds the
-  store object by downloading a pre-built version of the store object
-  from some server.
-
-- [substituter]{#gloss-substituter}
-
-  An additional [store]{#gloss-store} from which Nix can obtain store objects instead of building them.
-  Often the substituter is a [binary cache](#gloss-binary-cache), but any store can serve as substituter.
-
-  See the [`substituters` configuration option](./command-ref/conf-file.md#conf-substituters) for details.
-
-  [substituter]: #gloss-substituter
-
-- [purity]{#gloss-purity}
-
-  The assumption that equal Nix derivations when run always produce
-  the same output. This cannot be guaranteed in general (e.g., a
-  builder can rely on external inputs such as the network or the
-  system time) but the Nix model assumes it.
-
-- [impure derivation]{#gloss-impure-derivation}
-
-  [An experimental feature](@docroot@/development/experimental-features.md#xp-feature-impure-derivations) that allows derivations to be explicitly marked as impure,
-  so that they are always rebuilt, and their outputs not reused by subsequent calls to realise them.
-
-- [Nix database]{#gloss-nix-database}
-
-  An SQlite database to track [reference]s between [store object]s.
-  This is an implementation detail of the [local store].
-
-  Default location: `/nix/var/nix/db`.
-
-  [Nix database]: #gloss-nix-database
-
-- [Nix expression]{#gloss-nix-expression}
-
-  A syntactically valid use of the [Nix language].
-
-  > **Example**
-  >
-  > The contents of a `.nix` file form a Nix expression.
-
-  Nix expressions specify [derivation expressions][derivation expression], which are [instantiated][instantiate] into the Nix store as [store derivations][store derivation].
-  These derivations can then be [realised][realise] to produce [outputs][output].
-
-  > **Example**
-  >
-  > Building and deploying software using Nix entails writing Nix expressions to describe [packages][package] and compositions thereof.
-
-- [reference]{#gloss-reference}
-
-  An edge from one [store object] to another.
-
-  See [References](@docroot@/store/store-object.md#references) for details.
-
-  [reference]: #gloss-reference
-
-  See [References](@docroot@/store/store-object.md#references) for details.
-
-- [reachable]{#gloss-reachable}
-
-  A store path `Q` is reachable from another store path `P` if `Q`
-  is in the *closure* of the *references* relation.
-
-  See [References](@docroot@/store/store-object.md#references) for details.
-
-- [closure]{#gloss-closure}
-
-  The closure of a store path is the set of store paths that are
-  directly or indirectly “reachable” from that store path; that is,
-  it’s the closure of the path under the *references* relation. For
-  a package, the closure of its derivation is equivalent to the
-  build-time dependencies, while the closure of its [output path] is
-  equivalent to its runtime dependencies. For correct deployment it
-  is necessary to deploy whole closures, since otherwise at runtime
-  files could be missing. The command `nix-store --query --requisites ` prints out
-  closures of store paths.
-
-  As an example, if the [store object] at path `P` contains a [reference]
-  to a store object at path `Q`, then `Q` is in the closure of `P`. Further, if `Q`
-  references `R` then `R` is also in the closure of `P`.
-
-  See [References](@docroot@/store/store-object.md#references) for details.
-
-  [closure]: #gloss-closure
-
-- [requisite]{#gloss-requisite}
-
-  A store object [reachable] by a path (chain of references) from a given [store object].
-  The [closure] is the set of requisites.
-
-  See [References](@docroot@/store/store-object.md#references) for details.
-
-- [referrer]{#gloss-referrer}
-
-  A reversed edge from one [store object] to another.
-
-- [output]{#gloss-output}
-
-  A [store object] produced by a [store derivation].
-  See [the `outputs` argument to the `derivation` function](@docroot@/language/derivations.md#attr-outputs) for details.
-
-  [output]: #gloss-output
-
-- [output path]{#gloss-output-path}
-
-  The [store path] to the [output] of a [store derivation].
-
-  [output path]: #gloss-output-path
-
-- [output closure]{#gloss-output-closure}\
-  The [closure] of an [output path]. It only contains what is [reachable] from the output.
-
-- [deriving path]{#gloss-deriving-path}
-
-  Deriving paths are a way to refer to [store objects][store object] that might not yet be [realised][realise].
-
-  See [Deriving Path](./store/derivation/index.md#deriving-path) for details.
-
-  Not to be confused with [derivation path].
-
-- [deriver]{#gloss-deriver}
-
-  The [store derivation] that produced an [output path].
-
-  The deriver for an output path can be queried with the `--deriver` option to
-  [`nix-store --query`](@docroot@/command-ref/nix-store/query.md).
-
-- [validity]{#gloss-validity}
-
-  A store path is valid if all [store object]s in its [closure] can be read from the [store].
-
-  For a [local store], this means:
-  - The store path leads to an existing [store object] in that [store].
-  - The store path is listed in the [Nix database] as being valid.
