WIP strip strings at compile time

2025-11-17 14:32:33 -05:00
645 changed files with 6736 additions and 15641 deletions
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -20,13 +20,13 @@ jobs:
        with:
          app-id: ${{ vars.CI_APP_ID }}
          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          # required to find all branches
          fetch-depth: 0
      - name: Create backport PRs
-        uses: korthout/backport-action@c656f5d5851037b2b38fb5db2691a03fa229e3b2 # v4.0.1
+        uses: korthout/backport-action@d07416681cab29bf2661702f925f020aaa962997 # v3.4.1
        id: backport
        with:
          # Config README: https://github.com/korthout/backport-action#backport-action
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,7 +24,7 @@ jobs:
  eval:
    runs-on: ubuntu-24.04
    steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v5
      with:
        fetch-depth: 0
    - uses: ./.github/actions/install-nix-action
@@ -40,7 +40,7 @@ jobs:
    name: pre-commit checks
    runs-on: ubuntu-24.04
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - uses: ./.github/actions/install-nix-action
        with:
          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
@@ -87,7 +87,7 @@ jobs:
    runs-on: ${{ matrix.runs-on }}
    timeout-minutes: 60
    steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v5
      with:
        fetch-depth: 0
    - uses: ./.github/actions/install-nix-action
@@ -125,13 +125,13 @@ jobs:
        cat coverage-reports/index.txt >> $GITHUB_STEP_SUMMARY
      if: ${{ matrix.instrumented }}
    - name: Upload coverage reports
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@v5
      with:
        name: coverage-reports
        path: coverage-reports/
      if: ${{ matrix.instrumented }}
    - name: Upload installer tarball
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@v5
      with:
        name: installer-${{matrix.os}}
        path: out/*
@@ -162,9 +162,9 @@ jobs:
    name: installer test ${{ matrix.scenario }}
    runs-on: ${{ matrix.runs-on }}
    steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v5
    - name: Download installer tarball
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+      uses: actions/download-artifact@v6
      with:
        name: installer-${{matrix.os}}
        path: out
@@ -174,7 +174,7 @@ jobs:
        echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT"
        TARBALL_PATH="$(find "$GITHUB_WORKSPACE/out" -name 'nix*.tar.xz' -print | head -n 1)"
        echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
-    - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
+    - uses: cachix/install-nix-action@7ec16f2c061ab07b235a7245e06ed46fe9a1cab6 # v31.8.3
      if: ${{ !matrix.experimental-installer }}
      with:
        install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }}
@@ -197,37 +197,103 @@ jobs:
    - run: exec bash -c "nix-channel --add https://releases.nixos.org/nixos/unstable/nixos-23.05pre466020.60c1d71f2ba nixpkgs"
    - run: exec bash -c "nix-channel --update && nix-env -iA nixpkgs.hello && hello"

+  # Steps to test CI automation in your own fork.
+  # 1. Sign-up for https://hub.docker.com/
+  # 2. Store your dockerhub username as DOCKERHUB_USERNAME in "Repository secrets" of your fork repository settings (https://github.com/$githubuser/nix/settings/secrets/actions)
+  # 3. Create an access token in https://hub.docker.com/settings/security and store it as DOCKERHUB_TOKEN in "Repository secrets" of your fork
+  check_secrets:
+    permissions:
+      contents: none
+    name: Check presence of secrets
+    runs-on: ubuntu-24.04
+    outputs:
+      docker: ${{ steps.secret.outputs.docker }}
+    steps:
+      - name: Check for DockerHub secrets
+        id: secret
+        env:
+          _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
+        run: |
+          echo "docker=${{ env._DOCKER_SECRETS != '' }}" >> $GITHUB_OUTPUT
+
+  docker_push_image:
+    needs: [tests, check_secrets]
+    permissions:
+      contents: read
+      packages: write
+    if: >-
+      needs.check_secrets.outputs.docker == 'true' &&
+      github.event_name == 'push' &&
+      github.ref_name == 'master'
+    runs-on: ubuntu-24.04
+    steps:
+    - uses: actions/checkout@v5
+      with:
+        fetch-depth: 0
+    - uses: ./.github/actions/install-nix-action
+      with:
+        dogfood: false
+        extra_nix_config: |
+          experimental-features = flakes nix-command
+    - run: echo NIX_VERSION="$(nix eval .\#nix.version | tr -d \")" >> $GITHUB_ENV
+    - run: nix build .#dockerImage -L
+    - run: docker load -i ./result/image.tar.gz
+    - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
+    - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
+    # We'll deploy the newly built image to both Docker Hub and Github Container Registry.
+    #
+    # Push to Docker Hub first
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
+    - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
+    # Push to GitHub Container Registry as well
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Push image
+      run: |
+        IMAGE_ID=ghcr.io/${{ github.repository_owner }}/nix
+        # Change all uppercase to lowercase
+        IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+
+        docker tag nix:$NIX_VERSION $IMAGE_ID:$NIX_VERSION
+        docker tag nix:$NIX_VERSION $IMAGE_ID:latest
+        docker push $IMAGE_ID:$NIX_VERSION
+        docker push $IMAGE_ID:latest
+        # deprecated 2024-02-24
+        docker tag nix:$NIX_VERSION $IMAGE_ID:master
+        docker push $IMAGE_ID:master
+
  flake_regressions:
    needs: tests
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout nix
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
      - name: Checkout flake-regressions
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
        with:
          repository: NixOS/flake-regressions
          path: flake-regressions
      - name: Checkout flake-regressions-data
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
        with:
          repository: NixOS/flake-regressions-data
          path: flake-regressions/tests
-      - name: Download installer tarball
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+      - uses: ./.github/actions/install-nix-action
        with:
-          name: installer-linux
-          path: out
-      - name: Looking up the installer tarball URL
-        id: installer-tarball-url
-        run: |
-          echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT"
-      - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
-        with:
-          install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }}
-          install_options: ${{ format('--tarball-url-prefix {0}', steps.installer-tarball-url.outputs.installer-url) }}
-      - name: Run flake regressions tests
-        run: MAX_FLAKES=25 flake-regressions/eval-all.sh
+          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
+          extra_nix_config:
+            experimental-features = nix-command flakes
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh

  profile_build:
    needs: tests
@@ -237,7 +303,7 @@ jobs:
      github.event_name == 'push' &&
      github.ref_name == 'master'
    steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v5
      with:
        fetch-depth: 0
    - uses: ./.github/actions/install-nix-action
--- a/.github/workflows/upload-release.yml
+++ b/.github/workflows/upload-release.yml
@@ -1,69 +0,0 @@
-name: Upload Release
-on:
-  workflow_dispatch:
-    inputs:
-      eval_id:
-        description: "Hydra evaluation ID"
-        required: true
-        type: number
-      is_latest:
-        description: "Mark as latest release"
-        required: false
-        type: boolean
-        default: false
-permissions:
-  contents: read
-  id-token: write
-  packages: write
-jobs:
-  release:
-    runs-on: ubuntu-24.04
-    environment: releases
-    steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: false # Use stable version
-          use_cache: false # Don't want any cache injection shenanigans
-          extra_nix_config: |
-            experimental-features = nix-command flakes
-      - name: Set NIX_PATH from flake input
-        run: |
-          NIXPKGS_PATH=$(nix build --inputs-from .# nixpkgs#path --print-out-paths --no-link)
-          # Shebangs with perl have issues. Pin nixpkgs this way. nix shell should maybe
-          # get the same uberhack that nix-shell has to support it.
-          echo "NIX_PATH=nixpkgs=$NIXPKGS_PATH" >> "$GITHUB_ENV"
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1
-        with:
-          role-to-assume: "arn:aws:iam::080433136561:role/nix-release"
-          role-session-name: nix-release-oidc-${{ github.run_id }}
-          aws-region: eu-west-1
-      - name: Login to Docker Hub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Upload release
-        run: |
-          ./maintainers/upload-release.pl \
-            ${{ inputs.eval_id }} \
-            --skip-git
-        env:
-          IS_LATEST: ${{ inputs.is_latest && '1' || '' }}
-      - name: Push to GHCR
-        run: |
-          DOCKER_OWNER="ghcr.io/$(echo '${{ github.repository_owner }}' | tr '[A-Z]' '[a-z]')/nix"
-          ./maintainers/upload-release.pl \
-            ${{ inputs.eval_id }} \
-            --skip-git \
-            --skip-s3 \
-            --docker-owner "$DOCKER_OWNER"
-        env:
-          IS_LATEST: ${{ inputs.is_latest && '1' || '' }}
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.34.0
+2.33.0
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -94,8 +94,6 @@ The underlying source files are located in [`doc/manual/source`](./doc/manual/so
 For small changes you can [use GitHub to edit these files](https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files)
 For larger changes see the [Nix reference manual](https://nix.dev/manual/nix/development/development/contributing.html).

-You're encouraged to add line breaks at semantic boundaries, per [sembr](https://sembr.org).
-
 ## Getting help

 Whenever you're stuck or do not know how to proceed, you can always ask for help.
--- a/doc/manual/anchors.jq
+++ b/doc/manual/anchors.jq
@@ -24,15 +24,8 @@ def map_contents_recursively(transformer):
 def process_command:
    .[0] as $context |
    .[1] as $body |
-    # mdbook 0.5.x uses 'items' instead of 'sections'
-    if $body.items then
-        $body + {
-            items: $body.items | map(map_contents_recursively(if $context.renderer == "html" then transform_anchors_html else transform_anchors_strip end)),
-        }
-    else
-        $body + {
-            sections: $body.sections | map(map_contents_recursively(if $context.renderer == "html" then transform_anchors_html else transform_anchors_strip end)),
-        }
-    end;
+    $body + {
+        sections: $body.sections | map(map_contents_recursively(if $context.renderer == "html" then transform_anchors_html else transform_anchors_strip end)),
+    };

 process_command
--- a/doc/manual/book.toml.in
+++ b/doc/manual/book.toml.in
@@ -24,3 +24,12 @@ renderers = ["html"]
 command = "jq --from-file ./anchors.jq"

 [output.markdown]
+
+[output.linkcheck]
+# no Internet during the build (in the sandbox)
+follow-web-links = false
+
+# mdbook-linkcheck does not understand [foo]{#bar} style links, resulting in
+# excessive "Potential incomplete link" warnings. No other kind of warning was
+# produced at the time of writing.
+warning-policy = "ignore"
--- a/doc/manual/expand-includes.py
+++ b/doc/manual/expand-includes.py
@@ -1,223 +0,0 @@
-#!/usr/bin/env python3
-"""
-Standalone markdown preprocessor for manpage generation.
-
-Expands {{#include}} directives and handles @docroot@ references
-without requiring mdbook.
-"""
-
-from pathlib import Path
-import sys
-import argparse
-import re
-
-
-def expand_includes(
-    content: str,
-    current_file: Path,
-    source_root: Path,
-    generated_root: Path | None,
-    visited: set[Path] | None = None,
-) -> str:
-    """
-    Recursively expand {{#include path}} directives.
-
-    Args:
-        content: Markdown content to process
-        current_file: Path to the current file (for resolving relative includes)
-        source_root: Root of the source directory
-        generated_root: Root of generated files (for @generated@/ includes)
-        visited: Set of already-visited files (for cycle detection)
-    """
-    if visited is None:
-        visited = set()
-
-    # Track current file to detect cycles
-    visited.add(current_file.resolve())
-
-    lines = []
-    include_pattern = re.compile(r'^\s*\{\{#include\s+(.+?)\}\}\s*$')
-
-    for line in content.splitlines(keepends=True):
-        match = include_pattern.match(line)
-        if not match:
-            lines.append(line)
-            continue
-
-        # Found an include directive
-        include_path_str = match.group(1).strip()
-
-        # Resolve the include path
-        if include_path_str.startswith("@generated@/"):
-            # Generated file
-            if generated_root is None:
-                raise ValueError(
-                    f"Cannot resolve @generated@ path '{include_path_str}' "
-                    f"without --generated-root"
-                )
-            include_path = generated_root / include_path_str[12:]
-        else:
-            # Relative to current file
-            include_path = (current_file.parent / include_path_str).resolve()
-
-        # Check for cycles
-        if include_path.resolve() in visited:
-            raise RuntimeError(
-                f"Include cycle detected: {include_path} is already being processed"
-            )
-
-        # Check that file exists
-        if not include_path.exists():
-            raise FileNotFoundError(
-                f"Include file not found: {include_path_str}\n"
-                f"  Resolved to: {include_path}\n"
-                f"  From: {current_file}"
-            )
-
-        # Recursively expand the included file
-        included_content = include_path.read_text()
-        expanded = expand_includes(
-            included_content,
-            include_path,
-            source_root,
-            generated_root,
-            visited.copy(),  # Copy visited set for this branch
-        )
-        lines.append(expanded)
-        # Add newline if the included content doesn't end with one
-        if not expanded.endswith('\n'):
-            lines.append('\n')
-
-    return ''.join(lines)
-
-
-def resolve_docroot(content: str, current_file: Path, source_root: Path, docroot_url: str) -> str:
-    """
-    Replace @docroot@ with nix.dev URL and convert .md to .html.
-
-    For manpages, absolute URLs are more useful than relative paths since
-    manpages are viewed standalone. lowdown will display these as proper
-    references in the manpage output.
-    """
-    # Replace @docroot@ with the base URL
-    content = content.replace("@docroot@", docroot_url)
-
-    # Convert .md extensions to .html for web links
-    # Use lookahead to ensure that .md occurs before a fragment or a possible URL end.
-    content = re.sub(
-        r'(https://nix\.dev/[^)\s]*?)\.md(?=[#)\s]|$)',
-        r'\1.html',
-        content
-    )
-
-    return content
-
-
-def resolve_at_escapes(content: str) -> str:
-    """Replace @_at_ with @"""
-    return content.replace("@_at_", "@")
-
-
-def process_file(
-    input_file: Path,
-    source_root: Path,
-    generated_root: Path | None,
-    docroot_url: str,
-) -> str:
-    """Process a single markdown file."""
-    content = input_file.read_text()
-
-    # Expand includes
-    content = expand_includes(content, input_file, source_root, generated_root)
-
-    # Resolve @docroot@ references
-    content = resolve_docroot(content, input_file, source_root, docroot_url)
-
-    # Resolve @_at_ escapes
-    content = resolve_at_escapes(content)
-
-    return content
-
-
-def main():
-    parser = argparse.ArgumentParser(
-        description="Expand markdown includes for manpage generation",
-        formatter_class=argparse.RawDescriptionHelpFormatter,
-        epilog="""
-Examples:
-  # Expand a manpage source file
-  %(prog)s \\
-    --source-root doc/manual/source \\
-    --generated-root build/doc/manual/source \\
-    doc/manual/source/command-ref/nix-store/query.md
-
-  # Pipe to lowdown for manpage generation
-  %(prog)s -s doc/manual/source -g build/doc/manual/source \\
-    doc/manual/source/command-ref/nix-env.md | \\
-    lowdown -sT man -M section=1 -o nix-env.1
-        """,
-    )
-    parser.add_argument(
-        "input_file",
-        type=Path,
-        help="Input markdown file to process",
-    )
-    parser.add_argument(
-        "-s", "--source-root",
-        type=Path,
-        required=True,
-        help="Root directory of markdown sources",
-    )
-    parser.add_argument(
-        "-g", "--generated-root",
-        type=Path,
-        help="Root directory of generated files (for @generated@/ includes)",
-    )
-    parser.add_argument(
-        "-o", "--output",
-        type=Path,
-        help="Output file (default: stdout)",
-    )
-    parser.add_argument(
-        "-u", "--doc-url",
-        type=str,
-        default="https://nix.dev/manual/nix/latest",
-        help="Base URL for documentation links (default: https://nix.dev/manual/nix/latest)",
-    )
-
-    args = parser.parse_args()
-
-    # Validate paths
-    if not args.input_file.exists():
-        print(f"Error: Input file not found: {args.input_file}", file=sys.stderr)
-        return 1
-
-    if not args.source_root.is_dir():
-        print(f"Error: Source root is not a directory: {args.source_root}", file=sys.stderr)
-        return 1
-
-    if args.generated_root and not args.generated_root.is_dir():
-        print(f"Error: Generated root is not a directory: {args.generated_root}", file=sys.stderr)
-        return 1
-
-    try:
-        # Process the file
-        output = process_file(args.input_file, args.source_root, args.generated_root, args.doc_url)
-
-        # Write output
-        if args.output:
-            args.output.write_text(output)
-        else:
-            print(output, end='')
-
-        return 0
-
-    except Exception as e:
-        print(f"Error processing {args.input_file}: {e}", file=sys.stderr)
-        import traceback
-        traceback.print_exc(file=sys.stderr)
-        return 1
-
-
-if __name__ == "__main__":
-    sys.exit(main())
--- a/doc/manual/generate-redirects.py
+++ b/doc/manual/generate-redirects.py
@@ -1,15 +0,0 @@
-#!/usr/bin/env python3
-"""Generate redirects.js from template and JSON data."""
-
-import sys
-
-template_path, json_path, output_path = sys.argv[1:]
-
-with open(json_path) as f:
-    json_content = f.read().rstrip()
-
-with open(template_path) as f:
-    template = f.read()
-
-with open(output_path, 'w') as f:
-    f.write(template.replace('@REDIRECTS_JSON@', json_content))
--- a/doc/manual/meson.build
+++ b/doc/manual/meson.build
@@ -5,28 +5,11 @@ project(
  license : 'LGPL-2.1-or-later',
 )

-# Compute documentation URL based on version and release type
-version = meson.project_version()
-official_release = get_option('official-release')
-
-if official_release
-  # For official releases, use versioned URL (dropping patch version)
-  version_parts = version.split('.')
-  major_minor = '@0@.@1@'.format(version_parts[0], version_parts[1])
-  doc_url = 'https://nix.dev/manual/nix/@0@'.format(major_minor)
-else
-  # For development builds, use /latest
-  doc_url = 'https://nix.dev/manual/nix/latest'
-endif
-
 nix = find_program('nix', native : true)

+mdbook = find_program('mdbook', native : true)
 bash = find_program('bash', native : true)
-
-# HTML manual dependencies (conditional)
-if get_option('html-manual')
-  mdbook = find_program('mdbook', native : true)
-endif
+rsync = find_program('rsync', required : true, native : true)

 pymod = import('python')
 python = pymod.find_installation('python3')
@@ -74,24 +57,6 @@ generate_manual_deps = files(
  'generate-deps.py',
 )

-# Generate redirects.js from template and JSON data
-redirects_js = custom_target(
-  'redirects.js',
-  command : [
-    python,
-    '@INPUT0@',
-    '@INPUT1@',
-    '@INPUT2@',
-    '@OUTPUT@',
-  ],
-  input : [
-    'generate-redirects.py',
-    'redirects.js.in',
-    'redirects.json',
-  ],
-  output : 'redirects.js',
-)
-
 # Generates types
 subdir('source/store')
 # Generates builtins.md and builtin-constants.md.
@@ -112,75 +77,66 @@ else
  nix_input = []
 endif

-# HTML manual build (conditional)
-if get_option('html-manual')
-  manual = custom_target(
+manual = custom_target(
+  'manual',
+  command : [
+    bash,
+    '-euo',
+    'pipefail',
+    '-c',
+    '''
+        @0@ @INPUT0@ @CURRENT_SOURCE_DIR@ > @DEPFILE@
+        @0@ @INPUT1@ summary @2@ < @CURRENT_SOURCE_DIR@/source/SUMMARY.md.in > @2@/source/SUMMARY.md
+        sed -e 's|@version@|@3@|g' < @INPUT2@ > @2@/book.toml
+        @4@ -r -L --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
+        (cd @2@; RUST_LOG=warn @1@ build -d @2@ 3>&2 2>&1 1>&3) | { grep -Fv "because fragment resolution isn't implemented" || :; } 3>&2 2>&1 1>&3
+        rm -rf @2@/manual
+        mv @2@/html @2@/manual
+        # Remove Mathjax 2.7, because we will actually use MathJax 3.x
+        find @2@/manual | grep .html | xargs sed -i -e '/2.7.1.MathJax.js/d'
+        find @2@/manual -iname meson.build -delete
+    '''.format(
+      python.full_path(),
+      mdbook.full_path(),
+      meson.current_build_dir(),
+      meson.project_version(),
+      rsync.full_path(),
+    ),
+  ],
+  input : [
+    generate_manual_deps,
+    'substitute.py',
+    'book.toml.in',
+    'anchors.jq',
+    'custom.css',
+    nix3_cli_files,
+    experimental_features_shortlist_md,
+    experimental_feature_descriptions_md,
+    types_dir,
+    conf_file_md,
+    builtins_md,
+    rl_next_generated,
+    summary_rl_next,
+    json_schema_generated_files,
+    nix_input,
+  ],
+  output : [
    'manual',
-    command : [
-      bash,
-      '-euo',
-      'pipefail',
-      '-c',
-      '''
-          @0@ @INPUT0@ @CURRENT_SOURCE_DIR@ > @DEPFILE@
-          @0@ @INPUT1@ summary @2@ < @CURRENT_SOURCE_DIR@/source/SUMMARY.md.in > @2@/source/SUMMARY.md
-          sed -e 's|@version@|@3@|g' < @INPUT2@ > @2@/book.toml
-          # Copy source to build directory, excluding the build directory itself
-          # (which is present when built as an individual component).
-          # Use tar with --dereference to copy symlink targets (e.g., JSON examples from tests).
-          (cd @CURRENT_SOURCE_DIR@ && find . -mindepth 1 -maxdepth 1 ! -name build | tar -c --dereference -T - -f -) | (cd @2@ && tar -xf -)
-          chmod -R u+w @2@
-          find @2@ -name '*.drv' -delete
-          (cd @2@; RUST_LOG=warn @1@ build -d @2@ 3>&2 2>&1 1>&3) | { grep -Fv "because fragment resolution isn't implemented" || :; } 3>&2 2>&1 1>&3
-          rm -rf @2@/manual
-          mv @2@/html @2@/manual
-          # Remove Mathjax 2.7, because we will actually use MathJax 3.x
-          find @2@/manual | grep .html | xargs sed -i -e '/2.7.1.MathJax.js/d'
-          find @2@/manual -iname meson.build -delete
-      '''.format(
-        python.full_path(),
-        mdbook.full_path(),
-        meson.current_build_dir(),
-        meson.project_version(),
-      ),
-    ],
-    input : [
-      generate_manual_deps,
-      'substitute.py',
-      'book.toml.in',
-      'anchors.jq',
-      'custom.css',
-      redirects_js,
-      nix3_cli_files,
-      experimental_features_shortlist_md,
-      experimental_feature_descriptions_md,
-      types_dir,
-      conf_file_md,
-      builtins_md,
-      rl_next_generated,
-      summary_rl_next,
-      json_schema_generated_files,
-      nix_input,
-    ],
-    output : [
-      'manual',
-      'markdown',
-    ],
-    depfile : 'manual.d',
-    build_by_default : true,
-    env : {
-      'RUST_LOG' : 'info',
-      'MDBOOK_SUBSTITUTE_SEARCH' : meson.current_build_dir() / 'source',
-    },
-  )
-  manual_html = manual[0]
-  manual_md = manual[1]
+    'markdown',
+  ],
+  depfile : 'manual.d',
+  env : {
+    'RUST_LOG' : 'info',
+    'MDBOOK_SUBSTITUTE_SEARCH' : meson.current_build_dir() / 'source',
+  },
+)
+manual_html = manual[0]
+manual_md = manual[1]

-  install_subdir(
-    manual_html.full_path(),
-    install_dir : get_option('datadir') / 'doc/nix',
-  )
-endif
+install_subdir(
+  manual_html.full_path(),
+  install_dir : get_option('datadir') / 'doc/nix',
+)

 nix_nested_manpages = [
  [
@@ -226,7 +182,6 @@ nix_nested_manpages = [
  ],
 ]

-# Manpage generation (standalone, no mdbook dependency)
 foreach command : nix_nested_manpages
  foreach page : command[1]
    title = command[0] + ' --' + page
@@ -234,19 +189,15 @@ foreach command : nix_nested_manpages
    custom_target(
      command : [
        bash,
-        '@INPUT0@',
+        files('./render-manpage.sh'),
        '--out-no-smarty',
        title,
        section,
-        meson.current_source_dir() / 'source',
-        meson.current_build_dir() / 'source',
-        doc_url,
-        meson.current_source_dir() / 'source/command-ref' / command[0] / (page + '.md'),
+        '@INPUT0@/command-ref' / command[0] / (page + '.md'),
        '@OUTPUT0@',
      ],
      input : [
-        files('./render-manpage.sh'),
-        files('./expand-includes.py'),
+        manual_md,
        nix_input,
      ],
      output : command[0] + '-' + page + '.1',
@@ -355,21 +306,14 @@ foreach page : nix3_manpages
    command : [
      bash,
      '@INPUT0@',
-      # Note: no --out-no-smarty flag (original behavior)
      page,
      section,
-      meson.current_source_dir() / 'source',
-      meson.current_build_dir() / 'source',
-      doc_url,
-      meson.current_build_dir() / 'source/command-ref/new-cli/@0@.md'.format(
-        page,
-      ),
+      '@INPUT1@/command-ref/new-cli/@0@.md'.format(page),
      '@OUTPUT@',
    ],
    input : [
      files('./render-manpage.sh'),
-      files('./expand-includes.py'),
-      nix3_cli_files,
+      manual_md,
      nix_input,
    ],
    output : page + '.1',
@@ -389,12 +333,7 @@ nix_manpages = [
  [ 'nix-channel', 1 ],
  [ 'nix-hash', 1 ],
  [ 'nix-copy-closure', 1 ],
-  [
-    'nix.conf',
-    5,
-    conf_file_md.full_path(),
-    [ conf_file_md, experimental_features_shortlist_md ],
-  ],
+  [ 'nix.conf', 5, conf_file_md.full_path() ],
  [ 'nix-daemon', 8 ],
  [ 'nix-profiles', 5, 'files/profiles.md' ],
 ]
@@ -406,24 +345,19 @@ foreach entry : nix_manpages
  # Therefore we use an optional third element of this array to override the name pattern
  md_file = entry.get(2, title + '.md')
  section = entry[1].to_string()
-  input_file = meson.current_source_dir() / 'source/command-ref' / md_file
-
+  md_file_resolved = join_paths('@INPUT1@/command-ref/', md_file)
  custom_target(
    command : [
      bash,
      '@INPUT0@',
-      # Note: no --out-no-smarty flag (original behavior)
      title,
      section,
-      meson.current_source_dir() / 'source',
-      meson.current_build_dir() / 'source',
-      doc_url,
-      input_file,
+      md_file_resolved,
      '@OUTPUT@',
    ],
    input : [
      files('./render-manpage.sh'),
-      files('./expand-includes.py'),
+      manual_md,
      entry.get(3, []),
      nix_input,
    ],
--- a/doc/manual/meson.options
+++ b/doc/manual/meson.options
@@ -1,13 +0,0 @@
-option(
-  'official-release',
-  type : 'boolean',
-  value : true,
-  description : 'Whether this is an official release build (affects documentation URLs)',
-)
-
-option(
-  'html-manual',
-  type : 'boolean',
-  value : true,
-  description : 'Whether to build the HTML manual (requires mdbook)',
-)
--- a/doc/manual/package.nix
+++ b/doc/manual/package.nix
@@ -1,15 +1,15 @@
 {
  lib,
-  callPackage,
  mkMesonDerivation,
-  runCommand,

  meson,
  ninja,
  lowdown-unsandboxed,
  mdbook,
+  mdbook-linkcheck,
  jq,
  python3,
+  rsync,
  nix-cli,
  changelog-d,
  json-schema-for-humans,
@@ -18,11 +18,6 @@
  # Configuration Options

  version,
-  /**
-    Whether to build the HTML manual.
-    When false, only manpages are built, avoiding the mdbook dependency.
-  */
-  buildHtmlManual ? true,

  # `tests` attribute
  testers,
@@ -42,19 +37,14 @@ mkMesonDerivation (finalAttrs: {
      (fileset.unions [
        ../../.version
        # For example JSON
-        ../../src/libutil-tests/data/memory-source-accessor
        ../../src/libutil-tests/data/hash
        ../../src/libstore-tests/data/content-address
        ../../src/libstore-tests/data/store-path
        ../../src/libstore-tests/data/realisation
-        ../../src/libstore-tests/data/derivation
        ../../src/libstore-tests/data/derived-path
        ../../src/libstore-tests/data/path-info
        ../../src/libstore-tests/data/nar-info
        ../../src/libstore-tests/data/build-result
-        ../../src/libstore-tests/data/dummy-store
-        # For derivation examples referenced by symlinks in doc/manual/source/protocols/json/schema/
-        ../../tests/functional/derivation
        # Too many different types of files to filter for now
        ../../doc/manual
        ./.
@@ -63,22 +53,9 @@ mkMesonDerivation (finalAttrs: {
      ../../doc/manual/package.nix;

