Merge pull request #13230 from NixOS/mergify/bp/2.29-maintenance/pr-13228

libutil-tests/json-utils: fix -Werror=sign-compare error (backport #13228)
libutil-tests/json-utils: fix -Werror=sign-compare error
2025-05-19 16:46:37 +02:00 · 2025-05-19 14:16:43 +00:00 · 2025-05-18 22:26:54 +02:00 · 2025-05-18 19:46:17 +00:00 · 2025-05-18 19:46:17 +00:00 · 2025-05-18 19:46:16 +00:00
949 changed files with 31315 additions and 42775 deletions
--- a/.clang-format
+++ b/.clang-format
@@ -8,7 +8,7 @@ BraceWrapping:
  AfterUnion: true
  SplitEmptyRecord: false
 PointerAlignment: Middle
-FixNamespaceComments: true
+FixNamespaceComments: false
 SortIncludes: Never
 #IndentPPDirectives: BeforeHash
 SpaceAfterCStyleCast: true
@@ -32,4 +32,3 @@ IndentPPDirectives: AfterHash
 PPIndentWidth: 2
 BinPackArguments: false
 BreakBeforeTernaryOperators: true
-SeparateDefinitionBlocks: Always
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -1,6 +0,0 @@
-# bulk initial re-formatting with clang-format
-e4f62e46088919428a68bd8014201dc8e379fed7 # !autorebase ./maintainers/format.sh --until-stable
-# meson re-formatting
-385e2c3542c707d95e3784f7f6d623f67e77ab61 # !autorebase ./maintainers/format.sh --until-stable
-# nixfmt 1.0.0
-1d943f581908f35075a84a3d89c2eba3ff35067f # !autorebase ./maintainers/format.sh --until-stable
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -45,7 +45,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open bug issues and pull requests] for possible duplicates

-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open bug issues and pull requests]: https://github.com/NixOS/nix/labels/bug

--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -30,7 +30,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open feature issues and pull requests] for possible duplicates

-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open feature issues and pull requests]: https://github.com/NixOS/nix/labels/feature

--- a/.github/ISSUE_TEMPLATE/installer.md
+++ b/.github/ISSUE_TEMPLATE/installer.md
@@ -38,7 +38,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open installer issues and pull requests] for possible duplicates

-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open installer issues and pull requests]: https://github.com/NixOS/nix/labels/installer

--- a/.github/ISSUE_TEMPLATE/missing_documentation.md
+++ b/.github/ISSUE_TEMPLATE/missing_documentation.md
@@ -22,7 +22,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open documentation issues and pull requests] for possible duplicates

-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open documentation issues and pull requests]: https://github.com/NixOS/nix/labels/documentation

--- a/.github/actions/install-nix-action/action.yaml
+++ b/.github/actions/install-nix-action/action.yaml
@@ -1,50 +0,0 @@
-name: "Install Nix"
-description: "Helper action for installing Nix with support for dogfooding from master"
-inputs:
-  dogfood:
-    description: "Whether to use Nix installed from the latest artifact from master branch"
-    required: true # Be explicit about the fact that we are using unreleased artifacts
-  extra_nix_config:
-    description: "Gets appended to `/etc/nix/nix.conf` if passed."
-  install_url:
-    description: "URL of the Nix installer"
-    required: false
-    default: "https://releases.nixos.org/nix/nix-2.30.2/install"
-  github_token:
-    description: "Github token"
-    required: true
-runs:
-  using: "composite"
-  steps:
-    - name: "Download nix install artifact from master"
-      shell: bash
-      id: download-nix-installer
-      if: inputs.dogfood == 'true'
-      run: |
-        RUN_ID=$(gh run list --repo "$DOGFOOD_REPO" --workflow ci.yml --branch master --status success --json databaseId --jq ".[0].databaseId")
-
-        if [ "$RUNNER_OS" == "Linux" ]; then
-          INSTALLER_ARTIFACT="installer-linux"
-        elif [ "$RUNNER_OS" == "macOS" ]; then
-          INSTALLER_ARTIFACT="installer-darwin"
-        else
-          echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS"
-          exit 1
-        fi
-
-        INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$INSTALLER_ARTIFACT"
-        mkdir -p "$INSTALLER_DOWNLOAD_DIR"
-
-        gh run download "$RUN_ID" --repo "$DOGFOOD_REPO" -n "$INSTALLER_ARTIFACT" -D "$INSTALLER_DOWNLOAD_DIR"
-        echo "installer-path=file://$INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-
-        echo "::notice ::Dogfooding Nix installer from master (https://github.com/$DOGFOOD_REPO/actions/runs/$RUN_ID)"
-      env:
-        GH_TOKEN: ${{ inputs.github_token }}
-        DOGFOOD_REPO: "NixOS/nix"
-    - uses: cachix/install-nix-action@c134e4c9e34bac6cab09cf239815f9339aaaf84e # v31.5.1
-      with:
-        # Ternary operator in GHA: https://www.github.com/actions/runner/issues/409#issuecomment-752775072
-        install_url: ${{ inputs.dogfood == 'true' && format('{0}/install', steps.download-nix-installer.outputs.installer-path) || inputs.install_url }}
-        install_options: ${{ inputs.dogfood == 'true' && format('--tarball-url-prefix {0}', steps.download-nix-installer.outputs.installer-path) || '' }}
-        extra_nix_config: ${{ inputs.extra_nix_config }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,15 +2,7 @@ name: "CI"

 on:
  pull_request:
-  merge_group:
  push:
-  workflow_dispatch:
-    inputs:
-      dogfood:
-        description: 'Use dogfood Nix build'
-        required: false
-        default: true
-        type: boolean

 permissions: read-all

@@ -18,16 +10,11 @@ jobs:
  eval:
    runs-on: ubuntu-24.04
    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        extra_nix_config:
-          experimental-features = nix-command flakes
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-    - run: nix flake show --all-systems --json
+    - uses: cachix/install-nix-action@v31
+    - run: nix --experimental-features 'nix-command flakes' flake show --all-systems --json

  tests:
    strategy:
@@ -37,69 +24,34 @@ jobs:
          - scenario: on ubuntu
            runs-on: ubuntu-24.04
            os: linux
-            instrumented: false
-            primary: true
-            stdenv: stdenv
          - scenario: on macos
            runs-on: macos-14
            os: darwin
-            instrumented: false
-            primary: true
-            stdenv: stdenv
-          - scenario: on ubuntu (with sanitizers / coverage)
-            runs-on: ubuntu-24.04
-            os: linux
-            instrumented: true
-            primary: false
-            stdenv: clangStdenv
    name: tests ${{ matrix.scenario }}
    runs-on: ${{ matrix.runs-on }}
    timeout-minutes: 60
    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
+    - uses: cachix/install-nix-action@v31
      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
        # The sandbox would otherwise be disabled by default on Darwin
-        extra_nix_config: "sandbox = true"
+        extra_nix_config: |
+          sandbox = true
+          max-jobs = 1
    - uses: DeterminateSystems/magic-nix-cache-action@main
    # Since ubuntu 22.30, unprivileged usernamespaces are no longer allowed to map to the root user:
    # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
    - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
      if: matrix.os == 'linux'
-    - name: Run component tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix componentTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-    - name: Run flake checks and prepare the installer tarball
-      run: |
-        ci/gha/tests/build-checks
-        ci/gha/tests/prepare-installer-for-github-actions
-      if: ${{ matrix.primary }}
-    - name: Collect code coverage
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix codeCoverage.coverageReports -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}" \
-          --out-link coverage-reports
-        cat coverage-reports/index.txt >> $GITHUB_STEP_SUMMARY
-      if: ${{ matrix.instrumented }}
-    - name: Upload coverage reports
-      uses: actions/upload-artifact@v4
-      with:
-        name: coverage-reports
-        path: coverage-reports/
-      if: ${{ matrix.instrumented }}
+    - run: scripts/build-checks
+    - run: scripts/prepare-installer-for-github-actions
    - name: Upload installer tarball
      uses: actions/upload-artifact@v4
      with:
        name: installer-${{matrix.os}}
        path: out/*
-      if: ${{ matrix.primary }}

  installer_test:
    needs: [tests]
@@ -116,19 +68,19 @@ jobs:
    name: installer test ${{ matrix.scenario }}
    runs-on: ${{ matrix.runs-on }}
    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
    - name: Download installer tarball
-      uses: actions/download-artifact@v5
+      uses: actions/download-artifact@v4
      with:
        name: installer-${{matrix.os}}
        path: out
-    - name: Looking up the installer tarball URL
-      id: installer-tarball-url
-      run: echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT"
+    - name: Serving installer
+      id: serving_installer
+      run: ./scripts/serve-installer-for-github-actions
    - uses: cachix/install-nix-action@v31
      with:
-        install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }}
-        install_options: ${{ format('--tarball-url-prefix {0}', steps.installer-tarball-url.outputs.installer-url) }}
+        install_url: 'http://localhost:8126/install'
+        install_options: "--tarball-url-prefix http://localhost:8126/"
    - run: sudo apt install fish zsh
      if: matrix.os == 'linux'
    - run: brew install fish
@@ -147,17 +99,17 @@ jobs:
  check_secrets:
    permissions:
      contents: none
-    name: Check presence of secrets
+    name: Check Docker secrets present for installer tests
    runs-on: ubuntu-24.04
    outputs:
      docker: ${{ steps.secret.outputs.docker }}
    steps:
-      - name: Check for DockerHub secrets
+      - name: Check for secrets
        id: secret
        env:
          _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
        run: |
-          echo "docker=${{ env._DOCKER_SECRETS != '' }}" >> $GITHUB_OUTPUT
+          echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"

  docker_push_image:
    needs: [tests, vm_tests, check_secrets]
@@ -170,7 +122,13 @@ jobs:
      github.ref_name == 'master'
    runs-on: ubuntu-24.04
    steps:
-    - uses: actions/checkout@v5
+    - name: Check for secrets
+      id: secret
+      env:
+        _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
+      run: |
+        echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
+    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - uses: cachix/install-nix-action@v31
@@ -216,13 +174,8 @@ jobs:
  vm_tests:
    runs-on: ubuntu-24.04
    steps:
-      - uses: actions/checkout@v5
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-          extra_nix_config:
-            experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - run: |
          nix build -L \
@@ -237,45 +190,17 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout nix
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
      - name: Checkout flake-regressions
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          repository: NixOS/flake-regressions
          path: flake-regressions
      - name: Checkout flake-regressions-data
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
        with:
          repository: NixOS/flake-regressions-data
          path: flake-regressions/tests
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-          extra_nix_config:
-            experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh
-
-  profile_build:
-    needs: tests
-    runs-on: ubuntu-24.04
-    timeout-minutes: 60
-    if: >-
-      github.event_name == 'push' &&
-      github.ref_name == 'master'
-    steps:
-    - uses: actions/checkout@v5
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        extra_nix_config: |
-          experimental-features = flakes nix-command ca-derivations impure-derivations
-          max-jobs = 1
-    - uses: DeterminateSystems/magic-nix-cache-action@main
-    - run: |
-        nix build -L --file ./ci/gha/profile-build buildTimeReport --out-link build-time-report.md
-        cat build-time-report.md >> $GITHUB_STEP_SUMMARY
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -18,7 +18,7 @@ jobs:
    runs-on: ubuntu-24.04
    if: github.repository_owner == 'NixOS'
    steps:
-    - uses: actions/labeler@v6
+    - uses: actions/labeler@v5
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        sync-labels: false
--- a/.gitignore
+++ b/.gitignore
@@ -47,6 +47,3 @@ result-*
 .DS_Store

 flake-regressions
-
-# direnv
-.direnv/
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -139,36 +139,3 @@ pull_request_rules:
        labels:
          - automatic backport
          - merge-queue
-
-  - name: backport patches to 2.29
-    conditions:
-      - label=backport 2.29-maintenance
-    actions:
-      backport:
-        branches:
-          - "2.29-maintenance"
-        labels:
-          - automatic backport
-          - merge-queue
-
-  - name: backport patches to 2.30
-    conditions:
-      - label=backport 2.30-maintenance
-    actions:
-      backport:
-        branches:
-          - "2.30-maintenance"
-        labels:
-          - automatic backport
-          - merge-queue
-
-  - name: backport patches to 2.31
-    conditions:
-      - label=backport 2.31-maintenance
-    actions:
-      backport:
-        branches:
-          - "2.31-maintenance"
-        labels:
-          - automatic backport
-          - merge-queue
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.32.0
+2.29.0
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -89,7 +89,7 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).