-  - All paths in the store path's [closure] are valid.
-
-  [validity]: #gloss-validity
-  [local store]: @docroot@/store/types/local-store.md
-
-- [user environment]{#gloss-user-env}
-
-  An automatically generated store object that consists of a set of
-  symlinks to “active” applications, i.e., other store paths. These
-  are generated automatically by
-  [`nix-env`](./command-ref/nix-env.md). See *profiles*.
-
-- [profile]{#gloss-profile}
-
-  A symlink to the current *user environment* of a user, e.g.,
-  `/nix/var/nix/profiles/default`.
-
-- [installable]{#gloss-installable}
-
-  Something that can be realised in the Nix store.
-
-  See [installables](./command-ref/new-cli/nix.md#installables) for [`nix` commands](./command-ref/new-cli/nix.md) (experimental) for details.
-
-- [Nix Archive (NAR)]{#gloss-nar}
-
-  A *N*ix *AR*chive. This is a serialisation of a path in the Nix
-  store. It can contain regular files, directories and symbolic
-  links.  NARs are generated and unpacked using `nix-store --dump`
-  and `nix-store --restore`.
-
-  See [Nix Archive](store/file-system-object/content-address.html#serial-nix-archive) for details.
-
-- [`∅`]{#gloss-empty-set}
-
-  The empty set symbol. In the context of profile history, this denotes a package is not present in a particular version of the profile.
-
-- [`ε`]{#gloss-epsilon}
-
-  The epsilon symbol. In the context of a package, this means the version is empty. More precisely, the derivation does not have a version attribute.
-
-- [package]{#package}
-
-  A software package; files that belong together for a particular purpose, and metadata.
-
-  Nix represents files as [file system objects][file system object], and how they belong together is encoded as [references][reference] between [store objects][store object] that contain these file system objects.
-
-  The [Nix language] allows denoting packages in terms of [attribute sets](@docroot@/language/types.md#type-attrs) containing:
-  - attributes that refer to the files of a package, typically in the form of [derivation outputs](#gloss-output),
-  - attributes with metadata, such as information about how the package is supposed to be used.
-
-  The exact shape of these attribute sets is up to convention.
-
-  [package]: #package
-
-- [string interpolation]{#gloss-string-interpolation}
-
-  Expanding expressions enclosed in `${ }` within a [string], [path], or [attribute name].
-
-  See [String interpolation](./language/string-interpolation.md) for details.
-
-  [string]: ./language/types.md#type-string
-  [path]: ./language/types.md#type-path
-  [attribute name]: ./language/types.md#type-attrs
-
-- [base directory]{#gloss-base-directory}
-
-  The location from which relative paths are resolved.
-
-  - For expressions in a file, the base directory is the directory containing that file.
-    This is analogous to the directory of a [base URL](https://datatracker.ietf.org/doc/html/rfc1808#section-3.3).
-    <!-- which is sufficient for resolving non-empty URLs -->
-
-  <!--
-    The wording here may look awkward, but it's for these reasons:
-      * "with --expr": it's a flag, and not an option with an accompanying value
-      * "written in": the expression itself must be written as an argument,
-        whereas the more natural "passed as an argument" allows an interpretation
-        where the expression could be passed by file name.
-    -->
-  - For expressions written in command line arguments with [`--expr`](@docroot@/command-ref/opt-common.html#opt-expr), the base directory is the current working directory.
-
-  [base directory]: #gloss-base-directory
-
-- [experimental feature]{#gloss-experimental-feature}
-
-  Not yet stabilized functionality guarded by named experimental feature flags.
-  These flags are enabled or disabled with the [`experimental-features`](./command-ref/conf-file.html#conf-experimental-features) setting.
-
-  See the contribution guide on the [purpose and lifecycle of experimental feaures](@docroot@/development/experimental-features.md).
-
-
-[Nix language]: ./language/index.md

doc/manual/source/installation/installing-binary.md

@@ -1,158 +0,0 @@
-# Installing a Binary Distribution
-
-> **Updating to macOS 15 Sequoia**
->
-> If you recently updated to macOS 15 Sequoia and are getting
-> ```console
-> error: the user '_nixbld1' in the group 'nixbld' does not exist
-> ```
-> when running Nix commands, refer to GitHub issue [NixOS/nix#10892](https://github.com/NixOS/nix/issues/10892) for instructions to fix your installation without reinstalling.
-
-To install the latest version Nix, run the following command:
-
-```console
-$ curl -L https://nixos.org/nix/install | sh
-```
-
-This performs the default type of installation for your platform:
-
-- [Multi-user](#multi-user-installation):
-  - Linux with systemd and without SELinux
-  - macOS
-- [Single-user](#single-user-installation):
-  - Linux without systemd
-  - Linux with SELinux
-
-We recommend the multi-user installation if it supports your platform and you can authenticate with `sudo`.