  # TODO the man pages should probably be separate
-  outputs =
-    if buildHtmlManual then
-      [
-        "out"
-        "man"
-      ]
-    else
-      [ "out" ]; # Only one output when HTML manual is disabled; use "out" for manpages
-
-  # When HTML manual is disabled, install manpages to "out" instead of "man"
-  mesonFlags = [
-    (lib.mesonBool "official-release" officialRelease)
-    (lib.mesonBool "html-manual" buildHtmlManual)
-  ]
-  ++ lib.optionals (!buildHtmlManual) [
-    "--mandir=${placeholder "out"}/share/man"
+  outputs = [
+    "out"
+    "man"
  ];

  nativeBuildInputs = [
@@ -86,14 +63,15 @@ mkMesonDerivation (finalAttrs: {
    meson
    ninja
    (lib.getBin lowdown-unsandboxed)
+    mdbook
+    mdbook-linkcheck
    jq
    python3
-  ]
-  ++ lib.optionals buildHtmlManual [
-    mdbook
+    rsync
    json-schema-for-humans
+    changelog-d
  ]
-  ++ lib.optionals (!officialRelease && buildHtmlManual) [
+  ++ lib.optionals (!officialRelease) [
    # When not an official release, we likely have changelog entries that have
    # yet to be rendered.
    # When released, these are rendered into a committed file to save a dependency.
@@ -105,47 +83,32 @@ mkMesonDerivation (finalAttrs: {
    echo ${finalAttrs.version} > ./.version
  '';

-  postInstall = lib.optionalString buildHtmlManual ''
+  postInstall = ''
    mkdir -p ''$out/nix-support
    echo "doc manual ''$out/share/doc/nix/manual" >> ''$out/nix-support/hydra-build-products
  '';

-  passthru = lib.optionalAttrs buildHtmlManual {
-    /**
-      The root of the HTML manual.
-      E.g. "${nix-manual.site}/index.html" exists.
-    */
+  /**
+    The root of the HTML manual.
+    E.g. "${nix-manual.site}/index.html" exists.
+  */
+  passthru.site = finalAttrs.finalPackage + "/share/doc/nix/manual";

-    site = finalAttrs.finalPackage + "/share/doc/nix/manual";
-
-    tests =
-      let
-        redirect-targets = callPackage ./redirect-targets-html.nix { };
-      in
-      {
-        # https://nixos.org/manual/nixpkgs/stable/index.html#tester-lycheeLinkCheck
-        linkcheck = testers.lycheeLinkCheck {
-          site =
-            let
-              plain = finalAttrs.finalPackage.site;
-            in
-            runCommand "nix-manual-with-redirect-targets" { } ''
-              cp -r ${plain} $out
-              chmod -R u+w $out
-              cp ${redirect-targets}/redirect-targets.html $out/redirect-targets.html
-            '';
-          extraConfig = {
-            exclude = [
-              # Exclude auto-generated JSON schema documentation which has
-              # auto-generated fragment IDs that don't match the link references
-              ".*/protocols/json/.*\\.html"
-              # Exclude undocumented builtins
-              ".*/language/builtins\\.html#builtins-addErrorContext"
-              ".*/language/builtins\\.html#builtins-appendContext"
-            ];
-          };
-        };
+  passthru.tests = {
+    # https://nixos.org/manual/nixpkgs/stable/index.html#tester-lycheeLinkCheck
+    linkcheck = testers.lycheeLinkCheck {
+      inherit (finalAttrs.finalPackage) site;
+      extraConfig = {
+        exclude = [
+          # Exclude auto-generated JSON schema documentation which has
+          # auto-generated fragment IDs that don't match the link references
+          ".*/protocols/json/.*\\.html"
+          # Exclude undocumented builtins
+          ".*/language/builtins\\.html#builtins-addErrorContext"
+          ".*/language/builtins\\.html#builtins-appendContext"
+        ];
      };
+    };
  };