 ## Making changes to the Nix manual

-The Nix reference manual is hosted on https://nix.dev/manual/nix.
+The Nix reference manual is hosted on https://nixos.org/manual/nix.
 The underlying source files are located in [`doc/manual/source`](./doc/manual/source).
 For small changes you can [use GitHub to edit these files](https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files)
 For larger changes see the [Nix reference manual](https://nix.dev/manual/nix/development/development/contributing.html).
--- a/ci/gha/profile-build/default.nix
+++ b/ci/gha/profile-build/default.nix
@@ -1,101 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-}:
-
-let
-  inherit (pkgs) lib;
-
-  nixComponentsInstrumented =
-    (nixFlake.lib.makeComponents {
-      inherit pkgs;
-      getStdenv = p: p.clangStdenv;
-    }).overrideScope
-      (
-        _: _: {
-          mesonComponentOverrides = finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "buildprofile" ];
-            nativeBuildInputs = [ pkgs.clangbuildanalyzer ] ++ prevAttrs.nativeBuildInputs or [ ];
-            __impure = true;
-
-            env = {
-              CFLAGS = "-ftime-trace";
-              CXXFLAGS = "-ftime-trace";
-            };
-
-            preBuild = ''
-              ClangBuildAnalyzer --start $PWD
-            '';
-
-            postBuild = ''
-              ClangBuildAnalyzer --stop $PWD $buildprofile
-            '';
-          };
-        }
-      );
-
-  componentsToProfile = {
-    "nix-util" = { };
-    "nix-util-c" = { };
-    "nix-util-test-support" = { };
-    "nix-util-tests" = { };
-    "nix-store" = { };
-    "nix-store-c" = { };
-    "nix-store-test-support" = { };
-    "nix-store-tests" = { };
-    "nix-fetchers" = { };
-    "nix-fetchers-c" = { };
-    "nix-fetchers-tests" = { };
-    "nix-expr" = { };
-    "nix-expr-c" = { };
-    "nix-expr-test-support" = { };
-    "nix-expr-tests" = { };
-    "nix-flake" = { };
-    "nix-flake-c" = { };
-    "nix-flake-tests" = { };
-    "nix-main" = { };
-    "nix-main-c" = { };
-    "nix-cmd" = { };
-    "nix-cli" = { };
-  };
-
-  componentDerivationsToProfile = builtins.intersectAttrs componentsToProfile nixComponentsInstrumented;
-  componentBuildProfiles = lib.mapAttrs (
-    n: v: lib.getOutput "buildprofile" v
-  ) componentDerivationsToProfile;
-
-  buildTimeReport =
-    pkgs.runCommand "build-time-report"
-      {
-        __impure = true;
-        __structuredAttrs = true;
-        nativeBuildInputs = [ pkgs.clangbuildanalyzer ];
-        inherit componentBuildProfiles;
-      }
-      ''
-        {
-          echo "# Build time performance profile for components:"
-          echo
-          echo "This reports the build profile collected via \`-ftime-trace\` for each component."
-          echo
-        } >> $out
-
-        for name in "''\${!componentBuildProfiles[@]}"; do
-          {
-            echo "<details><summary><strong>$name</strong></summary>"
-            echo
-            echo '````'
-            ClangBuildAnalyzer --analyze "''\${componentBuildProfiles[$name]}"
-            echo '````'
-            echo
-            echo "</details>"
-          } >> $out
-        done
-      '';
-in
-
-{
-  inherit buildTimeReport;
-  inherit componentDerivationsToProfile;
-}
--- a/ci/gha/tests/default.nix
+++ b/ci/gha/tests/default.nix
@@ -1,229 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  nixComponents ? (
-    nixFlake.lib.makeComponents {
-      inherit pkgs;
-      inherit getStdenv;
-    }
-  ),
-  getStdenv ? p: p.stdenv,
-  componentTestsPrefix ? "",
-  withSanitizers ? false,
-  withCoverage ? false,
-  ...
-}:
-
-let
-  inherit (pkgs) lib;
-  hydraJobs = nixFlake.hydraJobs;
-  packages' = nixFlake.packages.${system};
-  stdenv = (getStdenv pkgs);
-
-  enableSanitizersLayer = finalAttrs: prevAttrs: {
-    mesonFlags =
-      (prevAttrs.mesonFlags or [ ])
-      ++ [
-        # Run all tests with UBSAN enabled. Running both with ubsan and
-        # without doesn't seem to have much immediate benefit for doubling
-        # the GHA CI workaround.
-        #
-        # TODO: Work toward enabling "address,undefined" if it seems feasible.
-        # This would maybe require dropping Boost coroutines and ignoring intentional
-        # memory leaks with detect_leaks=0.
-        (lib.mesonOption "b_sanitize" "undefined")
-      ]
-      ++ (lib.optionals stdenv.cc.isClang [
-        # https://www.github.com/mesonbuild/meson/issues/764
-        (lib.mesonBool "b_lundef" false)
-      ]);
-  };
-
-  collectCoverageLayer = finalAttrs: prevAttrs: {
-    env =
-      let
-        # https://clang.llvm.org/docs/SourceBasedCodeCoverage.html#the-code-coverage-workflow
-        coverageFlags = [
-          "-fprofile-instr-generate"
-          "-fcoverage-mapping"
-        ];
-      in
-      {
-        CFLAGS = toString coverageFlags;
-        CXXFLAGS = toString coverageFlags;
-      };
-
-    # Done in a pre-configure hook, because $NIX_BUILD_TOP needs to be substituted.
-    preConfigure = prevAttrs.preConfigure or "" + ''
-      mappingFlag=" -fcoverage-prefix-map=$NIX_BUILD_TOP/${finalAttrs.src.name}=${finalAttrs.src}"
-      CFLAGS+="$mappingFlag"
-      CXXFLAGS+="$mappingFlag"
-    '';
-  };
-
-  componentOverrides =
-    (lib.optional withSanitizers enableSanitizersLayer)
-    ++ (lib.optional withCoverage collectCoverageLayer);
-in
-
-rec {
-  nixComponentsInstrumented = nixComponents.overrideScope (
-    final: prev: {
-      nix-store-tests = prev.nix-store-tests.override { withBenchmarks = true; };
-
-      mesonComponentOverrides = lib.composeManyExtensions componentOverrides;
-    }
-  );
-
-  /**
-    Top-level tests for the flake outputs, as they would be built by hydra.
-    These tests generally can't be overridden to run with sanitizers.
-  */
-  topLevel = {
-    installerScriptForGHA = hydraJobs.installerScriptForGHA.${system};
-    installTests = hydraJobs.installTests.${system};
-    nixpkgsLibTests = hydraJobs.tests.nixpkgsLibTests.${system};
-    rl-next = pkgs.buildPackages.runCommand "test-rl-next-release-notes" { } ''
-      LANG=C.UTF-8 ${pkgs.changelog-d}/bin/changelog-d ${../../../doc/manual/rl-next} >$out
-    '';
-    repl-completion = pkgs.callPackage ../../../tests/repl-completion.nix { inherit (packages') nix; };
-
-    /**
-      Checks for our packaging expressions.
-      This shouldn't build anything significant; just check that things
-      (including derivations) are _set up_ correctly.
-    */
-    packaging-overriding =
-      let
-        nix = packages'.nix;
-      in
-      assert (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src.patches == [ pkgs.emptyFile ];
-      if pkgs.stdenv.buildPlatform.isDarwin then
-        lib.warn "packaging-overriding check currently disabled because of a permissions issue on macOS" pkgs.emptyFile
-      else
-        # If this fails, something might be wrong with how we've wired the scope,
-        # or something could be broken in Nixpkgs.
-        pkgs.testers.testEqualContents {
-          assertion = "trivial patch does not change source contents";
-          expected = "${../../..}";
-          actual =
-            # Same for all components; nix-util is an arbitrary pick
-            (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src;
-        };
-  };
-
-  componentTests =
-    (lib.concatMapAttrs (
-      pkgName: pkg:
-      lib.concatMapAttrs (testName: test: {
-        "${componentTestsPrefix}${pkgName}-${testName}" = test;
-      }) (pkg.tests or { })
-    ) nixComponentsInstrumented)
-    // lib.optionalAttrs (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) {
-      "${componentTestsPrefix}nix-functional-tests" = nixComponentsInstrumented.nix-functional-tests;
-    };
-
-  codeCoverage =
-    let
-      componentsTestsToProfile =
-        (builtins.mapAttrs (n: v: nixComponentsInstrumented.${n}.tests.run) {
-          "nix-util-tests" = { };
-          "nix-store-tests" = { };
-          "nix-fetchers-tests" = { };
-          "nix-expr-tests" = { };
-          "nix-flake-tests" = { };
-        })
-        // {
-          inherit (nixComponentsInstrumented) nix-functional-tests;
-        };
-
-      coverageProfileDrvs = lib.mapAttrs (
-        n: v:
-        v.overrideAttrs (
-          finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "profraw" ];
-            env = {
-              LLVM_PROFILE_FILE = "${placeholder "profraw"}/%m";
-            };
-          }
-        )
-      ) componentsTestsToProfile;
-
-      coverageProfiles = lib.mapAttrsToList (n: v: lib.getOutput "profraw" v) coverageProfileDrvs;
-
-      mergedProfdata =
-        pkgs.runCommand "merged-profdata"
-          {
-            __structuredAttrs = true;
-            nativeBuildInputs = [ pkgs.llvmPackages.libllvm ];
-            inherit coverageProfiles;
-          }
-          ''
-            rawProfiles=()
-            for dir in "''\${coverageProfiles[@]}"; do
-              rawProfiles+=($dir/*)
-            done
-            llvm-profdata merge -sparse -output $out "''\${rawProfiles[@]}"
-          '';
-
-      coverageReports =
-        let
-          nixComponentDrvs = lib.filter (lib.isDerivation) (lib.attrValues nixComponentsInstrumented);
-        in
-        pkgs.runCommand "code-coverage-report"
-          {
-            nativeBuildInputs = [
-              pkgs.llvmPackages.libllvm
-              pkgs.jq
-            ];
-            __structuredAttrs = true;
-            nixComponents = nixComponentDrvs;
-          }
-          ''
-            # ${toString (lib.map (v: v.src) nixComponentDrvs)}
-
-            binaryFiles=()
-            for dir in "''\${nixComponents[@]}"; do
-              readarray -t filesInDir < <(find "$dir" -type f -executable)
-              binaryFiles+=("''\${filesInDir[@]}")
-            done
-
-            arguments=$(concatStringsSep " -object " binaryFiles)
-            llvm-cov show $arguments -instr-profile ${mergedProfdata} -output-dir $out -format=html
-
-            {
-              echo "# Code coverage summary (generated via \`llvm-cov\`):"
-              echo
-              echo '```'
-              llvm-cov report $arguments -instr-profile ${mergedProfdata} -format=text -use-color=false
-              echo '```'
-              echo
-            } >> $out/index.txt
-
-            llvm-cov export $arguments -instr-profile ${mergedProfdata} -format=text > $out/coverage.json
-
-            mkdir -p $out/nix-support
-
-            coverageTotals=$(jq ".data[0].totals" $out/coverage.json)
-
-            # Mostly inline from pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh [1],
-            # which we can't use here, because we rely on LLVM's infra for source code coverage collection.
-            # [1]: https://github.com/NixOS/nixpkgs/blob/67bb48c4c8e327417d6d5aa7e538244b209e852b/pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh#L16
-            declare -A metricsArray=(["lineCoverage"]="lines" ["functionCoverage"]="functions" ["branchCoverage"]="branches")
-
-            for metricName in "''\${!metricsArray[@]}"; do
-              key="''\${metricsArray[$metricName]}"
-              metric=$(echo "$coverageTotals" | jq ".$key.percent * 10 | round / 10")
-              echo "$metricName $metric %" >> $out/nix-support/hydra-metrics
-            done
-
-            echo "report coverage $out" >> $out/nix-support/hydra-build-products
-          '';
-    in
-    assert withCoverage;
-    assert stdenv.cc.isClang;
-    {
-      inherit coverageProfileDrvs mergedProfdata coverageReports;
-    };
-}
--- a/ci/gha/tests/wrapper.nix
+++ b/ci/gha/tests/wrapper.nix
@@ -1,16 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  stdenv ? "stdenv",
-  componentTestsPrefix ? "",
-  withInstrumentation ? false,
-}@args:
-import ./. (
-  args
-  // {
-    getStdenv = p: p.${stdenv};
-    withSanitizers = withInstrumentation;
-    withCoverage = withInstrumentation;
-  }
-)
--- a/doc/manual/meson.build
+++ b/doc/manual/meson.build
@@ -1,5 +1,4 @@
-project(
-  'nix-manual',
+project('nix-manual',
  version : files('.version'),
  meson_version : '>= 1.1',
  license : 'LGPL-2.1-or-later',
@@ -9,45 +8,43 @@ nix = find_program('nix', native : true)

 mdbook = find_program('mdbook', native : true)
 bash = find_program('bash', native : true)
-rsync = find_program('rsync', required : true, native : true)

 pymod = import('python')
 python = pymod.find_installation('python3')

 nix_env_for_docs = {
-  'HOME' : '/dummy',
-  'NIX_CONF_DIR' : '/dummy',
-  'NIX_SSL_CERT_FILE' : '/dummy/no-ca-bundle.crt',
-  'NIX_STATE_DIR' : '/dummy',
-  'NIX_CONFIG' : 'cores = 0',
+  'HOME': '/dummy',
+  'NIX_CONF_DIR': '/dummy',
+  'NIX_SSL_CERT_FILE': '/dummy/no-ca-bundle.crt',
+  'NIX_STATE_DIR': '/dummy',
+  'NIX_CONFIG': 'cores = 0',
 }

-nix_for_docs = [ nix, '--experimental-features', 'nix-command' ]
+nix_for_docs = [nix, '--experimental-features', 'nix-command']
 nix_eval_for_docs_common = nix_for_docs + [
  'eval',
-  '-I',
-  'nix=' + meson.current_source_dir(),
+  '-I', 'nix=' + meson.current_source_dir(),
  '--store', 'dummy://',
  '--impure',
 ]
 nix_eval_for_docs = nix_eval_for_docs_common + '--raw'

 conf_file_json = custom_target(
-  command : nix_for_docs + [ 'config', 'show', '--json' ],
+  command : nix_for_docs + ['config', 'show', '--json'],
  capture : true,
  output : 'conf-file.json',
  env : nix_env_for_docs,
 )

 language_json = custom_target(
-  command : [ nix, '__dump-language' ],
+  command: [nix, '__dump-language'],
  output : 'language.json',
  capture : true,
  env : nix_env_for_docs,
 )

 nix3_cli_json = custom_target(
-  command : [ nix, '__dump-cli' ],
+  command : [nix, '__dump-cli'],
  capture : true,
  output : 'nix.json',
  env : nix_env_for_docs,
@@ -81,14 +78,13 @@ manual = custom_target(
  'manual',
  command : [
    bash,
-    '-euo',
-    'pipefail',
+    '-euo', 'pipefail',
    '-c',
    '''
        @0@ @INPUT0@ @CURRENT_SOURCE_DIR@ > @DEPFILE@
        @0@ @INPUT1@ summary @2@ < @CURRENT_SOURCE_DIR@/source/SUMMARY.md.in > @2@/source/SUMMARY.md
        sed -e 's|@version@|@3@|g' < @INPUT2@ > @2@/book.toml
-        @4@ -r --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
+        rsync -r --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
        (cd @2@; RUST_LOG=warn @1@ build -d @2@ 3>&2 2>&1 1>&3) | { grep -Fv "because fragment resolution isn't implemented" || :; } 3>&2 2>&1 1>&3
        rm -rf @2@/manual
        mv @2@/html @2@/manual
@@ -98,7 +94,6 @@ manual = custom_target(
      mdbook.full_path(),
      meson.current_build_dir(),
      meson.project_version(),
-      rsync.full_path(),
    ),
  ],
  input : [
@@ -123,8 +118,8 @@ manual = custom_target(
  ],
  depfile : 'manual.d',
  env : {
-    'RUST_LOG' : 'info',
-    'MDBOOK_SUBSTITUTE_SEARCH' : meson.current_build_dir() / 'source',
+    'RUST_LOG': 'info',
+    'MDBOOK_SUBSTITUTE_SEARCH': meson.current_build_dir() / 'source',
  },
 )
 manual_html = manual[0]
@@ -136,8 +131,7 @@ install_subdir(
 )

 nix_nested_manpages = [
-  [
-    'nix-env',
+  [ 'nix-env',
    [
      'delete-generations',
      'install',
@@ -152,8 +146,7 @@ nix_nested_manpages = [
      'upgrade',
    ],
  ],
-  [
-    'nix-store',
+  [ 'nix-store',
    [
      'add-fixed',
      'add',
@@ -253,11 +246,11 @@ nix3_manpages = [
  'nix3-nar',
  'nix3-path-info',
  'nix3-print-dev-env',
-  'nix3-profile',
-  'nix3-profile-add',
  'nix3-profile-diff-closures',
  'nix3-profile-history',
+  'nix3-profile-install',
  'nix3-profile-list',
+  'nix3-profile',
  'nix3-profile-remove',
  'nix3-profile-rollback',
  'nix3-profile-upgrade',
--- a/doc/manual/package.nix
+++ b/doc/manual/package.nix
@@ -46,23 +46,24 @@ mkMesonDerivation (finalAttrs: {
  ];