-
-The installer can be configured with various command line arguments and environment variables.
-To show available command line flags:
-
-```console
-$ curl -L https://nixos.org/nix/install | sh -s -- --help
-```
-
-To check what it does and how it can be customised further, [download and edit the second-stage installation script](#installing-from-a-binary-tarball).
-
-# Installing a pinned Nix version from a URL
-
-Version-specific installation URLs for all Nix versions since 1.11.16 can be found at [releases.nixos.org](https://releases.nixos.org/?prefix=nix/).
-The directory for each version contains the corresponding SHA-256 hash.
-
-All installation scripts are invoked the same way:
-
-```console
-$ export VERSION=2.19.2 
-$ curl -L https://releases.nixos.org/nix/nix-$VERSION/install | sh
-```
-
-# Multi User Installation
-
-The multi-user Nix installation creates system users and a system service for the Nix daemon.
-
-Supported systems:
-
-- Linux running systemd, with SELinux disabled
-- macOS
-
-To explicitly instruct the installer to perform a multi-user installation on your system:
-
-```console
-$ bash <(curl -L https://nixos.org/nix/install) --daemon
-```
-
-You can run this under your usual user account or `root`.
-The script will invoke `sudo` as needed.
-
-# Single User Installation
-
-To explicitly select a single-user installation on your system:
-
-```console
-$ bash <(curl -L https://nixos.org/nix/install) --no-daemon
-```
-
-In a single-user installation, `/nix` is owned by the invoking user.
-The script will invoke `sudo` to create `/nix` if it doesn’t already exist.
-If you don’t have `sudo`, manually create `/nix` as `root`:
-
-```console
-$ su root
-# mkdir /nix
-# chown alice /nix
-```
-
-# Installing from a binary tarball
-
-You can also download a binary tarball that contains Nix and all its dependencies:
-- Choose a [version](https://releases.nixos.org/?prefix=nix/) and [system type](../development/building.md#platforms)
-- Download and unpack the tarball
-- Run the installer
-
-> **Example**
->
-> ```console
-> $ pushd $(mktemp -d)
-> $ export VERSION=2.19.2
-> $ export SYSTEM=x86_64-linux
-> $ curl -LO https://releases.nixos.org/nix/nix-$VERSION/nix-$VERSION-$SYSTEM.tar.xz
-> $ tar xfj nix-$VERSION-$SYSTEM.tar.xz
-> $ cd nix-$VERSION-$SYSTEM
-> $ ./install
-> $ popd
-> ```
-
-The installer can be customised with the environment variables declared in the file named `install-multi-user`.
-
-## Native packages for Linux distributions
-
-The Nix community maintains installers for some Linux distributions in their native packaging format(https://nix-community.github.io/nix-installers/).
-
-# macOS Installation
-
-<!-- anchors to catch existing links -->
-[]{#sect-macos-installation-change-store-prefix}[]{#sect-macos-installation-encrypted-volume}[]{#sect-macos-installation-symlink}[]{#sect-macos-installation-recommended-notes}
-
-We believe we have ironed out how to cleanly support the read-only root file system
-on modern macOS. New installs will do this automatically.
-
-This section previously detailed the situation, options, and trade-offs,
-but it now only outlines what the installer does. You don't need to know
-this to run the installer, but it may help if you run into trouble:
-
-- create a new APFS volume for your Nix store
-- update `/etc/synthetic.conf` to direct macOS to create a "synthetic"
-  empty root directory to mount your volume
-- specify mount options for the volume in `/etc/fstab`
-  - `rw`: read-write
-  - `noauto`: prevent the system from auto-mounting the volume (so the
-    LaunchDaemon mentioned below can control mounting it, and to avoid
-    masking problems with that mounting service).
-  - `nobrowse`: prevent the Nix Store volume from showing up on your
-    desktop; also keeps Spotlight from spending resources to index
-    this volume
-  <!-- TODO:
-  - `suid`: honor setuid? surely not? ...
-  - `owners`: honor file ownership on the volume
-
-    For now I'll avoid pretending to understand suid/owners more
-    than I do. There've been some vague reports of file-ownership
-    and permission issues, particularly in cloud/VM/headless setups.
-    My pet theory is that this has something to do with these setups
-    not having a token that gets delegated to initial/admin accounts
-    on macOS. See scripts/create-darwin-volume.sh for a little more.
-
-    In any case, by Dec 4 2021, it _seems_ like some combination of
-    suid, owners, and calling diskutil enableOwnership have stopped
-    new reports from coming in. But I hesitate to celebrate because we
-    haven't really named and catalogued the behavior, understood what
-    we're fixing, and validated that all 3 components are essential.