  meta = {
--- a/doc/manual/redirect-targets-html.nix
+++ b/doc/manual/redirect-targets-html.nix
@@ -1,62 +0,0 @@
-# Generates redirect-targets.html containing all redirect targets for link checking.
-# Used by: doc/manual/package.nix (passthru.tests.linkcheck)
-
-{
-  stdenv,
-  lib,
-  jq,
-}:
-
-stdenv.mkDerivation {
-  name = "redirect-targets-html";
-
-  src = lib.fileset.toSource {
-    root = ./.;
-    fileset = ./redirects.json;
-  };
-
-  nativeBuildInputs = [ jq ];
-
-  installPhase = ''
-    mkdir -p $out
-
-    {
-      echo '<!DOCTYPE html>'
-      echo '<html><head><title>Nix Manual Redirect Targets</title></head><body>'
-      echo '<h1>Redirect Targets to Check</h1>'
-      echo '<p>This document contains all redirect targets from the Nix manual.</p>'
-
-      echo '<h2>Client-side redirects (from redirects.json)</h2>'
-      echo '<ul>'
-
-      # Extract all redirects with their source pages to properly resolve relative paths
-      jq -r 'to_entries[] | .key as $page | .value | to_entries[] | "\($page)\t\(.value)"' \
-        redirects.json | while IFS=$'\t' read -r page target; do
-
-        page_dir=$(dirname "$page")
-
-        # Handle fragment-only targets (e.g., #primitives)
-        if [[ "$target" == \#* ]]; then
-          # Fragment is on the same page
-          resolved="$page$target"
-          echo "<li><a href=\"$resolved\">$resolved</a> (fragment on $page)</li>"
-          continue
-        fi
-
-        # Resolve relative path based on the source page location
-        resolved="$page_dir/$target"
-
-        echo "<li><a href=\"$resolved\">$resolved</a> (from $page)</li>"
-      done
-
-      echo '</ul>'
-      echo '</body></html>'
-    } > $out/redirect-targets.html
-
-    echo "Generated redirect targets document with $(grep -c '<li>' $out/redirect-targets.html) links"
-  '';
-
-  meta = {
-    description = "HTML document listing all Nix manual redirect targets for link checking";
-  };
-}
--- a/doc/manual/redirects.js
+++ b/doc/manual/redirects.js
@@ -0,0 +1,460 @@
+// redirect rules for URL fragments (client-side) to prevent link rot.
+// this must be done on the client side, as web servers do not see the fragment part of the URL.
+// it will only work with JavaScript enabled in the browser, but this is the best we can do here.
+// see source/_redirects for path redirects (server-side)
+
+// redirects are declared as follows:
+// each entry has as its key a path matching the requested URL path, relative to the mdBook document root.
+//
+//     IMPORTANT: it must specify the full path with file name and suffix
+//
+// each entry is itself a set of key-value pairs, where
+// - keys are anchors on the matched path.
+// - values are redirection targets relative to the current path.
+
+const redirects = {
+ "index.html": {
+    "part-advanced-topics": "advanced-topics/index.html",
+    "chap-tuning-cores-and-jobs": "advanced-topics/cores-vs-jobs.html",
+    "chap-diff-hook": "advanced-topics/diff-hook.html",
+    "check-dirs-are-unregistered": "advanced-topics/diff-hook.html#check-dirs-are-unregistered",
+    "chap-distributed-builds": "command-ref/conf-file.html#conf-builders",
+    "chap-post-build-hook": "advanced-topics/post-build-hook.html",
+    "chap-post-build-hook-caveats": "advanced-topics/post-build-hook.html#implementation-caveats",
+    "chap-writing-nix-expressions": "language/index.html",
+    "part-command-ref": "command-ref/index.html",
+    "conf-allow-import-from-derivation": "command-ref/conf-file.html#conf-allow-import-from-derivation",
+    "conf-allow-new-privileges": "command-ref/conf-file.html#conf-allow-new-privileges",
+    "conf-allowed-uris": "command-ref/conf-file.html#conf-allowed-uris",
+    "conf-allowed-users": "command-ref/conf-file.html#conf-allowed-users",
+    "conf-auto-optimise-store": "command-ref/conf-file.html#conf-auto-optimise-store",
+    "conf-binary-cache-public-keys": "command-ref/conf-file.html#conf-binary-cache-public-keys",
+    "conf-binary-caches": "command-ref/conf-file.html#conf-binary-caches",
+    "conf-build-compress-log": "command-ref/conf-file.html#conf-build-compress-log",
+    "conf-build-cores": "command-ref/conf-file.html#conf-build-cores",
+    "conf-build-extra-chroot-dirs": "command-ref/conf-file.html#conf-build-extra-chroot-dirs",
+    "conf-build-extra-sandbox-paths": "command-ref/conf-file.html#conf-build-extra-sandbox-paths",
+    "conf-build-fallback": "command-ref/conf-file.html#conf-build-fallback",
+    "conf-build-max-jobs": "command-ref/conf-file.html#conf-build-max-jobs",
+    "conf-build-max-log-size": "command-ref/conf-file.html#conf-build-max-log-size",
+    "conf-build-max-silent-time": "command-ref/conf-file.html#conf-build-max-silent-time",
+    "conf-build-timeout": "command-ref/conf-file.html#conf-build-timeout",
+    "conf-build-use-chroot": "command-ref/conf-file.html#conf-build-use-chroot",
+    "conf-build-use-sandbox": "command-ref/conf-file.html#conf-build-use-sandbox",
+    "conf-build-use-substitutes": "command-ref/conf-file.html#conf-build-use-substitutes",
+    "conf-build-users-group": "command-ref/conf-file.html#conf-build-users-group",
+    "conf-builders": "command-ref/conf-file.html#conf-builders",
+    "conf-builders-use-substitutes": "command-ref/conf-file.html#conf-builders-use-substitutes",
+    "conf-compress-build-log": "command-ref/conf-file.html#conf-compress-build-log",
+    "conf-connect-timeout": "command-ref/conf-file.html#conf-connect-timeout",
+    "conf-cores": "command-ref/conf-file.html#conf-cores",
+    "conf-diff-hook": "command-ref/conf-file.html#conf-diff-hook",
+    "conf-env-keep-derivations": "command-ref/conf-file.html#conf-env-keep-derivations",
+    "conf-extra-binary-caches": "command-ref/conf-file.html#conf-extra-binary-caches",
+    "conf-extra-platforms": "command-ref/conf-file.html#conf-extra-platforms",
+    "conf-extra-sandbox-paths": "command-ref/conf-file.html#conf-extra-sandbox-paths",
+    "conf-extra-substituters": "command-ref/conf-file.html#conf-extra-substituters",
+    "conf-fallback": "command-ref/conf-file.html#conf-fallback",
+    "conf-fsync-metadata": "command-ref/conf-file.html#conf-fsync-metadata",
+    "conf-gc-keep-derivations": "command-ref/conf-file.html#conf-gc-keep-derivations",
+    "conf-gc-keep-outputs": "command-ref/conf-file.html#conf-gc-keep-outputs",
+    "conf-hashed-mirrors": "command-ref/conf-file.html#conf-hashed-mirrors",
+    "conf-http-connections": "command-ref/conf-file.html#conf-http-connections",
+    "conf-keep-build-log": "command-ref/conf-file.html#conf-keep-build-log",
+    "conf-keep-derivations": "command-ref/conf-file.html#conf-keep-derivations",
+    "conf-keep-env-derivations": "command-ref/conf-file.html#conf-keep-env-derivations",
+    "conf-keep-outputs": "command-ref/conf-file.html#conf-keep-outputs",
+    "conf-max-build-log-size": "command-ref/conf-file.html#conf-max-build-log-size",
+    "conf-max-free": "command-ref/conf-file.html#conf-max-free",
+    "conf-max-jobs": "command-ref/conf-file.html#conf-max-jobs",
+    "conf-max-silent-time": "command-ref/conf-file.html#conf-max-silent-time",
+    "conf-min-free": "command-ref/conf-file.html#conf-min-free",
+    "conf-narinfo-cache-negative-ttl": "command-ref/conf-file.html#conf-narinfo-cache-negative-ttl",
+    "conf-narinfo-cache-positive-ttl": "command-ref/conf-file.html#conf-narinfo-cache-positive-ttl",
+    "conf-netrc-file": "command-ref/conf-file.html#conf-netrc-file",
+    "conf-plugin-files": "command-ref/conf-file.html#conf-plugin-files",
+    "conf-post-build-hook": "command-ref/conf-file.html#conf-post-build-hook",
+    "conf-pre-build-hook": "command-ref/conf-file.html#conf-pre-build-hook",
+    "conf-require-sigs": "command-ref/conf-file.html#conf-require-sigs",
+    "conf-restrict-eval": "command-ref/conf-file.html#conf-restrict-eval",
+    "conf-run-diff-hook": "command-ref/conf-file.html#conf-run-diff-hook",
+    "conf-sandbox": "command-ref/conf-file.html#conf-sandbox",
+    "conf-sandbox-dev-shm-size": "command-ref/conf-file.html#conf-sandbox-dev-shm-size",
+    "conf-sandbox-paths": "command-ref/conf-file.html#conf-sandbox-paths",
+    "conf-secret-key-files": "command-ref/conf-file.html#conf-secret-key-files",
+    "conf-show-trace": "command-ref/conf-file.html#conf-show-trace",
+    "conf-stalled-download-timeout": "command-ref/conf-file.html#conf-stalled-download-timeout",
+    "conf-substitute": "command-ref/conf-file.html#conf-substitute",
+    "conf-substituters": "command-ref/conf-file.html#conf-substituters",
+    "conf-system": "command-ref/conf-file.html#conf-system",
+    "conf-system-features": "command-ref/conf-file.html#conf-system-features",
+    "conf-tarball-ttl": "command-ref/conf-file.html#conf-tarball-ttl",
+    "conf-timeout": "command-ref/conf-file.html#conf-timeout",
+    "conf-trace-function-calls": "command-ref/conf-file.html#conf-trace-function-calls",
+    "conf-trusted-binary-caches": "command-ref/conf-file.html#conf-trusted-binary-caches",
+    "conf-trusted-public-keys": "command-ref/conf-file.html#conf-trusted-public-keys",
+    "conf-trusted-substituters": "command-ref/conf-file.html#conf-trusted-substituters",
+    "conf-trusted-users": "command-ref/conf-file.html#conf-trusted-users",
+    "extra-sandbox-paths": "command-ref/conf-file.html#extra-sandbox-paths",
+    "sec-conf-file": "command-ref/conf-file.html",
+    "env-NIX_PATH": "command-ref/env-common.html#env-NIX_PATH",
+    "env-common": "command-ref/env-common.html",
+    "envar-remote": "command-ref/env-common.html#env-NIX_REMOTE",
+    "sec-common-env": "command-ref/env-common.html",
+    "ch-files": "command-ref/files.html",
+    "ch-main-commands": "command-ref/main-commands.html",
+    "opt-out-link": "command-ref/nix-build.html#opt-out-link",
+    "sec-nix-build": "command-ref/nix-build.html",
+    "sec-nix-channel": "command-ref/nix-channel.html",
+    "sec-nix-collect-garbage": "command-ref/nix-collect-garbage.html",
+    "sec-nix-copy-closure": "command-ref/nix-copy-closure.html",
+    "sec-nix-daemon": "command-ref/nix-daemon.html",
+    "refsec-nix-env-install-examples": "command-ref/nix-env.html#examples",
+    "rsec-nix-env-install": "command-ref/nix-env.html#operation---install",
+    "rsec-nix-env-set": "command-ref/nix-env.html#operation---set",
+    "rsec-nix-env-set-flag": "command-ref/nix-env.html#operation---set-flag",
+    "rsec-nix-env-upgrade": "command-ref/nix-env.html#operation---upgrade",
+    "sec-nix-env": "command-ref/nix-env.html",
+    "ssec-version-comparisons": "command-ref/nix-env.html#versions",
+    "sec-nix-hash": "command-ref/nix-hash.html",
+    "sec-nix-instantiate": "command-ref/nix-instantiate.html",
+    "sec-nix-prefetch-url": "command-ref/nix-prefetch-url.html",
+    "sec-nix-shell": "command-ref/nix-shell.html",
+    "ssec-nix-shell-shebang": "command-ref/nix-shell.html#use-as-a--interpreter",
+    "nixref-queries": "command-ref/nix-store.html#queries",
+    "opt-add-root": "command-ref/nix-store.html#opt-add-root",
+    "refsec-nix-store-dump": "command-ref/nix-store.html#operation---dump",
+    "refsec-nix-store-export": "command-ref/nix-store.html#operation---export",
+    "refsec-nix-store-import": "command-ref/nix-store.html#operation---import",
+    "refsec-nix-store-query": "command-ref/nix-store.html#operation---query",
+    "refsec-nix-store-verify": "command-ref/nix-store.html#operation---verify",
+    "rsec-nix-store-gc": "command-ref/nix-store.html#operation---gc",
+    "rsec-nix-store-generate-binary-cache-key": "command-ref/nix-store.html#operation---generate-binary-cache-key",
+    "rsec-nix-store-realise": "command-ref/nix-store.html#operation---realise",
+    "rsec-nix-store-serve": "command-ref/nix-store.html#operation---serve",
+    "sec-nix-store": "command-ref/nix-store.html",
+    "opt-I": "command-ref/opt-common.html#opt-I",
+    "opt-attr": "command-ref/opt-common.html#opt-attr",
+    "opt-common": "command-ref/opt-common.html",
+    "opt-cores": "command-ref/opt-common.html#opt-cores",
+    "opt-log-format": "command-ref/opt-common.html#opt-log-format",
+    "opt-max-jobs": "command-ref/opt-common.html#opt-max-jobs",
+    "opt-max-silent-time": "command-ref/opt-common.html#opt-max-silent-time",
+    "opt-timeout": "command-ref/opt-common.html#opt-timeout",
+    "sec-common-options": "command-ref/opt-common.html",
+    "ch-utilities": "command-ref/utilities.html",
+    "chap-hacking": "development/building.html",
+    "adv-attr-allowSubstitutes": "language/advanced-attributes.html#adv-attr-allowSubstitutes",
+    "adv-attr-allowedReferences": "language/advanced-attributes.html#adv-attr-allowedReferences",
+    "adv-attr-allowedRequisites": "language/advanced-attributes.html#adv-attr-allowedRequisites",
+    "adv-attr-disallowedReferences": "language/advanced-attributes.html#adv-attr-disallowedReferences",
+    "adv-attr-disallowedRequisites": "language/advanced-attributes.html#adv-attr-disallowedRequisites",
+    "adv-attr-exportReferencesGraph": "language/advanced-attributes.html#adv-attr-exportReferencesGraph",
+    "adv-attr-impureEnvVars": "language/advanced-attributes.html#adv-attr-impureEnvVars",
+    "adv-attr-outputHash": "language/advanced-attributes.html#adv-attr-outputHash",
+    "adv-attr-outputHashAlgo": "language/advanced-attributes.html#adv-attr-outputHashAlgo",
+    "adv-attr-outputHashMode": "language/advanced-attributes.html#adv-attr-outputHashMode",
+    "adv-attr-passAsFile": "language/advanced-attributes.html#adv-attr-passAsFile",
+    "adv-attr-preferLocalBuild": "language/advanced-attributes.html#adv-attr-preferLocalBuild",
+    "fixed-output-drvs": "language/advanced-attributes.html#adv-attr-outputHash",
+    "sec-advanced-attributes": "language/advanced-attributes.html",
+    "builtin-abort": "language/builtins.html#builtins-abort",
+    "builtin-add": "language/builtins.html#builtins-add",
+    "builtin-all": "language/builtins.html#builtins-all",
+    "builtin-any": "language/builtins.html#builtins-any",
+    "builtin-attrNames": "language/builtins.html#builtins-attrNames",
+    "builtin-attrValues": "language/builtins.html#builtins-attrValues",
+    "builtin-baseNameOf": "language/builtins.html#builtins-baseNameOf",
+    "builtin-bitAnd": "language/builtins.html#builtins-bitAnd",
+    "builtin-bitOr": "language/builtins.html#builtins-bitOr",
+    "builtin-bitXor": "language/builtins.html#builtins-bitXor",
+    "builtin-builtins": "language/builtins.html#builtins-builtins",
+    "builtin-compareVersions": "language/builtins.html#builtins-compareVersions",
+    "builtin-concatLists": "language/builtins.html#builtins-concatLists",
+    "builtin-concatStringsSep": "language/builtins.html#builtins-concatStringsSep",
+    "builtin-currentSystem": "language/builtins.html#builtins-currentSystem",
+    "builtin-deepSeq": "language/builtins.html#builtins-deepSeq",
+    "builtin-derivation": "language/builtins.html#builtins-derivation",
+    "builtin-dirOf": "language/builtins.html#builtins-dirOf",
+    "builtin-div": "language/builtins.html#builtins-div",
+    "builtin-elem": "language/builtins.html#builtins-elem",
+    "builtin-elemAt": "language/builtins.html#builtins-elemAt",
+    "builtin-fetchGit": "language/builtins.html#builtins-fetchGit",
+    "builtin-fetchTarball": "language/builtins.html#builtins-fetchTarball",
+    "builtin-fetchurl": "language/builtins.html#builtins-fetchurl",
+    "builtin-filterSource": "language/builtins.html#builtins-filterSource",
+    "builtin-foldl-prime": "language/builtins.html#builtins-foldl-prime",
+    "builtin-fromJSON": "language/builtins.html#builtins-fromJSON",
+    "builtin-functionArgs": "language/builtins.html#builtins-functionArgs",
+    "builtin-genList": "language/builtins.html#builtins-genList",
+    "builtin-getAttr": "language/builtins.html#builtins-getAttr",
+    "builtin-getEnv": "language/builtins.html#builtins-getEnv",
+    "builtin-hasAttr": "language/builtins.html#builtins-hasAttr",
+    "builtin-hashFile": "language/builtins.html#builtins-hashFile",
+    "builtin-hashString": "language/builtins.html#builtins-hashString",
+    "builtin-head": "language/builtins.html#builtins-head",
+    "builtin-import": "language/builtins.html#builtins-import",
+    "builtin-intersectAttrs": "language/builtins.html#builtins-intersectAttrs",
+    "builtin-isAttrs": "language/builtins.html#builtins-isAttrs",
+    "builtin-isBool": "language/builtins.html#builtins-isBool",
+    "builtin-isFloat": "language/builtins.html#builtins-isFloat",
+    "builtin-isFunction": "language/builtins.html#builtins-isFunction",
+    "builtin-isInt": "language/builtins.html#builtins-isInt",
+    "builtin-isList": "language/builtins.html#builtins-isList",
+    "builtin-isNull": "language/builtins.html#builtins-isNull",
+    "builtin-isString": "language/builtins.html#builtins-isString",
+    "builtin-length": "language/builtins.html#builtins-length",
+    "builtin-lessThan": "language/builtins.html#builtins-lessThan",
+    "builtin-listToAttrs": "language/builtins.html#builtins-listToAttrs",
+    "builtin-map": "language/builtins.html#builtins-map",
+    "builtin-match": "language/builtins.html#builtins-match",
+    "builtin-mul": "language/builtins.html#builtins-mul",
+    "builtin-parseDrvName": "language/builtins.html#builtins-parseDrvName",
+    "builtin-path": "language/builtins.html#builtins-path",
+    "builtin-pathExists": "language/builtins.html#builtins-pathExists",
+    "builtin-placeholder": "language/builtins.html#builtins-placeholder",
+    "builtin-readDir": "language/builtins.html#builtins-readDir",
+    "builtin-readFile": "language/builtins.html#builtins-readFile",
+    "builtin-removeAttrs": "language/builtins.html#builtins-removeAttrs",
+    "builtin-replaceStrings": "language/builtins.html#builtins-replaceStrings",
+    "builtin-seq": "language/builtins.html#builtins-seq",
+    "builtin-sort": "language/builtins.html#builtins-sort",
+    "builtin-split": "language/builtins.html#builtins-split",
+    "builtin-splitVersion": "language/builtins.html#builtins-splitVersion",
+    "builtin-stringLength": "language/builtins.html#builtins-stringLength",
+    "builtin-sub": "language/builtins.html#builtins-sub",
+    "builtin-substring": "language/builtins.html#builtins-substring",
+    "builtin-tail": "language/builtins.html#builtins-tail",
+    "builtin-throw": "language/builtins.html#builtins-throw",
+    "builtin-toFile": "language/builtins.html#builtins-toFile",
+    "builtin-toJSON": "language/builtins.html#builtins-toJSON",
+    "builtin-toPath": "language/builtins.html#builtins-toPath",
+    "builtin-toString": "language/builtins.html#builtins-toString",
+    "builtin-toXML": "language/builtins.html#builtins-toXML",
+    "builtin-trace": "language/builtins.html#builtins-trace",
+    "builtin-tryEval": "language/builtins.html#builtins-tryEval",
+    "builtin-typeOf": "language/builtins.html#builtins-typeOf",
+    "ssec-builtins": "language/builtins.html",
+    "attr-system": "language/derivations.html#attr-system",
+    "ssec-derivation": "language/derivations.html",
+    "ch-expression-language": "language/index.html",
+    "sec-constructs": "language/syntax.html",
+    "sect-let-language": "language/syntax.html#let-expressions",
+    "ss-functions": "language/syntax.html#functions",
+    "sec-language-operators": "language/operators.html",
+    "table-operators": "language/operators.html",
+    "ssec-values": "language/types.html",
+    "gloss-closure": "glossary.html#gloss-closure",
+    "gloss-derivation": "glossary.html#gloss-derivation",
+    "gloss-deriver": "glossary.html#gloss-deriver",
+    "gloss-nar": "glossary.html#gloss-nar",
+    "gloss-output-path": "glossary.html#gloss-output-path",
+    "gloss-profile": "glossary.html#gloss-profile",
+    "gloss-reachable": "glossary.html#gloss-reachable",
+    "gloss-reference": "glossary.html#gloss-reference",
+    "gloss-substitute": "glossary.html#gloss-substitute",
+    "gloss-user-env": "glossary.html#gloss-user-env",
+    "gloss-validity": "glossary.html#gloss-validity",
+    "part-glossary": "glossary.html",
+    "sec-building-source": "installation/building-source.html",
+    "ch-env-variables": "installation/env-variables.html",
+    "sec-installer-proxy-settings": "installation/env-variables.html#proxy-environment-variables",
+    "sec-nix-ssl-cert-file": "installation/env-variables.html#nix_ssl_cert_file",
+    "sec-nix-ssl-cert-file-with-nix-daemon-and-macos": "installation/env-variables.html#nix_ssl_cert_file-with-macos-and-the-nix-daemon",
+    "chap-installation": "installation/index.html",
+    "ch-installing-binary": "installation/installing-binary.html",
+    "sect-macos-installation": "installation/installing-binary.html#macos-installation",
+    "sect-macos-installation-change-store-prefix": "installation/installing-binary.html#macos-installation",
+    "sect-macos-installation-encrypted-volume": "installation/installing-binary.html#macos-installation",
+    "sect-macos-installation-recommended-notes": "installation/installing-binary.html#macos-installation",
+    "sect-macos-installation-symlink": "installation/installing-binary.html#macos-installation",
+    "sect-multi-user-installation": "installation/installing-binary.html#multi-user-installation",
+    "sect-nix-install-binary-tarball": "installation/installing-binary.html#installing-from-a-binary-tarball",
+    "sect-nix-install-pinned-version-url": "installation/installing-binary.html#installing-a-pinned-nix-version-from-a-url",
+    "sect-single-user-installation": "installation/installing-binary.html#single-user-installation",
+    "ch-installing-source": "installation/installing-source.html",
+    "ssec-multi-user": "installation/multi-user.html",
+    "ch-nix-security": "installation/nix-security.html",
+    "sec-obtaining-source": "installation/obtaining-source.html",
+    "sec-prerequisites-source": "installation/prerequisites-source.html",
+    "sec-single-user": "installation/single-user.html",
+    "ch-supported-platforms": "installation/supported-platforms.html",
+    "ch-upgrading-nix": "installation/upgrading.html",
+    "ch-about-nix": "introduction.html",
+    "chap-introduction": "introduction.html",
+    "ch-basic-package-mgmt": "package-management/basic-package-mgmt.html",
+    "ssec-binary-cache-substituter": "package-management/binary-cache-substituter.html",
+    "sec-channels": "command-ref/nix-channel.html",
+    "ssec-copy-closure": "command-ref/nix-copy-closure.html",
+    "sec-garbage-collection": "package-management/garbage-collection.html",
+    "ssec-gc-roots": "package-management/garbage-collector-roots.html",
+    "chap-package-management": "package-management/index.html",
+    "sec-profiles": "package-management/profiles.html",
+    "ssec-s3-substituter": "store/types/s3-substituter.html",
+    "ssec-s3-substituter-anonymous-reads": "store/types/s3-substituter.html#anonymous-reads-to-your-s3-compatible-binary-cache",
+    "ssec-s3-substituter-authenticated-reads": "store/types/s3-substituter.html#authenticated-reads-to-your-s3-binary-cache",
+    "ssec-s3-substituter-authenticated-writes": "store/types/s3-substituter.html#authenticated-writes-to-your-s3-compatible-binary-cache",
+    "sec-sharing-packages": "package-management/sharing-packages.html",
+    "ssec-ssh-substituter": "package-management/ssh-substituter.html",
+    "chap-quick-start": "quick-start.html",
+    "sec-relnotes": "release-notes/index.html",
+    "ch-relnotes-0.10.1": "release-notes/rl-0.10.1.html",
+    "ch-relnotes-0.10": "release-notes/rl-0.10.html",
+    "ssec-relnotes-0.11": "release-notes/rl-0.11.html",
+    "ssec-relnotes-0.12": "release-notes/rl-0.12.html",
+    "ssec-relnotes-0.13": "release-notes/rl-0.13.html",
+    "ssec-relnotes-0.14": "release-notes/rl-0.14.html",
+    "ssec-relnotes-0.15": "release-notes/rl-0.15.html",
+    "ssec-relnotes-0.16": "release-notes/rl-0.16.html",
+    "ch-relnotes-0.5": "release-notes/rl-0.5.html",
+    "ch-relnotes-0.6": "release-notes/rl-0.6.html",
+    "ch-relnotes-0.7": "release-notes/rl-0.7.html",
+    "ch-relnotes-0.8.1": "release-notes/rl-0.8.1.html",
+    "ch-relnotes-0.8": "release-notes/rl-0.8.html",
+    "ch-relnotes-0.9.1": "release-notes/rl-0.9.1.html",
+    "ch-relnotes-0.9.2": "release-notes/rl-0.9.2.html",
+    "ch-relnotes-0.9": "release-notes/rl-0.9.html",
+    "ssec-relnotes-1.0": "release-notes/rl-1.0.html",
+    "ssec-relnotes-1.1": "release-notes/rl-1.1.html",
+    "ssec-relnotes-1.10": "release-notes/rl-1.10.html",
+    "ssec-relnotes-1.11.10": "release-notes/rl-1.11.10.html",
+    "ssec-relnotes-1.11": "release-notes/rl-1.11.html",
+    "ssec-relnotes-1.2": "release-notes/rl-1.2.html",
+    "ssec-relnotes-1.3": "release-notes/rl-1.3.html",
+    "ssec-relnotes-1.4": "release-notes/rl-1.4.html",
+    "ssec-relnotes-1.5.1": "release-notes/rl-1.5.1.html",
+    "ssec-relnotes-1.5.2": "release-notes/rl-1.5.2.html",
+    "ssec-relnotes-1.5": "release-notes/rl-1.5.html",
+    "ssec-relnotes-1.6.1": "release-notes/rl-1.6.1.html",
+    "ssec-relnotes-1.6.0": "release-notes/rl-1.6.html",
+    "ssec-relnotes-1.7": "release-notes/rl-1.7.html",
+    "ssec-relnotes-1.8": "release-notes/rl-1.8.html",
+    "ssec-relnotes-1.9": "release-notes/rl-1.9.html",
+    "ssec-relnotes-2.0": "release-notes/rl-2.0.html",
+    "ssec-relnotes-2.1": "release-notes/rl-2.1.html",
+    "ssec-relnotes-2.2": "release-notes/rl-2.2.html",
+    "ssec-relnotes-2.3": "release-notes/rl-2.3.html",
+  },
+  "language/types.html": {
+    "simple-values": "#primitives",
+    "lists": "#list",
+    "strings": "#string",
+    "attribute-sets": "#attribute-set",
+    "type-number": "#type-int",
+  },
+  "language/syntax.html": {
+    "scoping-rules": "scoping.html",
+    "string-literal": "string-literals.html",
+  },
+  "language/derivations.md": {
+    "builder-execution": "store/drv/building.md#builder-execution",
+  },
+  "installation/installing-binary.html": {
+    "linux": "uninstall.html#linux",
+    "macos": "uninstall.html#macos",
+    "uninstalling": "uninstall.html",
+  },
+  "development/building.html": {
+    "nix-with-flakes": "#building-nix-with-flakes",
+    "classic-nix": "#building-nix",
+    "running-tests": "testing.html#running-tests",
+    "unit-tests": "testing.html#unit-tests",
+    "functional-tests": "testing.html#functional-tests",
+    "debugging-failing-functional-tests": "testing.html#debugging-failing-functional-tests",
+    "integration-tests": "testing.html#integration-tests",
+    "installer-tests": "testing.html#installer-tests",
+    "one-time-setup": "testing.html#one-time-setup",
+    "using-the-ci-generated-installer-for-manual-testing": "testing.html#using-the-ci-generated-installer-for-manual-testing",
+    "characterization-testing": "testing.html#characterisation-testing-unit",
+    "add-a-release-note": "contributing.html#add-a-release-note",
+    "add-an-entry": "contributing.html#add-an-entry",
+    "build-process": "contributing.html#build-process",
+    "reverting": "contributing.html#reverting",
+    "branches": "contributing.html#branches",
+  },
+  "glossary.html": {
+    "gloss-local-store": "store/types/local-store.html",
+    "package-attribute-set": "#package",
+    "gloss-chroot-store": "store/types/local-store.html",
+    "gloss-content-addressed-derivation": "#gloss-content-addressing-derivation",
+  },
+};
+
+// the following code matches the current page's URL against the set of redirects.
+//
+// it is written to minimize the latency between page load and redirect.
+// therefore we avoid function calls, copying data, and unnecessary loops.
+// IMPORTANT: we use stateful array operations and their order matters!
+//
+// matching URLs is more involved than it should be:
+//
+// 1. `document.location.pathname` can have an arbitrary prefix.
+//
+// 2. `path_to_root` is set by mdBook. it consists only of `../`s and
+//    determines the depth of `<path>` relative to the prefix:
+//
+//          `document.location.pathname`
+//        |------------------------------|
+//        /<prefix>/<path>/[<file>[.html]][#<anchor>]
+//                  |----|
+//              `path_to_root` has same number of path segments
+//
+//    source: https://phaiax.github.io/mdBook/format/theme/index-hbs.html#data
+//
+// 3. the following paths are equivalent:
+//
+//        /foo/bar/
+//        /foo/bar/index.html
+//        /foo/bar/index
+//
+//  4. the following paths are also equivalent:
+//
+//        /foo/bar/baz
+//        /foo/bar/baz.html
+//
+
+let segments = document.location.pathname.split('/');
+
+let file = segments.pop();
+
+// normalize file name
+if (file === '') { file = "index.html"; }
+else if (!file.endsWith('.html')) { file = file + '.html'; }
+
+segments.push(file);
+
+// use `path_to_root` to discern prefix from path.
+const depth = path_to_root.split('/').length;
+
+// remove segments containing prefix. the following works because
+// 1. the original `document.location.pathname` is absolute,
+//    hence first element of `segments` is always empty.
+// 2. last element of splitting `path_to_root` is also always empty.
+// 3. last element of `segments` is the file name.
+//
+// visual example:
+//
+//     '/foo/bar/baz.html'.split('/') -> [ '', 'foo', 'bar', 'baz.html' ]
+//          '../'.split('/')          -> [ '..', '' ]
+//
+// the following operations will then result in
+//
+//     path = 'bar/baz.html'
+//
+segments.splice(0, segments.length - depth);
+const path = segments.join('/');
+
+// anchor starts with the hash character (`#`),
+// but our redirect declarations don't, so we strip it.
+// example:
+//     document.location.hash -> '#foo'
+//     document.location.hash.substring(1) -> 'foo'
+const anchor = document.location.hash.substring(1);
+
+const redirect = redirects[path];
+if (redirect) {
+  const target = redirect[anchor];
+  if (target) {
+    document.location.href = target;
+  }
+}
--- a/doc/manual/redirects.js.in
+++ b/doc/manual/redirects.js.in
@@ -1,94 +0,0 @@
-// redirect rules for URL fragments (client-side) to prevent link rot.
-// this must be done on the client side, as web servers do not see the fragment part of the URL.
-// it will only work with JavaScript enabled in the browser, but this is the best we can do here.
-// see source/_redirects for path redirects (server-side)
-
-// redirects are declared as follows:
-// each entry has as its key a path matching the requested URL path, relative to the mdBook document root.
-//
-//     IMPORTANT: it must specify the full path with file name and suffix
-//
-// each entry is itself a set of key-value pairs, where
-// - keys are anchors on the matched path.
-// - values are redirection targets relative to the current path.
-
-const redirects = @REDIRECTS_JSON@;
-
-// the following code matches the current page's URL against the set of redirects.
-//
-// it is written to minimize the latency between page load and redirect.
-// therefore we avoid function calls, copying data, and unnecessary loops.
-// IMPORTANT: we use stateful array operations and their order matters!
-//
-// matching URLs is more involved than it should be:
-//
-// 1. `document.location.pathname` can have an arbitrary prefix.
-//
-// 2. `path_to_root` is set by mdBook. it consists only of `../`s and
-//    determines the depth of `<path>` relative to the prefix:
-//
-//          `document.location.pathname`
-//        |------------------------------|
-//        /<prefix>/<path>/[<file>[.html]][#<anchor>]
-//                  |----|
-//              `path_to_root` has same number of path segments
-//
-//    source: https://phaiax.github.io/mdBook/format/theme/index-hbs.html#data
-//
-// 3. the following paths are equivalent:
-//
-//        /foo/bar/
-//        /foo/bar/index.html
-//        /foo/bar/index
-//
-//  4. the following paths are also equivalent:
-//
-//        /foo/bar/baz
-//        /foo/bar/baz.html
-//
-
-let segments = document.location.pathname.split('/');
-
-let file = segments.pop();
-
-// normalize file name
-if (file === '') { file = "index.html"; }
-else if (!file.endsWith('.html')) { file = file + '.html'; }
-
-segments.push(file);
-
-// use `path_to_root` to discern prefix from path.
-const depth = path_to_root.split('/').length;
-
-// remove segments containing prefix. the following works because
-// 1. the original `document.location.pathname` is absolute,
-//    hence first element of `segments` is always empty.
-// 2. last element of splitting `path_to_root` is also always empty.
-// 3. last element of `segments` is the file name.
-//
-// visual example:
-//
-//     '/foo/bar/baz.html'.split('/') -> [ '', 'foo', 'bar', 'baz.html' ]
-//          '../'.split('/')          -> [ '..', '' ]
-//
-// the following operations will then result in
-//
-//     path = 'bar/baz.html'
-//
-segments.splice(0, segments.length - depth);
-const path = segments.join('/');
-
-// anchor starts with the hash character (`#`),
-// but our redirect declarations don't, so we strip it.
-// example:
-//     document.location.hash -> '#foo'
-//     document.location.hash.substring(1) -> 'foo'
-const anchor = document.location.hash.substring(1);
-
-const redirect = redirects[path];
-if (redirect) {
-  const target = redirect[anchor];
-  if (target) {
-    document.location.href = target;
-  }
-}
--- a/doc/manual/redirects.json
+++ b/doc/manual/redirects.json
@@ -1,372 +0,0 @@
-{
-    "index.html": {
-        "part-advanced-topics": "advanced-topics/index.html",
-        "chap-tuning-cores-and-jobs": "advanced-topics/cores-vs-jobs.html",
-        "chap-diff-hook": "advanced-topics/diff-hook.html",
-        "check-dirs-are-unregistered": "advanced-topics/diff-hook.html#check-dirs-are-unregistered",
-        "chap-distributed-builds": "command-ref/conf-file.html#conf-builders",
-        "chap-post-build-hook": "advanced-topics/post-build-hook.html",
-        "chap-post-build-hook-caveats": "advanced-topics/post-build-hook.html#implementation-caveats",
-        "chap-writing-nix-expressions": "language/index.html",
-        "part-command-ref": "command-ref/index.html",
-        "conf-allow-import-from-derivation": "command-ref/conf-file.html#conf-allow-import-from-derivation",
-        "conf-allow-new-privileges": "command-ref/conf-file.html#conf-allow-new-privileges",
-        "conf-allowed-uris": "command-ref/conf-file.html#conf-allowed-uris",
-        "conf-allowed-users": "command-ref/conf-file.html#conf-allowed-users",
-        "conf-auto-optimise-store": "command-ref/conf-file.html#conf-auto-optimise-store",
-        "conf-binary-cache-public-keys": "command-ref/conf-file.html#conf-trusted-public-keys",
-        "conf-binary-caches": "command-ref/conf-file.html#conf-substituters",
-        "conf-build-compress-log": "command-ref/conf-file.html#conf-compress-build-log",
-        "conf-build-cores": "command-ref/conf-file.html#conf-cores",
-        "conf-build-extra-chroot-dirs": "command-ref/conf-file.html#conf-sandbox-paths",
-        "conf-build-extra-sandbox-paths": "command-ref/conf-file.html#conf-sandbox-paths",
-        "conf-build-fallback": "command-ref/conf-file.html#conf-fallback",
-        "conf-build-max-jobs": "command-ref/conf-file.html#conf-max-jobs",
-        "conf-build-max-log-size": "command-ref/conf-file.html#conf-max-build-log-size",
-        "conf-build-max-silent-time": "command-ref/conf-file.html#conf-max-silent-time",
-        "conf-build-timeout": "command-ref/conf-file.html#conf-timeout",
-        "conf-build-use-chroot": "command-ref/conf-file.html#conf-sandbox",
-        "conf-build-use-sandbox": "command-ref/conf-file.html#conf-sandbox",
-        "conf-build-use-substitutes": "command-ref/conf-file.html#conf-substitute",
-        "conf-build-users-group": "command-ref/conf-file.html#conf-build-users-group",
-        "conf-builders": "command-ref/conf-file.html#conf-builders",
-        "conf-builders-use-substitutes": "command-ref/conf-file.html#conf-builders-use-substitutes",
-        "conf-compress-build-log": "command-ref/conf-file.html#conf-compress-build-log",
-        "conf-connect-timeout": "command-ref/conf-file.html#conf-connect-timeout",
-        "conf-cores": "command-ref/conf-file.html#conf-cores",
-        "conf-diff-hook": "command-ref/conf-file.html#conf-diff-hook",
-        "conf-env-keep-derivations": "command-ref/conf-file.html#conf-keep-env-derivations",
-        "conf-extra-binary-caches": "command-ref/conf-file.html#conf-substituters",
-        "conf-extra-platforms": "command-ref/conf-file.html#conf-extra-platforms",
-        "conf-extra-sandbox-paths": "command-ref/conf-file.html#conf-sandbox-paths",
-        "conf-extra-substituters": "command-ref/conf-file.html#conf-substituters",
-        "conf-fallback": "command-ref/conf-file.html#conf-fallback",
-        "conf-fsync-metadata": "command-ref/conf-file.html#conf-fsync-metadata",
-        "conf-gc-keep-derivations": "command-ref/conf-file.html#conf-keep-derivations",
-        "conf-gc-keep-outputs": "command-ref/conf-file.html#conf-keep-outputs",
-        "conf-hashed-mirrors": "command-ref/conf-file.html#conf-hashed-mirrors",
-        "conf-http-connections": "command-ref/conf-file.html#conf-http-connections",
-        "conf-keep-build-log": "command-ref/conf-file.html#conf-keep-build-log",
-        "conf-keep-derivations": "command-ref/conf-file.html#conf-keep-derivations",
-        "conf-keep-env-derivations": "command-ref/conf-file.html#conf-keep-env-derivations",
-        "conf-keep-outputs": "command-ref/conf-file.html#conf-keep-outputs",
-        "conf-max-build-log-size": "command-ref/conf-file.html#conf-max-build-log-size",
-        "conf-max-free": "command-ref/conf-file.html#conf-max-free",
-        "conf-max-jobs": "command-ref/conf-file.html#conf-max-jobs",
-        "conf-max-silent-time": "command-ref/conf-file.html#conf-max-silent-time",
-        "conf-min-free": "command-ref/conf-file.html#conf-min-free",
-        "conf-narinfo-cache-negative-ttl": "command-ref/conf-file.html#conf-narinfo-cache-negative-ttl",
-        "conf-narinfo-cache-positive-ttl": "command-ref/conf-file.html#conf-narinfo-cache-positive-ttl",
-        "conf-netrc-file": "command-ref/conf-file.html#conf-netrc-file",
-        "conf-plugin-files": "command-ref/conf-file.html#conf-plugin-files",
-        "conf-post-build-hook": "command-ref/conf-file.html#conf-post-build-hook",
-        "conf-pre-build-hook": "command-ref/conf-file.html#conf-pre-build-hook",
-        "conf-require-sigs": "command-ref/conf-file.html#conf-require-sigs",
-        "conf-restrict-eval": "command-ref/conf-file.html#conf-restrict-eval",
-        "conf-run-diff-hook": "command-ref/conf-file.html#conf-run-diff-hook",
-        "conf-sandbox": "command-ref/conf-file.html#conf-sandbox",
-        "conf-sandbox-dev-shm-size": "command-ref/conf-file.html#conf-sandbox-dev-shm-size",
-        "conf-sandbox-paths": "command-ref/conf-file.html#conf-sandbox-paths",
-        "conf-secret-key-files": "command-ref/conf-file.html#conf-secret-key-files",
-        "conf-show-trace": "command-ref/conf-file.html#conf-show-trace",
-        "conf-stalled-download-timeout": "command-ref/conf-file.html#conf-stalled-download-timeout",
-        "conf-substitute": "command-ref/conf-file.html#conf-substitute",
-        "conf-substituters": "command-ref/conf-file.html#conf-substituters",
-        "conf-system": "command-ref/conf-file.html#conf-system",
-        "conf-system-features": "command-ref/conf-file.html#conf-system-features",
-        "conf-tarball-ttl": "command-ref/conf-file.html#conf-tarball-ttl",
-        "conf-timeout": "command-ref/conf-file.html#conf-timeout",
-        "conf-trace-function-calls": "command-ref/conf-file.html#conf-trace-function-calls",
-        "conf-trusted-binary-caches": "command-ref/conf-file.html#conf-trusted-substituters",
-        "conf-trusted-public-keys": "command-ref/conf-file.html#conf-trusted-public-keys",
-        "conf-trusted-substituters": "command-ref/conf-file.html#conf-trusted-substituters",
-        "conf-trusted-users": "command-ref/conf-file.html#conf-trusted-users",
-        "extra-sandbox-paths": "command-ref/conf-file.html#conf-sandbox-paths",
-        "sec-conf-file": "command-ref/conf-file.html",
-        "env-NIX_PATH": "command-ref/env-common.html#env-NIX_PATH",
-        "env-common": "command-ref/env-common.html",
-        "envar-remote": "command-ref/env-common.html#env-NIX_REMOTE",
-        "sec-common-env": "command-ref/env-common.html",
-        "ch-files": "command-ref/files.html",
-        "ch-main-commands": "command-ref/main-commands.html",
-        "opt-out-link": "command-ref/nix-build.html#opt-out-link",
-        "sec-nix-build": "command-ref/nix-build.html",
-        "sec-nix-channel": "command-ref/nix-channel.html",
-        "sec-nix-collect-garbage": "command-ref/nix-collect-garbage.html",
-        "sec-nix-copy-closure": "command-ref/nix-copy-closure.html",
-        "sec-nix-daemon": "command-ref/nix-daemon.html",
-        "refsec-nix-env-install-examples": "command-ref/nix-env/install.html#examples",
-        "rsec-nix-env-install": "command-ref/nix-env/install.html",
-        "rsec-nix-env-set": "command-ref/nix-env/set.html",
-        "rsec-nix-env-set-flag": "command-ref/nix-env/set-flag.html",
-        "rsec-nix-env-upgrade": "command-ref/nix-env/upgrade.html",
-        "sec-nix-env": "command-ref/nix-env.html",
-        "ssec-version-comparisons": "command-ref/nix-env.html#selectors",
-        "sec-nix-hash": "command-ref/nix-hash.html",
-        "sec-nix-instantiate": "command-ref/nix-instantiate.html",
-        "sec-nix-prefetch-url": "command-ref/nix-prefetch-url.html",
-        "sec-nix-shell": "command-ref/nix-shell.html",
-        "ssec-nix-shell-shebang": "command-ref/nix-shell.html#use-as-a--interpreter",
-        "nixref-queries": "command-ref/nix-store/query.html#queries",
-        "opt-add-root": "command-ref/nix-store/query.html#opt-add-root",
-        "refsec-nix-store-dump": "command-ref/nix-store/dump.html",
-        "refsec-nix-store-export": "command-ref/nix-store/export.html",
-        "refsec-nix-store-import": "command-ref/nix-store/import.html",
-        "refsec-nix-store-query": "command-ref/nix-store/query.html",
-        "refsec-nix-store-verify": "command-ref/nix-store/verify.html",
-        "rsec-nix-store-gc": "command-ref/nix-store/gc.html",
-        "rsec-nix-store-generate-binary-cache-key": "command-ref/nix-store/generate-binary-cache-key.html",
-        "rsec-nix-store-realise": "command-ref/nix-store/realise.html",
-        "rsec-nix-store-serve": "command-ref/nix-store/serve.html",
-        "sec-nix-store": "command-ref/nix-store.html",
-        "opt-I": "command-ref/opt-common.html#opt-I",
-        "opt-attr": "command-ref/opt-common.html#opt-attr",
-        "opt-common": "command-ref/opt-common.html",
-        "opt-cores": "command-ref/opt-common.html#opt-cores",
-        "opt-log-format": "command-ref/opt-common.html#opt-log-format",
-        "opt-max-jobs": "command-ref/opt-common.html#opt-max-jobs",
-        "opt-max-silent-time": "command-ref/opt-common.html#opt-max-silent-time",
-        "opt-timeout": "command-ref/opt-common.html#opt-timeout",
-        "sec-common-options": "command-ref/opt-common.html",
-        "ch-utilities": "command-ref/utilities.html",
-        "chap-hacking": "development/building.html",
-        "adv-attr-allowSubstitutes": "language/advanced-attributes.html#adv-attr-allowSubstitutes",
-        "adv-attr-allowedReferences": "language/advanced-attributes.html#adv-attr-allowedReferences",
-        "adv-attr-allowedRequisites": "language/advanced-attributes.html#adv-attr-allowedRequisites",
-        "adv-attr-disallowedReferences": "language/advanced-attributes.html#adv-attr-disallowedReferences",
-        "adv-attr-disallowedRequisites": "language/advanced-attributes.html#adv-attr-disallowedRequisites",
-        "adv-attr-exportReferencesGraph": "language/advanced-attributes.html#adv-attr-exportReferencesGraph",
-        "adv-attr-impureEnvVars": "language/advanced-attributes.html#adv-attr-impureEnvVars",
-        "adv-attr-outputHash": "language/advanced-attributes.html#adv-attr-outputHash",
-        "adv-attr-outputHashAlgo": "language/advanced-attributes.html#adv-attr-outputHashAlgo",
-        "adv-attr-outputHashMode": "language/advanced-attributes.html#adv-attr-outputHashMode",
-        "adv-attr-passAsFile": "language/advanced-attributes.html#adv-attr-passAsFile",
-        "adv-attr-preferLocalBuild": "language/advanced-attributes.html#adv-attr-preferLocalBuild",
-        "fixed-output-drvs": "language/advanced-attributes.html#adv-attr-outputHash",
-        "sec-advanced-attributes": "language/advanced-attributes.html",
-        "builtin-abort": "language/builtins.html#builtins-abort",
-        "builtin-add": "language/builtins.html#builtins-add",
-        "builtin-all": "language/builtins.html#builtins-all",
-        "builtin-any": "language/builtins.html#builtins-any",
-        "builtin-attrNames": "language/builtins.html#builtins-attrNames",
-        "builtin-attrValues": "language/builtins.html#builtins-attrValues",
-        "builtin-baseNameOf": "language/builtins.html#builtins-baseNameOf",
-        "builtin-bitAnd": "language/builtins.html#builtins-bitAnd",
-        "builtin-bitOr": "language/builtins.html#builtins-bitOr",
-        "builtin-bitXor": "language/builtins.html#builtins-bitXor",
-        "builtin-builtins": "language/builtins.html#builtins-builtins",
-        "builtin-compareVersions": "language/builtins.html#builtins-compareVersions",
-        "builtin-concatLists": "language/builtins.html#builtins-concatLists",
-        "builtin-concatStringsSep": "language/builtins.html#builtins-concatStringsSep",
-        "builtin-currentSystem": "language/builtins.html#builtins-currentSystem",
-        "builtin-deepSeq": "language/builtins.html#builtins-deepSeq",
-        "builtin-derivation": "language/builtins.html#builtins-derivation",
-        "builtin-dirOf": "language/builtins.html#builtins-dirOf",
-        "builtin-div": "language/builtins.html#builtins-div",
-        "builtin-elem": "language/builtins.html#builtins-elem",
-        "builtin-elemAt": "language/builtins.html#builtins-elemAt",
-        "builtin-fetchGit": "language/builtins.html#builtins-fetchGit",
-        "builtin-fetchTarball": "language/builtins.html#builtins-fetchTarball",
-        "builtin-fetchurl": "language/builtins.html#builtins-fetchurl",
-        "builtin-filterSource": "language/builtins.html#builtins-filterSource",
-        "builtin-foldl-prime": "language/builtins.html#builtins-foldl'",
-        "builtin-fromJSON": "language/builtins.html#builtins-fromJSON",
-        "builtin-functionArgs": "language/builtins.html#builtins-functionArgs",
-        "builtin-genList": "language/builtins.html#builtins-genList",
-        "builtin-getAttr": "language/builtins.html#builtins-getAttr",
-        "builtin-getEnv": "language/builtins.html#builtins-getEnv",
-        "builtin-hasAttr": "language/builtins.html#builtins-hasAttr",
-        "builtin-hashFile": "language/builtins.html#builtins-hashFile",
-        "builtin-hashString": "language/builtins.html#builtins-hashString",
-        "builtin-head": "language/builtins.html#builtins-head",
-        "builtin-import": "language/builtins.html#builtins-import",
-        "builtin-intersectAttrs": "language/builtins.html#builtins-intersectAttrs",
-        "builtin-isAttrs": "language/builtins.html#builtins-isAttrs",
-        "builtin-isBool": "language/builtins.html#builtins-isBool",
-        "builtin-isFloat": "language/builtins.html#builtins-isFloat",
-        "builtin-isFunction": "language/builtins.html#builtins-isFunction",
-        "builtin-isInt": "language/builtins.html#builtins-isInt",
-        "builtin-isList": "language/builtins.html#builtins-isList",
-        "builtin-isNull": "language/builtins.html#builtins-isNull",
-        "builtin-isString": "language/builtins.html#builtins-isString",
-        "builtin-length": "language/builtins.html#builtins-length",
-        "builtin-lessThan": "language/builtins.html#builtins-lessThan",
-        "builtin-listToAttrs": "language/builtins.html#builtins-listToAttrs",
-        "builtin-map": "language/builtins.html#builtins-map",
-        "builtin-match": "language/builtins.html#builtins-match",
-        "builtin-mul": "language/builtins.html#builtins-mul",
-        "builtin-parseDrvName": "language/builtins.html#builtins-parseDrvName",
-        "builtin-path": "language/builtins.html#builtins-path",
-        "builtin-pathExists": "language/builtins.html#builtins-pathExists",
-        "builtin-placeholder": "language/builtins.html#builtins-placeholder",
-        "builtin-readDir": "language/builtins.html#builtins-readDir",
-        "builtin-readFile": "language/builtins.html#builtins-readFile",
-        "builtin-removeAttrs": "language/builtins.html#builtins-removeAttrs",
-        "builtin-replaceStrings": "language/builtins.html#builtins-replaceStrings",
-        "builtin-seq": "language/builtins.html#builtins-seq",
-        "builtin-sort": "language/builtins.html#builtins-sort",
-        "builtin-split": "language/builtins.html#builtins-split",
-        "builtin-splitVersion": "language/builtins.html#builtins-splitVersion",
-        "builtin-stringLength": "language/builtins.html#builtins-stringLength",
-        "builtin-sub": "language/builtins.html#builtins-sub",
-        "builtin-substring": "language/builtins.html#builtins-substring",
-        "builtin-tail": "language/builtins.html#builtins-tail",
-        "builtin-throw": "language/builtins.html#builtins-throw",
-        "builtin-toFile": "language/builtins.html#builtins-toFile",
-        "builtin-toJSON": "language/builtins.html#builtins-toJSON",
-        "builtin-toPath": "language/builtins.html#builtins-toPath",
-        "builtin-toString": "language/builtins.html#builtins-toString",
-        "builtin-toXML": "language/builtins.html#builtins-toXML",
-        "builtin-trace": "language/builtins.html#builtins-trace",
-        "builtin-tryEval": "language/builtins.html#builtins-tryEval",
-        "builtin-typeOf": "language/builtins.html#builtins-typeOf",
-        "ssec-builtins": "language/builtins.html",
-        "attr-system": "language/derivations.html#attr-system",
-        "ssec-derivation": "language/derivations.html",
-        "ch-expression-language": "language/index.html",
-        "sec-constructs": "language/syntax.html",
-        "sect-let-language": "language/syntax.html#let-expressions",
-        "ss-functions": "language/syntax.html#functions",
-        "sec-language-operators": "language/operators.html",
-        "table-operators": "language/operators.html",
-        "ssec-values": "language/types.html",
-        "gloss-closure": "glossary.html#gloss-closure",
-        "gloss-derivation": "glossary.html#gloss-derivation",
-        "gloss-deriver": "glossary.html#gloss-deriver",
-        "gloss-nar": "glossary.html#gloss-nar",
-        "gloss-output-path": "glossary.html#gloss-output-path",
-        "gloss-profile": "glossary.html#gloss-profile",
-        "gloss-reachable": "glossary.html#gloss-reachable",
-        "gloss-reference": "glossary.html#gloss-reference",
-        "gloss-substitute": "glossary.html#gloss-substitute",
-        "gloss-user-env": "glossary.html#gloss-user-env",
-        "gloss-validity": "glossary.html#gloss-validity",
-        "part-glossary": "glossary.html",
-        "sec-building-source": "installation/building-source.html",
-        "ch-env-variables": "installation/env-variables.html",
-        "sec-installer-proxy-settings": "installation/env-variables.html#proxy-environment-variables",
-        "sec-nix-ssl-cert-file": "installation/env-variables.html#nix_ssl_cert_file",
-        "sec-nix-ssl-cert-file-with-nix-daemon-and-macos": "installation/env-variables.html#nix_ssl_cert_file",
-        "chap-installation": "installation/index.html",
-        "ch-installing-binary": "installation/installing-binary.html",
-        "sect-macos-installation": "installation/installing-binary.html#macos-installation",
-        "sect-macos-installation-change-store-prefix": "installation/installing-binary.html#macos-installation",
-        "sect-macos-installation-encrypted-volume": "installation/installing-binary.html#macos-installation",
-        "sect-macos-installation-recommended-notes": "installation/installing-binary.html#macos-installation",
-        "sect-macos-installation-symlink": "installation/installing-binary.html#macos-installation",
-        "sect-multi-user-installation": "installation/installing-binary.html#multi-user-installation",
-        "sect-nix-install-binary-tarball": "installation/installing-binary.html#installing-from-a-binary-tarball",
-        "sect-nix-install-pinned-version-url":
-            "installation/installing-binary.html#installing-a-pinned-nix-version-from-a-url",
-        "sect-single-user-installation": "installation/installing-binary.html#single-user-installation",
-        "ch-installing-source": "installation/installing-source.html",
-        "ssec-multi-user": "installation/multi-user.html",
-        "ch-nix-security": "installation/nix-security.html",
-        "sec-obtaining-source": "installation/obtaining-source.html",
-        "sec-prerequisites-source": "installation/prerequisites-source.html",
-        "sec-single-user": "installation/single-user.html",
-        "ch-supported-platforms": "installation/supported-platforms.html",
-        "ch-upgrading-nix": "installation/upgrading.html",
-        "ch-about-nix": "introduction.html",
-        "chap-introduction": "introduction.html",
-        "ch-basic-package-mgmt": "package-management/index.html",
-        "ssec-binary-cache-substituter": "package-management/binary-cache-substituter.html",
-        "sec-channels": "command-ref/nix-channel.html",
-        "ssec-copy-closure": "command-ref/nix-copy-closure.html",
-        "sec-garbage-collection": "package-management/garbage-collection.html",
-        "ssec-gc-roots": "package-management/garbage-collector-roots.html",
-        "chap-package-management": "package-management/index.html",
-        "sec-profiles": "package-management/profiles.html",
-        "ssec-s3-substituter": "store/types/s3-binary-cache-store.html",
-        "ssec-s3-substituter-anonymous-reads":
-            "store/types/s3-binary-cache-store.html#anonymous-reads-to-your-s3-compatible-binary-cache",
-        "ssec-s3-substituter-authenticated-reads":
-            "store/types/s3-binary-cache-store.html#authenticated-reads-to-your-s3-binary-cache",
-        "ssec-s3-substituter-authenticated-writes":
-            "store/types/s3-binary-cache-store.html#authenticated-writes-to-your-s3-compatible-binary-cache",
-        "sec-sharing-packages": "package-management/sharing-packages.html",
-        "ssec-ssh-substituter": "package-management/ssh-substituter.html",
-        "chap-quick-start": "quick-start.html",
-        "sec-relnotes": "release-notes/index.html",
-        "ch-relnotes-0.10.1": "release-notes/rl-0.10.1.html",
-        "ch-relnotes-0.10": "release-notes/rl-0.10.html",
-        "ssec-relnotes-0.11": "release-notes/rl-0.11.html",
-        "ssec-relnotes-0.12": "release-notes/rl-0.12.html",
-        "ssec-relnotes-0.13": "release-notes/rl-0.13.html",
-        "ssec-relnotes-0.14": "release-notes/rl-0.14.html",
-        "ssec-relnotes-0.15": "release-notes/rl-0.15.html",
-        "ssec-relnotes-0.16": "release-notes/rl-0.16.html",
-        "ch-relnotes-0.5": "release-notes/rl-0.5.html",
-        "ch-relnotes-0.6": "release-notes/rl-0.6.html",
-        "ch-relnotes-0.7": "release-notes/rl-0.7.html",
-        "ch-relnotes-0.8.1": "release-notes/rl-0.8.1.html",
-        "ch-relnotes-0.8": "release-notes/rl-0.8.html",
-        "ch-relnotes-0.9.1": "release-notes/rl-0.9.1.html",
-        "ch-relnotes-0.9.2": "release-notes/rl-0.9.2.html",
-        "ch-relnotes-0.9": "release-notes/rl-0.9.html",
-        "ssec-relnotes-1.0": "release-notes/rl-1.0.html",
-        "ssec-relnotes-1.1": "release-notes/rl-1.1.html",
-        "ssec-relnotes-1.10": "release-notes/rl-1.10.html",
-        "ssec-relnotes-1.11.10": "release-notes/rl-1.11.10.html",
-        "ssec-relnotes-1.11": "release-notes/rl-1.11.html",
-        "ssec-relnotes-1.2": "release-notes/rl-1.2.html",
-        "ssec-relnotes-1.3": "release-notes/rl-1.3.html",
-        "ssec-relnotes-1.4": "release-notes/rl-1.4.html",
-        "ssec-relnotes-1.5.1": "release-notes/rl-1.5.html",
-        "ssec-relnotes-1.5.2": "release-notes/rl-1.5.2.html",
-        "ssec-relnotes-1.5": "release-notes/rl-1.5.html",
-        "ssec-relnotes-1.6.1": "release-notes/rl-1.6.1.html",
-        "ssec-relnotes-1.6.0": "release-notes/rl-1.6.html",
-        "ssec-relnotes-1.7": "release-notes/rl-1.7.html",
-        "ssec-relnotes-1.8": "release-notes/rl-1.8.html",
-        "ssec-relnotes-1.9": "release-notes/rl-1.9.html",
-        "ssec-relnotes-2.0": "release-notes/rl-2.0.html",
-        "ssec-relnotes-2.1": "release-notes/rl-2.1.html",
-        "ssec-relnotes-2.2": "release-notes/rl-2.2.html",
-        "ssec-relnotes-2.3": "release-notes/rl-2.3.html"
-    },
-    "language/types.html": {
-        "simple-values": "#primitives",
-        "lists": "#type-list",
-        "strings": "#type-string",
-        "attribute-sets": "#type-attrs",
-        "type-number": "#type-int"
-    },
-    "language/syntax.html": {
-        "scoping-rules": "scope.html",
-        "string-literal": "string-literals.html"
-    },
-    "language/derivations.html": {
-        "builder-execution": "../store/building.html#builder-execution"
-    },
-    "installation/installing-binary.html": {
-        "linux": "uninstall.html#linux",
-        "macos": "uninstall.html#macos",
-        "uninstalling": "uninstall.html"
-    },
-    "development/building.html": {
-        "nix-with-flakes": "#building-nix-with-flakes",
-        "classic-nix": "#building-nix",
-        "running-tests": "testing.html#running-tests",
-        "unit-tests": "testing.html#unit-tests",
-        "functional-tests": "testing.html#functional-tests",
-        "debugging-failing-functional-tests": "testing.html#debugging-failing-functional-tests",
-        "integration-tests": "testing.html#integration-tests",
-        "installer-tests": "testing.html#installer-tests",
-        "one-time-setup": "testing.html#one-time-setup",
-        "using-the-ci-generated-installer-for-manual-testing":
-            "testing.html#using-the-ci-generated-installer-for-manual-testing",
-        "characterization-testing": "testing.html#characterisation-testing-unit",
-        "add-a-release-note": "contributing.html#add-a-release-note",
-        "add-an-entry": "contributing.html#add-an-entry",
-        "build-process": "contributing.html#build-process",
-        "reverting": "contributing.html#reverting",
-        "branches": "contributing.html#branches"
-    },
-    "glossary.html": {
-        "gloss-local-store": "store/types/local-store.html",
-        "package-attribute-set": "#package",
-        "gloss-chroot-store": "store/types/local-store.html",
-        "gloss-content-addressed-derivation": "#gloss-content-addressing-derivation"
-    }
-}
--- a/doc/manual/render-manpage.sh
+++ b/doc/manual/render-manpage.sh
@@ -1,55 +1,25 @@
 #!/usr/bin/env bash
-#
-# Standalone manpage renderer that doesn't require mdbook.
-# Uses expand-includes.py to preprocess markdown, then lowdown to generate manpages.