  # Hack for sake of the dev shell
-  passthru.externalNativeBuildInputs = [
-    meson
-    ninja
-    (lib.getBin lowdown-unsandboxed)
-    mdbook
-    mdbook-linkcheck
-    jq
-    python3
-    rsync
-    changelog-d
-  ]
-  ++ lib.optionals (!officialRelease) [
-    # When not an official release, we likely have changelog entries that have
-    # yet to be rendered.
-    # When released, these are rendered into a committed file to save a dependency.
-    changelog-d
-  ];
+  passthru.externalNativeBuildInputs =
+    [
+      meson
+      ninja
+      (lib.getBin lowdown-unsandboxed)
+      mdbook
+      mdbook-linkcheck
+      jq
+      python3
+      rsync
+      changelog-d
+    ]
+    ++ lib.optionals (!officialRelease) [
+      # When not an official release, we likely have changelog entries that have
+      # yet to be rendered.
+      # When released, these are rendered into a committed file to save a dependency.
+      changelog-d
+    ];

  nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [
    nix-cli
--- a/doc/manual/rl-next/c-api-recoverable-errors.md
+++ b/doc/manual/rl-next/c-api-recoverable-errors.md
@@ -1,23 +0,0 @@
---
-synopsis: "C API: Errors returned from your primops are not treated as recoverable by default"
-prs: [13930]
---
-
-Nix 2.32 by default remembers the error in the thunk that triggered it.
-
-Previously the following sequence of events worked:
-
-1. Have a thunk that invokes a primop that's defined through the C API
-2. The primop returns an error
-3. Force the thunk again
-4. The primop returns a value
-5. The thunk evaluated successfully
-
-**Resolution**
-
-C API consumers that rely on this must change their recoverable error calls:
-
-```diff
-nix_set_err_msg(context, NIX_ERR_*, msg);
-+nix_set_err_msg(context, NIX_ERR_RECOVERABLE, msg);
-```
--- a/doc/manual/rl-next/dropped-compat.md
+++ b/doc/manual/rl-next/dropped-compat.md
@@ -1,6 +0,0 @@
---
-synopsis: "Removed support for daemons and clients older than Nix 2.0"
-prs: [13951]
---
-
-We have dropped support in the daemon worker protocol for daemons and clients that don't speak at least version 18 of the protocol. This first Nix release that supports this version is Nix 2.0, released in February 2018.
--- a/doc/manual/rl-next/shorter-build-dir-names.md
+++ b/doc/manual/rl-next/shorter-build-dir-names.md
@@ -1,6 +0,0 @@
---
-synopsis: "Temporary build directories no longer include derivation names"
-prs: [13839]
---
-
-Temporary build directories created during derivation builds no longer include the derivation name in their path to avoid build failures when the derivation name is too long. This change ensures predictable prefix lengths for build directories under `/nix/var/nix/builds`.
--- a/doc/manual/source/SUMMARY.md.in
+++ b/doc/manual/source/SUMMARY.md.in
@@ -57,7 +57,6 @@
  - [Tuning Cores and Jobs](advanced-topics/cores-vs-jobs.md)
  - [Verifying Build Reproducibility](advanced-topics/diff-hook.md)
  - [Using the `post-build-hook`](advanced-topics/post-build-hook.md)
-  - [Evaluation profiler](advanced-topics/eval-profiler.md)
 - [Command Reference](command-ref/index.md)
  - [Common Options](command-ref/opt-common.md)
  - [Common Environment Variables](command-ref/env-common.md)
@@ -128,7 +127,6 @@
 - [Development](development/index.md)
  - [Building](development/building.md)
  - [Testing](development/testing.md)
-  - [Benchmarking](development/benchmarking.md)
  - [Debugging](development/debugging.md)
  - [Documentation](development/documentation.md)
  - [CLI guideline](development/cli-guideline.md)
@@ -138,8 +136,6 @@
  - [Contributing](development/contributing.md)
 - [Releases](release-notes/index.md)
 {{#include ./SUMMARY-rl-next.md}}
-  - [Release 2.31 (2025-08-21)](release-notes/rl-2.31.md)
-  - [Release 2.30 (2025-07-07)](release-notes/rl-2.30.md)
  - [Release 2.29 (2025-05-14)](release-notes/rl-2.29.md)
  - [Release 2.28 (2025-04-02)](release-notes/rl-2.28.md)
  - [Release 2.27 (2025-03-03)](release-notes/rl-2.27.md)
--- a/doc/manual/source/advanced-topics/eval-profiler.md
+++ b/doc/manual/source/advanced-topics/eval-profiler.md
@@ -1,33 +0,0 @@
-# Using the `eval-profiler`
-
-Nix evaluator supports [evaluation](@docroot@/language/evaluation.md)
-[profiling](<https://en.wikipedia.org/wiki/Profiling_(computer_programming)>)
-compatible with `flamegraph.pl`. The profiler samples the nix
-function call stack at regular intervals. It can be enabled with the
-[`eval-profiler`](@docroot@/command-ref/conf-file.md#conf-eval-profiler)
-setting:
-
-```console
-$ nix-instantiate "<nixpkgs>" -A hello --eval-profiler flamegraph
-```
-
-Stack sampling frequency and the output file path can be configured with
-[`eval-profile-file`](@docroot@/command-ref/conf-file.md#conf-eval-profile-file)
-and [`eval-profiler-frequency`](@docroot@/command-ref/conf-file.md#conf-eval-profiler-frequency).
-By default the collected profile is saved to `nix.profile` file in the current working directory.
-
-The collected profile can be directly consumed by `flamegraph.pl`:
-
-```console
-$ flamegraph.pl nix.profile > flamegraph.svg
-```
-
-The line information in the profile contains the location of the [call
-site](https://en.wikipedia.org/wiki/Call_site) position and the name of the
-function being called (when available). For example:
-
-```
-/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5:primop import
-```
-
-Here `import` primop is called at `/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5`.
--- a/doc/manual/source/command-ref/env-common.md
+++ b/doc/manual/source/command-ref/env-common.md
@@ -75,7 +75,7 @@ Most Nix commands interpret the following environment variables:
 - <span id="env-NIX_CONF_DIR">[`NIX_CONF_DIR`](#env-NIX_CONF_DIR)</span>

  Overrides the location of the system Nix configuration directory
-  (default `sysconfdir/nix`, i.e. `/etc/nix` on most systems).
+  (default `prefix/etc/nix`).

 - <span id="env-NIX_CONFIG">[`NIX_CONFIG`](#env-NIX_CONFIG)</span>

--- a/doc/manual/source/command-ref/meson.build
+++ b/doc/manual/source/command-ref/meson.build
@@ -1,12 +1,13 @@
 xp_features_json = custom_target(
-  command : [ nix, '__dump-xp-features' ],
+  command : [nix, '__dump-xp-features'],
  capture : true,
  output : 'xp-features.json',
 )

 experimental_features_shortlist_md = custom_target(
  command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
+    '--expr',
+    'import @INPUT0@ (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
  ],
  input : [
    '../../generate-xp-features-shortlist.nix',
@@ -18,8 +19,14 @@ experimental_features_shortlist_md = custom_target(
 )

 nix3_cli_files = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', 'import @INPUT1@ true (builtins.readFile ./@INPUT2@)',
+  command : [
+    python.full_path(),
+    '@INPUT0@',
+    '@OUTPUT@',
+    '--'
+  ] + nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT1@ true (builtins.readFile ./@INPUT2@)',
  ],
  input : [
    '../../remove_before_wrapper.py',
@@ -33,7 +40,8 @@ nix3_cli_files = custom_target(
 conf_file_md_body = custom_target(
  command : [
    nix_eval_for_docs,
-    '--expr', 'import @INPUT0@ { prefix = "conf"; } (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
+    '--expr',
+    'import @INPUT0@ { prefix = "conf"; } (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
  ],
  capture : true,
  input : [
--- a/doc/manual/source/command-ref/nix-channel.md
+++ b/doc/manual/source/command-ref/nix-channel.md
@@ -53,11 +53,6 @@ This command has the following operations:
  Download the Nix expressions of subscribed channels and create a new generation.
  Update all channels if none is specified, and only those included in *names* otherwise.

-  > **Note**
-  >
-  > Downloaded channel contents are cached.
-  > Use `--tarball-ttl` or the [`tarball-ttl` configuration option](@docroot@/command-ref/conf-file.md#conf-tarball-ttl) to change the validity period of cached downloads.
-
 - `--list-generations`

  Prints a list of all the current existing generations for the
--- a/doc/manual/source/development/benchmarking.md
+++ b/doc/manual/source/development/benchmarking.md
@@ -1,187 +0,0 @@
-# Running Benchmarks
-
-This guide explains how to build and run performance benchmarks in the Nix codebase.
-
-## Overview
-
-Nix uses the [Google Benchmark](https://github.com/google/benchmark) framework for performance testing. Benchmarks help measure and track the performance of critical operations like derivation parsing.
-
-## Building Benchmarks
-
-Benchmarks are disabled by default and must be explicitly enabled during the build configuration. For accurate results, use a debug-optimized release build.
-
-### Development Environment Setup
-
-First, enter the development shell which includes the necessary dependencies:
-
-```bash
-nix develop .#native-ccacheStdenv
-```
-
-### Configure Build with Benchmarks
-
-From the project root, configure the build with benchmarks enabled and optimization:
-
-```bash
-cd build
-meson configure -Dbenchmarks=true -Dbuildtype=debugoptimized
-```
-
-The `debugoptimized` build type provides:
- Compiler optimizations for realistic performance measurements
- Debug symbols for profiling and analysis
- Balance between performance and debuggability
-
-### Build the Benchmarks
-
-Build the project including benchmarks:
-
-```bash
-ninja
-```
-
-This will create benchmark executables in the build directory. Currently available:
- `build/src/libstore-tests/nix-store-benchmarks` - Store-related performance benchmarks
-
-Additional benchmark executables will be created as more benchmarks are added to the codebase.
-
-## Running Benchmarks
-
-### Basic Usage
-
-Run benchmark executables directly. For example, to run store benchmarks:
-
-```bash
-./build/src/libstore-tests/nix-store-benchmarks
-```
-
-As more benchmark executables are added, run them similarly from their respective build directories.
-
-### Filtering Benchmarks
-
-Run specific benchmarks using regex patterns:
-
-```bash
-# Run only derivation parser benchmarks
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter="derivation.*"
-
-# Run only benchmarks for hello.drv
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter=".*hello.*"
-```
-
-### Output Formats
-
-Generate benchmark results in different formats:
-
-```bash
-# JSON output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > results.json
-
-# CSV output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=csv > results.csv
-```
-
-### Advanced Options
-
-```bash
-# Run benchmarks multiple times for better statistics
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_repetitions=10
-
-# Set minimum benchmark time (useful for micro-benchmarks)
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_min_time=2
-
-# Compare against baseline
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-
-# Display time in custom units
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_time_unit=ms
-```
-
-## Writing New Benchmarks
-
-To add new benchmarks:
-
-1. Create a new `.cc` file in the appropriate `*-tests` directory
-2. Include the benchmark header:
-   ```cpp
-   #include <benchmark/benchmark.h>
-   ```
-
-3. Write benchmark functions:
-   ```cpp
-   static void BM_YourBenchmark(benchmark::State & state)
-   {
-       // Setup code here
-
-       for (auto _ : state) {
-           // Code to benchmark
-       }
-   }
-   BENCHMARK(BM_YourBenchmark);
-   ```
-
-4. Add the file to the corresponding `meson.build`:
-   ```meson
-   benchmarks_sources = files(
-       'your-benchmark.cc',
-       # existing benchmarks...
-   )
-   ```
-
-## Profiling with Benchmarks
-
-For deeper performance analysis, combine benchmarks with profiling tools:
-
-```bash
-# Using Linux perf
-perf record ./build/src/libstore-tests/nix-store-benchmarks
-perf report
-```
-
-### Using Valgrind Callgrind
-
-Valgrind's callgrind tool provides detailed profiling information that can be visualized with kcachegrind:
-
-```bash
-# Profile with callgrind
-valgrind --tool=callgrind ./build/src/libstore-tests/nix-store-benchmarks
-
-# Visualize the results with kcachegrind
-kcachegrind callgrind.out.*
-```
-
-This provides:
- Function call graphs
- Instruction-level profiling
- Source code annotation
- Interactive visualization of performance bottlenecks
-
-## Continuous Performance Testing
-
-```bash
-# Save baseline results
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > baseline.json
-
-# Compare against baseline in CI
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-```
-
-## Troubleshooting
-
-### Benchmarks not building
-
-Ensure benchmarks are enabled:
-```bash
-meson configure build | grep benchmarks
-# Should show: benchmarks true
-```
-
-### Inconsistent results
-
- Ensure your system is not under heavy load
- Disable CPU frequency scaling for consistent results
- Run benchmarks multiple times with `--benchmark_repetitions`
-
-## See Also
-
- [Google Benchmark documentation](https://github.com/google/benchmark/blob/main/docs/user_guide.md)
--- a/doc/manual/source/development/building.md
+++ b/doc/manual/source/development/building.md
@@ -34,7 +34,7 @@ $ nix-shell --attr devShells.x86_64-linux.native-clangStdenvPackages
 To build Nix itself in this shell:

 ```console
-[nix-shell]$ out="$(pwd)/outputs/out" dev=$out debug=$out mesonFlags+=" --prefix=${out}"
+[nix-shell]$ mesonFlags+=" --prefix=$(pwd)/outputs/out"
 [nix-shell]$ dontAddPrefix=1 configurePhase
 [nix-shell]$ buildPhase
 ```
@@ -215,18 +215,14 @@ nix build .#nix-everything-x86_64-w64-mingw32

 For historic reasons and backward-compatibility, some CPU and OS identifiers are translated as follows:

-| `host_machine.cpu_family()` | `host_machine.endian()` | Nix                 |
-|-----------------------------|-------------------------|---------------------|
-| `x86`                       |                         | `i686`              |
-| `arm`                       |                         | `host_machine.cpu()`|
-| `ppc`                       | `little`                | `powerpcle`         |
-| `ppc64`                     | `little`                | `powerpc64le`       |
-| `ppc`                       | `big`                   | `powerpc`           |
-| `ppc64`                     | `big`                   | `powerpc64`         |
-| `mips`                      | `little`                | `mipsel`            |
-| `mips64`                    | `little`                | `mips64el`          |
-| `mips`                      | `big`                   | `mips`              |
-| `mips64`                    | `big`                   | `mips64`            |
+| `config.guess`             | Nix                 |
+|----------------------------|---------------------|
+| `amd64`                    | `x86_64`            |
+| `i*86`                     | `i686`              |
+| `arm6`                     | `arm6l`             |
+| `arm7`                     | `arm7l`             |
+| `linux-gnu*`               | `linux`             |
+| `linux-musl*`              | `linux`             |

 ## Compilation environments

--- a/doc/manual/source/development/meson.build
+++ b/doc/manual/source/development/meson.build
@@ -1,6 +1,7 @@
 experimental_feature_descriptions_md = custom_target(
  command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
+    '--expr',
+    'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
  ],
  input : [
    '../../generate-xp-features.nix',
--- a/doc/manual/source/glossary.md
+++ b/doc/manual/source/glossary.md
@@ -31,22 +31,9 @@

  The industry term for storage and retrieval systems using [content addressing](#gloss-content-address). A Nix store also has [input addressing](#gloss-input-addressed-store-object), and metadata.