-  -->
-- if you have FileVault enabled
-    - generate an encryption password
-    - put it in your system Keychain
-    - use it to encrypt the volume
-- create a system LaunchDaemon to mount this volume early enough in the
-  boot process to avoid problems loading or restoring any programs that
-  need access to your Nix store
-

doc/manual/source/installation/uninstall.md

@@ -1,197 +0,0 @@
-# Uninstalling Nix
-
-## Multi User
-
-Removing a [multi-user installation](./installing-binary.md#multi-user-installation) depends on the operating system.
-
-### Linux
-
-If you are on Linux with systemd:
-
-1. Remove the Nix daemon service:
-
-   ```console
-   sudo systemctl stop nix-daemon.service
-   sudo systemctl disable nix-daemon.socket nix-daemon.service
-   sudo systemctl daemon-reload
-   ```
-
-Remove files created by Nix:
-
-```console
-sudo rm -rf /etc/nix /etc/profile.d/nix.sh /etc/tmpfiles.d/nix-daemon.conf /nix ~root/.nix-channels ~root/.nix-defexpr ~root/.nix-profile ~root/.cache/nix
-```
-
-Remove build users and their group:
-
-```console
-for i in $(seq 1 32); do
-  sudo userdel nixbld$i
-done
-sudo groupdel nixbld
-```
-
-There may also be references to Nix in
-
-- `/etc/bash.bashrc`
-- `/etc/bashrc`
-- `/etc/profile`
-- `/etc/zsh/zshrc`
-- `/etc/zshrc`
-
-which you may remove.
-
-### FreeBSD
-
-1. Stop and remove the Nix daemon service:
-
-   ```console
-   sudo service nix-daemon stop
-   sudo rm -f /usr/local/etc/rc.d/nix-daemon
-   sudo sysrc -x nix_daemon_enable
-   ```
-
-2. Remove files created by Nix:
-
-   ```console
-   sudo rm -rf /etc/nix /usr/local/etc/profile.d/nix.sh /nix ~root/.nix-channels ~root/.nix-defexpr ~root/.nix-profile ~root/.cache/nix
-   ```
-
-3. Remove build users and their group:
-
-   ```console
-   for i in $(seq 1 32); do
-     sudo pw userdel nixbld$i
-   done
-   sudo pw groupdel nixbld
-   ```
-
-4. There may also be references to Nix in:
-   - `/usr/local/etc/bashrc`
-   - `/usr/local/etc/zshrc`
-   - Shell configuration files in users' home directories
-
-   which you may remove.
-
-### macOS
-
-> **Updating to macOS 15 Sequoia**
->
-> If you recently updated to macOS 15 Sequoia and are getting
-> ```console
-> error: the user '_nixbld1' in the group 'nixbld' does not exist
-> ```
-> when running Nix commands, refer to GitHub issue [NixOS/nix#10892](https://github.com/NixOS/nix/issues/10892) for instructions to fix your installation without reinstalling.
-
-1. If system-wide shell initialisation files haven't been altered since installing Nix, use the backups made by the installer:
-
-   ```console
-   sudo mv /etc/zshrc.backup-before-nix /etc/zshrc
-   sudo mv /etc/bashrc.backup-before-nix /etc/bashrc
-   sudo mv /etc/bash.bashrc.backup-before-nix /etc/bash.bashrc
-   ```
-
-   Otherwise, edit `/etc/zshrc`, `/etc/bashrc`, and `/etc/bash.bashrc` to remove the lines sourcing `nix-daemon.sh`, which should look like this:
-
-   ```bash
-   # Nix
-   if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
-     . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
-   fi
-   # End Nix
-   ```
-
-2. Stop and remove the Nix daemon services:
-
-   ```console
-   sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-   sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-   sudo launchctl unload /Library/LaunchDaemons/org.nixos.darwin-store.plist
-   sudo rm /Library/LaunchDaemons/org.nixos.darwin-store.plist
-   ```
-
-   This stops the Nix daemon and prevents it from being started next time you boot the system.
-
-3. Remove the `nixbld` group and the `_nixbuildN` users:
-
-   ```console
-   sudo dscl . -delete /Groups/nixbld
-   for u in $(sudo dscl . -list /Users | grep _nixbld); do sudo dscl . -delete /Users/$u; done
-   ```
-
-   This will remove all the build users that no longer serve a purpose.
-
-4. Edit fstab using `sudo vifs` to remove the line mounting the Nix Store volume on `/nix`, which looks like
-
-   ```
-   UUID=<uuid> /nix apfs rw,noauto,nobrowse,suid,owners
-   ```
-   or
-
-   ```
-   LABEL=Nix\040Store /nix apfs rw,nobrowse
-   ```
-
-   by setting the cursor on the respective line using the arrow keys, and pressing `dd`, and then `:wq` to save the file.
-
-   This will prevent automatic mounting of the Nix Store volume.
-
-5. Edit `/etc/synthetic.conf` to remove the `nix` line.