 set -euo pipefail

-script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-
 lowdown_args=

-# Optional --out-no-smarty flag for compatibility with nix_nested_manpages
 if [ "$1" = --out-no-smarty ]; then
    lowdown_args=--out-no-smarty
    shift
 fi

-[ "$#" = 7 ] || {
-    cat >&2 <<EOF
-Usage: $0 [--out-no-smarty] <title> <section> <source-root> <generated-root> <doc-url> <infile> <outfile>
-
-Arguments:
-  title           - Manpage title (e.g., "nix-env --install")
-  section         - Manpage section number (1, 5, 8, etc.)
-  source-root     - Root directory of markdown sources
-  generated-root  - Root directory of generated markdown files
-  doc-url         - Base URL for documentation links
-  infile          - Input markdown file (relative to build directory)
-  outfile         - Output manpage file
-
-Examples:
-  $0 "nix-store --query" 1 doc/manual/source build/doc/manual/source \\
-     https://nix.dev/manual/nix/latest \\
-     build/doc/manual/source/command-ref/nix-store/query.md nix-store-query.1
-EOF
+[ "$#" = 4 ] || {
+    echo "wrong number of args passed" >&2
    exit 1
 }

 title="$1"
 section="$2"
-source_root="$3"
-generated_root="$4"
-doc_url="$5"
-infile="$6"
-outfile="$7"
+infile="$3"
+outfile="$4"

-# Expand includes and pipe to lowdown
 (
    printf "Title: %s\n\n" "$title"
-    python3 "$script_dir/expand-includes.py" \
-        --source-root "$source_root" \
-        --generated-root "$generated_root" \
-        --doc-url "$doc_url" \
-        "$infile"
+    cat "$infile"
 ) | lowdown -sT man --nroff-nolinks $lowdown_args -M section="$section" -o "$outfile"
--- a/doc/manual/rl-next/channels-subdomain.md
+++ b/doc/manual/rl-next/channels-subdomain.md
@@ -0,0 +1,9 @@
+---
+synopsis: Channel URLs migrated to channels.nixos.org subdomain
+prs: [14518]
+issues: [14517]
+---
+
+Channel URLs have been updated from `https://nixos.org/channels/` to `https://channels.nixos.org/` throughout Nix.
+
+The subdomain provides better reliability with IPv6 support and improved CDN distribution. The old domain apex (`nixos.org/channels/`) currently redirects to the new location but may be deprecated in the future.
--- a/doc/manual/rl-next/json-format-changes.md
+++ b/doc/manual/rl-next/json-format-changes.md
@@ -0,0 +1,55 @@
+---
+synopsis: "JSON format changes for store path info and derivations"
+prs: []
+issues: []
+---
+
+JSON formats for store path info and derivations have been updated with new versions and structured fields.
+
+## Store Path Info JSON (Version 2)
+
+The store path info JSON format has been updated from version 1 to version 2:
+
+- **Added `version` field**:
+
+  All store path info JSON now includes `"version": 2`.
+
+- **Structured `ca` field**:
+
+  Content address is now a structured JSON object instead of a string:
+
+  - Old: `"ca": "fixed:r:sha256:1abc..."`
+  - New: `"ca": {"method": "nar", "hash": {"algorithm": "sha256", "format": "base64", "hash": "EMIJ+giQ..."}}`
+  - Still `null` values for input-addressed store objects
+
+- **Structured hash fields**:
+
+  Hash values (`narHash` and `downloadHash`) are now structured JSON objects instead of strings:
+
+  - Old: `"narHash": "sha256:FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc="`
+  - New: `"narHash": {"algorithm": "sha256", "format": "base64", "hash": "FePFYIlM..."}`
+  - Same structure applies to `downloadHash` in NAR info contexts
+
+Nix currently only produces, and doesn't consume this format.
+
+**Affected command**: `nix path-info --json`
+
+## Derivation JSON (Version 4)
+
+The derivation JSON format has been updated from version 3 to version 4:
+
+- **Restructured inputs**:
+
+  Inputs are now nested under an `inputs` object:
+
+  - Old: `"inputSrcs": [...], "inputDrvs": {...}`
+  - New: `"inputs": {"srcs": [...], "drvs": {...}}`
+
+- **Consistent content addresses**:
+
+  Floating content-addressed outputs now use structured JSON format.
+  This is the same format as `ca` in in store path info (after the new version).
+
+Version 3 and earlier formats are *not* accepted when reading.
+
+**Affected command**: `nix derivation`, namely it's `show` and `add` sub-commands.
--- a/doc/manual/rl-next/s3-curl-implementation.md
+++ b/doc/manual/rl-next/s3-curl-implementation.md
@@ -0,0 +1,40 @@
+---
+synopsis: "Improved S3 binary cache support via HTTP"
+prs: [13752, 13823, 14026, 14120, 14131, 14135, 14144, 14170, 14190, 14198, 14206, 14209, 14222, 14223, 14330, 14333, 14335, 14336, 14337, 14350, 14356, 14357, 14374, 14375, 14376, 14377, 14391, 14393, 14420, 14421]
+issues: [13084, 12671, 11748, 12403]
+---
+
+S3 binary cache operations now happen via HTTP, leveraging `libcurl`'s native
+AWS SigV4 authentication instead of the AWS C++ SDK, providing significant
+improvements:
+
+- **Reduced memory usage**: Eliminates memory buffering issues that caused
+  segfaults with large files
+- **Fixed upload reliability**: Resolves AWS SDK chunking errors
+  (`InvalidChunkSizeError`)
+- **Lighter dependencies**: Uses lightweight `aws-crt-cpp` instead of full
+  `aws-cpp-sdk`, reducing build complexity
+
+The new implementation requires curl >= 7.75.0 and `aws-crt-cpp` for credential
+management.
+
+All existing S3 URL formats and parameters remain supported, however the store
+settings for configuring multipart uploads have changed:
+
+- **`multipart-upload`** (default: `false`): Enable multipart uploads for large
+  files. When enabled, files exceeding the multipart threshold will be uploaded
+  in multiple parts.
+
+- **`multipart-threshold`** (default: `100 MiB`): Minimum file size for using
+  multipart uploads. Files smaller than this will use regular PUT requests.
+  Only takes effect when `multipart-upload` is enabled.
+
+- **`multipart-chunk-size`** (default: `5 MiB`): Size of each part in multipart
+  uploads. Must be at least 5 MiB (AWS S3 requirement). Larger chunk sizes
+  reduce the number of requests but use more memory.
+
+- **`buffer-size`**: Has been replaced by `multipart-chunk-size` and is now an alias to it.
+
+Note that this change also means Nix now supports S3 binary cache stores even
+if built without `aws-crt-cpp`, but only for public buckets which do not
+require authentication.
--- a/doc/manual/rl-next/s3-object-versioning.md
+++ b/doc/manual/rl-next/s3-object-versioning.md
@@ -0,0 +1,14 @@
+---
+synopsis: "S3 URLs now support object versioning via versionId parameter"
+prs: [14274]
+issues: [13955]
+---
+
+S3 URLs now support a `versionId` query parameter to fetch specific versions
+of objects from S3 buckets with versioning enabled. This allows pinning to
+exact object versions for reproducibility and protection against unexpected
+changes:
+
+```
+s3://bucket/key?region=us-east-1&versionId=abc123def456
+```
--- a/doc/manual/rl-next/s3-storage-class.md
+++ b/doc/manual/rl-next/s3-storage-class.md
@@ -0,0 +1,21 @@
+---
+synopsis: "S3 binary cache stores now support storage class configuration"
+prs: [14464]
+issues: [7015]
+---
+
+S3 binary cache stores now support configuring the storage class for uploaded objects via the `storage-class` parameter. This allows users to optimize costs by selecting appropriate storage tiers based on access patterns.
+
+Example usage:
+
+```bash
+# Use Glacier storage for long-term archival
+nix copy --to 's3://my-bucket?storage-class=GLACIER' /nix/store/...
+
+# Use Intelligent Tiering for automatic cost optimization
+nix copy --to 's3://my-bucket?storage-class=INTELLIGENT_TIERING' /nix/store/...
+```
+
+The storage class applies to both regular uploads and multipart uploads. When not specified, objects use the bucket's default storage class.
+
+See the [S3 storage classes documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html) for available storage classes and their characteristics.
--- a/doc/manual/source/SUMMARY.md.in
+++ b/doc/manual/source/SUMMARY.md.in
@@ -121,17 +121,14 @@
 - [Architecture and Design](architecture/architecture.md)
 - [Formats and Protocols](protocols/index.md)
  - [JSON Formats](protocols/json/index.md)
-    - [File System Object](protocols/json/file-system-object.md)
    - [Hash](protocols/json/hash.md)
    - [Content Address](protocols/json/content-address.md)
    - [Store Path](protocols/json/store-path.md)
    - [Store Object Info](protocols/json/store-object-info.md)
-    - [Derivation](protocols/json/derivation/index.md)
-      - [Derivation Options](protocols/json/derivation/options.md)
+    - [Derivation](protocols/json/derivation.md)
    - [Deriving Path](protocols/json/deriving-path.md)
    - [Build Trace Entry](protocols/json/build-trace-entry.md)
    - [Build Result](protocols/json/build-result.md)
-    - [Store](protocols/json/store.md)
  - [Serving Tarball Flakes](protocols/tarball-fetcher.md)
  - [Store Path Specification](protocols/store-path.md)
  - [Nix Archive (NAR) Format](protocols/nix-archive/index.md)
@@ -151,7 +148,6 @@
  - [Contributing](development/contributing.md)
 - [Releases](release-notes/index.md)
 {{#include ./SUMMARY-rl-next.md}}
-  - [Release 2.33 (2025-12-09)](release-notes/rl-2.33.md)
  - [Release 2.32 (2025-10-06)](release-notes/rl-2.32.md)
  - [Release 2.31 (2025-08-21)](release-notes/rl-2.31.md)
  - [Release 2.30 (2025-07-07)](release-notes/rl-2.30.md)
--- a/doc/manual/source/advanced-topics/eval-profiler.md
+++ b/doc/manual/source/advanced-topics/eval-profiler.md
@@ -27,7 +27,7 @@ site](https://en.wikipedia.org/wiki/Call_site) position and the name of the
 function being called (when available). For example:

 ```
-/nix/store/2q71fdvr4h33g9832hiriwnf20fn630l-source/pkgs/top-level/default.nix:167:5:primop import
+/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5:primop import
 ```

-Here `import` primop is called at `/nix/store/2q71fdvr4h33g9832hiriwnf20fn630l-source/pkgs/top-level/default.nix:167:5`.
+Here `import` primop is called at `/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5`.
--- a/doc/manual/source/command-ref/files/default-nix-expression.md
+++ b/doc/manual/source/command-ref/files/default-nix-expression.md
@@ -39,11 +39,11 @@ This makes all subscribed channels available as attributes in the default expres
 A symlink that ensures that [`nix-env`] can find the current user's [channels]:

 - `~/.nix-defexpr/channels`
- `$XDG_STATE_HOME/nix/defexpr/channels` if [`use-xdg-base-directories`] is set to `true`.
+- `$XDG_STATE_HOME/defexpr/channels` if [`use-xdg-base-directories`] is set to `true`.

 This symlink points to:

- `$XDG_STATE_HOME/nix/profiles/channels` for regular users
+- `$XDG_STATE_HOME/profiles/channels` for regular users
 - `$NIX_STATE_DIR/profiles/per-user/root/channels` for `root`

 In a multi-user installation, you may also have `~/.nix-defexpr/channels_root`, which links to the channels of the root user.
--- a/doc/manual/source/command-ref/files/manifest.nix.md
+++ b/doc/manual/source/command-ref/files/manifest.nix.md
@@ -114,9 +114,9 @@ Here is an example of how this file might look like after installing `hello` fro
  };
  name = "hello-2.12.1";
  out = {
-    outPath = "/nix/store/src1vzij2z0slnakrsbpqpk20389z0k6-hello-2.12.1";
+    outPath = "/nix/store/260q5867crm1xjs4khgqpl6vr9kywql1-hello-2.12.1";
  };
-  outPath = "/nix/store/src1vzij2z0slnakrsbpqpk20389z0k6-hello-2.12.1";
+  outPath = "/nix/store/260q5867crm1xjs4khgqpl6vr9kywql1-hello-2.12.1";
  outputs = [ "out" ];
  system = "x86_64-linux";
  type = "derivation";
--- a/doc/manual/source/command-ref/files/profiles.md
+++ b/doc/manual/source/command-ref/files/profiles.md
@@ -37,13 +37,13 @@ dr-xr-xr-x 4 root root 4096 Jan  1  1970 share

 /home/eelco/.local/state/nix/profiles/profile-7-link/bin:
 total 20
-lrwxrwxrwx 5 root root 79 Jan  1  1970 chromium -> /nix/store/cyxny9d1zjb9l9103fr6j6kavp3bqjxf-chromium-86.0.4240.111/bin/chromium
+lrwxrwxrwx 5 root root 79 Jan  1  1970 chromium -> /nix/store/ijm5k0zqisvkdwjkc77mb9qzb35xfi4m-chromium-86.0.4240.111/bin/chromium
 lrwxrwxrwx 7 root root 87 Jan  1  1970 spotify -> /nix/store/w9182874m1bl56smps3m5zjj36jhp3rn-spotify-1.1.26.501.gbe11e53b-15/bin/spotify
 lrwxrwxrwx 3 root root 79 Jan  1  1970 zoom-us -> /nix/store/wbhg2ga8f3h87s9h5k0slxk0m81m4cxl-zoom-us-5.3.469451.0927/bin/zoom-us

 /home/eelco/.local/state/nix/profiles/profile-7-link/share/applications:
 total 12
-lrwxrwxrwx 4 root root 120 Jan  1  1970 chromium-browser.desktop -> /nix/store/sqzyx2l85i6j2a77pnyvglh3bvzwmjjp-chromium-unwrapped-86.0.4240.111/share/applications/chromium-browser.desktop
+lrwxrwxrwx 4 root root 120 Jan  1  1970 chromium-browser.desktop -> /nix/store/4cf803y4vzfm3gyk3vzhzb2327v0kl8a-chromium-unwrapped-86.0.4240.111/share/applications/chromium-browser.desktop
 lrwxrwxrwx 7 root root 110 Jan  1  1970 spotify.desktop -> /nix/store/w9182874m1bl56smps3m5zjj36jhp3rn-spotify-1.1.26.501.gbe11e53b-15/share/applications/spotify.desktop
 lrwxrwxrwx 3 root root 107 Jan  1  1970 us.zoom.Zoom.desktop -> /nix/store/wbhg2ga8f3h87s9h5k0slxk0m81m4cxl-zoom-us-5.3.469451.0927/share/applications/us.zoom.Zoom.desktop

--- a/doc/manual/source/command-ref/nix-build.md
+++ b/doc/manual/source/command-ref/nix-build.md
@@ -36,7 +36,7 @@ to a temporary location. The tarball must include a single top-level
 directory containing at least a file named `default.nix`.

 `nix-build` is essentially a wrapper around
-[`nix-instantiate`](./nix-instantiate.md) (to translate a high-level Nix
+[`nix-instantiate`](nix-instantiate.md) (to translate a high-level Nix
 expression to a low-level [store derivation]) and [`nix-store
 --realise`](@docroot@/command-ref/nix-store/realise.md) (to build the store
 derivation).
@@ -52,8 +52,8 @@ derivation).
 # Options

 All options not listed here are passed to
-[`nix-store --realise`](./nix-store/realise.md),
-except for `--arg` and `--attr` / `-A` which are passed to [`nix-instantiate`](./nix-instantiate.md).
+[`nix-store --realise`](nix-store/realise.md),
+except for `--arg` and `--attr` / `-A` which are passed to [`nix-instantiate`](nix-instantiate.md).