- [derivation]{#gloss-derivation}
-
-  A derivation can be thought of as a [pure function](https://en.wikipedia.org/wiki/Pure_function) that produces new [store objects][store object] from existing store objects.
-
-  Derivations are implemented as [operating system processes that run in a sandbox](@docroot@/store/building.md#builder-execution).
-  This sandbox by default only allows reading from store objects specified as inputs, and only allows writing to designated [outputs][output] to be [captured as store objects](@docroot@/store/building.md#processing-outputs).
-
-  A derivation is typically specified as a [derivation expression] in the [Nix language], and [instantiated][instantiate] to a [store derivation].
-  There are multiple ways of obtaining store objects from store derivatons, collectively called [realisation][realise].
-
-  [derivation]: #gloss-derivation
-
 - [store derivation]{#gloss-store-derivation}

-  A [derivation] represented as a [store object].
-
+  A single build task.
  See [Store Derivation](@docroot@/store/derivation/index.md#store-derivation) for details.

  [store derivation]: #gloss-store-derivation
@@ -70,7 +57,10 @@

 - [derivation expression]{#gloss-derivation-expression}

-  A description of a [store derivation] using the [`derivation` primitive](./language/derivations.md) in the [Nix language].
+  A description of a [store derivation] in the Nix language.
+  The output(s) of a derivation are store objects.
+  Derivations are typically specified in Nix expressions using the [`derivation` primitive](./language/derivations.md).
+  These are translated into store layer *derivations* (implicitly by `nix-env` and `nix-build`, or explicitly by `nix-instantiate`).

  [derivation expression]: #gloss-derivation-expression

--- a/doc/manual/source/installation/installing-binary.md
+++ b/doc/manual/source/installation/installing-binary.md
@@ -25,7 +25,7 @@ This performs the default type of installation for your platform:

 We recommend the multi-user installation if it supports your platform and you can authenticate with `sudo`.

-The installer can be configured with various command line arguments and environment variables.
+The installer can configured with various command line arguments and environment variables.
 To show available command line flags:

 ```console
--- a/doc/manual/source/installation/prerequisites-source.md
+++ b/doc/manual/source/installation/prerequisites-source.md
@@ -10,7 +10,7 @@
  - Bash Shell. The `./configure` script relies on bashisms, so Bash is
    required.

-  - A version of GCC or Clang that supports C++23.
+  - A version of GCC or Clang that supports C++20.

  - `pkg-config` to locate dependencies. If your distribution does not
    provide it, you can get it from
--- a/doc/manual/source/installation/uninstall.md
+++ b/doc/manual/source/installation/uninstall.md
@@ -41,38 +41,6 @@ There may also be references to Nix in

 which you may remove.

-### FreeBSD
-
-1. Stop and remove the Nix daemon service:
-
-   ```console
-   sudo service nix-daemon stop
-   sudo rm -f /usr/local/etc/rc.d/nix-daemon
-   sudo sysrc -x nix_daemon_enable
-   ```
-
-2. Remove files created by Nix:
-
-   ```console
-   sudo rm -rf /etc/nix /usr/local/etc/profile.d/nix.sh /nix ~root/.nix-channels ~root/.nix-defexpr ~root/.nix-profile ~root/.cache/nix
-   ```
-
-3. Remove build users and their group:
-
-   ```console
-   for i in $(seq 1 32); do
-     sudo pw userdel nixbld$i
-   done
-   sudo pw groupdel nixbld
-   ```
-
-4. There may also be references to Nix in:
-   - `/usr/local/etc/bashrc`
-   - `/usr/local/etc/zshrc`
-   - Shell configuration files in users' home directories
-
-   which you may remove.
-
 ### macOS

 > **Updating to macOS 15 Sequoia**
--- a/doc/manual/source/language/advanced-attributes.md
+++ b/doc/manual/source/language/advanced-attributes.md
@@ -53,13 +53,23 @@ Derivations can declare some infrequently used optional attributes.

  - [`__structuredAttrs`]{#adv-attr-structuredAttrs}\
    If the special attribute `__structuredAttrs` is set to `true`, the other derivation
-    attributes are serialised into a file in JSON format.
+    attributes are serialised into a file in JSON format. The environment variable
+    `NIX_ATTRS_JSON_FILE` points to the exact location of that file both in a build
+    and a [`nix-shell`](../command-ref/nix-shell.md). This obviates the need for
+    [`passAsFile`](#adv-attr-passAsFile) since JSON files have no size restrictions,
+    unlike process environments.

-    This obviates the need for [`passAsFile`](#adv-attr-passAsFile) since JSON files have no size restrictions, unlike process environments.
-    It also makes it possible to tweak derivation settings in a structured way;
-    see [`outputChecks`](#adv-attr-outputChecks) for example.
+    It also makes it possible to tweak derivation settings in a structured way; see
+    [`outputChecks`](#adv-attr-outputChecks) for example.

-    See the [corresponding section in the derivation page](@docroot@/store/derivation/index.md#structured-attrs) for further details.
+    As a convenience to Bash builders,
+    Nix writes a script that initialises shell variables
+    corresponding to all attributes that are representable in Bash. The
+    environment variable `NIX_ATTRS_SH_FILE` points to the exact
+    location of the script, both in a build and a
+    [`nix-shell`](../command-ref/nix-shell.md). This includes non-nested
+    (associative) arrays. For example, the attribute `hardening.format = true`
+    ends up as the Bash associative array element `${hardening[format]}`.

    > **Warning**
    >
@@ -160,6 +170,7 @@ See the [corresponding section in the derivation output page](@docroot@/store/de
 ## Other output modifications

  - [`unsafeDiscardReferences`]{#adv-attr-unsafeDiscardReferences}\
+
    When using [structured attributes](#adv-attr-structuredAttrs), the
    attribute `unsafeDiscardReferences` is an attribute set with a boolean value for each output name.
    If set to `true`, it disables scanning the output for runtime dependencies.
@@ -194,6 +205,7 @@ See the [corresponding section in the derivation output page](@docroot@/store/de
    [`builder`]: ./derivations.md#attr-builder

 - [`requiredSystemFeatures`]{#adv-attr-requiredSystemFeatures}\
+
  If a derivation has the `requiredSystemFeatures` attribute, then Nix will only build it on a machine that has the corresponding features set in its [`system-features` configuration](@docroot@/command-ref/conf-file.md#conf-system-features).

  For example, setting
--- a/doc/manual/source/language/index.md
+++ b/doc/manual/source/language/index.md
@@ -1,6 +1,6 @@
 # Nix Language

-The Nix language is designed for conveniently creating and composing [derivations](@docroot@/glossary.md#gloss-derivation) – precise descriptions of how contents of existing files are used to derive new files.
+The Nix language is designed for conveniently creating and composing *derivations* – precise descriptions of how contents of existing files are used to derive new files.

 > **Tip**
 >
--- a/doc/manual/source/language/meson.build
+++ b/doc/manual/source/language/meson.build
@@ -1,13 +1,19 @@
 builtins_md = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', '(builtins.readFile @INPUT3@) + import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)) + (builtins.readFile @INPUT4@)',
+  command : [
+    python.full_path(),
+    '@INPUT0@',
+    '@OUTPUT@',
+    '--'
+  ] + nix_eval_for_docs + [
+    '--expr',
+    '(builtins.readFile @INPUT3@) + import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)) + (builtins.readFile @INPUT4@)',
  ],
  input : [
    '../../remove_before_wrapper.py',
    '../../generate-builtins.nix',
    language_json,
    'builtins-prefix.md',
-    'builtins-suffix.md',
+    'builtins-suffix.md'
  ],
  output : 'builtins.md',
  env : nix_env_for_docs,
--- a/doc/manual/source/language/operators.md
+++ b/doc/manual/source/language/operators.md
@@ -196,7 +196,7 @@ All comparison operators are implemented in terms of `<`, and the following equi

 ## Logical implication

-Equivalent to `!`*b1* `||` *b2*  (or `if` *b1* `then` *b2* `else true`)
+Equivalent to `!`*b1* `||` *b2*.

 [Logical implication]: #logical-implication

--- a/doc/manual/source/language/syntax.md
+++ b/doc/manual/source/language/syntax.md
@@ -225,8 +225,8 @@ passed in first , e.g.,

 ```nix
 let add = { __functor = self: x: x + self.x; };
-    inc = add // { x = 1; }; # inc is { x = 1; __functor = (...) }
-in inc 1 # equivalent of `add.__functor add 1` i.e. `1 + self.x`
+    inc = add // { x = 1; };
+in inc 1
 ```

 evaluates to `2`. This can be used to attach metadata to a function
--- a/doc/manual/source/meson.build
+++ b/doc/manual/source/meson.build
@@ -1,8 +1,7 @@
 summary_rl_next = custom_target(
  command : [
    bash,
-    '-euo',
-    'pipefail',
+    '-euo', 'pipefail',
    '-c',
    '''
      if [ -e "@INPUT@" ]; then
@@ -13,6 +12,6 @@ summary_rl_next = custom_target(
  input : [
    rl_next_generated,
  ],
-  capture : true,
+  capture: true,
  output : 'SUMMARY-rl-next.md',
 )
--- a/doc/manual/source/package-management/garbage-collector-roots.md
+++ b/doc/manual/source/package-management/garbage-collector-roots.md
@@ -12,7 +12,7 @@ $ ln -s /nix/store/d718ef...-foo /nix/var/nix/gcroots/bar
 That is, after this command, the garbage collector will not remove
 `/nix/store/d718ef...-foo` or any of its dependencies.

-Subdirectories of `prefix/nix/var/nix/gcroots` are searched
-recursively. Symlinks to store paths count as roots. Symlinks to
-non-store paths are ignored, unless the non-store path is itself a
-symlink to a store path.
+Subdirectories of `prefix/nix/var/nix/gcroots` are also searched for
+symlinks. Symlinks to non-store paths are followed and searched for
+roots, but symlinks to non-store paths *inside* the paths reached in
+that way are not followed to prevent infinite recursion.
--- a/doc/manual/source/protocols/json/derivation.md
+++ b/doc/manual/source/protocols/json/derivation.md
@@ -91,7 +91,3 @@ is a JSON object with the following fields:

 * `env`:
  The environment passed to the `builder`.
-
-* `structuredAttrs`:
-  [Strucutured Attributes](@docroot@/store/derivation/index.md#structured-attrs), only defined if the derivation contains them.
-  Structured attributes are JSON, and thus embedded as-is.
--- a/doc/manual/source/protocols/nix-archive.md
+++ b/doc/manual/source/protocols/nix-archive.md
@@ -24,7 +24,7 @@ nar-obj-inner
  | str("type"), str("directory") directory
  ;

-regular = [ str("executable") ], str("contents"), str(contents);
+regular = [ str("executable"), str("") ], str("contents"), str(contents);

 symlink = str("target"), str(target);

--- a/doc/manual/source/release-notes/rl-2.24.md
+++ b/doc/manual/source/release-notes/rl-2.24.md
@@ -269,7 +269,7 @@
  e.g. `--warn-large-path-threshold 100M`.


-## Contributors
+# Contributors

 This release was made possible by the following 43 contributors:

--- a/doc/manual/source/release-notes/rl-2.25.md
+++ b/doc/manual/source/release-notes/rl-2.25.md
@@ -77,7 +77,7 @@
  `<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It's not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue.


-## Contributors
+# Contributors

 This release was made possible by the following 58 contributors:

--- a/doc/manual/source/release-notes/rl-2.26.md
+++ b/doc/manual/source/release-notes/rl-2.26.md
@@ -76,7 +76,7 @@

 - Evaluation caching now works for dirty Git workdirs [#11992](https://github.com/NixOS/nix/pull/11992)

-## Contributors
+# Contributors

 This release was made possible by the following 45 contributors:

--- a/doc/manual/source/release-notes/rl-2.27.md
+++ b/doc/manual/source/release-notes/rl-2.27.md
@@ -47,7 +47,7 @@
  blake3-34P4p+iZXcbbyB1i4uoF7eWCGcZHjmaRn6Y7QdynLwU=
  ```

-## Contributors
+# Contributors

 This release was made possible by the following 21 contributors:

--- a/doc/manual/source/release-notes/rl-2.28.md
+++ b/doc/manual/source/release-notes/rl-2.28.md
@@ -82,7 +82,7 @@ This completes the infrastructure overhaul for the [RFC 132](https://github.com/
  Although this change is not as critical, we figured it would be good to do this API change at the same time, also.
  Also note that we try to keep the C API compatible, but we decided to break this function because it was young and likely not in widespread use yet. This frees up time to make important progress on the rest of the C API.

-## Contributors
+# Contributors

 This earlier-than-usual release was made possible by the following 16 contributors:

--- a/doc/manual/source/release-notes/rl-2.29.md
+++ b/doc/manual/source/release-notes/rl-2.29.md
@@ -111,7 +111,7 @@ This fact is counterbalanced by the fact that most of those changes are bug fixe
  This in particular prevents parts of GCC 14's diagnostics from being improperly filtered away.