-   If this is the only line in the file you can remove it entirely:
-
-   ```bash
-   if [ -f /etc/synthetic.conf ]; then
-     if [ "$(cat /etc/synthetic.conf)" = "nix" ]; then
-       sudo rm /etc/synthetic.conf
-     else
-       sudo vi /etc/synthetic.conf
-     fi
-   fi
-   ```
-
-   This will prevent the creation of the empty `/nix` directory.
-
-6. Remove the files Nix added to your system, except for the store:
-
-   ```console
-   sudo rm -rf /etc/nix /var/root/.nix-profile /var/root/.nix-defexpr /var/root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
-   ```
-
-
-7. Remove the Nix Store volume:
-
-   ```console
-   sudo diskutil apfs deleteVolume /nix
-   ```
-
-   This will remove the Nix Store volume and everything that was added to the store.
-
-   If the output indicates that the command couldn't remove the volume, you should make sure you don't have an _unmounted_ Nix Store volume.
-   Look for a "Nix Store" volume in the output of the following command:
-
-   ```console
-   diskutil list
-   ```
-
-   If you _do_ find a "Nix Store" volume, delete it by running `diskutil apfs deleteVolume` with the store volume's `diskXsY` identifier.
-
-   If you get an error that the volume is in use by the kernel, reboot and immediately delete the volume before starting any other process.
-
-> **Note**
->
-> After you complete the steps here, you will still have an empty `/nix` directory.
-> This is an expected sign of a successful uninstall.
-> The empty `/nix` directory will disappear the next time you reboot.
->
-> You do not have to reboot to finish uninstalling Nix.
-> The uninstall is complete.
-> macOS (Catalina+) directly controls root directories, and its read-only root will prevent you from manually deleting the empty `/nix` mountpoint.
-
-## Single User
-
-To remove a [single-user installation](./installing-binary.md#single-user-installation) of Nix, run:
-
-```console
-rm -rf /nix ~/.nix-channels ~/.nix-defexpr ~/.nix-profile
-```
-You might also want to manually remove references to Nix from your `~/.profile`.

doc/manual/source/installation/upgrading.md

@@ -1,40 +0,0 @@
-# Upgrading Nix
-
-> **Note**
->
-> These upgrade instructions apply where Nix was installed following the [installation instructions in this manual](./index.md).
-
-Check which Nix version will be installed, for example from one of the [release channels](http://channels.nixos.org/) such as `nixpkgs-unstable`:
-
-```console
-$ nix-shell -p nix -I nixpkgs=channel:nixpkgs-unstable --run "nix --version"
-nix (Nix) 2.18.1
-```
-
-> **Warning**
->
-> Writing to the [local store](@docroot@/store/types/local-store.md) with a newer version of Nix, for example by building derivations with [`nix-build`](@docroot@/command-ref/nix-build.md) or [`nix-store --realise`](@docroot@/command-ref/nix-store/realise.md), may change the database schema!
-> Reverting to an older version of Nix may therefore require purging the store database before it can be used.
-
-## Linux multi-user
-
-```console
-$ sudo su
-# nix-env --install --file '<nixpkgs>' --attr nix cacert -I nixpkgs=channel:nixpkgs-unstable
-# systemctl daemon-reload
-# systemctl restart nix-daemon
-```
-
-## macOS multi-user
-
-```console
-$ sudo nix-env --install --file '<nixpkgs>' --attr nix cacert -I nixpkgs=channel:nixpkgs-unstable
-$ sudo launchctl remove org.nixos.nix-daemon
-$ sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-```
-
-## Single-user all platforms
-
-```console
-$ nix-env --install --file '<nixpkgs>' --attr nix cacert -I nixpkgs=channel:nixpkgs-unstable
-```

doc/manual/source/language/advanced-attributes.md

@@ -1,374 +0,0 @@
-# Advanced Attributes
-
-Derivations can declare some infrequently used optional attributes.
-
-## Inputs
-
-  - [`exportReferencesGraph`]{#adv-attr-exportReferencesGraph}\
-    This attribute allows builders access to the references graph of
-    their inputs. The attribute is a list of inputs in the Nix store
-    whose references graph the builder needs to know. The value of
-    this attribute should be a list of pairs `[ name1 path1 name2
-    path2 ...  ]`. The references graph of each *pathN* will be stored
-    in a text file *nameN* in the temporary build directory. The text
-    files have the format used by `nix-store --register-validity`
-    (with the deriver fields left empty). For example, when the
-    following derivation is built:
-
-    ```nix
-    derivation {
-      ...
-      exportReferencesGraph = [ "libfoo-graph" libfoo ];
-    };
-    ```
-
-    the references graph of `libfoo` is placed in the file
-    `libfoo-graph` in the temporary build directory.
-
-    `exportReferencesGraph` is useful for builders that want to do
-    something with the closure of a store path. Examples include the
-    builders in NixOS that generate the initial ramdisk for booting
-    Linux (a `cpio` archive containing the closure of the boot script)
-    and the ISO-9660 image for the installation CD (which is populated
-    with a Nix store containing the closure of a bootable NixOS
-    configuration).