 - <span id="opt-no-out-link">[`--no-out-link`](#opt-no-out-link)<span>

--- a/doc/manual/source/command-ref/nix-copy-closure.md
+++ b/doc/manual/source/command-ref/nix-copy-closure.md
@@ -72,11 +72,11 @@ When using public key authentication, you can avoid typing the passphrase with `
 > $ storePath="$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)"
 > $ nix-copy-closure --to alice@itchy.example.org "$storePath"
 > copying 5 paths...
-> copying path '/nix/store/h6q8sqsqfbd3252f9gixqn3z282wds7m-xgcc-13.2.0-libgcc' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/imnwvn96lw355giswsk36hx105j4wnpj-libunistring-1.1' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/85301indj7scg34spnfczkz72jgv8wa9-libidn2-2.3.7' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/ypwfsaljwhzw9iffiysxmxnhjj8v7np0-glibc-2.39-31' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/0dklv59zppdsqdvgf0qdvjgzcs5wbwxa-hello-2.12.1' to 'ssh://alice@itchy.example.org'...
+> copying path '/nix/store/nrwkk6ak3rgkrxbqhsscb01jpzmslf2r-xgcc-13.2.0-libgcc' to 'ssh://alice@itchy.example.org'...
+> copying path '/nix/store/gm61h1y42pqyl6178g90x8zm22n6pyy5-libunistring-1.1' to 'ssh://alice@itchy.example.org'...
+> copying path '/nix/store/ddfzjdykw67s20c35i7a6624by3iz5jv-libidn2-2.3.7' to 'ssh://alice@itchy.example.org'...
+> copying path '/nix/store/apab5i73dqa09wx0q27b6fbhd1r18ihl-glibc-2.39-31' to 'ssh://alice@itchy.example.org'...
+> copying path '/nix/store/g1n2vryg06amvcc1avb2mcq36faly0mh-hello-2.12.1' to 'ssh://alice@itchy.example.org'...
 > ```

 > **Example**
--- a/doc/manual/source/command-ref/nix-env/install.md
+++ b/doc/manual/source/command-ref/nix-env/install.md
@@ -204,7 +204,7 @@ To install a specific [store derivation] (typically created by
 `nix-instantiate`):

 ```console
-$ nix-env --install /nix/store/8la6y31fmm6i4wfmby6avly1wf718xnj-gcc-3.4.3.drv
+$ nix-env --install /nix/store/fibjb1bfbpm5mrsxc4mh2d8n37sxh91i-gcc-3.4.3.drv
 ```

 To install a specific output path:
@@ -232,7 +232,7 @@ $ nix-env --file '<nixpkgs>' --install --attr hello --dry-run
 (dry run; not doing anything)
 installing ‘hello-2.10’
 this path will be fetched (0.04 MiB download, 0.19 MiB unpacked):
-  /nix/store/ikwkxz4wwlp2g1428n7dy729cg1d9hin-hello-2.10
+  /nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10
  ...
 ```

--- a/doc/manual/source/command-ref/nix-hash.md
+++ b/doc/manual/source/command-ref/nix-hash.md
@@ -34,7 +34,7 @@ md5sum`.
  Print the cryptographic hash of the contents of each regular file *path*.
  That is, instead of computing
  the hash of the [Nix Archive (NAR)](@docroot@/store/file-system-object/content-address.md#serial-nix-archive) of *path*,
-  just [directly hash](@docroot@/store/file-system-object/content-address.md#serial-flat) *path* as is.
+  just [directly hash]((@docroot@/store/file-system-object/content-address.md#serial-flat) *path* as is.
  This requires *path* to resolve to a regular file rather than directory.
  The result is identical to that produced by the GNU commands
  `md5sum` and `sha1sum`.
--- a/doc/manual/source/command-ref/nix-instantiate.md
+++ b/doc/manual/source/command-ref/nix-instantiate.md
@@ -32,7 +32,7 @@ standard input.

 - `--add-root` *path*

-  See the [corresponding option](./nix-store.md) in `nix-store`.
+  See the [corresponding option](nix-store.md) in `nix-store`.

 - `--parse`

--- a/doc/manual/source/command-ref/nix-prefetch-url.md
+++ b/doc/manual/source/command-ref/nix-prefetch-url.md
@@ -76,7 +76,7 @@ $ nix-prefetch-url ftp://ftp.gnu.org/pub/gnu/hello/hello-2.10.tar.gz
 ```console
 $ nix-prefetch-url --print-path mirror://gnu/hello/hello-2.10.tar.gz
 0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i
-/nix/store/8alrpdaasjd1x6g1fczchmzbpqm936a3-hello-2.10.tar.gz
+/nix/store/3x7dwzq014bblazs7kq20p9hyzz0qh8g-hello-2.10.tar.gz
 ```

 ```console
--- a/doc/manual/source/command-ref/nix-store/add-fixed.md
+++ b/doc/manual/source/command-ref/nix-store/add-fixed.md
@@ -34,6 +34,6 @@ This operation has the following options:

 ```console
 $ nix-store --add-fixed sha256 ./hello-2.10.tar.gz
-/nix/store/8alrpdaasjd1x6g1fczchmzbpqm936a3-hello-2.10.tar.gz
+/nix/store/3x7dwzq014bblazs7kq20p9hyzz0qh8g-hello-2.10.tar.gz
 ```

--- a/doc/manual/source/command-ref/nix-store/delete.md
+++ b/doc/manual/source/command-ref/nix-store/delete.md
@@ -27,7 +27,7 @@ paths in the store that refer to it (i.e., depend on it).
 # Example

 ```console
-$ nix-store --delete /nix/store/gjak3al7lj61x4gj6rln4f5pc5v0f67n-mesa-6.4
+$ nix-store --delete /nix/store/zq0h41l75vlb4z45kzgjjmsjxvcv1qk7-mesa-6.4
 0 bytes freed (0.00 MiB)
-error: cannot delete path `/nix/store/gjak3al7lj61x4gj6rln4f5pc5v0f67n-mesa-6.4' since it is still alive
+error: cannot delete path `/nix/store/zq0h41l75vlb4z45kzgjjmsjxvcv1qk7-mesa-6.4' since it is still alive
 ```
--- a/doc/manual/source/command-ref/nix-store/query.md
+++ b/doc/manual/source/command-ref/nix-store/query.md
@@ -184,9 +184,9 @@ Print the build-time dependencies of `svn`:

 ```console
 $ nix-store --query --requisites $(nix-store --query --deriver $(which svn))
-/nix/store/y6qa66l9h0pw161crnlk6y16rdrcljx4-grep-2.5.1.tar.bz2.drv
-/nix/store/z716h753s97jhnzvfank2srqbljswpgm-gcc-wrapper.sh
-/nix/store/f39x0q73rjdyvzm93y9wrkfr6x39lb7f-glibc-2.3.4.drv
+/nix/store/02iizgn86m42q905rddvg4ja975bk2i4-grep-2.5.1.tar.bz2.drv
+/nix/store/07a2bzxmzwz5hp58nf03pahrv2ygwgs3-gcc-wrapper.sh
+/nix/store/0ma7c9wsbaxahwwl04gbw3fcd806ski4-glibc-2.3.4.drv
 ... lots of other paths ...
 ```

@@ -199,10 +199,10 @@ Show the build-time dependencies as a tree:
 ```console
 $ nix-store --query --tree $(nix-store --query --deriver $(which svn))
 /nix/store/7i5082kfb6yjbqdbiwdhhza0am2xvh6c-subversion-1.1.4.drv
-+---/nix/store/vxnmkc8l8d2ijjha4xwhkfgx9vvc3q4c-builder.sh
-+---/nix/store/rn9776dy82n5qrgz7xbcl1iw4vfkcrkk-bash-3.0.drv
-|   +---/nix/store/x9j20hz6bln1crzn55qifk0bbsm8v5ac-bash
-|   +---/nix/store/ajnn1mcm45wjvn0rlc22gvx2cwhjnazx-builder.sh
+---/nix/store/d8afh10z72n8l1cr5w42366abiblgn54-builder.sh
+---/nix/store/fmzxmpjx2lh849ph0l36snfj9zdibw67-bash-3.0.drv
+|   +---/nix/store/570hmhmx3v57605cqg9yfvvyh0nnb8k8-bash
+|   +---/nix/store/p3srsbd8dx44v2pg6nbnszab5mcwx03v-builder.sh
 ...
 ```

--- a/doc/manual/source/command-ref/nix-store/realise.md
+++ b/doc/manual/source/command-ref/nix-store/realise.md
@@ -76,7 +76,7 @@ This operation is typically used to build [store derivation]s produced by

 ```console
 $ nix-store --realise $(nix-instantiate ./test.nix)
-/nix/store/6gwmy5jcnwdlz6aqqhksz863f1l8xc2w-aterm-2.3.1
+/nix/store/31axcgrlbfsxzmfff1gyj1bf62hvkby2-aterm-2.3.1
 ```

 This is essentially what [`nix-build`](@docroot@/command-ref/nix-build.md) does.
--- a/doc/manual/source/development/building.md
+++ b/doc/manual/source/development/building.md
@@ -3,10 +3,6 @@
 This section provides some notes on how to start hacking on Nix.
 To get the latest version of Nix from GitHub:

-> **Note**
->
-> When checking out the repo on Windows, make sure you have the git setting `core.symlinks` enabled, before cloning, as there are symlinks in the repo.
-
 ```console
 $ git clone https://github.com/NixOS/nix.git
 $ cd nix
--- a/doc/manual/source/development/debugging.md
+++ b/doc/manual/source/development/debugging.md
@@ -6,9 +6,16 @@ Additionally, see [Testing Nix](./testing.md) for further instructions on how to

 ## Building Nix with Debug Symbols

-In the development shell, `mesonBuildType` is set automatically to `debugoptimized`. This builds Nix with debug symbols, which are essential for effective debugging.
+In the development shell, set the `mesonBuildType` environment variable to `debug` before configuring the build:

-It is also possible to build without optimization for faster build:
+```console
+[nix-shell]$ export mesonBuildType=debugoptimized
+```
+
+Then, proceed to build Nix as described in [Building Nix](./building.md).
+This will build Nix with debug symbols, which are essential for effective debugging.
+
+It is also possible to build without debugging for faster build:

 ```console
 [nix-shell]$ NIX_HARDENING_ENABLE=$(printLines $NIX_HARDENING_ENABLE | grep -v fortify)
--- a/doc/manual/source/development/testing.md
+++ b/doc/manual/source/development/testing.md
@@ -137,12 +137,6 @@ $ _NIX_TEST_ACCEPT=1 meson test nix-store-tests -v
 will regenerate the "golden master" expected result for the `libnixstore` characterisation tests.
 The characterisation tests will mark themselves "skipped" since they regenerated the expected result instead of actually testing anything.

-### JSON Schema testing
-
-In `doc/manual/source/protocols/json/` we have a number of manual pages generated from [JSON Schema](https://json-schema.org/).
-That JSON schema is tested against the JSON file test data used in [characterisation tests](#characterisation-testing-unit ) for JSON (de)serialization, in `src/json-schema-checks`.
-Between the JSON (de)serialization testing, and this testing of the same data against the schema, we make sure that the manual, the implementation, and a machine-readable schema are are all in sync.
-
 ### Unit test support libraries

 There are headers and code which are not just used to test the library in question, but also downstream libraries.
--- a/doc/manual/source/glossary.md
+++ b/doc/manual/source/glossary.md
@@ -136,7 +136,7 @@

  > **Example**
  >
-  > `/nix/store/jf6gn2dzna4nmsfbdxsd7kwhsk6gnnlr-git-2.38.1`
+  > `/nix/store/a040m110amc4h71lds2jmr8qrkj2jhxd-git-2.38.1`

  See [Store Path](@docroot@/store/store-path.md) for details.

--- a/doc/manual/source/introduction.md
+++ b/doc/manual/source/introduction.md
@@ -8,7 +8,7 @@ stores packages in the _Nix store_, usually the directory
 `/nix/store`, where each package has its own unique subdirectory such
 as

-    /nix/store/q06x3jll2yfzckz2bzqak089p43ixkkq-firefox-33.1/
+    /nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1/

 where `b6gvzjyb2pg0…` is a unique identifier for the package that
 captures all its dependencies (it’s a cryptographic hash of the
--- a/doc/manual/source/language/builtins-prefix.md
+++ b/doc/manual/source/language/builtins-prefix.md
@@ -23,7 +23,7 @@ Some built-ins are also exposed directly in the global scope:
 - [`null`](#builtins-null)
 - [`placeholder`](#builtins-placeholder)
 - [`removeAttrs`](#builtins-removeAttrs)
- [`scopedImport`](#builtins-scopedImport)
+- `scopedImport`
 - [`throw`](#builtins-throw)
 - [`toString`](#builtins-toString)
 - [`true`](#builtins-true)
--- a/doc/manual/source/language/evaluation.md
+++ b/doc/manual/source/language/evaluation.md
@@ -74,48 +74,4 @@ in f { x = throw "error"; y = throw "error"; }
 => "ok"
 ```

-## Evaluation order
-
-The order in which expressions are evaluated is generally unspecified, because it does not affect successful evaluation outcomes.
-This allows more freedom for the evaluator to evolve and to evaluate efficiently.
-
-Data dependencies naturally impose some ordering constraints: a value cannot be used before it is computed.
-Beyond these constraints, the evaluator is free to choose any order.
-
-The order in which side effects such as [`builtins.trace`](@docroot@/language/builtins.md#builtins-trace) output occurs is not defined, but may be expected to follow data dependencies. <!-- we may want to be more specific about this. -->
-
-In a lazy language, evaluation order is often opposite to expectations from strict languages.
-For example, in `let wrap = x: { wrapped = x; }; in wrap (1 + 2)`, the function body produces a result (`{ wrapped = ...; }`) *before* evaluating `x`.
-
-## Infinite recursion and stack overflow
-
-During evaluation, two types of errors can occur when expressions reference themselves or call functions too deeply:
-
-### Infinite recursion
-
-This error occurs when a value depends on itself through a cycle, making it impossible to compute.
-
-```nix
-let x = x; in x
-=> error: infinite recursion encountered
-```
-
-Infinite recursion happens at the value level when evaluating an expression requires evaluating the same expression again.
-
-Despite the name, infinite recursion is cheap to compute and does not involve a stack overflow.
-The cycle is finite and fairly easy to detect.
-
-### Stack overflow
-
-This error occurs when the call depth exceeds the maximum allowed limit.
-
-```nix
-let f = x: f (x + 1);
-in f 0
-=> error: stack overflow; max-call-depth exceeded
-```
-
-Stack overflow happens when too many function calls are nested without returning.
-The maximum call depth is controlled by the [`max-call-depth` setting](@docroot@/command-ref/conf-file.md#conf-max-call-depth).
-
 [C API]: @docroot@/c-api.md
--- a/doc/manual/source/language/operators.md
+++ b/doc/manual/source/language/operators.md
@@ -23,8 +23,8 @@
 | [Greater than or equal to][Comparison] | *expr* `>=` *expr*                         | none          | 10         |
 | [Equality]                             | *expr* `==` *expr*                         | none          | 11         |
 | Inequality                             | *expr* `!=` *expr*                         | none          | 11         |
-| [Logical conjunction] (`AND`)          | *bool* `&&` *bool*                         | left          | [12](#precedence-and-disjunctive-normal-form)         |
-| [Logical disjunction] (`OR`)           | *bool* <code>\|\|</code> *bool*            | left          | [13](#precedence-and-disjunctive-normal-form)         |
+| Logical conjunction (`AND`)            | *bool* `&&` *bool*                         | left          | 12         |
+| Logical disjunction (`OR`)             | *bool* <code>\|\|</code> *bool*            | left          | 13         |
 | [Logical implication]                  | *bool* `->` *bool*                         | right         | 14         |
 | [Pipe operator] (experimental)         | *expr* `\|>` *func*                        | left          | 15         |
 | [Pipe operator] (experimental)         | *func* `<\|` *expr*                        | right         | 15         |
@@ -162,9 +162,6 @@ Update [attribute set] *attrset1* with names and values from *attrset2*.
 The returned attribute set will have all of the attributes in *attrset1* and *attrset2*.
 If an attribute name is present in both, the attribute value from the latter is taken.

-This operator is [strict](@docroot@/language/evaluation.md#strictness) in both *attrset1* and *attrset2*.
-That means that both arguments are evaluated to [weak head normal form](@docroot@/language/evaluation.md#values), so the attribute sets themselves are evaluated, but their attribute values are not evaluated.
-
 [Update]: #update

 ## Comparison
@@ -188,95 +185,18 @@ All comparison operators are implemented in terms of `<`, and the following equi

 ## Equality

- [Attribute sets][attribute set] are compared first by attribute names and then by items until a difference is found.
- [Lists][list] are compared first by length and then by items until a difference is found.
- Comparison of distinct [functions][function] returns `false`, but identical functions may be subject to [value identity optimization](#value-identity-optimization).
+- [Attribute sets][attribute set] and [lists][list] are compared recursively, and therefore are fully evaluated.
+- Comparison of [functions][function] always returns `false`.
 - Numbers are type-compatible, see [arithmetic] operators.
 - Floating point numbers only differ up to a limited precision.

-The `==` operator is [strict](@docroot@/language/evaluation.md#strictness) in both arguments; when comparing composite types ([attribute sets][attribute set] and [lists][list]), it is partially strict in their contained values: they are evaluated until a difference is found. <!-- this is woefully underspecified, affecting which expressions evaluate correctly; not just "ordering" or error messages. -->
-
-### Value identity optimization
-
-Nix performs equality comparisons of nested values by pointer equality or more abstractly, _identity_.
-Nix semantics ideally do not assign a unique identity to values as they are created, but equality is an exception to this rule.
-The disputable benefit of this is that it is more efficient, and it allows cyclical structures to be compared, e.g. `let x = { x = x; }; in x == x` evaluates to `true`.
-However, as a consequence, it makes a function equal to itself when the comparison is made in a list or attribute set, in contradiction to a simple direct comparison.
-
 [function]: ./syntax.md#functions

 [Equality]: #equality

-## Logical conjunction
-
-> **Syntax**
->
-> *bool1* `&&` *bool2*
-
-Logical AND. Equivalent to `if` *bool1* `then` *bool2* `else false`.
-
-This operator is [strict](@docroot@/language/evaluation.md#strictness) in *bool1*, but only evaluates *bool2* if *bool1* is `true`.
-
-> **Example**
->
-> ```nix
-> true && false
-> => false
->
-> false && throw "never evaluated"
-> => false
-> ```
-
-[Logical conjunction]: #logical-conjunction
-
-## Logical disjunction
-
-> **Syntax**
->
-> *bool1* `||` *bool2*
-
-Logical OR. Equivalent to `if` *bool1* `then true` `else` *bool2*.
-
-This operator is [strict](@docroot@/language/evaluation.md#strictness) in *bool1*, but only evaluates *bool2* if *bool1* is `false`.
-
-> **Example**
->
-> ```nix
-> true || false
-> => true
->
-> true || throw "never evaluated"
-> => true
-> ```
-
-[Logical disjunction]: #logical-disjunction
-
-### Precedence and disjunctive normal form
-
-The precedence of `&&` and `||` aligns with disjunctive normal form.
-Without parentheses, an expression describes multiple "permissible situations" (connected by `||`), where each situation consists of multiple simultaneous conditions (connected by `&&`).
-
-For example, `A || B && C || D && E` is parsed as `A || (B && C) || (D && E)`, describing three permissible situations: A holds, or both B and C hold, or both D and E hold.
-
 ## Logical implication

-> **Syntax**
->
-> *bool1* `->` *bool2*
-
-Logical implication. Equivalent to `!`*bool1* `||` *bool2* (or `if` *bool1* `then` *bool2* `else true`).
-
-This operator is [strict](@docroot@/language/evaluation.md#strictness) in *bool1*, but only evaluates *bool2* if *bool1* is `true`.
-
-> **Example**
->
-> ```nix
-> true -> false
-> => false
->
-> false -> throw "never evaluated"
-> => true
-> ```
+Equivalent to `!`*b1* `||` *b2*  (or `if` *b1* `then` *b2* `else true`)

 [Logical implication]: #logical-implication

--- a/doc/manual/source/language/string-context.md
+++ b/doc/manual/source/language/string-context.md
@@ -34,12 +34,12 @@ String context elements come in different forms:
    > [`builtins.storePath`] creates a string with a single constant string context element:
    >
    > ```nix
-    > builtins.getContext (builtins.storePath "/nix/store/ikwkxz4wwlp2g1428n7dy729cg1d9hin-hello-2.10")
+    > builtins.getContext (builtins.storePath "/nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10")
    > ```
    > evaluates to
    > ```nix
    > {
-    >   "/nix/store/ikwkxz4wwlp2g1428n7dy729cg1d9hin-hello-2.10" = {
+    >   "/nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10" = {
    >     path = true;
    >   };
    > }
--- a/doc/manual/source/language/string-interpolation.md
+++ b/doc/manual/source/language/string-interpolation.md
@@ -181,7 +181,7 @@ A derivation interpolates to the [store path] of its first [output](./derivation
 > "${pkgs.hello}"
 > ```
 >
->     "/nix/store/qnlr7906z0mrl2syrkdbpicffq02nw07-hello-2.12.1"
+>     "/nix/store/4xpfqf29z4m8vbhrqcz064wfmb46w5r7-hello-2.12.1"

 An attribute set interpolates to the return value of the function in the `__toString` applied to the attribute set itself.

--- a/doc/manual/source/language/syntax.md
+++ b/doc/manual/source/language/syntax.md
@@ -51,7 +51,6 @@ See [String literals](string-literals.md).

  Path literals can also include [string interpolation], besides being [interpolated into other expressions].

-  [string interpolation]: ./string-interpolation.md
  [interpolated into other expressions]: ./string-interpolation.md#interpolated-expression

  At least one slash (`/`) must appear *before* any interpolated expression for the result to be recognized as a path.
@@ -273,7 +272,7 @@ will crash with an `infinite recursion encountered` error message.

 A let-expression allows you to define local variables for an expression.

-> *let-in* = `let` [ *identifier* = *expr* `;` ]... `in` *expr*
+> *let-in* = `let` [ *identifier* = *expr* ]... `in` *expr*

 Example:

@@ -286,27 +285,6 @@ in x + y

 This evaluates to `"foobar"`.

-There is also another, older, syntax for let expressions that should not be used in new code:
-
-> *let* = `let` `{` *identifier* = *expr* `;` [ *identifier* = *expr* `;`]...  `}`
-
-In this form, the attribute set between the `{` `}` is recursive.
-
-One of the attributes must have the special name `body`,
-which is the result of the expression.
-
-Example:
-
-```nix
-let {
-  foo = bar;
-  bar = "baz";
-  body = foo;
-}
-```
-
-This evaluates to "baz".
-
 ## Inheriting attributes

 When defining an [attribute set](./types.md#type-attrs) or in a [let-expression](#let-expressions) it is often convenient to copy variables from the surrounding lexical scope (e.g., when you want to propagate attributes).
--- a/doc/manual/source/protocols/json/build-trace-entry.md
+++ b/doc/manual/source/protocols/json/build-trace-entry.md
@@ -1,21 +1,27 @@
-{{#include build-trace-entry-v2-fixed.md}}
+{{#include build-trace-entry-v1-fixed.md}}

 ## Examples

 ### Simple build trace entry

 ```json
-{{#include schema/build-trace-entry-v2/simple.json}}
+{{#include schema/build-trace-entry-v1/simple.json}}
+```
+
+### Build trace entry with dependencies
+
+```json
+{{#include schema/build-trace-entry-v1/with-dependent-realisations.json}}
 ```

 ### Build trace entry with signature

 ```json
-{{#include schema/build-trace-entry-v2/with-signature.json}}
+{{#include schema/build-trace-entry-v1/with-signature.json}}
 ```

 <!--
 ## Raw Schema

-[JSON Schema for Build Trace Entry v1](schema/build-trace-entry-v2.json)
-->
+[JSON Schema for Build Trace Entry v1](schema/build-trace-entry-v1.json)
+-->
--- a/doc/manual/source/protocols/json/derivation.md
+++ b/doc/manual/source/protocols/json/derivation.md
@@ -0,0 +1,7 @@
+{{#include derivation-v4-fixed.md}}
+
+<!-- need to convert YAML to JSON first
+## Raw Schema
+
+[JSON Schema for Derivation v3](schema/derivation-v4.json)
+-->
--- a/doc/manual/source/protocols/json/derivation/index.md
+++ b/doc/manual/source/protocols/json/derivation/index.md
@@ -1,7 +0,0 @@
-{{#include ../derivation-v4-fixed.md}}
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for Derivation v4](schema/derivation-v4.json)
-->
--- a/doc/manual/source/protocols/json/derivation/options.md
+++ b/doc/manual/source/protocols/json/derivation/options.md
@@ -1,49 +0,0 @@
-{{#include ../derivation-options-v1-fixed.md}}
-
-## Examples
-
-### Input-addressed derivations
-
-#### Default options
-
-```json
-{{#include ../schema/derivation-options-v1/ia/derivation-options/defaults.json}}
-```
-
-#### All options set
-
-```json
-{{#include ../schema/derivation-options-v1/ia/derivation-options/all_set.json}}
-```
-
-#### Default options (structured attributes)
-
-```json
-{{#include ../schema/derivation-options-v1/ia/derivation-options/structuredAttrs_defaults.json}}
-```
-
-#### All options set (structured attributes)
-
-```json
-{{#include ../schema/derivation-options-v1/ia/derivation-options/structuredAttrs_all_set.json}}
-```
-
-### Content-addressed derivations
-
-#### All options set
-
-```json
-{{#include ../schema/derivation-options-v1/ca/derivation-options/all_set.json}}
-```
-
-#### All options set (structured attributes)
-
-```json
-{{#include ../schema/derivation-options-v1/ca/derivation-options/structuredAttrs_all_set.json}}
-```
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for Derivation Options v1](schema/derivation-options-v1.json)
-->
--- a/doc/manual/source/protocols/json/file-system-object.md
+++ b/doc/manual/source/protocols/json/file-system-object.md
@@ -1,21 +0,0 @@
-{{#include file-system-object-v1-fixed.md}}
-
-## Examples
-
-### Simple
-
-```json
-{{#include schema/file-system-object-v1/simple.json}}
-```
-
-### Complex
-
-```json
-{{#include schema/file-system-object-v1/complex.json}}
-```
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for File System Object v1](schema/file-system-object-v1.json)
-->
--- a/doc/manual/source/protocols/json/fixup-json-schema-generated-doc.sed
+++ b/doc/manual/source/protocols/json/fixup-json-schema-generated-doc.sed
@@ -11,8 +11,7 @@ s/\\`/`/g
 #
 # As we have more such relative links, more replacements of this nature
 # should appear below.
-s^#/\$defs/\(regular\|symlink\|directory\)^In this schema^g
-s^\(./hash-v1.yaml\)\?#/$defs/algorithm^[JSON format for `Hash`](@docroot@/protocols/json/hash.html#algorithm)^g
-s^\(./hash-v1.yaml\)^[JSON format for `Hash`](@docroot@/protocols/json/hash.html)^g
-s^\(./content-address-v1.yaml\)\?#/$defs/method^[JSON format for `ContentAddress`](@docroot@/protocols/json/content-address.html#method)^g
-s^\(./content-address-v1.yaml\)^[JSON format for `ContentAddress`](@docroot@/protocols/json/content-address.html)^g
+s^\(./hash-v1.yaml\)\?#/$defs/algorithm^[JSON format for `Hash`](./hash.html#algorithm)^g
+s^\(./hash-v1.yaml\)^[JSON format for `Hash`](./hash.html)^g
+s^\(./content-address-v1.yaml\)\?#/$defs/method^[JSON format for `ContentAddress`](./content-address.html#method)^g
+s^\(./content-address-v1.yaml\)^[JSON format for `ContentAddress`](./content-address.html)^g
--- a/doc/manual/source/protocols/json/hash.md
+++ b/doc/manual/source/protocols/json/hash.md
@@ -2,16 +2,28 @@

 ## Examples

-### SHA-256
+### SHA-256 with Base64 encoding

 ```json
-{{#include schema/hash-v1/sha256.json}}
+{{#include schema/hash-v1/sha256-base64.json}}
 ```

-### BLAKE3
+### SHA-256 with Base16 (hexadecimal) encoding