-## Contributors
+# Contributors


 This release was made possible by the following 40 contributors:
--- a/doc/manual/source/release-notes/rl-2.30.md
+++ b/doc/manual/source/release-notes/rl-2.30.md
@@ -1,153 +0,0 @@
-# Release 2.30.0 (2025-07-07)
-
-## Backward-incompatible changes and deprecations
-
- [`build-dir`] no longer defaults to `$TMPDIR`
-
-  The directory in which temporary build directories are created no longer defaults
-  to `TMPDIR` or `/tmp`, to avoid builders making their directories
-  world-accessible. This behavior allowed escaping the build sandbox and can
-  cause build impurities even when not used maliciously. We now default to `builds`
-  in `NIX_STATE_DIR` (which is `/nix/var/nix/builds` in the default configuration).
-
- Deprecate manually making structured attrs using the `__json` attribute [#13220](https://github.com/NixOS/nix/pull/13220)
-
-  The proper way to create a derivation using [structured attrs] in the Nix language is by using `__structuredAttrs = true` with [`builtins.derivation`].
-  However, by exploiting how structured attrs are implementated, it has also been possible to create them by setting the `__json` environment variable to a serialized JSON string.
-  This sneaky alternative method is now deprecated, and may be disallowed in future versions of Nix.
-
-  [structured attrs]: @docroot@/language/advanced-attributes.md#adv-attr-structuredAttrs
-  [`builtins.derivation`]: @docroot@/language/builtins.html#builtins-derivation
-
- Rename `nix profile install` to [`nix profile add`] [#13224](https://github.com/NixOS/nix/pull/13224)
-
-  The command `nix profile install` has been renamed to [`nix profile add`] (though the former is still available as an alias). This is because the verb "add" is a better antonym for the verb "remove" (i.e. `nix profile remove`). Nix also does not have install hooks or general behavior often associated with "installing".
-
-## Performance improvements
-
-This release has a number performance improvements, in particular:
-
- Reduce the size of value from 24 to 16 bytes [#13407](https://github.com/NixOS/nix/pull/13407)
-
-  This shaves off a very significant amount of memory used for evaluation (~20% percent reduction in maximum heap size and ~17% in total bytes).
-
-## Features
-
- Add [stack sampling evaluation profiler] [#13220](https://github.com/NixOS/nix/pull/13220)
-
-  The Nix evaluator now supports [stack sampling evaluation profiling](@docroot@/advanced-topics/eval-profiler.md) via the [`--eval-profiler flamegraph`] setting.
-  It outputs collapsed call stack information to the file specified by
-  [`--eval-profile-file`] (`nix.profile` by default) in a format directly consumable
-  by `flamegraph.pl` and compatible tools like [speedscope](https://speedscope.app/).
-  Sampling frequency can be configured via [`--eval-profiler-frequency`] (99 Hz by default).
-
-  Unlike the existing [`--trace-function-calls`], this profiler includes the name of the function
-  being called when it's available.
-
- [`nix repl`] prints which variables were loaded [#11406](https://github.com/NixOS/nix/pull/11406)
-
-  Instead of `Added <n> variables` it now prints the first 10 variables that were added to the global scope.
-
- `nix flake archive`: Add [`--no-check-sigs`] option [#13277](https://github.com/NixOS/nix/pull/13277)
-
-  This is useful when using [`nix flake archive`] with the destination set to a remote store.
-
- Emit warnings for IFDs with [`trace-import-from-derivation`] option [#13279](https://github.com/NixOS/nix/pull/13279)
-
-  While we have the setting [`allow-import-from-derivation`] to deny import-from-derivation (IFD), sometimes users would like to observe IFDs during CI processes to gradually phase out the idiom. The new setting `trace-import-from-derivation`, when set, logs a simple warning to the console.
-
- `json-log-path` setting [#13003](https://github.com/NixOS/nix/pull/13003)
-
-  New setting [`json-log-path`] that sends a copy of all Nix log messages (in JSON format) to a file or Unix domain socket.
-
- Non-flake inputs now contain a `sourceInfo` attribute [#13164](https://github.com/NixOS/nix/issues/13164) [#13170](https://github.com/NixOS/nix/pull/13170)
-
-  Flakes have always had a `sourceInfo` attribute which describes the source of the flake.
-  The `sourceInfo.outPath` is often identical to the flake's `outPath`. However, it can differ when the flake is located in a subdirectory of its source.
-
-  Non-flake inputs (i.e. inputs with [`flake = false`]) can also be located at some path _within_ a wider source.
-  This usually happens when defining a relative path input within the same source as the parent flake, e.g. `inputs.foo.url = ./some-file.nix`.
-  Such relative inputs will now inherit their parent's `sourceInfo`.
-
-  This also means it is now possible to use `?dir=subdir` on non-flake inputs.
-
-  This iterates on the work done in 2.26 to improve relative path support ([#10089](https://github.com/NixOS/nix/pull/10089)),
-  and resolves a regression introduced in 2.28 relating to nested relative path inputs ([#13164](https://github.com/NixOS/nix/issues/13164)).
-
-## Miscellaneous changes
-
- [`builtins.sort`] uses PeekSort [#12623](https://github.com/NixOS/nix/pull/12623)
-
-  Previously it used libstdc++'s `std::stable_sort()`. However, that implementation is not reliable if the user-supplied comparison function is not a strict weak ordering.
-
- Revert incomplete closure mixed download and build feature [#77](https://github.com/NixOS/nix/issues/77) [#12628](https://github.com/NixOS/nix/issues/12628) [#13176](https://github.com/NixOS/nix/pull/13176)
-
-  Since Nix 1.3 ([commit `299141e`] in 2013) Nix has attempted to mix together upstream fresh builds and downstream substitutions when remote substuters contain an "incomplete closure" (have some store objects, but not the store objects they reference).
-  This feature is now removed.
-
-  In the worst case, removing this feature could cause more building downstream, but it should not cause outright failures, since this is not happening for opaque store objects that we don't know how to build if we decide not to substitute.
-  In practice, however, we doubt even more building is very likely to happen.
-  Remote stores that are missing dependencies in arbitrary ways (e.g. corruption) don't seem to be very common.
-
-  On the contrary, when remote stores fail to implement the [closure property](@docroot@/store/store-object.md#closure-property), it is usually an *intentional* choice on the part of the remote store, because it wishes to serve as an "overlay" store over another store, such as `https://cache.nixos.org`.
-  If an "incomplete closure" is encountered in that situation, the right fix is not to do some sort of "franken-building" as this feature implemented, but instead to make sure both substituters are enabled in the settings.
-
-  (In the future, we should make it easier for remote stores to indicate this to clients, to catch settings that won't work in general before a missing dependency is actually encountered.)
-
-## Contributors
-
-This release was made possible by the following 32 contributors:
-
- Cole Helbling [**(@cole-h)**](https://github.com/cole-h)
- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra)
- Egor Konovalov [**(@egorkonovalov)**](https://github.com/egorkonovalov)
- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria)
- Graham Christensen [**(@grahamc)**](https://github.com/grahamc)
- gustavderdrache [**(@gustavderdrache)**](https://github.com/gustavderdrache)
- Gwenn Le Bihan [**(@gwennlbh)**](https://github.com/gwennlbh)
- h0nIg [**(@h0nIg)**](https://github.com/h0nIg)
- Jade Masker [**(@donottellmetonottellyou)**](https://github.com/donottellmetonottellyou)
- jayeshv [**(@jayeshv)**](https://github.com/jayeshv)
- Jeremy Fleischman [**(@jfly)**](https://github.com/jfly)
- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
- Jonas Chevalier [**(@zimbatm)**](https://github.com/zimbatm)
- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92)
- kstrafe [**(@kstrafe)**](https://github.com/kstrafe)
- Luc Perkins [**(@lucperkins)**](https://github.com/lucperkins)
- Matt Sturgeon [**(@MattSturgeon)**](https://github.com/MattSturgeon)
- Nikita Krasnov [**(@synalice)**](https://github.com/synalice)
- Peder Bergebakken Sundt [**(@pbsds)**](https://github.com/pbsds)
- pennae [**(@pennae)**](https://github.com/pennae)
- Philipp Otterbein
- Pol Dellaiera [**(@drupol)**](https://github.com/drupol)
- PopeRigby [**(@poperigby)**](https://github.com/poperigby)
- Raito Bezarius
- Robert Hensing [**(@roberth)**](https://github.com/roberth)
- Samuli Thomasson [**(@SimSaladin)**](https://github.com/SimSaladin)
- Sergei Zimmerman [**(@xokdvium)**](https://github.com/xokdvium)
- Seth Flynn [**(@getchoo)**](https://github.com/getchoo)
- Stefan Boca [**(@stefanboca)**](https://github.com/stefanboca)
- tomberek [**(@tomberek)**](https://github.com/tomberek)
- Tristan Ross [**(@RossComputerGuy)**](https://github.com/RossComputerGuy)
- Valentin Gagarin [**(@fricklerhandwerk)**](https://github.com/fricklerhandwerk)
- Vladimír Čunát [**(@vcunat)**](https://github.com/vcunat)
- Wolfgang Walther [**(@wolfgangwalther)**](https://github.com/wolfgangwalther)
-
-<!-- markdown links -->
-[stack sampling evaluation profiler]: @docroot@/advanced-topics/eval-profiler.md
-[`--eval-profiler`]: @docroot@/command-ref/conf-file.md#conf-eval-profiler
-[`--eval-profiler flamegraph`]: @docroot@/command-ref/conf-file.md#conf-eval-profiler
-[`--trace-function-calls`]: @docroot@/command-ref/conf-file.md#conf-trace-function-calls
-[`--eval-profile-file`]: @docroot@/command-ref/conf-file.md#conf-eval-profile-file
-[`--eval-profiler-frequency`]: @docroot@/command-ref/conf-file.md#conf-eval-profiler-frequency
-[`build-dir`]: @docroot@/command-ref/conf-file.md#conf-build-dir
-[`nix profile add`]: @docroot@/command-ref/new-cli/nix3-profile-add.md
-[`nix repl`]: @docroot@/command-ref/new-cli/nix3-repl.md
-[`nix flake archive`]: @docroot@/command-ref/new-cli/nix3-flake-archive.md
-[`json-log-path`]: @docroot@/command-ref/conf-file.md#conf-json-log-path
-[`trace-import-from-derivation`]: @docroot@/command-ref/conf-file.md#conf-trace-import-from-derivation
-[`allow-import-from-derivation`]: @docroot@/command-ref/conf-file.md#conf-allow-import-from-derivation
-[`builtins.sort`]: @docroot@/language/builtins.md#builtins-sort
-[`flake = false`]: @docroot@/command-ref/new-cli/nix3-flake.md?highlight=false#flake-inputs
-[`--no-check-sigs`]: @docroot@/command-ref/new-cli/nix3-flake-archive.md#opt-no-check-sigs
-[commit `299141e`]: https://github.com/NixOS/nix/commit/299141ecbd08bae17013226dbeae71e842b4fdd7
--- a/doc/manual/source/release-notes/rl-2.31.md
+++ b/doc/manual/source/release-notes/rl-2.31.md
@@ -1,96 +0,0 @@
-# Release 2.31.0 (2025-08-21)
-
- `build-cores = 0` now auto-detects CPU cores [#13402](https://github.com/NixOS/nix/pull/13402)
-
-  When `build-cores` is set to `0`, Nix now automatically detects the number of available CPU cores and passes this value via `NIX_BUILD_CORES`, instead of passing `0` directly. This matches the behavior when `build-cores` is unset. This prevents the builder from having to detect the number of cores.
-
- Fix Git LFS SSH issues [#13337](https://github.com/NixOS/nix/issues/13337) [#13743](https://github.com/NixOS/nix/pull/13743)
-
-  Fixed some outstanding issues with Git LFS and SSH.
-
-  * Added support for `NIX_SSHOPTS`.
-  * Properly use the parsed port from URL.
-  * Better use of the response of `git-lfs-authenticate` to determine API endpoint when the API is not exposed on port 443.
-
- Add support for `user@address:port` syntax in store URIs [#7044](https://github.com/NixOS/nix/issues/7044) [#3425](https://github.com/NixOS/nix/pull/3425)
-
-  It's now possible to specify the port used for SSH stores directly in the store URL in accordance with [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986). Previously the only way to specify custom ports was via `ssh_config` or the `NIX_SSHOPTS` environment variable, because Nix incorrectly passed the port number together with the host name to the SSH executable.
-
-  This change affects [store references](@docroot@/store/types/index.md#store-url-format) passed via the `--store` and similar flags in CLI as well as in the configuration for [remote builders](@docroot@/command-ref/conf-file.md#conf-builders). For example, the following store URIs now work:
-
-  - `ssh://127.0.0.1:2222`
-  - `ssh://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`
-  - `ssh-ng://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`
-
- Represent IPv6 RFC4007 ZoneId literals in conformance with RFC6874 [#13445](https://github.com/NixOS/nix/pull/13445)
-
-  Prior versions of Nix since [#4646](https://github.com/NixOS/nix/pull/4646) accepted [IPv6 scoped addresses](https://datatracker.ietf.org/doc/html/rfc4007) in URIs like [store references](@docroot@/store/types/index.md#store-url-format) in the textual representation with a literal percent character: `[fe80::1%18]`. This was ambiguous, because the the percent literal `%` is reserved by [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986), since it's used to indicate percent encoding. Nix now requires that the percent `%` symbol is percent-encoded as `%25`. This implements [RFC6874](https://datatracker.ietf.org/doc/html/rfc6874), which defines the representation of zone identifiers in URIs. The example from above now has to be specified as `[fe80::1%2518]`.
-
- Use WAL mode for SQLite cache databases [#13800](https://github.com/NixOS/nix/pull/13800)
-
-  Previously, Nix used SQLite's "truncate" mode for caches. However, this could cause a Nix process to block if another process was updating the cache. This was a problem for the flake evaluation cache in particular, since it uses long-running transactions. Thus, concurrent Nix commands operating on the same flake could be blocked for an unbounded amount of time. WAL mode avoids this problem.
-
-  This change required updating the versions of the SQLite caches. For instance, `eval-cache-v5.sqlite` is now `eval-cache-v6.sqlite`.
-
- Enable parallel marking in bdwgc [#13708](https://github.com/NixOS/nix/pull/13708)
-
-  Previously marking was done by only one thread, which takes a long time if the heap gets big. Enabling parallel marking speeds up evaluation a lot, for example (on a Ryzen 9 5900X 12-Core):
-
-  * `nix search nixpkgs` from 24.3s to 18.9s.
-  * Evaluating the `NixOS/nix/2.21.2` flake regression test from 86.1s to 71.2s.
-
- New command `nix flake prefetch-inputs` [#13565](https://github.com/NixOS/nix/pull/13565)
-
-  This command fetches all inputs of a flake in parallel. This can be a lot faster than the serialized on-demand fetching during regular flake evaluation. The downside is that it may fetch inputs that aren't normally used.
-
- Add `warn-short-path-literals` setting [#13489](https://github.com/NixOS/nix/pull/13489)
-
-  This setting, when enabled, causes Nix to emit warnings when encountering relative path literals that don't start with `.` or `/`, for instance suggesting that `foo/bar` should be rewritten to `./foo/bar`.
-
- When updating a lock, respect the input's lock file [#13437](https://github.com/NixOS/nix/pull/13437)
-
-  For example, if a flake has a lock for `a` and `a/b`, and we change the flakeref for `a`, previously Nix would fetch the latest version of `b` rather than using the lock for `b` from `a`.
-
- Implement support for Git hashing with SHA-256 [#13543](https://github.com/NixOS/nix/pull/13543)
-
-  The experimental support for [Git-hashing](@docroot@/development/experimental-features.md#xp-feature-git-hashing) store objects now also includes support for SHA-256, not just SHA-1, in line with upstream Git.
-
-## Contributors
-
-This release was made possible by the following 34 contributors:
-
- John Soo [**(@jsoo1)**](https://github.com/jsoo1)
- Alan Urmancheev [**(@alurm)**](https://github.com/alurm)
- Manse [**(@PedroManse)**](https://github.com/PedroManse)
- Pol Dellaiera [**(@drupol)**](https://github.com/drupol)
- DavHau [**(@DavHau)**](https://github.com/DavHau)
- Leandro Emmanuel Reina Kiperman [**(@kip93)**](https://github.com/kip93)
- h0nIg [**(@h0nIg)**](https://github.com/h0nIg)
- Philip Taron [**(@philiptaron)**](https://github.com/philiptaron)
- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra)
- Connor Baker [**(@ConnorBaker)**](https://github.com/ConnorBaker)
- kenji [**(@a-kenji)**](https://github.com/a-kenji)
- Oleksandr Knyshuk [**(@k1gen)**](https://github.com/k1gen)
- Maciej Krüger [**(@mkg20001)**](https://github.com/mkg20001)
- Justin Bailey [**(@jgbailey-well)**](https://github.com/jgbailey-well)
- Emily [**(@emilazy)**](https://github.com/emilazy)
- Volker Diels-Grabsch [**(@vog)**](https://github.com/vog)
- gustavderdrache [**(@gustavderdrache)**](https://github.com/gustavderdrache)
- Elliot Cameron [**(@de11n)**](https://github.com/de11n)
- Alexander V. Nikolaev [**(@avnik)**](https://github.com/avnik)
- tomberek [**(@tomberek)**](https://github.com/tomberek)
- Matthew Kenigsberg [**(@mkenigs)**](https://github.com/mkenigs)
- Sergei Zimmerman [**(@xokdvium)**](https://github.com/xokdvium)
- Cosima Neidahl [**(@OPNA2608)**](https://github.com/OPNA2608)
- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
- m4dc4p [**(@m4dc4p)**](https://github.com/m4dc4p)
- Graham Christensen [**(@grahamc)**](https://github.com/grahamc)
- Jason Yundt [**(@Jayman2000)**](https://github.com/Jayman2000)
- Jens Petersen [**(@juhp)**](https://github.com/juhp)
- the-sun-will-rise-tomorrow [**(@the-sun-will-rise-tomorrow)**](https://github.com/the-sun-will-rise-tomorrow)
- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria)
- AGawas [**(@aln730)**](https://github.com/aln730)
- Robert Hensing [**(@roberth)**](https://github.com/roberth)
- Dmitry Bogatov [**(@KAction)**](https://github.com/KAction)
- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92)
- Philipp Otterbein
--- a/doc/manual/source/release-notes/rl-2.8.md
+++ b/doc/manual/source/release-notes/rl-2.8.md
@@ -48,6 +48,6 @@