-
-  - [`passAsFile`]{#adv-attr-passAsFile}\
-    A list of names of attributes that should be passed via files rather
-    than environment variables. For example, if you have
-
-    ```nix
-    passAsFile = ["big"];
-    big = "a very long string";
-    ```
-
-    then when the builder runs, the environment variable `bigPath`
-    will contain the absolute path to a temporary file containing `a
-    very long string`. That is, for any attribute *x* listed in
-    `passAsFile`, Nix will pass an environment variable `xPath`
-    holding the path of the file containing the value of attribute
-    *x*. This is useful when you need to pass large strings to a
-    builder, since most operating systems impose a limit on the size
-    of the environment (typically, a few hundred kilobyte).
-
-  - [`__structuredAttrs`]{#adv-attr-structuredAttrs}\
-    If the special attribute `__structuredAttrs` is set to `true`, the other derivation
-    attributes are serialised into a file in JSON format.
-
-    This obviates the need for [`passAsFile`](#adv-attr-passAsFile) since JSON files have no size restrictions, unlike process environments.
-    It also makes it possible to tweak derivation settings in a structured way;
-    see [`outputChecks`](#adv-attr-outputChecks) for example.
-
-    See the [corresponding section in the derivation page](@docroot@/store/derivation/index.md#structured-attrs) for further details.
-
-    > **Warning**
-    >
-    > If set to `true`, other advanced attributes such as [`allowedReferences`](#adv-attr-allowedReferences), [`allowedRequisites`](#adv-attr-allowedRequisites),
-    [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites), maxSize, and maxClosureSize.
-    will have no effect.
-
-## Output checks
-
-See the [corresponding section in the derivation output page](@docroot@/store/derivation/outputs/index.md).
-
-  - [`allowedReferences`]{#adv-attr-allowedReferences}\
-    The optional attribute `allowedReferences` specifies a list of legal
-    references (dependencies) of the output of the builder. For example,
-
-    ```nix
-    allowedReferences = [];
-    ```
-
-    enforces that the output of a derivation cannot have any runtime
-    dependencies on its inputs. To allow an output to have a runtime
-    dependency on itself, use `"out"` as a list item. This is used in
-    NixOS to check that generated files such as initial ramdisks for
-    booting Linux don’t have accidental dependencies on other paths in
-    the Nix store.
-
-  - [`allowedRequisites`]{#adv-attr-allowedRequisites}\
-    This attribute is similar to `allowedReferences`, but it specifies
-    the legal requisites of the whole closure, so all the dependencies
-    recursively. For example,
-
-    ```nix
-    allowedRequisites = [ foobar ];
-    ```
-
-    enforces that the output of a derivation cannot have any other
-    runtime dependency than `foobar`, and in addition it enforces that
-    `foobar` itself doesn't introduce any other dependency itself.
-
-  - [`disallowedReferences`]{#adv-attr-disallowedReferences}\
-    The optional attribute `disallowedReferences` specifies a list of
-    illegal references (dependencies) of the output of the builder. For
-    example,
-
-    ```nix
-    disallowedReferences = [ foo ];
-    ```
-
-    enforces that the output of a derivation cannot have a direct
-    runtime dependencies on the derivation `foo`.
-
-  - [`disallowedRequisites`]{#adv-attr-disallowedRequisites}\
-    This attribute is similar to `disallowedReferences`, but it
-    specifies illegal requisites for the whole closure, so all the
-    dependencies recursively. For example,
-
-    ```nix
-    disallowedRequisites = [ foobar ];
-    ```
-
-    enforces that the output of a derivation cannot have any runtime
-    dependency on `foobar` or any other derivation depending recursively
-    on `foobar`.
-
-  - [`outputChecks`]{#adv-attr-outputChecks}\
-    When using [structured attributes](#adv-attr-structuredAttrs), the `outputChecks`
-    attribute allows defining checks per-output.
-
-    In addition to
-    [`allowedReferences`](#adv-attr-allowedReferences), [`allowedRequisites`](#adv-attr-allowedRequisites),
-    [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites),
-    the following attributes are available:
-
-    - `maxSize` defines the maximum size of the resulting [store object](@docroot@/store/store-object.md).
-    - `maxClosureSize` defines the maximum size of the output's closure.
-    - `ignoreSelfRefs` controls whether self-references should be considered when
-      checking for allowed references/requisites.
-
-    Example:
-
-    ```nix
-    __structuredAttrs = true;
-
-    outputChecks.out = {
-      # The closure of 'out' must not be larger than 256 MiB.
-      maxClosureSize = 256 * 1024 * 1024;
-
-      # It must not refer to the C compiler or to the 'dev' output.
-      disallowedRequisites = [ stdenv.cc "dev" ];
-    };
-
-    outputChecks.dev = {
-      # The 'dev' output must not be larger than 128 KiB.