 ```json
-{{#include schema/hash-v1/blake3.json}}
+{{#include schema/hash-v1/sha256-base16.json}}
+```
+
+### SHA-256 with Nix32 encoding
+
+```json
+{{#include schema/hash-v1/sha256-nix32.json}}
+```
+
+### BLAKE3 with Base64 encoding
+
+```json
+{{#include schema/hash-v1/blake3-base64.json}}
 ```

 <!-- need to convert YAML to JSON first
--- a/doc/manual/source/protocols/json/meson.build
+++ b/doc/manual/source/protocols/json/meson.build
@@ -9,17 +9,14 @@ json_schema_for_humans = find_program('generate-schema-doc', required : false)
 json_schema_config = files('json-schema-for-humans-config.yaml')

 schemas = [
-  'file-system-object-v1',
  'hash-v1',
  'content-address-v1',
  'store-path-v1',
  'store-object-info-v2',
  'derivation-v4',
-  'derivation-options-v1',
  'deriving-path-v1',
-  'build-trace-entry-v2',
+  'build-trace-entry-v1',
  'build-result-v1',
-  'store-v1',
 ]

 schema_files = files()
@@ -35,27 +32,27 @@ endforeach

 json_schema_generated_files = []

-if json_schema_for_humans.found()
-  # Generate markdown documentation from JSON schema
-  # Note: output must be just a filename, not a path
-  gen_file = custom_target(
-    schema_name + '-schema-docs.tmp',
-    command : [
-      json_schema_for_humans,
-      '--config-file',
-      json_schema_config,
-      meson.current_source_dir() / 'schema',
-      meson.current_build_dir(),
-    ],
-    input : schema_files + [
-      json_schema_config,
-    ],
-    output : schema_outputs,
-    capture : false,
-    build_by_default : true,
-  )
+# Generate markdown documentation from JSON schema
+# Note: output must be just a filename, not a path
+gen_file = custom_target(
+  schema_name + '-schema-docs.tmp',
+  command : [
+    json_schema_for_humans,
+    '--config-file',
+    json_schema_config,
+    meson.current_source_dir() / 'schema',
+    meson.current_build_dir(),
+  ],
+  input : schema_files + [
+    json_schema_config,
+  ],
+  output : schema_outputs,
+  capture : false,
+  build_by_default : true,
+)

-  idx = 0
+idx = 0
+if json_schema_for_humans.found()
  foreach schema_name : schemas
    #schema_file = 'schema' / schema_name + '.yaml'

--- a/doc/manual/source/protocols/json/schema/build-result-v1.yaml
+++ b/doc/manual/source/protocols/json/schema/build-result-v1.yaml
@@ -83,7 +83,7 @@ properties:
        description: |
          A mapping from output names to their build trace entries.
        additionalProperties:
-          "$ref": "build-trace-entry-v2.yaml"
+          "$ref": "build-trace-entry-v1.yaml"

  failure:
    type: object
--- a/doc/manual/source/protocols/json/schema/build-trace-entry-v1
+++ b/doc/manual/source/protocols/json/schema/build-trace-entry-v1
--- a/doc/manual/source/protocols/json/schema/build-trace-entry-v1.yaml
+++ b/doc/manual/source/protocols/json/schema/build-trace-entry-v1.yaml
@@ -0,0 +1,74 @@
+"$schema": "http://json-schema.org/draft-04/schema"
+"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/build-trace-entry-v1.json"
+title: Build Trace Entry
+description: |
+  A record of a successful build outcome for a specific derivation output.
+
+  This schema describes the JSON representation of a [build trace entry](@docroot@/store/build-trace.md) entry.
+
+  > **Warning**
+  >
+  > This JSON format is currently
+  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-ca-derivations)
+  > and subject to change.
+
+type: object
+required:
+  - id
+  - outPath
+  - dependentRealisations
+  - signatures
+properties:
+  id:
+    type: string
+    title: Derivation Output ID
+    pattern: "^sha256:[0-9a-f]{64}![a-zA-Z_][a-zA-Z0-9_-]*$"
+    description: |
+      Unique identifier for the derivation output that was built.
+
+      Format: `{hash-quotient-drv}!{output-name}`
+
+      - **hash-quotient-drv**: SHA-256 [hash of the quotient derivation](@docroot@/store/derivation/outputs/input-address.md#hash-quotient-drv).
+        Begins with `sha256:`.
+
+      - **output-name**: Name of the specific output (e.g., "out", "dev", "doc")
+
+      Example: `"sha256:ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad!foo"`
+
+  outPath:
+    "$ref": "store-path-v1.yaml"
+    title: Output Store Path
+    description: |
+      The path to the store object that resulted from building this derivation for the given output name.
+
+  dependentRealisations:
+    type: object
+    title: Underlying Base Build Trace
+    description: |
+      This is for [*derived*](@docroot@/store/build-trace.md#derived) build trace entries to ensure coherence.
+
+      Keys are derivation output IDs (same format as the main `id` field).
+      Values are the store paths that those dependencies resolved to.
+
+      As described in the linked section on derived build trace traces, derived build trace entries must be kept in addition and not instead of the underlying base build entries.
+      This is the set of base build trace entries that this derived build trace is derived from.
+      (The set is also a map since this miniature base build trace must be coherent, mapping each key to a single value.)
+
+    patternProperties:
+      "^sha256:[0-9a-f]{64}![a-zA-Z_][a-zA-Z0-9_-]*$":
+        $ref: "store-path-v1.yaml"
+        title: Dependent Store Path
+        description: Store path that this dependency resolved to during the build
+    additionalProperties: false
+
+  signatures:
+    type: array
+    title: Build Signatures
+    description: |
+      A set of cryptographic signatures attesting to the authenticity of this build trace entry.
+    items:
+      type: string
+      title: Signature
+      description: A single cryptographic signature
+
+additionalProperties: false
--- a/doc/manual/source/protocols/json/schema/build-trace-entry-v2.yaml
+++ b/doc/manual/source/protocols/json/schema/build-trace-entry-v2.yaml
@@ -1,95 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/build-trace-entry-v2.json"
-title: Build Trace Entry
-description: |
-  A record of a successful build outcome for a specific derivation output.
-
-  This schema describes the JSON representation of a [build trace entry](@docroot@/store/build-trace.md).
-
-  > **Warning**
-  >
-  > This JSON format is currently
-  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-ca-derivations)
-  > and subject to change.
-
-  Verision history:
-
-  - Version 1: Original format
-
-  - Version 2: Remove `dependentRealisations`
-
-type: object
-required:
-  - id
-  - outPath
-  - signatures
-allOf:
-  - "$ref": "#/$defs/key"
-  - "$ref": "#/$defs/value"
-properties:
-  id: {}
-  outPath: {}
-  signatures: {}
-additionalProperties:
-  dependentRealisations:
-    description: deprecated field
-    type: object
-
-"$defs":
-  key:
-    title: Build Trace Key
-    description: |
-      A [build trace entry](@docroot@/store/build-trace.md) is a key-value pair.
-      This is the "key" part, refering to a derivation and output.
-    type: object
-    required:
-      - id
-    properties:
-      id:
-        type: string
-        title: Derivation Output ID
-        pattern: "^sha256:[0-9a-f]{64}![a-zA-Z_][a-zA-Z0-9_-]*$"
-        description: |
-          Unique identifier for the derivation output that was built.
-
-          Format: `{hash-quotient-drv}!{output-name}`
-
-          - **hash-quotient-drv**: SHA-256 [hash of the quotient derivation](@docroot@/store/derivation/outputs/input-address.md#hash-quotient-drv).
-            Begins with `sha256:`.
-
-          - **output-name**: Name of the specific output (e.g., "out", "dev", "doc")
-
-          Example: `"sha256:ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad!foo"`
-
-  value:
-    title: Build Trace Value
-    description: |
-      A [build trace entry](@docroot@/store/build-trace.md) is a key-value pair.
-      This is the "value" part, describing an output.
-    type: object
-    required:
-      - outPath
-      - signatures
-    properties:
-      outPath:
-        "$ref": "store-path-v1.yaml"
-        title: Output Store Path
-        description: |
-          The path to the store object that resulted from building this derivation for the given output name.
-
-        patternProperties:
-          "^sha256:[0-9a-f]{64}![a-zA-Z_][a-zA-Z0-9_-]*$":
-            "$ref": "store-path-v1.yaml"
-            title: Dependent Store Path
-            description: Store path that this dependency resolved to during the build
-        additionalProperties: false
-
-      signatures:
-        type: array
-        title: Build Signatures
-        description: |
-          A set of cryptographic signatures attesting to the authenticity of this build trace entry.
-        items:
-          type: string
-          title: Signature
-          description: A single cryptographic signature
--- a/doc/manual/source/protocols/json/schema/derivation-options-v1
+++ b/doc/manual/source/protocols/json/schema/derivation-options-v1
@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/derivation
--- a/doc/manual/source/protocols/json/schema/derivation-options-v1.yaml
+++ b/doc/manual/source/protocols/json/schema/derivation-options-v1.yaml
@@ -1,242 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/derivation-options-v1.json"
-title: Derivation Options
-description: |
-  JSON representation of Nix's `DerivationOptions` type.
-
-  This schema describes various build-time options and constraints that can be specified for a derivation.
-
-  > **Warning**
-  >
-  > This JSON format is currently
-  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-  > and subject to change.
-
-type: object
-required:
-  - outputChecks
-  - unsafeDiscardReferences
-  - passAsFile
-  - exportReferencesGraph
-  - additionalSandboxProfile
-  - noChroot
-  - impureHostDeps
-  - impureEnvVars
-  - allowLocalNetworking
-  - requiredSystemFeatures
-  - preferLocalBuild
-  - allowSubstitutes
-properties:
-  outputChecks:
-    type: object
-    title: Output Check
-    description: |
-      Constraints on what the derivation's outputs can and cannot reference.
-      Can either apply to all outputs or be specified per output.
-    oneOf:
-      - title: Output Checks For All Outputs
-        description: |
-          Output checks that apply to all outputs of the derivation.
-        required:
-          - forAllOutputs
-        properties:
-          forAllOutputs:
-            "$ref": "#/$defs/outputCheckSpec"
-        additionalProperties: false
-
-      - title: Output Checks Per Output
-        description: |
-          Output checks specified individually for each output.
-        required:
-          - perOutput
-        properties:
-          perOutput:
-            type: object
-            additionalProperties:
-              "$ref": "#/$defs/outputCheckSpec"
-        additionalProperties: false
-
-  unsafeDiscardReferences:
-    type: object
-    title: Unsafe Discard References
-    description: |
-      A map specifying which references should be unsafely discarded from each output.
-      This is generally not recommended and requires special permissions.
-    additionalProperties:
-      type: array
-      items:
-        type: string
-
-  passAsFile:
-    type: array
-    title: Pass As File
-    description: |
-      List of environment variable names whose values should be passed as files rather than directly.
-    items:
-      type: string
-
-  exportReferencesGraph:
-    type: object
-    title: Export References Graph
-    description: |
-      Specify paths whose references graph should be exported to files.
-    additionalProperties:
-      type: array
-      items:
-        "$ref": "deriving-path-v1.yaml"
-
-  additionalSandboxProfile:
-    type: string
-    title: Additional Sandbox Profile
-    description: |
-      Additional sandbox profile directives (macOS specific).
-
-  noChroot:
-    type: boolean
-    title: No Chroot
-    description: |
-      Whether to disable the build sandbox, if allowed.
-
-  impureHostDeps:
-    type: array
-    title: Impure Host Dependencies
-    description: |
-      List of host paths that the build can access.
-    items:
-      type: string
-
-  impureEnvVars:
-    type: array
-    title: Impure Environment Variables
-    description: |
-      List of environment variable names that should be passed through to the build from the calling environment.
-    items:
-      type: string
-
-  allowLocalNetworking:
-    type: boolean
-    title: Allow Local Networking
-    description: |
-      Whether the build should have access to local network (macOS specific).
-
-  requiredSystemFeatures:
-    type: array
-    title: Required System Features
-    description: |
-      List of system features required to build this derivation (e.g., "kvm", "nixos-test").
-    items:
-      type: string
-
-  preferLocalBuild:
-    type: boolean
-    title: Prefer Local Build
-    description: |
-      Whether this derivation should preferably be built locally rather than its outputs substituted.
-
-  allowSubstitutes:
-    type: boolean
-    title: Allow Substitutes
-    description: |
-      Whether substituting from other stores should be allowed for this derivation's outputs.
-
-additionalProperties: false
-
-$defs:
-
-  outputCheckSpec:
-    type: object
-    title: Output Check Specification
-    description: |
-      Constraints on what a specific output can reference.
-    required:
-      - ignoreSelfRefs
-      - maxSize
-      - maxClosureSize
-      - allowedReferences
-      - allowedRequisites
-      - disallowedReferences
-      - disallowedRequisites
-    properties:
-      ignoreSelfRefs:
-        type: boolean
-        title: Ignore Self References
-        description: |
-          Whether references from this output to itself should be ignored when checking references.
-
-      maxSize:
-        type: ["integer", "null"]
-        title: Maximum Size
-        description: |
-          Maximum allowed size of this output in bytes, or null for no limit.
-        minimum: 0
-
-      maxClosureSize:
-        type: ["integer", "null"]
-        title: Maximum Closure Size
-        description: |
-          Maximum allowed size of this output's closure in bytes, or null for no limit.
-        minimum: 0
-
-      allowedReferences:
-        oneOf:
-          - type: array
-            items:
-              "$ref": "#/$defs/drvRef"
-          - type: "null"
-        title: Allowed References
-        description: |
-          If set, the output can only reference paths in this list.
-          If null, no restrictions apply.
-
-      allowedRequisites:
-        oneOf:
-          - type: array
-            items:
-              "$ref": "#/$defs/drvRef"
-          - type: "null"
-        title: Allowed Requisites
-        description: |
-          If set, the output's closure can only contain paths in this list.
-          If null, no restrictions apply.
-
-      disallowedReferences:
-        type: array
-        title: Disallowed References
-        description: |
-          The output must not reference any paths in this list.
-        items:
-          "$ref": "#/$defs/drvRef"
-
-      disallowedRequisites:
-        type: array
-        title: Disallowed Requisites
-        description: |
-          The output's closure must not contain any paths in this list.
-        items:
-          "$ref": "#/$defs/drvRef"
-    additionalProperties: false
-
-  drvRef:
-    # TODO fix bug in checker, should be `oneOf`
-    anyOf:
-      - type: object
-        title: Current derivation Output Reference
-        description: |
-          A reference to a specific output of the current derivation.
-        required:
-          - drvPath
-          - output
-        properties:
-          drvPath:
-            type: string
-            const: "self"
-            title: This derivation
-            description: |
-              Won't be confused for a deriving path
-          output:
-            type: string
-            title: Output Name
-            description: |
-              The name of the output being referenced.
-        additionalProperties: false
-      - "$ref": "deriving-path-v1.yaml"
--- a/doc/manual/source/protocols/json/schema/derivation-v4.yaml
+++ b/doc/manual/source/protocols/json/schema/derivation-v4.yaml
@@ -94,8 +94,8 @@ properties:
          >
          > ```json
          > "srcs": [
-          >   "b8nwz167km1yciqpwzjj24f8jcy8pq1h-separate-debug-info.sh",
-          >   "ihzmilr413r8fb3ah30yjnhlb18c1laz-fix-pop-var-context-error.patch"
+          >   "47y241wqdhac3jm5l7nv0x4975mb1975-separate-debug-info.sh",
+          >   "56d0w71pjj9bdr363ym3wj1zkwyqq97j-fix-pop-var-context-error.patch"
          > ]
          > ```
        items:
@@ -140,7 +140,7 @@ properties:
    description: |
      Absolute path of the program used to perform the build.
      Typically this is the `bash` shell
-      (e.g. `/nix/store/p4xlj4imjbnm4v0x5jf4qysvyjjlgq1d-bash-4.4-p23/bin/bash`).
+      (e.g. `/nix/store/r3j288vpmczbl500w6zz89gyfa4nr0b1-bash-4.4-p23/bin/bash`).

  args:
    type: array
--- a/doc/manual/source/protocols/json/schema/file-system-object-v1
+++ b/doc/manual/source/protocols/json/schema/file-system-object-v1
@@ -1 +0,0 @@
-../../../../../../src/libutil-tests/data/memory-source-accessor
--- a/doc/manual/source/protocols/json/schema/file-system-object-v1.yaml
+++ b/doc/manual/source/protocols/json/schema/file-system-object-v1.yaml
@@ -1,71 +0,0 @@
-"$schema": http://json-schema.org/draft-04/schema#
-"$id": https://nix.dev/manual/nix/latest/protocols/json/schema/file-system-object-v1.json
-title: File System Object
-description: |
-  This schema describes the JSON representation of Nix's [File System Object](@docroot@/store/file-system-object.md).
-
-  The schema is recursive because file system objects contain other file system objects.
-type: object
-required: ["type"]
-properties:
-  type:
-    type: string
-    enum: ["regular", "symlink", "directory"]
-
-# Enforce conditional structure based on `type`
-anyOf:
-  - $ref: "#/$defs/regular"
-    required: ["type", "contents"]
-
-  - $ref: "#/$defs/directory"
-    required: ["type", "entries"]
-
-  - $ref: "#/$defs/symlink"
-    required: ["type", "target"]
-
-"$defs":
-  regular:
-    title: Regular File
-    description: |
-      See [Regular File](@docroot@/store/file-system-object.md#regular) in the manual for details.
-    required: ["contents"]
-    properties:
-      type:
-        const: "regular"
-      contents:
-        type: string
-        description: File contents
-      executable:
-        type: boolean
-        description: Whether the file is executable.
-        default: false
-    additionalProperties: false
-
-  directory:
-    title: Directory
-    description: |
-      See [Directory](@docroot@/store/file-system-object.md#directory) in the manual for details.
-    required: ["entries"]
-    properties:
-      type:
-        const: "directory"
-      entries:
-        type: object
-        description: |
-          Map of names to nested file system objects (for type=directory)
-        additionalProperties:
-          $ref: "#"
-    additionalProperties: false
-
-  symlink:
-    title: Symbolic Link
-    description: |
-      See [Symbolic Link](@docroot@/store/file-system-object.md#symlink) in the manual for details.
-    required: ["target"]
-    properties:
-      type:
-        const: "symlink"
-      target:
-        type: string
-        description: Target path of the symlink.
-    additionalProperties: false
--- a/doc/manual/source/protocols/json/schema/hash-v1.yaml
+++ b/doc/manual/source/protocols/json/schema/hash-v1.yaml
@@ -4,13 +4,40 @@ title: Hash
 description: |
  A cryptographic hash value used throughout Nix for content addressing and integrity verification.

-  This schema describes the JSON representation of Nix's `Hash` type as an [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) string.
-type: string
-pattern: "^(blake3|md5|sha1|sha256|sha512)-[A-Za-z0-9+/]+=*$"
-examples:
- "sha256-ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0="
- "sha512-IEqPxt2oLwoM7XvrjgikFlfBbvRosiioJ5vjMacDwzWW/RXBOxsH+aodO+pXeJygMa2Fx6cd1wNU7GMSOMo0RQ=="
+  This schema describes the JSON representation of Nix's `Hash` type.
+type: object
+properties:
+  algorithm:
+    "$ref": "#/$defs/algorithm"
+  format:
+    type: string
+    enum:
+    - base64
+    - nix32
+    - base16
+    - sri
+    title: Hash format
+    description: |
+      The encoding format of the hash value.

+      - `base64` uses standard Base64 encoding [RFC 4648, section 4](https://datatracker.ietf.org/doc/html/rfc4648#section-4)
+      - `nix32` is Nix-specific base-32 encoding
+      - `base16` is lowercase hexadecimal
+      - `sri` is the [Subresource Integrity format](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity).
+  hash:
+    type: string
+    title: Hash
+    description: |
+      The encoded hash value, itself.
+
+      It is specified in the format specified by the `format` field.
+      It must be the right length for the hash algorithm specified in the `algorithm` field, also.
+      The hash value does not include any algorithm prefix.
+required:
+- algorithm
+- format
+- hash
+additionalProperties: false
 "$defs":
  algorithm:
    type: string
--- a/doc/manual/source/protocols/json/schema/nar-info-v1
+++ b/doc/manual/source/protocols/json/schema/nar-info-v1
@@ -0,0 +1 @@
+../../../../../../src/libstore-tests/data/nar-info
--- a/doc/manual/source/protocols/json/schema/nar-info-v2
+++ b/doc/manual/source/protocols/json/schema/nar-info-v2
@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/nar-info/json-2
--- a/doc/manual/source/protocols/json/schema/store-object-info-v2
+++ b/doc/manual/source/protocols/json/schema/store-object-info-v2
@@ -1 +1 @@
-../../../../../../src/libstore-tests/data/path-info/json-2
+../../../../../../src/libstore-tests/data/path-info
--- a/doc/manual/source/protocols/json/schema/store-object-info-v2.yaml
+++ b/doc/manual/source/protocols/json/schema/store-object-info-v2.yaml
@@ -46,7 +46,6 @@ $defs:
      - narSize
      - references
      - ca
-      - storeDir
    properties:
      version:
        type: integer
@@ -64,7 +63,7 @@ $defs:
          - Version 2: Use structured JSON type for `ca`

      path:
-        "$ref": "./store-path-v1.yaml"
+        type: string
        title: Store Path
        description: |
          [Store path](@docroot@/store/store-path.md) to the given store object.
@@ -90,7 +89,7 @@ $defs:
        description: |
          An array of [store paths](@docroot@/store/store-path.md), possibly including this one.
        items:
-          "$ref": "./store-path-v1.yaml"
+          type: string

      ca:
        oneOf:
@@ -102,12 +101,6 @@ $defs:
          If the store object is [content-addressed](@docroot@/store/store-object/content-address.md),
          this is the content address of this store object's file system object, used to compute its store path.
          Otherwise (i.e. if it is [input-addressed](@docroot@/glossary.md#gloss-input-addressed-store-object)), this is `null`.
-
-      storeDir:
-        type: string
-        title: Store Directory
-        description: |
-          The [store directory](@docroot@/store/store-path.md#store-directory) this store object belongs to (e.g. `/nix/store`).
    additionalProperties: false

  impure:
@@ -122,7 +115,6 @@ $defs:
      - narSize
      - references
      - ca
-      - storeDir
      # impure
      - deriver
      - registrationTime
@@ -135,11 +127,8 @@ $defs:
      narSize: { $ref: "#/$defs/base/properties/narSize" }
      references: { $ref: "#/$defs/base/properties/references" }
      ca: { $ref: "#/$defs/base/properties/ca" }
-      storeDir: { $ref: "#/$defs/base/properties/storeDir" }
      deriver:
-        oneOf:
-          - "$ref": "./store-path-v1.yaml"
-          - type: "null"
+        type: ["string", "null"]
        title: Deriver
        description: |
          If known, the path to the [store derivation](@docroot@/glossary.md#gloss-store-derivation) from which this store object was produced.
@@ -201,7 +190,6 @@ $defs:
      - narSize
      - references
      - ca
-      - storeDir
      # impure
      - deriver
      - registrationTime
@@ -219,7 +207,6 @@ $defs:
      narSize: { $ref: "#/$defs/base/properties/narSize" }
      references: { $ref: "#/$defs/base/properties/references" }
      ca: { $ref: "#/$defs/base/properties/ca" }
-      storeDir: { $ref: "#/$defs/base/properties/storeDir" }
      deriver: { $ref: "#/$defs/impure/properties/deriver" }
      registrationTime: { $ref: "#/$defs/impure/properties/registrationTime" }
      ultimate: { $ref: "#/$defs/impure/properties/ultimate" }
--- a/doc/manual/source/protocols/json/schema/store-v1
+++ b/doc/manual/source/protocols/json/schema/store-v1
@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/dummy-store
--- a/doc/manual/source/protocols/json/schema/store-v1.yaml
+++ b/doc/manual/source/protocols/json/schema/store-v1.yaml
@@ -1,90 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/store-v1.json"
-title: Store
-description: |
-  Experimental JSON representation of a Nix [Store](@docroot@/store/index.md).
-
-  This schema describes the JSON serialization of a Nix store.
-  We use it for (de)serializing in-memory "dummy stores" used for testing, but in principle the data represented in this schema could live in any type of store.
-
-  > **Warning**
-  >
-  > This JSON format is currently
-  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-  > and subject to change.
-
-type: object
-required:
-  - config
-  - contents
-  - derivations
-  - buildTrace
-properties:
-  config:
-    "$ref": "#/$defs/storeConfig"
-
-  contents:
-    type: object
-    title: Store Objects
-    description: |
-      Map of [store path](@docroot@/store/store-path.md) base names to [store objects](@docroot@/store/store-object.md).
-    patternProperties:
-      "^[0123456789abcdfghijklmnpqrsvwxyz]{32}-.+$":
-        type: object
-        title: Store Object
-        required:
-          - info
-          - contents
-        properties:
-          info:
-            "$ref": "./store-object-info-v2.yaml#/$defs/impure"
-            title: Store Object Info
-            description: |
-              Metadata about the [store object](@docroot@/store/store-object.md) including hash, size, references, etc.
-          contents:
-            "$ref": "./file-system-object-v1.yaml"
-            title: File System Object Contents
-            description: |
-              The actual [file system object](@docroot@/store/file-system-object.md) contents of this store path.
-        additionalProperties: false
-    additionalProperties: false
-
-  derivations:
-    type: object
-    title: Derivations
-    description: |
-      Map of [store path](@docroot@/store/store-path.md) base names (always ending in `.drv`) to [derivations](@docroot@/store/derivation/index.md).
-    patternProperties:
-      "^[0123456789abcdfghijklmnpqrsvwxyz]{32}-.+\\.drv$":
-        "$ref": "./derivation-v4.yaml"
-    additionalProperties: false
-
-  buildTrace:
-    type: object
-    title: Build Trace
-    description: |
-      Map of output hashes (base64 SHA256) to maps of output names to realisations.
-      Records which outputs have been built and their realisations.
-      See [Build Trace](@docroot@/store/build-trace.md) for more details.
-    patternProperties:
-      "^[A-Za-z0-9+/]{43}=$":
-        type: object
-        additionalProperties:
-          "$ref": "./build-trace-entry-v2.yaml#/$defs/value"
-    additionalProperties: false
-
-"$defs":
-  storeConfig:
-    title: Store Configuration
-    description: |
-      Configuration for the store, including the store directory path.
-    type: object
-    required:
-      - store
-    properties:
-      store:
-        type: string
-        title: Store Directory
-        description: |
-          The store directory path (e.g., `/nix/store`).
-    additionalProperties: false
--- a/doc/manual/source/protocols/json/store-object-info.md
+++ b/doc/manual/source/protocols/json/store-object-info.md
@@ -29,13 +29,13 @@
 ### NAR info (minimal)

 ```json
-{{#include schema/nar-info-v2/pure.json}}
+{{#include schema/nar-info-v1/pure.json}}
 ```

 ### NAR info (with binary cache fields)

 ```json
-{{#include schema/nar-info-v2/impure.json}}
+{{#include schema/nar-info-v1/impure.json}}
 ```

 <!-- need to convert YAML to JSON first
--- a/doc/manual/source/protocols/json/store.md
+++ b/doc/manual/source/protocols/json/store.md
@@ -1,21 +0,0 @@
-{{#include store-v1-fixed.md}}
-
-## Examples
-
-### Empty store
-
-```json
-{{#include schema/store-v1/empty.json}}
-```
-
-### Store with one file
-
-```json
-{{#include schema/store-v1/one-flat-file.json}}
-```
-
-### Store with one derivation
-
-```json
-{{#include schema/store-v1/one-derivation.json}}
-```
--- a/doc/manual/source/release-notes/rl-0.12.md
+++ b/doc/manual/source/release-notes/rl-0.12.md
@@ -80,7 +80,7 @@
          ...
        the following paths will be downloaded/copied (30.02 MiB):
          /nix/store/4m8pvgy2dcjgppf5b4cj5l6wyshjhalj-samba-3.2.4
-          /nix/store/spc1m987vlibchdx369qwa391s738s7l-libunwind-0.98.6
+          /nix/store/7h1kwcj29ip8vk26rhmx6bfjraxp0g4l-libunwind-0.98.6
          ...

  - Language features:
--- a/doc/manual/source/release-notes/rl-0.8.md
+++ b/doc/manual/source/release-notes/rl-0.8.md
@@ -63,7 +63,7 @@ Nix 0.8 has the following improvements:
    can query all paths that directly or indirectly use a certain Glibc:

        $ nix-store -q --referrers-closure \
-            /nix/store/1a6mdrjz4wn7b9sfmcw5ggbk1mi281mh-glibc-2.3.4
+            /nix/store/8lz9yc6zgmc0vlqmn2ipcpkjlmbi51vv-glibc-2.3.4

  - The concept of fixed-output derivations has been formalised.
    Previously, functions such as `fetchurl` in Nixpkgs used a hack
--- a/doc/manual/source/release-notes/rl-2.0.md
+++ b/doc/manual/source/release-notes/rl-2.0.md
@@ -66,7 +66,7 @@ This release has the following new features:

            nix copy --to ssh://machine nixpkgs.hello

-            nix copy --to ssh://machine /nix/store/qbhyj3blxpw2i6pb7c6grc9185nbnpvy-hello-2.10
+            nix copy --to ssh://machine /nix/store/0i2jd68mp5g6h2sa5k9c85rb80sn8hi9-hello-2.10

            nix copy --to ssh://machine '(with import <nixpkgs> {}; hello)'

@@ -187,7 +187,7 @@ This release has the following new features:
        former is primarily useful in conjunction with remote stores,
        e.g.

-            nix ls-store --store https://cache.nixos.org/ -lR /nix/store/qbhyj3blxpw2i6pb7c6grc9185nbnpvy-hello-2.10
+            nix ls-store --store https://cache.nixos.org/ -lR /nix/store/0i2jd68mp5g6h2sa5k9c85rb80sn8hi9-hello-2.10

        lists the contents of path in a binary cache.

--- a/doc/manual/source/release-notes/rl-2.13.md
+++ b/doc/manual/source/release-notes/rl-2.13.md
@@ -25,7 +25,7 @@
 * Allow explicitly selecting outputs in a store derivation installable, just like we can do with other sorts of installables.
  For example,
  ```shell-session
-  # nix build /nix/store/fpq78s2h8ffh66v2iy0q1838mhff06y8-glibc-2.33-78.drv^dev
+  # nix build /nix/store/gzaflydcr6sb3567hap9q6srzx8ggdgg-glibc-2.33-78.drv^dev
  ```
  now works just as
  ```shell-session
--- a/doc/manual/source/release-notes/rl-2.15.md
+++ b/doc/manual/source/release-notes/rl-2.15.md
@@ -18,13 +18,13 @@

  For example,
  ```shell-session
-  $ nix path-info /nix/store/fpq78s2h8ffh66v2iy0q1838mhff06y8-glibc-2.33-78.drv
+  $ nix path-info /nix/store/gzaflydcr6sb3567hap9q6srzx8ggdgg-glibc-2.33-78.drv
  ```

  now gives info about the derivation itself, while

  ```shell-session
-  $ nix path-info /nix/store/fpq78s2h8ffh66v2iy0q1838mhff06y8-glibc-2.33-78.drv^*
+  $ nix path-info /nix/store/gzaflydcr6sb3567hap9q6srzx8ggdgg-glibc-2.33-78.drv^*
  ```
  provides information about each of its outputs.