 * `nix run` is now stricter in what it accepts: members of the `apps`
  flake output are now required to be apps (as defined in [the
-  manual](https://nix.dev/manual/nix/stable/command-ref/new-cli/nix3-run.html#apps)),
+  manual](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-run.html#apps)),
  and members of `packages` or `legacyPackages` must be derivations
  (not apps).
--- a/doc/manual/source/store/derivation/index.md
+++ b/doc/manual/source/store/derivation/index.md
@@ -9,7 +9,7 @@ This is where Nix distinguishes itself.

 ## Store Derivation {#store-derivation}

-A derivation is a specification for running an executable on precisely defined input to produce one or more [store objects][store object].
+A derivation is a specification for running an executable on precisely defined input to produce on more [store objects][store object].
 These store objects are known as the derivation's *outputs*.

 Derivations are *built*, in which case the process is spawned according to the spec, and when it exits, required to leave behind files which will (after post-processing) become the outputs of the derivation.
@@ -138,17 +138,6 @@ See [Wikipedia](https://en.wikipedia.org/wiki/Argv) for details.

 Environment variables which will be passed to the [builder](#builder) executable.

-#### Structured Attributes {#structured-attrs}
-
-Nix also has special support for embedding JSON in the derivations.
-
-The environment variable `NIX_ATTRS_JSON_FILE` points to the exact location of that file both in a build and a [`nix-shell`](@docroot@/command-ref/nix-shell.md).
-
-As a convenience to Bash builders, Nix writes a script that initialises shell variables corresponding to all attributes that are representable in Bash.
-The environment variable `NIX_ATTRS_SH_FILE` points to the exact location of the script, both in a build and a [`nix-shell`](@docroot@/command-ref/nix-shell.md).
-This includes non-nested (associative) arrays.
-For example, the attribute `hardening.format = true` ends up as the Bash associative array element `${hardening[format]}`.
-
 ### Placeholders

 Placeholders are opaque values used within the [process creation fields] to [store objects] for which we don't yet know [store path]s.
@@ -173,7 +162,7 @@ There are two types of placeholder, corresponding to the two cases where this pr

 > **Explanation**
 >
-> In general, we need to [realise] a [store object] in order to be sure to have a store object for it.
+> In general, we need to realise [realise] a [store object] in order to be sure to have a store object for it.
 > But for these two cases this is either impossible or impractical:
 >
 > - In the output case this is impossible:
@@ -200,7 +189,7 @@ This ensures that there is a canonical [store path] used to refer to the derivat
 > **Note**
 >
 > Currently, the canonical encoding for every derivation is the "ATerm" format,
-> but this is subject to change for the types of derivations which are not yet stable.
+> but this is subject to change for types derivations which are not yet stable.

 Regardless of the format used, when serializing a derivation to a store object, that store object will be content-addressed.

@@ -293,7 +282,7 @@ type DerivingPath = ConstantPath | OutputPath;

 Under this extended model, `DerivingPath`s are thus inductively built up from a root `ConstantPath`, wrapped with zero or more outer `OutputPath`s.

-### Encoding {#deriving-path-encoding-higher-order}
+### Encoding {#deriving-path-encoding}

 The encoding is adjusted in the natural way, encoding the `drv` field recursively using the same deriving path encoding.
 The result of this is that it is possible to have a chain of `^<output-name>` at the end of the final string, as opposed to just a single one.
--- a/doc/manual/source/store/meson.build
+++ b/doc/manual/source/store/meson.build
@@ -1,6 +1,12 @@
 types_dir = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', 'import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)).stores',
+  command : [
+    python.full_path(),
+    '@INPUT0@',
+    '@OUTPUT@',
+    '--'
+  ] + nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)).stores',
  ],
  input : [
    '../../remove_before_wrapper.py',
--- a/doc/manual/source/store/store-object.md
+++ b/doc/manual/source/store/store-object.md
@@ -18,14 +18,14 @@ In particular, the edge corresponding to a reference is from the store object th
 References other than a self-reference must not form a cycle.
 The graph of references excluding self-references thus forms a [directed acyclic graph].

-[directed acyclic graph]: @docroot@/glossary.md#gloss-directed-acyclic-graph
+[directed acyclic graph]: @docroot@/glossary.md#gloss-directed acyclic graph

 We can take the [transitive closure] of the references graph, which any pair of store objects have an edge not if there is a single reference from the first to the second, but a path of one or more references from the first to the second.
 The *requisites* of a store object are all store objects reachable by paths of references which start with given store object's references.

 [transitive closure]: https://en.wikipedia.org/wiki/Transitive_closure

-We can also take the [transpose graph] of the references graph, where we reverse the orientation of all edges.
+We can also take the [transpose graph] ofthe references graph, where we reverse the orientation of all edges.
 The *referrers* of a store object are the store objects that reference it.

 [transpose graph]: https://en.wikipedia.org/wiki/Transpose_graph
--- a/docker.nix
+++ b/docker.nix
@@ -1,11 +1,6 @@
 {
-  # Core dependencies
  pkgs ? import <nixpkgs> { },
  lib ? pkgs.lib,
-  dockerTools ? pkgs.dockerTools,
-  runCommand ? pkgs.runCommand,
-  buildPackages ? pkgs.buildPackages,
-  # Image configuration
  name ? "nix",
  tag ? "latest",
  bundleNixpkgs ? true,
@@ -19,106 +14,83 @@
  gid ? 0,
  uname ? "root",
  gname ? "root",
-  Labels ? {
-    "org.opencontainers.image.title" = "Nix";
-    "org.opencontainers.image.source" = "https://github.com/NixOS/nix";
-    "org.opencontainers.image.vendor" = "Nix project";
-    "org.opencontainers.image.version" = nix.version;
-    "org.opencontainers.image.description" = "Nix container image";
-  },
-  Cmd ? [ (lib.getExe bashInteractive) ],
-  # Default Packages
-  nix ? pkgs.nix,
-  bashInteractive ? pkgs.bashInteractive,
-  coreutils-full ? pkgs.coreutils-full,
-  gnutar ? pkgs.gnutar,
-  gzip ? pkgs.gzip,
-  gnugrep ? pkgs.gnugrep,
-  which ? pkgs.which,
-  curl ? pkgs.curl,
-  less ? pkgs.less,
-  wget ? pkgs.wget,
-  man ? pkgs.man,
-  cacert ? pkgs.cacert,
-  findutils ? pkgs.findutils,
-  iana-etc ? pkgs.iana-etc,
-  gitMinimal ? pkgs.gitMinimal,
-  openssh ? pkgs.openssh,
-  # Other dependencies
-  shadow ? pkgs.shadow,
 }:
 let
-  defaultPkgs = [
-    nix
-    bashInteractive
-    coreutils-full
-    gnutar
-    gzip
-    gnugrep
-    which
-    curl
-    less
-    wget
-    man
-    cacert.out
-    findutils
-    iana-etc
-    gitMinimal
-    openssh
-  ]
-  ++ extraPkgs;
+  defaultPkgs =
+    with pkgs;
+    [
+      nix
+      bashInteractive
+      coreutils-full
+      gnutar
+      gzip
+      gnugrep
+      which
+      curl
+      less
+      wget
+      man
+      cacert.out
+      findutils
+      iana-etc
+      git
+      openssh
+    ]
+    ++ extraPkgs;

-  users = {
+  users =
+    {

-    root = {
-      uid = 0;
-      shell = lib.getExe bashInteractive;
-      home = "/root";
-      gid = 0;
-      groups = [ "root" ];
-      description = "System administrator";
-    };
-
-    nobody = {
-      uid = 65534;
-      shell = lib.getExe' shadow "nologin";
-      home = "/var/empty";
-      gid = 65534;
-      groups = [ "nobody" ];
-      description = "Unprivileged account (don't use!)";
-    };
-
-  }
-  // lib.optionalAttrs (uid != 0) {
-    "${uname}" = {
-      uid = uid;
-      shell = lib.getExe bashInteractive;
-      home = "/home/${uname}";
-      gid = gid;
-      groups = [ "${gname}" ];
-      description = "Nix user";
-    };
-  }
-  // lib.listToAttrs (
-    map (n: {
-      name = "nixbld${toString n}";
-      value = {
-        uid = 30000 + n;
-        gid = 30000;
-        groups = [ "nixbld" ];
-        description = "Nix build user ${toString n}";
+      root = {
+        uid = 0;
+        shell = "${pkgs.bashInteractive}/bin/bash";
+        home = "/root";
+        gid = 0;
+        groups = [ "root" ];
+        description = "System administrator";
      };
-    }) (lib.lists.range 1 32)
-  );

-  groups = {
-    root.gid = 0;
-    nixbld.gid = 30000;
-    nobody.gid = 65534;
-  }
-  // lib.optionalAttrs (gid != 0) {
-    "${gname}".gid = gid;
-  };
+      nobody = {
+        uid = 65534;
+        shell = "${pkgs.shadow}/bin/nologin";
+        home = "/var/empty";
+        gid = 65534;
+        groups = [ "nobody" ];
+        description = "Unprivileged account (don't use!)";
+      };
+
+    }
+    // lib.optionalAttrs (uid != 0) {
+      "${uname}" = {
+        uid = uid;
+        shell = "${pkgs.bashInteractive}/bin/bash";
+        home = "/home/${uname}";
+        gid = gid;
+        groups = [ "${gname}" ];
+        description = "Nix user";
+      };
+    }
+    // lib.listToAttrs (
+      map (n: {
+        name = "nixbld${toString n}";
+        value = {
+          uid = 30000 + n;
+          gid = 30000;
+          groups = [ "nixbld" ];
+          description = "Nix build user ${toString n}";
+        };
+      }) (lib.lists.range 1 32)
+    );
+
+  groups =
+    {
+      root.gid = 0;
+      nixbld.gid = 30000;
+      nobody.gid = 65534;
+    }
+    // lib.optionalAttrs (gid != 0) {
+      "${gname}".gid = gid;
+    };

  userToPasswd = (
    k:
@@ -175,42 +147,41 @@ let
    "${k}:x:${toString gid}:${lib.concatStringsSep "," members}";
  groupContents = (lib.concatStringsSep "\n" (lib.attrValues (lib.mapAttrs groupToGroup groups)));

-  toConf =
-    with pkgs.lib.generators;
-    toKeyValue {
-      mkKeyValue = mkKeyValueDefault {
-        mkValueString = v: if lib.isList v then lib.concatStringsSep " " v else mkValueStringDefault { } v;
-      } " = ";
-    };
+  defaultNixConf = {
+    sandbox = "false";
+    build-users-group = "nixbld";
+    trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
+  };