-      maxSize = 128 * 1024;
-    };
-    ```
-
-## Other output modifications
-
-  - [`unsafeDiscardReferences`]{#adv-attr-unsafeDiscardReferences}\
-    When using [structured attributes](#adv-attr-structuredAttrs), the
-    attribute `unsafeDiscardReferences` is an attribute set with a boolean value for each output name.
-    If set to `true`, it disables scanning the output for runtime dependencies.
-
-    Example:
-
-    ```nix
-    __structuredAttrs = true;
-    unsafeDiscardReferences.out = true;
-    ```
-
-    This is useful, for example, when generating self-contained filesystem images with
-    their own embedded Nix store: hashes found inside such an image refer
-    to the embedded store and not to the host's Nix store.
-
-## Build scheduling
-
-  - [`preferLocalBuild`]{#adv-attr-preferLocalBuild}\
-    If this attribute is set to `true` and [distributed building is enabled](@docroot@/command-ref/conf-file.md#conf-builders), then, if possible, the derivation will be built locally instead of being forwarded to a remote machine.
-    This is useful for derivations that are cheapest to build locally.
-
-  - [`allowSubstitutes`]{#adv-attr-allowSubstitutes}\
-    If this attribute is set to `false`, then Nix will always build this derivation (locally or remotely); it will not try to substitute its outputs.
-    This is useful for derivations that are cheaper to build than to substitute.
-
-    This attribute can be ignored by setting [`always-allow-substitutes`](@docroot@/command-ref/conf-file.md#conf-always-allow-substitutes) to `true`.
-
-    > **Note**
-    >
-    > If set to `false`, the [`builder`] should be able to run on the system type specified in the [`system` attribute](./derivations.md#attr-system), since the derivation cannot be substituted.
-
-    [`builder`]: ./derivations.md#attr-builder
-
-- [`requiredSystemFeatures`]{#adv-attr-requiredSystemFeatures}\
-  If a derivation has the `requiredSystemFeatures` attribute, then Nix will only build it on a machine that has the corresponding features set in its [`system-features` configuration](@docroot@/command-ref/conf-file.md#conf-system-features).
-
-  For example, setting
-
-  ```nix
-  requiredSystemFeatures = [ "kvm" ];
-  ```
-
-  ensures that the derivation can only be built on a machine with the `kvm` feature.
-
-# Impure builder configuration
-
-  - [`impureEnvVars`]{#adv-attr-impureEnvVars}\
-    This attribute allows you to specify a list of environment variables
-    that should be passed from the environment of the calling user to
-    the builder. Usually, the environment is cleared completely when the
-    builder is executed, but with this attribute you can allow specific
-    environment variables to be passed unmodified. For example,
-    `fetchurl` in Nixpkgs has the line
-
-    ```nix
-    impureEnvVars = [ "http_proxy" "https_proxy" ... ];
-    ```
-
-    to make it use the proxy server configuration specified by the user
-    in the environment variables `http_proxy` and friends.
-
-    This attribute is only allowed in [fixed-output derivations][fixed-output derivation],
-    where impurities such as these are okay since (the hash
-    of) the output is known in advance. It is ignored for all other
-    derivations.
-
-    > **Warning**
-    >
-    > `impureEnvVars` implementation takes environment variables from
-    > the current builder process. When a daemon is building its
-    > environmental variables are used. Without the daemon, the
-    > environmental variables come from the environment of the
-    > `nix-build`.
-
-    If the [`configurable-impure-env` experimental
-    feature](@docroot@/development/experimental-features.md#xp-feature-configurable-impure-env)
-    is enabled, these environment variables can also be controlled
-    through the
-    [`impure-env`](@docroot@/command-ref/conf-file.md#conf-impure-env)
-    configuration setting.
-
-## Setting the derivation type
-
-As discussed in [Derivation Outputs and Types of Derivations](@docroot@/store/derivation/outputs/index.md), there are multiples kinds of derivations / kinds of derivation outputs.
-The choice of the following attributes determines which kind of derivation we are making.
-
-- [`__contentAddressed`]
-
-- [`outputHash`]
-
-- [`outputHashAlgo`]
-
-- [`outputHashMode`]
-
-The three types of derivations are chosen based on the following combinations of these attributes.
-All other combinations are invalid.
-
-- [Input-addressing derivations](@docroot@/store/derivation/outputs/input-address.md)
-
-  This is the default for `builtins.derivation`.
-  Nix only currently supports one kind of input-addressing, so no other information is needed.
-
-  `__contentAddressed = false;` may also be included, but is not needed, and will trigger the experimental feature check.
-
-- [Fixed-output derivations][fixed-output derivation]
-
-  All of [`outputHash`], [`outputHashAlgo`], and [`outputHashMode`].
-
-  <!--
-
-  `__contentAddressed` is ignored, because fixed-output derivations always content-address their outputs, by definition.