--- a/doc/manual/source/release-notes/rl-2.19.md
+++ b/doc/manual/source/release-notes/rl-2.19.md
@@ -45,7 +45,7 @@
    ```json5
    [
      {
-        "path": "/nix/store/fvqsvk65d38p8qqir371ii0hyqxvjcw6-bash-5.2-p15",
+        "path": "/nix/store/8fv91097mbh5049i9rglc73dx6kjg3qk-bash-5.2-p15",
        "valid": true,
        // ...
      },
@@ -60,7 +60,7 @@

    ```json5
    {
-      "/nix/store/fvqsvk65d38p8qqir371ii0hyqxvjcw6-bash-5.2-p15": {
+      "/nix/store/8fv91097mbh5049i9rglc73dx6kjg3qk-bash-5.2-p15": {
        // ...
      },
      "/nix/store/wffw7l0alvs3iw94cbgi1gmmbmw99sqb-home-manager-path": null,
--- a/doc/manual/source/release-notes/rl-2.20.md
+++ b/doc/manual/source/release-notes/rl-2.20.md
@@ -182,7 +182,7 @@
  «partially applied primop map»

  nix-repl> builtins.trace lib.id "my-value"
-  trace: «lambda id @ /nix/store/kgr5lnaiiv08wb7k324yv1i1npjmrvjc-source/lib/trivial.nix:26:5»
+  trace: «lambda id @ /nix/store/8rrzq23h2zq7sv5l2vhw44kls5w0f654-source/lib/trivial.nix:26:5»
  "my-value"
  ```

--- a/doc/manual/source/release-notes/rl-2.26.md
+++ b/doc/manual/source/release-notes/rl-2.26.md
@@ -112,7 +112,7 @@ This release was made possible by the following 45 contributors:
 - Connor Baker [**(@ConnorBaker)**](https://github.com/ConnorBaker)
 - Cole Helbling [**(@cole-h)**](https://github.com/cole-h)
 - Jack Wilsdon [**(@jackwilsdon)**](https://github.com/jackwilsdon)
- Martin Häcker [**(@dwt)**](https://github.com/dwt)
+- ‮rekcäH nitraM‮ [**(@dwt)**](https://github.com/dwt)
 - Martin Fischer [**(@not-my-profile)**](https://github.com/not-my-profile)
 - John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
 - Graham Christensen [**(@grahamc)**](https://github.com/grahamc)
--- a/doc/manual/source/release-notes/rl-2.32.md
+++ b/doc/manual/source/release-notes/rl-2.32.md
@@ -12,7 +12,7 @@

  We ultimately want to rectify this issue with all JSON formats to the extent allowed by our stability promises. To start with, we are changing the JSON format for derivations because the `nix derivation` commands are — in addition to being formally unstable — less widely used than other unstable commands.

-  See the documentation on the [JSON format for derivations](@docroot@/protocols/json/derivation/index.md) for further details.
+  See the documentation on the [JSON format for derivations](@docroot@/protocols/json/derivation.md) for further details.

 - C API: `nix_get_attr_name_byidx`, `nix_get_attr_byidx` take a `nix_value *` instead of `const nix_value *` [#13987](https://github.com/NixOS/nix/pull/13987)

--- a/doc/manual/source/release-notes/rl-2.33.md
+++ b/doc/manual/source/release-notes/rl-2.33.md
@@ -1,281 +0,0 @@
-# Release 2.33.0 (2025-12-09)
-
-## New features
-
- New command `nix registry resolve` [#14595](https://github.com/NixOS/nix/pull/14595)
-
-  This command looks up a flake registry input name and returns the flakeref it resolves to.
-
-  For example, looking up Nixpkgs:
-
-  ```
-  $ nix registry resolve nixpkgs
-  github:NixOS/nixpkgs/nixpkgs-unstable
-  ```
-
-  Upstreamed from [Determinate Nix 3.14.0](https://github.com/DeterminateSystems/nix-src/pull/273).
-
- `nix flake clone` supports all input types [#14581](https://github.com/NixOS/nix/pull/14581)
-
-  `nix flake clone` now supports arbitrary input types. In particular, this allows you to clone tarball flakes, such as flakes on FlakeHub.
-
-  Upstreamed from [Determinate Nix 3.12.0](https://github.com/DeterminateSystems/nix-src/pull/229).
-
-## Performance improvements
-
- Git fetcher computes `revCount`s using multiple threads [#14462](https://github.com/NixOS/nix/pull/14462)
-
-  When using Git repositories with a long history, calculating the `revCount` attribute can take a long time. Nix now computes `revCount` using multiple threads, making it much faster (e.g. 9.1s to 3.7s for Nixpkgs).
-
-  Note that if you don't need `revCount`, you can disable it altogether by setting the flake input attribute `shallow = true`.
-
-  Upstreamed from [Determinate Nix 3.12.2](https://github.com/DeterminateSystems/nix-src/pull/245).
-
- `builtins.stringLength` now runs in constant time [#14442](https://github.com/NixOS/nix/pull/14442)
-
-  The internal representation of strings has been replaced with a size-prefixed Pascal style string. Previously Nix stored strings as a NUL-terminated array of bytes, necessitating a linear scan to calculate the length.
-
- Uploads to `http://` and `https://` binary cache stores now run in constant memory [#14390](https://github.com/NixOS/nix/pull/14390)
-
-  Nix used to buffer the whole compressed NAR contents in memory. It now reads it in a streaming fashion.
-
- Channel URLs migrated to channels.nixos.org subdomain [#14517](https://github.com/NixOS/nix/issues/14517) [#14518](https://github.com/NixOS/nix/pull/14518)
-
-  Channel URLs have been updated from `https://nixos.org/channels/` to `https://channels.nixos.org/` throughout Nix. This subdomain provides better reliability with IPv6 support and improved CDN distribution. The old domain apex (`nixos.org/channels/`) currently redirects to the new location but may be deprecated in the future.
-
- Fix `download buffer is full; consider increasing the 'download-buffer-size' setting` warning [#11728](https://github.com/NixOS/nix/issues/11728) [#14614](https://github.com/NixOS/nix/pull/14614)
-
-  The underlying issue that led to [#11728](https://github.com/NixOS/nix/issues/11728) has been resolved by utilizing
-  [libcurl write pausing functionality](https://curl.se/libcurl/c/curl_easy_pause.html) to control backpressure when unpacking to slow destinations like the git-backed tarball cache. The default value of `download-buffer-size` is now 1 MiB and it's no longer recommended to increase it, since the root cause has been fixed.
-
-  This is expected to improve download performance on fast connections, since previously a single slow download consumer would stall the thread and prevent any other transfers from progressing.
-
-  Many thanks go out to the [Lix project](https://lix.systems/) for the [implementation](https://git.lix.systems/lix-project/lix/commit/4ae6fb5a8f0d456b8d2ba2aaca3712b4e49057fc) that served as inspiration for this change and for triaging libcurl [issues with pausing](https://github.com/curl/curl/issues/19334).
-
- Significantly improve tarball unpacking performance [#14689](https://github.com/NixOS/nix/pull/14689) [#14696](https://github.com/NixOS/nix/pull/14696) [#10683](https://github.com/NixOS/nix/issues/10683) [#11098](https://github.com/NixOS/nix/issues/11098)
-
-  Nix uses a content-addressed cache backed by libgit2 for deduplicating files fetched via `fetchTarball` and `github`, `tarball` flake inputs. Its usage has been significantly optimised to reduce the amount of I/O operations that are performed. For a typical nixpkgs source tarball this results in 200 times fewer system calls on Linux. In combination with libcurl pausing this alleviates performance regressions stemming from the tarball cache.
-
- Already valid derivations are no longer copied to the store [#14219](https://github.com/NixOS/nix/pull/14219)
-
-  This results in a modest speedup when using the Nix daemon.
-
- `nix nar ls` and `nix nar cat` are significantly faster and no longer buffer the whole NAR in memory [#14273](https://github.com/NixOS/nix/pull/14273) [#14732](https://github.com/NixOS/nix/pull/14732)
-
-## S3 improvements
-
- Improved S3 binary cache support via HTTP [#11748](https://github.com/NixOS/nix/issues/11748) [#12403](https://github.com/NixOS/nix/issues/12403) [#12671](https://github.com/NixOS/nix/issues/12671) [#13084](https://github.com/NixOS/nix/issues/13084) [#13752](https://github.com/NixOS/nix/pull/13752) [#13823](https://github.com/NixOS/nix/pull/13823) [#14026](https://github.com/NixOS/nix/pull/14026) [#14120](https://github.com/NixOS/nix/pull/14120) [#14131](https://github.com/NixOS/nix/pull/14131) [#14135](https://github.com/NixOS/nix/pull/14135) [#14144](https://github.com/NixOS/nix/pull/14144) [#14170](https://github.com/NixOS/nix/pull/14170) [#14190](https://github.com/NixOS/nix/pull/14190) [#14198](https://github.com/NixOS/nix/pull/14198) [#14206](https://github.com/NixOS/nix/pull/14206) [#14209](https://github.com/NixOS/nix/pull/14209) [#14222](https://github.com/NixOS/nix/pull/14222) [#14223](https://github.com/NixOS/nix/pull/14223) [#14330](https://github.com/NixOS/nix/pull/14330) [#14333](https://github.com/NixOS/nix/pull/14333) [#14335](https://github.com/NixOS/nix/pull/14335) [#14336](https://github.com/NixOS/nix/pull/14336) [#14337](https://github.com/NixOS/nix/pull/14337) [#14350](https://github.com/NixOS/nix/pull/14350) [#14356](https://github.com/NixOS/nix/pull/14356) [#14357](https://github.com/NixOS/nix/pull/14357) [#14374](https://github.com/NixOS/nix/pull/14374) [#14375](https://github.com/NixOS/nix/pull/14375) [#14376](https://github.com/NixOS/nix/pull/14376) [#14377](https://github.com/NixOS/nix/pull/14377) [#14391](https://github.com/NixOS/nix/pull/14391) [#14393](https://github.com/NixOS/nix/pull/14393) [#14420](https://github.com/NixOS/nix/pull/14420) [#14421](https://github.com/NixOS/nix/pull/14421)
-
-  S3 binary cache operations now happen via HTTP, leveraging `libcurl`'s native AWS SigV4 authentication instead of the AWS C++ SDK, providing significant improvements:
-
-  - **Reduced memory usage**: Eliminates memory buffering issues that caused segfaults with large files
-  - **Fixed upload reliability**: Resolves AWS SDK chunking errors (`InvalidChunkSizeError`)
-  - **Lighter dependencies**: Uses lightweight `aws-crt-cpp` instead of full `aws-cpp-sdk`, reducing build complexity
-
-  The new implementation requires curl >= 7.75.0 and `aws-crt-cpp` for credential management.
-
-  All existing S3 URL formats and parameters remain supported, however the store settings for configuring multipart uploads have changed:
-
-  - **`multipart-upload`** (default: `false`): Enable multipart uploads for large files. When enabled, files exceeding the multipart threshold will be uploaded in multiple parts.
-
-  - **`multipart-threshold`** (default: `100 MiB`): Minimum file size for using multipart uploads. Files smaller than this will use regular PUT requests. Only takes effect when `multipart-upload` is enabled.
-
-  - **`multipart-chunk-size`** (default: `5 MiB`): Size of each part in multipart uploads. Must be at least 5 MiB (AWS S3 requirement). Larger chunk sizes reduce the number of requests but use more memory.
-
-  - **`buffer-size`**: Has been replaced by `multipart-chunk-size` and is now an alias to it.
-
-  Note that this change also means Nix now supports S3 binary cache stores even if built without `aws-crt-cpp`, but only for public buckets which do not require authentication.
-
- S3 URLs now support object versioning via `versionId` parameter [#13955](https://github.com/NixOS/nix/issues/13955) [#14274](https://github.com/NixOS/nix/pull/14274)
-
-  S3 URLs now support a `versionId` query parameter to fetch specific versions
-  of objects from S3 buckets with versioning enabled. This allows pinning to
-  exact object versions for reproducibility and protection against unexpected
-  changes:
-
-  ```
-  s3://bucket/key?region=us-east-1&versionId=abc123def456
-  ```
-
- S3 binary cache stores now support storage class configuration [#7015](https://github.com/NixOS/nix/issues/7015) [#14464](https://github.com/NixOS/nix/pull/14464)
-
-  S3 binary cache stores now support configuring the storage class for uploaded objects via the `storage-class` parameter. This allows users to optimize costs by selecting appropriate storage tiers based on access patterns.
-
-  Example usage:
-
-  ```bash
-  # Use Glacier storage for long-term archival
-  nix copy --to 's3://my-bucket?storage-class=GLACIER' /nix/store/...
-
-  # Use Intelligent Tiering for automatic cost optimization
-  nix copy --to 's3://my-bucket?storage-class=INTELLIGENT_TIERING' /nix/store/...
-  ```
-
-  The storage class applies to both regular uploads and multipart uploads. When not specified, objects use the bucket's default storage class.
-
-  See the [S3 storage classes documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html) for available storage classes and their characteristics.
-
-
-## Store path info JSON format changes
-
-The JSON format emitted by `nix path-info --json` has been updated to a new version with improved structure.
-
-To maintain compatibility, `nix path-info --json` now requires a `--json-format` flag to specify the output format version.
-Using `--json` without `--json-format` is deprecated and will become an error in a future release.
-For now, it defaults to version 1 with a warning, for a smoother migration.
-
-### Version 1 (`--json-format 1`)
-
-This is the legacy format, preserved for backwards compatibility:
-
- String-based hash values (e.g., `"narHash": "sha256:FePFYIlM..."`)
- String-based content addresses (e.g., `"ca": "fixed:r:sha256:1abc..."`)
- Full store paths for map keys and references (e.g., `"/nix/store/abc...-foo"`)
- Now includes `"storeDir"` field at the top level
-
-### Version 2 (`--json-format 2`)
-
-The new structured format follows the [JSON guidelines](@docroot@/development/json-guideline.md) with the following changes:
-
- **Nested structure with top-level metadata**:
-
-  The output is now wrapped in an object with `version`, `storeDir`, and `info` fields:
-
-  ```json
-  {
-    "version": 2,
-    "storeDir": "/nix/store",
-    "info": { ... }
-  }
-  ```
-
-  The map from store path base names to store object info is nested under the `info` field.
-
- **Store path base names instead of full paths**:
-
-  Map keys and references use store path base names (e.g., `"abc...-foo"`) instead of full absolute store paths.
-  Combined with `storeDir`, the full path can be reconstructed.
-
- **Structured `ca` field**:
-
-  Content address is now a structured JSON object instead of a string:
-
-  - Old: `"ca": "fixed:r:sha256:1abc..."`
-  - New: `"ca": {"method": "nar", "hash": "sha256-ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0="}`
-  - Still `null` values for input-addressed store objects
-
-  The `hash` field uses the [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) format like other hashes.
-
-Additionally the following fields are added to both formats:
-
-  - **`version` field**:
-
-    All store path info JSON now includes `"version": <1|2>`. The `version` tracks breaking changes, and adding fields to outputted JSON is not a breaking change.
-
-  - **`storeDir` field**:
-
-    Top-level `"storeDir"` field contains the store directory path (e.g., `"/nix/store"`).
-
-## Derivation JSON format changes
-
-The derivation JSON format has been updated from version 3 to version 4:
-
- **Nested structure with top-level metadata**:
-
-  The output of `nix derivation show` is now wrapped in an object with `version` and `derivations` fields:
-
-  ```json
-  {
-    "version": 4,
-    "derivations": { ... }
-  }
-  ```
-
-  The map from derivation paths to derivation info is nested under the `derivations` field.
-
-  This matches the structure used for `nix path-info --json --json-format 2`, and likewise brings this command into compliance with the JSON guidelines.
-
- **Restructured inputs**:
-
-  Inputs are now nested under an `inputs` object:
-
-  - Old: `"inputSrcs": [...], "inputDrvs": {...}`
-  - New: `"inputs": {"srcs": [...], "drvs": {...}}`
-
- **Consistent content addresses**:
-
-  Fixed content-addressed outputs now use structured JSON format.
-  This is the same format as `ca` in store path info (after the new version).
-
-Version 3 and earlier formats are *not* accepted when reading.
-
-**Affected command**: `nix derivation`, namely its `show` and `add` sub-commands.
-
-## Miscellaneous changes
-
- Git fetcher: Restore progress indication [#14487](https://github.com/NixOS/nix/pull/14487)
-
-  Nix used to feel "stuck" while it was cloning large repositories. Nix now shows Git's native progress indicator while fetching.
-
-  Upstreamed from [Determinate Nix 3.13.0](https://github.com/DeterminateSystems/nix-src/pull/250).
-
- Interrupting REPL commands works more than once [#13481](https://github.com/NixOS/nix/issues/13481)
-
-  Previously, this only worked once per REPL session; further attempts would be ignored.
-  This issue is now fixed, so REPL commands such as `:b` or `:p` can be canceled consistently.
-  This is a cherry-pick of the change from the [Lix project](https://gerrit.lix.systems/c/lix/+/1097).
-
- NAR unpacking code has been rewritten to make use of dirfd-based `openat` and `openat2` system calls when available [#14597](https://github.com/NixOS/nix/pull/14597)
-
- Dynamic size unit rendering [#14423](https://github.com/NixOS/nix/pull/14423) [#14364](https://github.com/NixOS/nix/pull/14364)
-
-  Various commands and the progress bar now use dynamically determined size units instead
-  of always using `MiB`. For example, the progress bar now reports download status like:
-
-  ```
-  [1/196/197 copied (773.7 MiB/2.1 GiB), 172.4/421.5 MiB DL]
-  ```
-
-  Instead of:
-
-  ```
-  [1/196/197 copied (773.7/2147.3 MiB), 172.4/421.5 MiB DL]
-  ```
-
-## Contributors
-
-This release was made possible by the following 33 contributors:
-
- Adam Dinwoodie [**(@me-and)**](https://github.com/me-and)
- jonhermansen [**(@jonhermansen)**](https://github.com/jonhermansen)
- Arnout Engelen [**(@raboof)**](https://github.com/raboof)
- Jean-François Roche [**(@jfroche)**](https://github.com/jfroche)
- tomberek [**(@tomberek)**](https://github.com/tomberek)
- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra)
- Marcel [**(@MarcelCoding)**](https://github.com/MarcelCoding)
- David McFarland [**(@corngood)**](https://github.com/corngood)
- Soumyadip Sarkar [**(@neuralsorcerer)**](https://github.com/neuralsorcerer)
- Cole Helbling [**(@cole-h)**](https://github.com/cole-h)
- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
- Tristan Ross [**(@RossComputerGuy)**](https://github.com/RossComputerGuy)
- Alex Auvolat [**(@Alexis211)**](https://github.com/Alexis211)
- edef [**(@edef1c)**](https://github.com/edef1c)
- Sergei Zimmerman [**(@xokdvium)**](https://github.com/xokdvium)
- Vinayak Goyal [**(@vinayakankugoyal)**](https://github.com/vinayakankugoyal)
- Graham Dennis [**(@GrahamDennis)**](https://github.com/GrahamDennis)
- Aspen Smith [**(@glittershark)**](https://github.com/glittershark)
- Jens Petersen [**(@juhp)**](https://github.com/juhp)
- Bernardo Meurer [**(@lovesegfault)**](https://github.com/lovesegfault)
- Peter Bynum [**(@pkpbynum)**](https://github.com/pkpbynum)
- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92)
- Alex Decious [**(@adeci)**](https://github.com/adeci)
- Matthieu Coudron [**(@teto)**](https://github.com/teto)
- Domen Kožar [**(@domenkozar)**](https://github.com/domenkozar)
- Taeer Bar-Yam [**(@Radvendii)**](https://github.com/Radvendii)
- Seth Flynn [**(@getchoo)**](https://github.com/getchoo)
- Robert Hensing [**(@roberth)**](https://github.com/roberth)
- Vladimir Panteleev [**(@CyberShadow)**](https://github.com/CyberShadow)
- bryango [**(@bryango)**](https://github.com/bryango)
- Henry [**(@cootshk)**](https://github.com/cootshk)
- Martin Joerg [**(@mjoerg)**](https://github.com/mjoerg)
- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria)
--- a/doc/manual/source/store/building.md
+++ b/doc/manual/source/store/building.md
@@ -12,11 +12,10 @@

 The [`builder`](./derivation/index.md#builder) is executed as follows:

- A temporary directory is created where the build will take place. The
+- A temporary directory is created under the directory specified by
+  `TMPDIR` (default `/tmp`) where the build will take place. The
  current directory is changed to this directory.

-  See the per-store [`build-dir`](@docroot@/store/types/local-store.md#store-local-store-build-dir) setting for more information.
-
 - The environment is cleared and set to the derivation attributes, as
  specified above.

--- a/doc/manual/source/store/derivation/index.md
+++ b/doc/manual/source/store/derivation/index.md
@@ -192,7 +192,7 @@ There are two formats, documented separately:

 - The legacy ["ATerm" format](@docroot@/protocols/derivation-aterm.md)

- The experimental, currently under development and changing [JSON format](@docroot@/protocols/json/derivation/index.md)
+- The experimental, currently under development and changing [JSON format](@docroot@/protocols/json/derivation.md)

 Every derivation has a canonical choice of encoding used to serialize it to a store object.
 This ensures that there is a canonical [store path] used to refer to the derivation, as described in [Referencing derivations](#derivation-path).
--- a/doc/manual/source/store/file-system-object.md
+++ b/doc/manual/source/store/file-system-object.md
@@ -3,23 +3,19 @@
 Nix uses a simplified model of the file system, which consists of file system objects.
 Every file system object is one of the following:

- - [**Regular File**]{#regular}
+ - File

   - A possibly empty sequence of bytes for contents
   - A single boolean representing the [executable](https://en.m.wikipedia.org/wiki/File-system_permissions#Permissions) permission

- - [**Directory**]{#directory}
+ - Directory

   Mapping of names to child file system objects

- - [**Symbolic link**]{#symlink}
+ - [Symbolic link](https://en.m.wikipedia.org/wiki/Symbolic_link)

-   An arbitrary string, known as the *target* of the symlink.
-
-   In general, Nix does not assign any semantics to symbolic links.
-   Certain operations however, may make additional assumptions and attempt to use the target to find another file system object.
-
-   > See [the Wikpedia article on symbolic links](https://en.m.wikipedia.org/wiki/Symbolic_link) for background information if you are unfamiliar with this Unix concept.
+   An arbitrary string.
+   Nix does not assign any semantics to symbolic links.

 File system objects and their children form a tree.
 A bare file or symlink can be a root file system object.
--- a/doc/manual/source/store/store-path.md
+++ b/doc/manual/source/store/store-path.md
@@ -2,7 +2,7 @@

 > **Example**
 >
-> `/nix/store/jf6gn2dzna4nmsfbdxsd7kwhsk6gnnlr-git-2.38.1`
+> `/nix/store/a040m110amc4h71lds2jmr8qrkj2jhxd-git-2.38.1`
 >
 > A rendered store path

@@ -22,7 +22,7 @@ Store paths are pairs of

 > **Example**
 >
-> - Digest: `q06x3jll2yfzckz2bzqak089p43ixkkq`
+> - Digest: `b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z`
 > - Name:   `firefox-33.1`

 To make store objects accessible to operating system processes, stores have to expose store objects through the file system.
@@ -38,7 +38,7 @@ A store path is rendered to a file system path as the concatenation of
 > **Example**
 >
 > ```
->   /nix/store/q06x3jll2yfzckz2bzqak089p43ixkkq-firefox-33.1
+>   /nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1
 >   |--------| |------------------------------| |----------|
 > store directory            digest                 name
 > ```
--- a/doc/manual/source/store/types/index.md.in
+++ b/doc/manual/source/store/types/index.md.in
@@ -8,7 +8,7 @@ Stores are specified using a URL-like syntax. For example, the command