-  nixConfContents = toConf (
-    {
-      sandbox = false;
-      build-users-group = "nixbld";
-      trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
-    }
-    // nixConf
-  );
+  nixConfContents =
+    (lib.concatStringsSep "\n" (
+      lib.mapAttrsFlatten (
+        n: v:
+        let
+          vStr = if builtins.isList v then lib.concatStringsSep " " v else v;
+        in
+        "${n} = ${vStr}"
+      ) (defaultNixConf // nixConf)
+    ))
+    + "\n";

  userHome = if uid == 0 then "/root" else "/home/${uname}";

  baseSystem =
    let
      nixpkgs = pkgs.path;
-      channel = runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
+      channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
        mkdir $out
        if [ "$bundleNixpkgs" ]; then
-          ln -s ${
-            builtins.path {
-              path = nixpkgs;
-              name = "source";
-            }
-          } $out/nixpkgs
+          ln -s ${nixpkgs} $out/nixpkgs
          echo "[]" > $out/manifest.nix
        fi
      '';
-      # doc/manual/source/command-ref/files/manifest.nix.md
-      manifest = buildPackages.runCommand "manifest.nix" { } ''
+      rootEnv = pkgs.buildPackages.buildEnv {
+        name = "root-profile-env";
+        paths = defaultPkgs;
+      };
+      manifest = pkgs.buildPackages.runCommand "manifest.nix" { } ''
        cat > $out <<EOF
        [
        ${lib.concatStringsSep "\n" (
@@ -239,15 +210,11 @@ let
        ]
        EOF
      '';
-      profile = buildPackages.buildEnv {
-        name = "root-profile-env";
-        paths = defaultPkgs;
-
-        postBuild = ''
-          mv $out/manifest $out/manifest.nix
-        '';
-        inherit manifest;
-      };
+      profile = pkgs.buildPackages.runCommand "user-environment" { } ''
+        mkdir $out
+        cp -a ${rootEnv}/* $out/
+        ln -s ${manifest} $out/manifest.nix
+      '';
      flake-registry-path =
        if (flake-registry == null) then
          null
@@ -256,7 +223,7 @@ let
        else
          flake-registry;
    in
-    runCommand "base-system"
+    pkgs.runCommand "base-system"
      {
        inherit
          passwdContents
@@ -279,12 +246,8 @@ let
          set -x
          mkdir -p $out/etc

-          # may get replaced by pkgs.dockerTools.caCertificates
          mkdir -p $out/etc/ssl/certs
-          # Old NixOS compatibility.
          ln -s /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs
-          # NixOS canonical location
-          ln -s /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs/ca-certificates.crt

          cat $passwdContentsPath > $out/etc/passwd
          echo "" >> $out/etc/passwd
@@ -310,24 +273,20 @@ let
          mkdir -p $out${userHome}
          mkdir -p $out/nix/var/nix/profiles/per-user/${uname}

-          # see doc/manual/source/command-ref/files/profiles.md
          ln -s ${profile} $out/nix/var/nix/profiles/default-1-link
          ln -s /nix/var/nix/profiles/default-1-link $out/nix/var/nix/profiles/default
          ln -s /nix/var/nix/profiles/default $out${userHome}/.nix-profile

-          # see doc/manual/source/command-ref/files/channels.md
          ln -s ${channel} $out/nix/var/nix/profiles/per-user/${uname}/channels-1-link
          ln -s /nix/var/nix/profiles/per-user/${uname}/channels-1-link $out/nix/var/nix/profiles/per-user/${uname}/channels

-          # see doc/manual/source/command-ref/files/default-nix-expression.md
          mkdir -p $out${userHome}/.nix-defexpr
          ln -s /nix/var/nix/profiles/per-user/${uname}/channels $out${userHome}/.nix-defexpr/channels
          echo "${channelURL} ${channelName}" > $out${userHome}/.nix-channels

-          # may get replaced by pkgs.dockerTools.binSh & pkgs.dockerTools.usrBinEnv
          mkdir -p $out/bin $out/usr/bin
-          ln -s ${lib.getExe' coreutils-full "env"} $out/usr/bin/env
-          ln -s ${lib.getExe bashInteractive} $out/bin/sh
+          ln -s ${pkgs.coreutils}/bin/env $out/usr/bin/env
+          ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/sh

        ''
        + (lib.optionalString (flake-registry-path != null) ''
@@ -336,13 +295,13 @@ let
          globalFlakeRegistryPath="$nixCacheDir/flake-registry.json"
          ln -s ${flake-registry-path} $out$globalFlakeRegistryPath
          mkdir -p $out/nix/var/nix/gcroots/auto
-          rootName=$(${lib.getExe' nix "nix"} --extra-experimental-features nix-command hash file --type sha1 --base32 <(echo -n $globalFlakeRegistryPath))
+          rootName=$(${pkgs.nix}/bin/nix --extra-experimental-features nix-command hash file --type sha1 --base32 <(echo -n $globalFlakeRegistryPath))
          ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName
        '')
      );

 in
-dockerTools.buildLayeredImageWithNixDb {
+pkgs.dockerTools.buildLayeredImageWithNixDb {

  inherit
    name
@@ -368,7 +327,7 @@ dockerTools.buildLayeredImageWithNixDb {
  '';

  config = {
-    inherit Cmd Labels;
+    Cmd = [ "${userHome}/.nix-profile/bin/bash" ];
    User = "${toString uid}:${toString gid}";
    Env = [
      "USER=${uname}"
--- a/flake.lock
+++ b/flake.lock
@@ -63,16 +63,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1756178832,
-        "narHash": "sha256-O2CIn7HjZwEGqBrwu9EU76zlmA5dbmna7jL1XUmAId8=",
+        "lastModified": 1747179050,
+        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d98ce345cdab58477ca61855540999c86577d19d",
+        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-25.05-small",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@@ -1,7 +1,7 @@
 {
  description = "The purely functional package manager";

-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05-small";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

  inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2";
  inputs.nixpkgs-23-11.url = "github:NixOS/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446";
@@ -32,7 +32,7 @@
    let
      inherit (nixpkgs) lib;

-      officialRelease = false;
+      officialRelease = true;

      linux32BitSystems = [ "i686-linux" ];
      linux64BitSystems = [
@@ -131,107 +131,31 @@
        }
      );

-      /**
-        Produce the `nixComponents` and `nixDependencies` package sets (scopes) for
-        a given `pkgs` and `getStdenv`.
-      */
-      packageSetsFor =
+      overlayFor =
+        getStdenv: final: prev:
        let
-          /**
-            Removes a prefix from the attribute names of a set of splices.
-            This is a completely uninteresting and exists for compatibility only.
-
-            Example:
-            ```nix
-            renameSplicesFrom "pkgs" { pkgsBuildBuild = ...; ... }
-            => { buildBuild = ...; ... }
-            ```
-          */
-          renameSplicesFrom = prefix: x: {
-            buildBuild = x."${prefix}BuildBuild";
-            buildHost = x."${prefix}BuildHost";
-            buildTarget = x."${prefix}BuildTarget";
-            hostHost = x."${prefix}HostHost";
-            hostTarget = x."${prefix}HostTarget";
-            targetTarget = x."${prefix}TargetTarget";
-          };
-
-          /**
-            Adds a prefix to the attribute names of a set of splices.
-            This is a completely uninteresting and exists for compatibility only.
-
-            Example:
-            ```nix
-            renameSplicesTo "self" { buildBuild = ...; ... }
-            => { selfBuildBuild = ...; ... }
-            ```
-          */
-          renameSplicesTo = prefix: x: {
-            "${prefix}BuildBuild" = x.buildBuild;
-            "${prefix}BuildHost" = x.buildHost;
-            "${prefix}BuildTarget" = x.buildTarget;
-            "${prefix}HostHost" = x.hostHost;
-            "${prefix}HostTarget" = x.hostTarget;
-            "${prefix}TargetTarget" = x.targetTarget;
-          };
-
-          /**
-            Takes a function `f` and returns a function that applies `f` pointwise to each splice.
-
-            Example:
-            ```nix
-            mapSplices (x: x * 10) { buildBuild = 1; buildHost = 2; ... }
-            => { buildBuild = 10; buildHost = 20; ... }
-            ```
-          */
-          mapSplices =
-            f:
-            {
-              buildBuild,
-              buildHost,
-              buildTarget,
-              hostHost,
-              hostTarget,
-              targetTarget,
-            }:
-            {
-              buildBuild = f buildBuild;
-              buildHost = f buildHost;
-              buildTarget = f buildTarget;
-              hostHost = f hostHost;
-              hostTarget = f hostTarget;
-              targetTarget = f targetTarget;
-            };
-
+          stdenv = getStdenv final;
        in
-        args@{
-          pkgs,
-          getStdenv ? pkgs: pkgs.stdenv,
-        }:
-        let
-          nixComponentsSplices = mapSplices (
-            pkgs': (packageSetsFor (args // { pkgs = pkgs'; })).nixComponents
-          ) (renameSplicesFrom "pkgs" pkgs);
-          nixDependenciesSplices = mapSplices (
-            pkgs': (packageSetsFor (args // { pkgs = pkgs'; })).nixDependencies
-          ) (renameSplicesFrom "pkgs" pkgs);
+        {
+          nixStable = prev.nix;

          # A new scope, so that we can use `callPackage` to inject our own interdependencies
          # without "polluting" the top level "`pkgs`" attrset.
          # This also has the benefit of providing us with a distinct set of packages
          # we can iterate over.
-          nixComponents =
+          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
+          nixComponents2 =
            lib.makeScopeWithSplicing'
              {
-                inherit (pkgs) splicePackages;
-                inherit (nixDependencies) newScope;
+                inherit (final) splicePackages;
+                inherit (final.nixDependencies2) newScope;
              }
              {
-                otherSplices = renameSplicesTo "self" nixComponentsSplices;
+                otherSplices = final.generateSplicesForMkScope "nixComponents2";
                f = import ./packaging/components.nix {
-                  inherit (pkgs) lib;
+                  inherit (final) lib;
                  inherit officialRelease;
-                  inherit pkgs;
+                  pkgs = final;
                  src = self;
                  maintainers = [ ];
                };
@@ -239,71 +163,42 @@

          # The dependencies are in their own scope, so that they don't have to be
          # in Nixpkgs top level `pkgs` or `nixComponents2`.
-          nixDependencies =
+          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
+          nixDependencies2 =
            lib.makeScopeWithSplicing'
              {
-                inherit (pkgs) splicePackages;
-                inherit (pkgs) newScope; # layered directly on pkgs, unlike nixComponents2 above
+                inherit (final) splicePackages;
+                inherit (final) newScope; # layered directly on pkgs, unlike nixComponents2 above
              }
              {
-                otherSplices = renameSplicesTo "self" nixDependenciesSplices;
+                otherSplices = final.generateSplicesForMkScope "nixDependencies2";
                f = import ./packaging/dependencies.nix {
-                  inherit inputs pkgs;
-                  stdenv = getStdenv pkgs;
+                  inherit inputs stdenv;
+                  pkgs = final;
                };
              };

-          # If the package set is largely empty, we should(?) return empty sets
-          # This is what most package sets in Nixpkgs do. Otherwise, we get
-          # an error message that indicates that some stdenv attribute is missing,
-          # and indeed it will be missing, as seemingly `pkgsTargetTarget` is
-          # very incomplete.
-          fixup = lib.mapAttrs (k: v: if !(pkgs ? nix) then { } else v);
-        in
-        fixup {
-          inherit nixDependencies;
-          inherit nixComponents;
-        };
-
-      overlayFor =
-        getStdenv: final: prev:
-        let
-          packageSets = packageSetsFor {
-            inherit getStdenv;
-            pkgs = final;
-          };
-        in
-        {
-          nixStable = prev.nix;
-
-          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
-          nixComponents2 = packageSets.nixComponents;
-
-          # The dependencies are in their own scope, so that they don't have to be
-          # in Nixpkgs top level `pkgs` or `nixComponents2`.
-          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
-          nixDependencies2 = packageSets.nixDependencies;
-
          nix = final.nixComponents2.nix-cli;
+
+          # See https://github.com/NixOS/nixpkgs/pull/214409
+          # Remove when fixed in this flake's nixpkgs
+          pre-commit =
+            if prev.stdenv.hostPlatform.system == "i686-linux" then
+              (prev.pre-commit.override (o: {
+                dotnet-sdk = "";
+              })).overridePythonAttrs
+                (o: {
+                  doCheck = false;
+                })
+            else
+              prev.pre-commit;
        };

    in
    {
-      overlays.internal = overlayFor (p: p.stdenv);
-
-      /**
-        A Nixpkgs overlay that sets `nix` to something like `packages.<system>.nix-everything`,
-        except dependencies aren't taken from (flake) `nix.inputs.nixpkgs`, but from the Nixpkgs packages
-        where the overlay is used.
-      */
-      overlays.default =
-        final: prev:
-        let
-          packageSets = packageSetsFor { pkgs = final; };
-        in
-        {
-          nix = packageSets.nixComponents.nix-everything;
-        };
+      # A Nixpkgs overlay that overrides the 'nix' and
+      # 'nix-perl-bindings' packages.
+      overlays.default = overlayFor (p: p.stdenv);