-
-  **TODO CHECK**
-
-  -->
-
-- [(Floating) content-addressing derivations](@docroot@/store/derivation/outputs/content-address.md)
-
-  Both [`outputHashAlgo`] and [`outputHashMode`], `__contentAddressed = true;`, and *not* `outputHash`.
-
-  If an output hash was given, then the derivation output would be "fixed" not "floating".
-
-Here is more information on the `output*` attributes, and what values they may be set to:
-
-  - [`outputHashMode`]{#adv-attr-outputHashMode}
-
-    This specifies how the files of a content-addressing derivation output are digested to produce a content address.
-
-    This works in conjunction with [`outputHashAlgo`](#adv-attr-outputHashAlgo).
-    Specifying one without the other is an error (unless [`outputHash` is also specified and includes its own hash algorithm as described below).
-
-    The `outputHashMode` attribute determines how the hash is computed.
-    It must be one of the following values:
-
-      - [`"flat"`](@docroot@/store/store-object/content-address.md#method-flat)
-
-        This is the default.
-
-      - [`"recursive"` or `"nar"`](@docroot@/store/store-object/content-address.md#method-nix-archive)
-
-        > **Compatibility**
-        >
-        > `"recursive"` is the traditional way of indicating this,
-        > and is supported since 2005 (virtually the entire history of Nix).
-        > `"nar"` is more clear, and consistent with other parts of Nix (such as the CLI),
-        > however support for it is only added in Nix version 2.21.
-
-      - [`"text"`](@docroot@/store/store-object/content-address.md#method-text)
-
-        > **Warning**
-        >
-        > The use of this method for derivation outputs is part of the [`dynamic-derivations`][xp-feature-dynamic-derivations] experimental feature.
-
-      - [`"git"`](@docroot@/store/store-object/content-address.md#method-git)
-
-        > **Warning**
-        >
-        > This method is part of the [`git-hashing`][xp-feature-git-hashing] experimental feature.
-
-    See [content-addressing store objects](@docroot@/store/store-object/content-address.md) for more information about the process this flag controls.
-
-  - [`outputHashAlgo`]{#adv-attr-outputHashAlgo}
-
-    This specifies the hash algorithm used to digest the [file system object] data of a content-addressing derivation output.
-
-    This works in conjunction with [`outputHashMode`](#adv-attr-outputHashAlgo).
-    Specifying one without the other is an error (unless `outputHash` is also specified and includes its own hash algorithm as described below).
-
-    The `outputHashAlgo` attribute specifies the hash algorithm used to compute the hash.
-    It can currently be `"blake3"`, `"sha1"`, `"sha256"`, `"sha512"`, or `null`.
-
-    `outputHashAlgo` can only be `null` when `outputHash` follows the SRI format, because in that case the choice of hash algorithm is determined by `outputHash`.
-
-  - [`outputHash`]{#adv-attr-outputHash}
-
-    This will specify the output hash of the single output of a [fixed-output derivation].
-
-    The `outputHash` attribute must be a string containing the hash in either hexadecimal or "nix32" encoding, or following the format for integrity metadata as defined by [SRI](https://www.w3.org/TR/SRI/).
-    The "nix32" encoding is an adaptation of base-32 encoding.
-
-    > **Note**
-    >
-    > The [`convertHash`](@docroot@/language/builtins.md#builtins-convertHash) function shows how to convert between different encodings.
-    > The [`nix-hash` command](../command-ref/nix-hash.md) has information about obtaining the hash for some contents, as well as converting to and from encodings.
-
-  - [`__contentAddressed`]{#adv-attr-__contentAddressed}
-
-    > **Warning**
-    >
-    > This attribute is part of an [experimental feature](@docroot@/development/experimental-features.md).
-    >
-    > To use this attribute, you must enable the
-    > [`ca-derivations`][xp-feature-ca-derivations] experimental feature.
-    > For example, in [nix.conf](../command-ref/conf-file.md) you could add:
-    >
-    > ```
-    > extra-experimental-features = ca-derivations
-    > ```
-
-    This is a boolean with a default of `false`.
-    It determines whether the derivation is floating content-addressing.
-
-[`__contentAddressed`]: #adv-attr-__contentAddressed
-[`outputHash`]: #adv-attr-outputHash
-[`outputHashAlgo`]: #adv-attr-outputHashAlgo
-[`outputHashMode`]: #adv-attr-outputHashMode
-
-[fixed-output derivation]: @docroot@/glossary.md#gloss-fixed-output-derivation
-[file system object]: @docroot@/store/file-system-object.md
-[store object]: @docroot@/store/store-object.md
-[xp-feature-dynamic-derivations]: @docroot@/development/experimental-features.md#xp-feature-dynamic-derivations
-[xp-feature-git-hashing]: @docroot@/development/experimental-features.md#xp-feature-git-hashing