 ```console
 # nix path-info --store https://cache.nixos.org/ --json \
-  /nix/store/1542dip9i7k4f24y6hqgd04hmvid9hr5-coreutils-9.1
+  /nix/store/a7gvj343m05j2s32xcnwr35v31ynlypr-coreutils-9.1
 ```

 fetches information about a store path in the HTTP binary cache
--- a/doc/manual/substitute.py
+++ b/doc/manual/substitute.py
@@ -41,10 +41,6 @@ def recursive_replace(data: dict[str, t.Any], book_root: Path, search_path: Path
            return data | dict(
                sections = [recursive_replace(section, book_root, search_path) for section in sections],
            )
-        case {'items': items}:
-            return data | dict(
-                items = [recursive_replace(item, book_root, search_path) for item in items],
-            )
        case {'Chapter': chapter}:
            path_to_chapter = Path(chapter['path'])
            chapter_content = chapter['content']
--- a/flake.lock
+++ b/flake.lock
@@ -3,15 +3,15 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1767039857,
-        "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
-        "owner": "NixOS",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
+        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
@@ -63,15 +63,18 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1763948260,
-        "narHash": "sha256-zZk7fn2ARAqmLwaYTpxBJmj81KIdz11NiWt7ydHHD/M=",
-        "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c",
-        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.813095.1c8ba8d3f763/nixexprs.tar.xz"
+        "lastModified": 1761597516,
+        "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
+        "type": "github"
      },
      "original": {
-        "type": "tarball",
-        "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
      }
    },
    "nixpkgs-23-11": {
--- a/flake.nix
+++ b/flake.nix
@@ -1,12 +1,12 @@
 {
  description = "The purely functional package manager";

-  inputs.nixpkgs.url = "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";

  inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2";
  inputs.nixpkgs-23-11.url = "github:NixOS/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446";
  inputs.flake-compat = {
-    url = "github:NixOS/flake-compat";
+    url = "github:edolstra/flake-compat";
    flake = false;
  };

@@ -369,7 +369,6 @@
          # TODO probably should be `nix-cli`
          nix = self.packages.${system}.nix-everything;
          nix-manual = nixpkgsFor.${system}.native.nixComponents2.nix-manual;
-          nix-manual-manpages-only = nixpkgsFor.${system}.native.nixComponents2.nix-manual-manpages-only;
          nix-internal-api-docs = nixpkgsFor.${system}.native.nixComponents2.nix-internal-api-docs;
          nix-external-api-docs = nixpkgsFor.${system}.native.nixComponents2.nix-external-api-docs;
        }
@@ -418,6 +417,10 @@
                supportsCross = false;
              };

+              "nix-kaitai-struct-checks" = {
+                supportsCross = false;
+              };
+
              "nix-perl-bindings" = {
                supportsCross = false;
              };
--- a/maintainers/data/release-credits-email-to-handle.json
+++ b/maintainers/data/release-credits-email-to-handle.json
@@ -224,25 +224,5 @@
    "42688647+netadr@users.noreply.github.com": "netadr",
    "matej.urbas@gmail.com": "urbas",
    "ethanalexevans@gmail.com": "ethanavatar",
-    "greg.marti@gmail.com": "gmarti",
-    "arnout@bzzt.net": "raboof",
-    "vinayakankugoyal@gmail.com": "vinayakankugoyal",
-    "Radvendii@users.noreply.github.com": "Radvendii",
-    "jon@jh86.org": "jonhermansen",
-    "edef@edef.eu": "edef1c",
-    "pkpbynum@gmail.com": "pkpbynum",
-    "886074+teto@users.noreply.github.com": "teto",
-    "alex@adnab.me": "Alexis211",
-    "root@gws.fyi": "glittershark",
-    "me@m4rc3l.de": "MarcelCoding",
-    "taeer.bar-yam@bevuta.com": "Radvendii",
-    "martin.joerg@gmail.com": "mjoerg",
-    "git@cy.md": "CyberShadow",
-    "cootshk@duck.com": "cootshk",
-    "adam@dinwoodie.org": "me-and",
-    "domen@cachix.org": "domenkozar",
-    "alex.decious@gmail.com": "adeci",
-    "soumya.papanvk18@gmail.com": "neuralsorcerer",
-    "gdennis@anduril.com": null,
-    "graham.dennis@gmail.com": "GrahamDennis"
+    "greg.marti@gmail.com": "gmarti"
 }
--- a/maintainers/data/release-credits-handle-to-name.json
+++ b/maintainers/data/release-credits-handle-to-name.json
@@ -118,7 +118,7 @@
    "wh0": null,
    "mupdt": "Matej Urbas",
    "momeemt": "Mutsuha Asada",
-    "dwt": "Martin H\u00e4cker",
+    "dwt": "\u202erekc\u00e4H nitraM\u202e",
    "aidenfoxivey": "Aiden Fox Ivey",
    "ilya-bobyr": "Illia Bobyr",
    "B4dM4n": "Fabian M\u00f6ller",
@@ -196,21 +196,5 @@
    "gmarti": "Gr\u00e9gory Marti",
    "lovesegfault": "Bernardo Meurer",
    "EphraimSiegfried": "Ephraim Siegfried",
-    "hgl": "Glen Huang",
-    "mjoerg": "Martin Joerg",
-    "Alexis211": "Alex Auvolat",
-    "domenkozar": "Domen Ko\u017ear",
-    "edef1c": "edef",
-    "cootshk": "Henry",
-    "raboof": "Arnout Engelen",
-    "pkpbynum": "Peter Bynum",
-    "glittershark": "Aspen Smith",
-    "MarcelCoding": "Marcel",
-    "teto": "Matthieu Coudron",
-    "jonhermansen": null,
-    "neuralsorcerer": "Soumyadip Sarkar",
-    "adeci": "Alex Decious",
-    "vinayakankugoyal": "Vinayak Goyal",
-    "me-and": "Adam Dinwoodie",
-    "GrahamDennis": "Graham Dennis"
+    "hgl": "Glen Huang"
 }
--- a/maintainers/flake-module.nix
+++ b/maintainers/flake-module.nix
@@ -79,8 +79,6 @@
              # Not supported by nixfmt
              ''^tests/functional/lang/eval-okay-deprecate-cursed-or\.nix$''
              ''^tests/functional/lang/eval-okay-attrs5\.nix$''
-              ''^tests/functional/lang/eval-fail-dynamic-attrs-inherit\.nix$''
-              ''^tests/functional/lang/eval-fail-dynamic-attrs-inherit-2\.nix$''

              # More syntax tests
              # These tests, or parts of them, should have been parse-* test cases.
--- a/maintainers/invalidate-store-paths.sh
+++ b/maintainers/invalidate-store-paths.sh
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-set -x
-
-git ls-files -z \
-    | xargs -0 grep -o '[0123456789abcdfghijklmnpqrsvwxyz]\{32\}' 2> /dev/null \
-    | rev \
-    | cut -d: -f1 \
-    | rev \
-    | sort \
-    | uniq \
-    | while read -r oldhash; do
-        if ! curl --fail -I "https://cache.nixos.org/$oldhash.narinfo" > /dev/null 2>&1; then
-            continue
-        fi
-
-        newhash=$(
-            nix eval --expr "builtins.toFile \"006c6ssvddri1sg34wnw65mzd05pcp3qliylxlhv49binldajba5\" \"$oldhash\"" \
-                | cut -d- -f1 \
-                | cut -d/ -f4
-        )
-
-        msg=$(printf "bad: %s -> %s" "$oldhash" "$newhash")
-        echo "$msg"
-        git ls-files -z \
-            | xargs -0 grep -a -l "$oldhash" 2> /dev/null \
-            | while read -r file; do
-                [ -L "$file" ] && continue
-                perl -pi -e "s/$oldhash/$newhash/g" "$file" || true
-            done || true
-        git commit -am "$msg"
-    done
--- a/maintainers/keys/158A6F530EA202E5F651611314FAEA63448E1DF9.asc
+++ b/maintainers/keys/158A6F530EA202E5F651611314FAEA63448E1DF9.asc
@@ -1,110 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGPtMiwBEAC0sFZW2QW/OaDjKm5zGRpDvHXDsMIUtlHfoi5ce8pocC63W05o
-FSXbUZjZ1VfYO8lT8DFANCzTkiXYaZx0cPRG2pVY4AOQZDNFt5XrAyvw496XCAIM
-DTYGFLjCqgjPt9RUFEy4MyHPJTEpB0x3rXgT4ILNu9vsj9Q0vttps7SpbZ3Ldq5H
-o/BBbLW77q/vNjpYzCbBIXF7ycUGpnNv9Go/WuiDnrBMcyxh+8kjjIHB5cxZSnjJ
-DUv681+m83v+gLZQGX/jexQrrf5JpS0X9qEnhGLrNUDhtyv5ud3Je4EfamkjLVVC
-RlNLofgflOCsl/tP80i+K7S1QdKhUALxuJ6H0prYUflGBDxDyC8XYuJ62TT0OUpa
-vJvgwVlCq8/jq+ykYQXlbuBVOzi5wAuI4l3+HqreSQYPSiwe+6N590Zbafdv1fvN
-WFtZKCTGMqfyaaAnppioH9/+NWkI2AQxaYVasYM/JEYvY9pJgA7alh51jHW4JglP
-ErypKfBKPKJID0QENqYoa3bDDCihuNWhgQf9dxzPlj2ckd35Zb6w4DfuSmtjaa9D
-o0jZVY1JbFuxBqP09+saVPrxLHgmPxjcdzPGQQtAqdO2vyJXNEGLFMoVEZPNaLo3
-QmcIJnT7oSck+4vGfOYtWUHXQynu/Tnwsv2XkA/uyw8HNe+RRMqv/apnzQARAQAB
-tCdTZXJnZWkgWmltbWVybWFuIDxzZXJnZWlAemltbWVybWFuLmZvbz6JAlEEEwEK
-ADsCGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQVim9TDqIC5fZRYRMU+upj
-RI4d+QUCaUbsaAIZAQAKCRAU+upjRI4d+VdDD/492HRaJ/8V7R7VUzkafmb2Hb28
-SLf7oiB8Uq9I7SukiDEaIT1fUhquYWQ9KWpPRNR1TX6ApXnIeuJRMGFoDVIRnmnr
-cKnYYXfqqc81VxIyKvaumB7KWbS7G4Nbor8AH1ouOOOMMS50OTJOWQA4A26inIuG
-n+7L8MeS5aT+3uNKDoTKsidC47vnaxNMcke1taPfbfo7vn69PsRCM/g9/7TQYU8b
-6xp+pM9Ao9nJneRk2YCpsGYRrWTpaik0DFKnfpPKJM/yunhtGLF2IYAp3l1mvHPK
-nnzo92zjpQuZwazEIK+23V1vRT4IjM2BewbJPAzf2/UuxEjjgNQm0tOtH2JhFNeB
-VM0BVrGxWrrwrsmv6lWghTtBc6zRWyHrj/rpjtVQNmeKYrHWJeXwVz1rqgGPmB2N
-k0MZD1UjHHhEs1Cntn7yLmxTPztRJCtR+euRu81Uo2NAvrMJ4xsDjaM0LeLTnzjV
-9AsPjD188dOFyz7VExZum4+XaaEJ41FIPLEqU3U0GAa6stEy0ylSlIN4x9aiXXVW
-xfzHHchS5jK6QAjuZxN8t01GRactNylINRf7uoTECFZTtXNqfeuk0HQxBH0LuKVE
-0PxJbcNI4mVWw1KgTJ8PUVC1IXP3sEpqPdJOYiRXgnpcS26fWOBu0aQ4mhxiaJhr
-/zBfrkLEqp20TdNDZLkCDQRj7TM1ARAAt73xO24curnHTTgXkkVMMRzcMLx3Mb1a
-2FuddxC5hzTpEpw01L91UBrXVJEg9K2KAwP5CtCLgPCqXr47Tm7krvHxWwBksgY/
-6aHRsoPQfCFUZHc0aiO+C4NCzR+aEeGKn66Oc1Hq9oUTpDgiBWhsuEPiyA1OSGF0
-4L0jeTCqfm68kWp4PIK9yuugkdDsoyj6TonuMsb3V5ctHLqop9KH+eHSkUTPo+Lk
-+bxaeAOJ1UfbohgbRbrYKAfsaghhOMDH3R1w2pvtUJz+sDbuQsiPFTqbxsXDTFws
-H4N/AQCYnnvOhqEek2sOEZ19bJXt5UrAr10mX4PGmAkWqE1JWBxpOKG3BXSGOTu1
-3dFhQfPMK+PmvUrs0kcWQr53K/aRUdKKhIfTcMfkqYTGPK5HclHph24WjXj3QFFA
-SjksQTdm6486ZmLZK4CTbAFOPfTF/aWg8gu9v4ihdq6lqHNNXxv2xBAChcd59H7p
-D5zy9z8SpwWR9V5JDmlF6HWIIau1c6lSsQq1xHvYM8EuPe03vJvor+2u/cn5zYF1
-5ZxAuPI2i5vtavg1s8ZGAAogJ9dVcP36LdJfL9quXWvmovkd//qHIepBB+l/zQio
-ZRDZlIcfV3Xycaqsb5OqHGARHE0097koipMt5y/iXlqG4Ruue6Idb8bW96EKpaWj
-kKy/iNfQfQMAEQEAAYkEcgQYAQoAJgIbAhYhBBWKb1MOogLl9lFhExT66mNEjh35
-BQJpRuz3BQkJHCDCAkDBdCAEGQEKAB0WIQRK3hK0WyJ4BicGpcmpsLVXymMjJQUC
-Y+0zNQAKCRCpsLVXymMjJbdSD/9+f1FOOeGDAJI6Duo5fsWnf4xJJdtQtDbz6d2A
-SeDapxeJ3zWfKBD0wu5sISEa0uiWsYSmLtsa2SqVAKHlEaMGRR+tkBMPQ+rvgI4c
-62YjGTgm+IPd+NFIn+ixFU1hpinTh+KhUEoeOwWCvKs9nZfSG9vkienfiG0bBxo2
-zrvBzXA50x5hbUL+ghKu/AVfN9qZDwh30O4KZTwk4g4cM9SeaQa4YvHYIS3IEhDZ
-hGybwrrqV9cs92ln4IJw9WCy9QReBNrdeFgC4+3ziUp1QsG3RvqrtuMttwBVC1Z3
-bj5QjLLOREhhodfvk98t9yVkragObb4rGrLo1mWuF0c4mJGvXwnrqhCMvzv4M+0T
-Zdrmw6YpGkGOaOPghVuwoTtqSAkl+zFWIJS89jidvkYG3EqKAkgLKog/TQReCq13
-HWrF8cMck+Rf2K8k26q/RNZaA9ZUKjLExzz8lsWmd2C7rvkGLrlxnzxz0gGyNR3Q
-KK74vcPhqeABt2GSkHtEXZFFA9IVVzwlRWK3e0S+mVQnZVjNL+cBPn3/hZHMLesB
-CucyYZv+DxvT+JkYXBkGSw4s3hpABqGym7gdPUIa0q4rbBFG6xP5sLLBG4yru8vV
-2dyCMmFqRuxpT49uNfyQ6Vj+dobN6qHnP/9NwfzOixXYBHXR6LBqb/M+iCiJaaIn
-uiRLHwkQFPrqY0SOHfkQpA//W51vj8meuz7snRO+vZFcjLneFFzqfh1Jdz8IqDpO
-CkI5pBJmi8e0oSe6r68MkahiQLlYPwm7d+sjHvJhPWipNKWq/uwCgBs+Ac1lpPXR
-MwLbrZukcLMYlLmb2MrCKmjcMt0BZsZKBNYL3a3X9nHgwXdeqFYS4WQDMCCc09lz
-9YqfdoEsqRO4qN7D0hFqnwjOzb34ixZ6UO8a8ekY9QKxAgWc9fJWGMg6Pjdg4qsK
-nqymOIAdGVOJdoRM46wKGVBvbsF2gNfQU4XyzgJo5vHGFwJm6EoSnODlL5e2wsQh
-uN1oqBt/8ef/plloMEqVBweUBATqSqjRF6IhhYJvWVuQHQL1p1vnV9FebiVj34ir
-Z8ID+o0AnTJcclbUcDwannGJ0cuDcPhk/v/ahVuoMERCi12qnMBo5B/e6Omyh1yB
-4pbf4GATGGQipDQG75eC/kP2GQEqJP5WYN0Ar8Le/AA/2xyL7upW0yIByyXCwGEb
-JRwEgU3+bPyu58bFt8Pftit6J7rA3oBVVMOPrYH5eZwRaj5m2RptwKGL6BfHnhNv
-ZqmCq9EBGX6L1NI0xHMjEFfXJ8jU01XdfG8nCqkwqsHwslXLhqjJphfHcx89YwbV
-/15GCuURAv1cKe/7277sOhcvP/QpQqSWgvYExHw8PeFJcTYtF2NrRgNwcQsWS1Rj
-gXa5Ag0EY+0zcAEQANC5N6kSfezuucAgi+X3BD+MT37mxQyvICSggEJf1LDSmy0+
-bnvD7setL8CP9etTA2fcVNYKI1oboMyhoCnsRP2jDdv1iXOI/hZg4wSb/D1yUkae
-fUpxv3Wuci2QKavH2MfraDD7BFMbsQeMcHtn4Rk216T6jndZHnzT1Ih7iX0XeQPb
-li5fojOiZssgWAVT4HPXFCJB6lI35Hjp35oRYwrtMmu5INinZ79n9h1igGtt1ItZ
-b7rQKNd772Jxcn4UU71ovORSL/xT5i5sxZ+evQOxkpqUAokMOFaoHcOXLmA1NsFv
-yryXHK4Ioq9ap2jKlLTWkJWjua9JZ4AmKhbvT8X4ELxIKSCAdJKAWP8ZHbXNu5MD
-aznyzZQLxSO7uFvu356De75mI5iohZNj5wB5Wju71pBiorTKVj4+iJ4e+xVIzFdG
-hFC0DehNcl2t9w/y8qHwIQ1yUAjXHLXq0/2jsVeH6bU5q/MsgvUP1jcFe0eyOpxy
-CDvyFdzZFbI57TnB/fvcZTRZ5ewXMFpH8gzuoFzAjUAP95UjYKgaGdrNPNIy28Ii
-4zhvdghei2+n9jgiMfcGQg8lyfH5yF0vWWWynX0KcJsRwEZoL2EauVdwq4PcYOoU
-pQFhpcreCjD4LdZ4yRU4InbhcUogXjrQ9Dz01TbPmQD5b5iso21bCEFBXrhzABEB
-AAGJAjwEGAEKACYCGwwWIQQVim9TDqIC5fZRYRMU+upjRI4d+QUCaUbs9wUJCRwg
-hwAKCRAU+upjRI4d+X/XD/sH5xvHPfTJq52v8weFmB52up+DzqG2lyhGdoUQ1Muw
-dRDLTLXLJrFdfpoOo7/j4Scr0rdc7/dpCn0DLcPuCoPxu+SkjEnVehFmZrGSv7Ga
-x9dHr3DBh42fdlX/U/EnDuyosY0JU1gNF2/6FIA+bTTOFE3RxfN906RjslYQDjMZ
-UAlSeLYHOZofdltI0YIr32vrxgdWQGZXPxU4XusDUc0z163OO+TGg7iUNWFZP5Qj
-ubM7e0YbDX0NPIshk8us99YJmrWnhaix1/W5ryO3DXiGaQ7XFi9u7QofRqvRIctg
-QXavdepkzJow9V9qpMECAJePIuICq7rm+xy+njjbuF436W7390bfVBwRr+FPADsl
-jgQP4KvY5rykss30kheom8wNEbveWkhH5oTfH9b7O4KXJfpfJzrlgOWp2BD9JL8t
-/M4HvFXTr2a75H/QbHK5OFrZeGATuv9OTxv7EZvnrPXU+DYTFldpu7TrNNqKCoj3
-ZyXmc3Hhg5kskDhfHJppaeOayuhMOpT3ud1MFzROY5SLVIH8rBR12KUgsCUYQcGs
-Iy0+0QvEGkjb4cAH1NK3VlbqVNsy1RmqRt2B28R2ueewDfTOoqkzt4MmzLqTdnAx
-mTqmHmkEKhEf3K4MRNUPO2yieUg2COk5l6x9HhAnoxxeOZrTmcMsPY/UViG2HEPm
-ybkCDQRj7TRDARAA9DZuKdfKq4Bs2+NwxC0aplljWOl8VIsEVg+Q8agD7/HU6/b6
-Dry0njtWybn2x6Axf/nUdeOC01Fi1lmht/fpj6mRkgAvd/V6P10xnsUoykPSDSTh
-P25MFFGW3JAA82bwdJ4AJpEQvTZG2nTb3237vlBiI1qHQrac8GYkju2O4UfySRN6
-7cyi7bMf2pjWBBOEhaNy4b6CMDsb32P/N5J7sTE/TXgrS+u4ITIgjzSrkUkh5Z+B
-8QVRa7xPIDZJdvZWTEXWu5fgRPZvxbr154GIkWJkFzlDoB1UcO56/uzRUuKhEV6o
-HW3LMUuWdPMjpHpq8hrL0G2rDniJFUtbDFzHdZK1LUU3T2BJM8rjI3D/euph+IDT
-27vl5qo72zCYE/iKzx4FMLZcQvx1kUAxkPX8l+dzZEwKeRIIpFDxQvatRtl+z0bM
-jbkpDb+Yjv66sC4dYRpgTTGX6rok0PWHR3IxDNzyf2j8zQ4LFJ+rVBM1GjGSt6mG
-j9TeL8CVeiSp4SuJ7I/FJVPHsKb50m+BDzeB31qTydNqh2kKr0DVAUa+TUsCr7e0
-OYr8WE2adJcRXIW0qw50xXF+W7/05GqSCVD0dpeOUdBTQTsSkQmM3/0hcj9aVo9e
-UDCM9RF0WRqiDAoHzJFfg+ztamkQI5HO6CklC4Ok22qrHRf6HDNYSuT6QFkAEQEA
-AYkCPQQYAQoAJwMbIAQWIQQVim9TDqIC5fZRYRMU+upjRI4d+QUCaUbs9wUJCRwf
-tAAKCRAU+upjRI4d+Y+cD/9yllG6uo934pcHNsVppZBfREFwSc8ywlbosCuSVpay
-PjSqgrWwDrnqrsk0F2kUdC6rR3BIcXbn+lA9KqylH+cCXAJCkh8EDq6TlQ7Lt5EV
-w1U0MAMXOyxPwDymQ/BO+iDyjXWkRRYgbF5XiFhCfGeuKyhkhACisAgNZ1uA1P5k
-0SJYc14YfEhQkB46Y20SpfVHRsQ46FyNB6GHbmTmfoO8La8VTh++7GBdh85HfvkG
-VNQ3wpi5oXsOLN9+MJOezc0XsW2LQsKQj1/J7QKzGh+lxN5cemsA5aqPzh8dyxeT
-0lYRFp4AHkimqGUomVpRkbegMIPxXqOE+ZAmsddErw0UtmrKxcmMptOJwNgYzEgu
-++2vtqerL/NYp+wsdcWaBjCz2F3NiwHgNli7NSB/FPwucZZ5gN5C4SnmeFzrGdHg
-Oy+tQUN6ayQKljHeBO7CjMlsFNo/dcVrEMa1ShxBMqlj/6ivoEhktLz0Nru4FwNU
-xE5SJYDYfpjD7Ws8y4LoXgWXjFHrMO6N9GzqLN/e8LT7I+w4ps2MrgJ8QSrelmQ3
-rjkxp3uWp5v2lqy4rLfpi9iB6zIAeoN2eU1yOM9joxOYMxKYaYeYyP1Mm90wFol8
-LcTSaN+tVniPddBiL6zvsGBEMbCR9XN3EQ+mErbuw5ovWBOCrr+dvN3FxvD11y4J
-7w==
-=mXYP
-----END PGP PUBLIC KEY BLOCK-----
--- a/maintainers/keys/B541D55301270E0BCF15CA5D8170B4726D7198DE.asc
+++ b/maintainers/keys/B541D55301270E0BCF15CA5D8170B4726D7198DE.asc
@@ -1,51 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQENBFZu2zwBCADfatenjH3cvhlU6AeInvp4R0JmPBG942aghFj1Qh57smRcO5Bv
-y9mqrX3UDdmVvu58V3k1k9/GzPnAG1t+c7ohdymv/AMuNY4pE2sfxx7bX+mncTHX
-5wthipn8kTNm4WjREjCJM1Bm5sozzEZetED3+0/dWlnHl8b38evnLsD+WbSrDPVp
-o6M6Eg9IfMwTfcXzdmLmSnGolBWDQ9i1a0x0r3o+sDW5UTnr7jVP+zILcnOZ1Ewl
-Rn9OJ4Qg3ULM7WTMDYpKH4BO7RLR3aJgmsFAHp17vgUnzzFBZ10MCS3UOyUNoyph
-xo3belf7Q9nrHcSNbqSeQuBnW/vafAZUreAlABEBAAG0IkVlbGNvIERvbHN0cmEg
-PGVkb2xzdHJhQGdtYWlsLmNvbT6JATwEEwEIACYCGyMHCwkIBwMCAQYVCAIJCgsE
-FgIDAQIeAQIXgAUCVm7etAIZAQAKCRCBcLRybXGY3q51B/96qt41tmcDSzrj/UTl
-O6rErfW5zFvVsJTZ95Duwu87t/DVhw5lKBQcjALqVddufw1nMzyN/tSOMVDW8xe4
-wMEdcU4+QAMzNX80enuyinsw1glxfLcK0+VbTvqNIfw0sG3MjPqNs6cK2VRfMHK4
-paJjytBVICszNX9TfjLyIpKKoSSo1vqnT47LDZ5GIMy7l9Cs2sO/rqQHSPcR79yz
-8m8tbHpDDEMZmJeklckKP2QoiqnHiIvlisDxLclYnUmNaPdaN/f++qZz5Yqvu1n+
-sNUBA5eLaZH64Uy2SwtABxO3JPJ8nQ2+SFZ7ocFm4Gcdv4aM+Ura9S6fvM91tEJp
-yAQOiQE5BBMBCAAjBQJWbts8AhsjBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AA
-CgkQgXC0cm1xmN6sIAgAielxO8zJREqEkA2xudg/o4e9ZlNZ3X1NvY8OzJH/qlB2
-SmwKqwifhtbC1K0uavXA7eaxdtd2zrI+Yq7IooUyv7juMjHTZhLcFbR5iVkQ4Mfp
-JmeHXJ/ChYKxD5mMj/C3WbCZ91oCSNZ6Iyi5fvQj/691OC4q+y/2NEUcOI8D8cw8
-XKHbKtceFYc+nZmdOv3ZZrNTSN/kszGViNNLKgnpPdDVPtLp+vjXtbmitiFG2HL/
-WfbJ+3Gh2Yr1Vy3O9dWKH++e1AmIv7WWqmUjRFVpqC/wr7/BLaScWT8WKF5vkshU
-gq8Ez1/cuizsgs3wQIZWgXKQK5njvwnbKg+Zmh/uGbQmRWVsY28gRG9sc3RyYSA8
-ZWVsY28uZG9sc3RyYUB0d2VhZy5pbz6JAU4EEwEIADgWIQS1QdVTAScOC88Vyl2B
-cLRybXGY3gUCXELt4gIbIwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCBcLRy
-bXGY3ujFCADfS5D1xHU8KH6TpqgssSggYVq62Wwn/Ga+4XPPetM+ajcXagyH6SwB
-mxlHICcnv9xC93ryiTI10P1ADJl+aBsI66wEdHBU+ty4RTDy4JZNUPtmRCk9LhSc
-mtUO3ry/wtWkRLdJxP49hg7BbQvWoU0M6WODp7SJjPKPWNX64mzHBeOuy+DqGCbM
-lpGNCvW8ahU/ewbm7+xwWmzqLDoWzXjHsdF4QdzMVM/vkAgWEP4y0wEqFASzIYaR
-GNEkBWU4OQVq5Bdm9+wWWAgsbM0FJAQl0GDqnz4QxWzxxCAAXdbh9F5ffafWYsA9
-bise4ZQLkvYo6iUnrcFm4dtZbT8iL3gptCtFZWxjbyBEb2xzdHJhIDxlZWxjby5k
-b2xzdHJhQGxvZ2ljYmxveC5jb20+iQE5BBMBCAAjBQJWbt6nAhsjBwsJCAcDAgEG
-FQgCCQoLBBYCAwECHgECF4AACgkQgXC0cm1xmN4b/wf8DApMV/jSPEpibekrUPQu
-Ye3Z8cxBQuRm/nOPowtPEH/ShAevrCdRiob2nuEZWNoqZ2e5/+6ud07Hs9bslvco
-cDv1jeY1dof1idxfKhH3kfSpuD2XJhuzQBxBqOrIlCS/rdnW+Y9wOGD7+bs9QpcA
-IyAeQGLLkfggAxaGYQ2Aev8pS7i3a/+lOWbFhcTe02I49KemCOJqBorG5FfILLNr
-DjO3EoutNGpuz6rZvc/BlymphWBoAdUmxgoObr7NYWgw9pI8WeE6C7bbSOO7p5aQ
-spWXU7Hm17DkzsVDpaJlyClllqK+DdKza5oWlBMe/P02jD3Y+0P/2rCCyQQwmH3D
-RbkBDQRWbts8AQgA0g556xc08dH5YNEjbCwEt1j+XoRnV4+GfbSJIXOl9joIgzRC
-4IaijvL8+4biWvX7HiybfvBKto0XB1AWLZRC3jWKX5p74I77UAcrD+VQ/roWQqlJ
-BKbiQMlRYEsj/5Xnf72G90IP4DAFKvNl+rLChe+jUySA91BCtrYoP75Sw1BE9Cyz
-xEtm4WUzKAJdXI+ZTBttA2Nbqy+GSuzBs7fSKDwREJaZmVrosvmns+pQVG4WPWf4
-0l4mPguDQmZ9wSWZvBDkpG7AgHYDRYRGkMbAGsVfc6cScN2VsSTa6cbeeAEowKxM
-qx9RbY3WOq6aKAm0qDvow1nl7WwXwe8K0wQxfQARAQABiQEfBBgBCAAJBQJWbts8
-AhsMAAoJEIFwtHJtcZjeuAAH/0YNz2Qe1IAEO5oqEZNFOccL4KxVPrBhWUen83/b
-C6PjOnOqv6q5ztAcms88WIKxBlfzIfq+dzJcbKVS/H7TEXgcaC+7EYW8sJVEsipN
-BtEZ3LQNJ5coDjm7WZygniah1lfXNuiritAXduK5FWNNndqGArEaeZ8Shzdo/Uyi
-b9lOsBIL6xc2ZcnX5f+rTu02LCEtEb0FwCycZLEWYf8hG4k8uttIOZOC+CLk/k8d
-kBmPikMwUVTTV0CdT1cemQKdTaoAaK+kurF6FYXwcnjhRlHrisSt/tVMEwTw4LUM
-3MYf6qfjjvE4HlDwZal8th7ccoQp/flfJIuRv85xCcKK+PI=
-=u5cX
-----END PGP PUBLIC KEY BLOCK-----
--- a/maintainers/keys/README.md
+++ b/maintainers/keys/README.md
@@ -1,13 +0,0 @@
-# Maintainer GPG Keys
-
-Release tags are signed by members of the [Nix maintainer team](https://nixos.org/community/teams/nix/) as part of the [release process](../release-process.md). This directory contains the public GPG keys used for signing.
-
-## Keys
-
- **Eelco Dolstra**
-  GPG Fingerprint: `B541 D553 0127 0E0B CF15 CA5D 8170 B472 6D71 98DE`
-
- **Sergei Zimmerman**
-  GPG Fingerprint: [`158A 6F53 0EA2 02E5 F651 6113 14FA EA63 448E 1DF9`](https://keys.openpgp.org/vks/v1/by-fingerprint/158A6F530EA202E5F651611314FAEA63448E1DF9)
-
-<!-- TODO: Add keys for other Nix team members -->
--- a/maintainers/release-process.md
+++ b/maintainers/release-process.md
@@ -5,11 +5,11 @@
 The release process is intended to create the following for each
 release:

-* A signed Git tag (public keys in `maintainers/keys/`)
+* A Git tag

 * Binary tarballs in https://releases.nixos.org/?prefix=nix/

-* Docker images (arm64 and amd64 variants, uploaded to DockerHub and GHCR)
+* Docker images

 * Closures in https://cache.nixos.org

@@ -104,17 +104,21 @@ release:
  evaluation ID (e.g. `1780832` in
  `https://hydra.nixos.org/eval/1780832`).

-* Tag the release:
+* Tag the release and upload the release artifacts to
+  [`releases.nixos.org`](https://releases.nixos.org/) and [Docker Hub](https://hub.docker.com/):

  ```console
-  $ IS_LATEST=1 ./maintainers/upload-release.pl --skip-docker --skip-s3 --project-root $PWD <EVAL-ID>
+  $ IS_LATEST=1 ./maintainers/upload-release.pl <EVAL-ID>
  ```

  Note: `IS_LATEST=1` causes the `latest-release` branch to be
  force-updated. This is used by the `nixos.org` website to get the
  [latest Nix manual](https://nixos.org/manual/nixpkgs/unstable/).

-* Trigger the [`upload-release.yml` workflow](https://github.com/NixOS/nix/actions/workflows/upload-release.yml) via `workflow_dispatch` trigger. At the top click `Run workflow` -> select the current release branch from `Use workflow from` -> fill in `Hydra evaluation ID` with `<EVAL-ID>` value from previous steps -> click `Run workflow`. Wait for the run to be approved by `NixOS/nix-team` (or bypass checks if warranted). Wait for the workflow to succeed.
+  TODO: This script requires the right AWS credentials. Document.
+
+  TODO: This script currently requires a
+  `/home/eelco/Dev/nix-pristine`.

  TODO: trigger nixos.org netlify: https://docs.netlify.com/configure-builds/build-hooks/

@@ -177,18 +181,16 @@ release:
 * Wait for the desired evaluation of the maintenance jobset to finish
  building.

-* Tag the release
+* Run

  ```console
-  $ IS_LATEST=1 ./maintainers/upload-release.pl --skip-docker --skip-s3 --project-root $PWD <EVAL-ID>
+  $ IS_LATEST=1 ./maintainers/upload-release.pl <EVAL-ID>
  ```

  Omit `IS_LATEST=1` when creating a point release that is not on the
  most recent stable branch. This prevents `nixos.org` to going back
  to an older release.

-* Trigger the [`upload-release.yml` workflow](https://github.com/NixOS/nix/actions/workflows/upload-release.yml) via `workflow_dispatch` trigger. At the top click `Run workflow` -> select the current release branch from `Use workflow from` -> fill in `Hydra evaluation ID` with `<EVAL-ID>` value from previous steps -> click `Run workflow`. Wait for the run to be approved by `NixOS/nix-team` (or bypass checks if warranted). Wait for the workflow to succeed.
-
 * Bump the version number of the release branch as above (e.g. to
  `2.12.2`).

--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .34.0
 .33.0
				`@@ -1 +0,0 @@`
				`../../../../../../src/libstore-tests/data/derivation`
				`@@ -1 +0,0 @@`
				`../../../../../../src/libutil-tests/data/memory-source-accessor`
				`@@ -0,0 +1 @@`
				`../../../../../../src/libstore-tests/data/nar-info`