      hydraJobs = import ./packaging/hydra.nix {
        inherit
@@ -320,11 +215,47 @@

      checks = forAllSystems (
        system:
-        (import ./ci/gha/tests {
-          inherit system;
-          pkgs = nixpkgsFor.${system}.native;
-          nixFlake = self;
-        }).topLevel
+        {
+          installerScriptForGHA = self.hydraJobs.installerScriptForGHA.${system};
+          installTests = self.hydraJobs.installTests.${system};
+          nixpkgsLibTests = self.hydraJobs.tests.nixpkgsLibTests.${system};
+          rl-next =
+            let
+              pkgs = nixpkgsFor.${system}.native;
+            in
+            pkgs.buildPackages.runCommand "test-rl-next-release-notes" { } ''
+              LANG=C.UTF-8 ${pkgs.changelog-d}/bin/changelog-d ${./doc/manual/rl-next} >$out
+            '';
+          repl-completion = nixpkgsFor.${system}.native.callPackage ./tests/repl-completion.nix { };
+
+          /**
+            Checks for our packaging expressions.
+            This shouldn't build anything significant; just check that things
+            (including derivations) are _set up_ correctly.
+          */
+          # Disabled due to a bug in `testEqualContents` (see
+          # https://github.com/NixOS/nix/issues/12690).
+          /*
+            packaging-overriding =
+              let
+                pkgs = nixpkgsFor.${system}.native;
+                nix = self.packages.${system}.nix;
+              in
+              assert (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src.patches == [ pkgs.emptyFile ];
+              if pkgs.stdenv.buildPlatform.isDarwin then
+                lib.warn "packaging-overriding check currently disabled because of a permissions issue on macOS" pkgs.emptyFile
+              else
+                # If this fails, something might be wrong with how we've wired the scope,
+                # or something could be broken in Nixpkgs.
+                pkgs.testers.testEqualContents {
+                  assertion = "trivial patch does not change source contents";
+                  expected = "${./.}";
+                  actual =
+                    # Same for all components; nix-util is an arbitrary pick
+                    (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src;
+                };
+          */
+        }
        // (lib.optionalAttrs (builtins.elem system linux64BitSystems)) {
          dockerImage = self.hydraJobs.dockerImage.${system};
        }
@@ -337,20 +268,58 @@
        # Add "passthru" tests
        //
          flatMapAttrs
-            {
-              "" = {
-                pkgs = nixpkgsFor.${system}.native;
-              };
-            }
            (
-              nixpkgsPrefix: args:
-              (import ./ci/gha/tests (
-                args
-                // {
-                  nixFlake = self;
-                  componentTestsPrefix = nixpkgsPrefix;
-                }
-              )).componentTests
+              {
+                # Run all tests with UBSAN enabled. Running both with ubsan and
+                # without doesn't seem to have much immediate benefit for doubling
+                # the GHA CI workaround.
+                #
+                # TODO: Work toward enabling "address,undefined" if it seems feasible.
+                # This would maybe require dropping Boost coroutines and ignoring intentional
+                # memory leaks with detect_leaks=0.
+                "" = rec {
+                  nixpkgs = nixpkgsFor.${system}.native;
+                  nixComponents = nixpkgs.nixComponents2.overrideScope (
+                    nixCompFinal: nixCompPrev: {
+                      mesonComponentOverrides = _finalAttrs: prevAttrs: {
+                        mesonFlags =
+                          (prevAttrs.mesonFlags or [ ])
+                          # TODO: Macos builds instrumented with ubsan take very long
+                          # to run functional tests.
+                          ++ lib.optionals (!nixpkgs.stdenv.hostPlatform.isDarwin) [
+                            (lib.mesonOption "b_sanitize" "undefined")
+                          ];
+                      };
+                    }
+                  );
+                };
+              }
+              // lib.optionalAttrs (!nixpkgsFor.${system}.native.stdenv.hostPlatform.isDarwin) {
+                # TODO: enable static builds for darwin, blocked on:
+                #       https://github.com/NixOS/nixpkgs/issues/320448
+                # TODO: disabled to speed up GHA CI.
+                # "static-" = {
+                #   nixpkgs = nixpkgsFor.${system}.native.pkgsStatic;
+                # };
+              }
+            )
+            (
+              nixpkgsPrefix:
+              {
+                nixpkgs,
+                nixComponents ? nixpkgs.nixComponents2,
+              }:
+              flatMapAttrs nixComponents (
+                pkgName: pkg:
+                flatMapAttrs pkg.tests or { } (
+                  testName: test: {
+                    "${nixpkgsPrefix}${pkgName}-${testName}" = test;
+                  }
+                )
+              )
+              // lib.optionalAttrs (nixpkgs.stdenv.hostPlatform == nixpkgs.stdenv.buildPlatform) {
+                "${nixpkgsPrefix}nix-functional-tests" = nixComponents.nix-functional-tests;
+              }
            )
        // devFlake.checks.${system} or { }
      );
@@ -452,7 +421,8 @@
          dockerImage =
            let
              pkgs = nixpkgsFor.${system}.native;
-              image = pkgs.callPackage ./docker.nix {
+              image = import ./docker.nix {
+                inherit pkgs;
                tag = pkgs.nix.version;
              };
            in
@@ -513,53 +483,5 @@
            default = self.devShells.${system}.native;
          }
        );
-
-      lib = {
-        /**
-          Creates a package set for a given Nixpkgs instance and stdenv.
-
-          # Inputs
-
-          - `pkgs`: The Nixpkgs instance to use.
-
-          - `getStdenv`: _Optional_ A function that takes a package set and returns the stdenv to use.
-            This needs to be a function in order to support cross compilation - the `pkgs` passed to `getStdenv` can be `pkgsBuildHost` or any other variation needed.
-
-          # Outputs
-
-          The return value is a fresh Nixpkgs scope containing all the packages that are defined in the Nix repository,
-          as well as some internals and parameters, which may be subject to change.
-
-          # Example
-
-          ```console
-          nix repl> :lf NixOS/nix
-          nix-repl> ps = lib.makeComponents { pkgs = import inputs.nixpkgs { crossSystem = "riscv64-linux"; }; }
-          nix-repl> ps
-          {
-            appendPatches = «lambda appendPatches @ ...»;
-            callPackage = «lambda callPackageWith @ ...»;
-            overrideAllMesonComponents = «lambda overrideSource @ ...»;
-            overrideSource = «lambda overrideSource @ ...»;
-            # ...
-            nix-everything
-            # ...
-            nix-store
-            nix-store-c
-            # ...
-          }
-          ```
-        */
-        makeComponents =
-          {
-            pkgs,
-            getStdenv ? pkgs: pkgs.stdenv,
-          }:
-
-          let
-            packageSets = packageSetsFor { inherit getStdenv pkgs; };
-          in
-          packageSets.nixComponents;
-      };
    };
 }
--- a/maintainers/README.md
+++ b/maintainers/README.md
@@ -46,7 +46,7 @@ The team meets twice a week (times are denoted in the [Europe/Amsterdam](https:/
       - mark it as draft if it is blocked on the contributor
       - escalate it back to the team by moving it to To discuss, and leaving a comment as to why the issue needs to be discussed again.

- Work meeting: Mondays 18:00-20:00 Europe/Amsterdam; see [calendar](https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com).
+- Work meeting: Mondays 14:00-16:00 Europe/Amsterdam see [calendar](https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com).

  1. Code review on pull requests from [In review](#in-review).
  2. Other chores and tasks.
--- a/maintainers/data/release-credits-email-to-handle.json
+++ b/maintainers/data/release-credits-email-to-handle.json
@@ -166,42 +166,5 @@
    "the-tumultuous-unicorn-of-darkness@gmx.com": "TheTumultuousUnicornOfDarkness",
    "dev@rodney.id.au": "rvl",
    "pe@pijul.org": "P-E-Meunier",
-    "yannik@floxdev.com": "ysndr",
-    "73017521+egorkonovalov@users.noreply.github.com": "egorkonovalov",
-    "raito@lix.systems": null,
-    "nikita.nikita.krasnov@gmail.com": "synalice",
-    "lucperkins@gmail.com": "lucperkins",
-    "vladimir.cunat@nic.cz": "vcunat",
-    "walther@technowledgy.de": "wolfgangwalther",
-    "jayesh.mail@gmail.com": "jayeshv",
-    "samuli.thomasson@pm.me": "SimSaladin",
-    "kevin@stravers.net": "kstrafe",
-    "poperigby@mailbox.org": "poperigby",
-    "cole.helbling@determinate.systems": "cole-h",
-    "donottellmetonottellyou@gmail.com": "donottellmetonottellyou",
-    "getchoo@tuta.io": "getchoo",
-    "alex.ford@determinate.systems": "gustavderdrache",
-    "stefan.r.boca@gmail.com": "stefanboca",
-    "gwenn.lebihan7@gmail.com": "gwennlbh",
-    "hey@ewen.works": "gwennlbh",
-    "matt@sturgeon.me.uk": "MattSturgeon",
-    "pbsds@hotmail.com": "pbsds",
-    "sergei@zimmerman.foo": "xokdvium",
-    "v@njh.eu": "vog",
-    "pedro.manse@dmk3.com.br": "PedroManse",
-    "arnavgawas707@gmail.com": "aln730",
-    "mkg20001@gmail.com": "mkg20001",
-    "avn@avnik.info": "avnik",
-    "olk@disr.it": "k1gen",
-    "108410815+alurm@users.noreply.github.com": "alurm",
-    "kaction.cc@gmail.com": "KAction",
-    "juhpetersen@gmail.com": "juhp",
-    "opna2608@protonmail.com": "OPNA2608",
-    "jgbailey@gmail.com": "m4dc4p",
-    "justin.bailey@well.co": "jgbailey-well",
-    "130508846+de11n@users.noreply.github.com": "de11n",
-    "ConnorBaker01@Gmail.com": "ConnorBaker",
-    "jsoo1@asu.edu": "jsoo1",
-    "hsngrmpf+github@gmail.com": "DavHau",
-    "matthew@floxdev.com": "mkenigs"
+    "yannik@floxdev.com": "ysndr"
 }
--- a/maintainers/data/release-credits-handle-to-name.json
+++ b/maintainers/data/release-credits-handle-to-name.json
@@ -146,36 +146,5 @@
    "ajlekcahdp4": "Alexander Romanov",
    "Valodim": "Vincent Breitmoser",
    "rvl": "Rodney Lorrimar",
-    "whatsthecraic": "Dean De Leo",
-    "gwennlbh": "Gwenn Le Bihan",
-    "donottellmetonottellyou": "Jade Masker",
-    "kstrafe": null,
-    "synalice": "Nikita Krasnov",
-    "poperigby": "PopeRigby",
-    "MattSturgeon": "Matt Sturgeon",
-    "lucperkins": "Luc Perkins",
-    "gustavderdrache": null,
-    "SimSaladin": "Samuli Thomasson",
-    "getchoo": "Seth Flynn",
-    "stefanboca": "Stefan Boca",
-    "wolfgangwalther": "Wolfgang Walther",
-    "pbsds": "Peder Bergebakken Sundt",
-    "egorkonovalov": "Egor Konovalov",
-    "jayeshv": "jayeshv",
-    "vcunat": "Vladim\u00edr \u010cun\u00e1t",
-    "mkenigs": "Matthew Kenigsberg",
-    "alurm": "Alan Urmancheev",
-    "jgbailey-well": "Justin Bailey",
-    "k1gen": "Oleksandr Knyshuk",
-    "juhp": "Jens Petersen",
-    "de11n": "Elliot Cameron",
-    "jsoo1": "John Soo",
-    "m4dc4p": null,
-    "PedroManse": "Manse",
-    "OPNA2608": "Cosima Neidahl",
-    "mkg20001": "Maciej Kr\u00fcger",
-    "avnik": "Alexander V. Nikolaev",
-    "DavHau": null,
-    "aln730": "AGawas",
-    "vog": "Volker Diels-Grabsch"
+    "whatsthecraic": "Dean De Leo"
 }
--- a/maintainers/flake-module.nix
+++ b/maintainers/flake-module.nix
@@ -37,29 +37,6 @@
              fi
            ''}";
          };
-          meson-format =
-            let
-              meson = pkgs.meson.overrideAttrs {
-                doCheck = false;
-                doInstallCheck = false;
-                patches = [
-                  (pkgs.fetchpatch {
-                    url = "https://github.com/mesonbuild/meson/commit/38d29b4dd19698d5cad7b599add2a69b243fd88a.patch";
-                    hash = "sha256-PgPBvGtCISKn1qQQhzBW5XfknUe91i5XGGBcaUK4yeE=";
-                  })
-                ];
-              };
-            in
-            {
-              enable = true;
-              files = "(meson.build|meson.options)$";
-              entry = "${pkgs.writeScript "format-meson" ''
-                #!${pkgs.runtimeShell}
-                for file in "$@"; do
-                  ${lib.getExe meson} format -ic ${../meson.format} "$file"
-                done
-              ''}";
-            };
          nixfmt-rfc-style = {
            enable = true;
            excludes = [
@@ -100,6 +77,467 @@
              # Don't format vendored code
              ''^doc/manual/redirects\.js$''
              ''^doc/manual/theme/highlight\.js$''
+
+              # We haven't applied formatting to these files yet
+              ''^doc/manual/redirects\.js$''
+              ''^doc/manual/theme/highlight\.js$''
+              ''^precompiled-headers\.h$''
+              ''^src/build-remote/build-remote\.cc$''
+              ''^src/libcmd/built-path\.cc$''
+              ''^src/libcmd/include/nix/cmd/built-path\.hh$''
+              ''^src/libcmd/common-eval-args\.cc$''
+              ''^src/libcmd/include/nix/cmd/common-eval-args\.hh$''
+              ''^src/libcmd/editor-for\.cc$''
+              ''^src/libcmd/installable-attr-path\.cc$''
+              ''^src/libcmd/include/nix/cmd/installable-attr-path\.hh$''
+              ''^src/libcmd/installable-derived-path\.cc$''
+              ''^src/libcmd/include/nix/cmd/installable-derived-path\.hh$''
+              ''^src/libcmd/installable-flake\.cc$''
+              ''^src/libcmd/include/nix/cmd/installable-flake\.hh$''
+              ''^src/libcmd/installable-value\.cc$''
+              ''^src/libcmd/include/nix/cmd/installable-value\.hh$''
+              ''^src/libcmd/installables\.cc$''
+              ''^src/libcmd/include/nix/cmd/installables\.hh$''
+              ''^src/libcmd/include/nix/cmd/legacy\.hh$''
+              ''^src/libcmd/markdown\.cc$''
+              ''^src/libcmd/misc-store-flags\.cc$''
+              ''^src/libcmd/repl-interacter\.cc$''
+              ''^src/libcmd/include/nix/cmd/repl-interacter\.hh$''
+              ''^src/libcmd/repl\.cc$''
+              ''^src/libcmd/include/nix/cmd/repl\.hh$''
+              ''^src/libexpr-c/nix_api_expr\.cc$''
+              ''^src/libexpr-c/nix_api_external\.cc$''
+              ''^src/libexpr/attr-path\.cc$''
+              ''^src/libexpr/include/nix/expr/attr-path\.hh$''
+              ''^src/libexpr/attr-set\.cc$''
+              ''^src/libexpr/include/nix/expr/attr-set\.hh$''
+              ''^src/libexpr/eval-cache\.cc$''
+              ''^src/libexpr/include/nix/expr/eval-cache\.hh$''
+              ''^src/libexpr/eval-error\.cc$''
+              ''^src/libexpr/include/nix/expr/eval-inline\.hh$''
+              ''^src/libexpr/eval-settings\.cc$''
+              ''^src/libexpr/include/nix/expr/eval-settings\.hh$''
+              ''^src/libexpr/eval\.cc$''
+              ''^src/libexpr/include/nix/expr/eval\.hh$''
+              ''^src/libexpr/function-trace\.cc$''
+              ''^src/libexpr/include/nix/expr/gc-small-vector\.hh$''
+              ''^src/libexpr/get-drvs\.cc$''
+              ''^src/libexpr/include/nix/expr/get-drvs\.hh$''
+              ''^src/libexpr/json-to-value\.cc$''
+              ''^src/libexpr/nixexpr\.cc$''
+              ''^src/libexpr/include/nix/expr/nixexpr\.hh$''
+              ''^src/libexpr/include/nix/expr/parser-state\.hh$''
+              ''^src/libexpr/primops\.cc$''
+              ''^src/libexpr/include/nix/expr/primops\.hh$''
+              ''^src/libexpr/primops/context\.cc$''
+              ''^src/libexpr/primops/fetchClosure\.cc$''
+              ''^src/libexpr/primops/fetchMercurial\.cc$''
+              ''^src/libexpr/primops/fetchTree\.cc$''
+              ''^src/libexpr/primops/fromTOML\.cc$''
+              ''^src/libexpr/print-ambiguous\.cc$''
+              ''^src/libexpr/include/nix/expr/print-ambiguous\.hh$''
+              ''^src/libexpr/include/nix/expr/print-options\.hh$''
+              ''^src/libexpr/print\.cc$''
+              ''^src/libexpr/include/nix/expr/print\.hh$''
+              ''^src/libexpr/search-path\.cc$''
+              ''^src/libexpr/include/nix/expr/symbol-table\.hh$''
+              ''^src/libexpr/value-to-json\.cc$''
+              ''^src/libexpr/include/nix/expr/value-to-json\.hh$''
+              ''^src/libexpr/value-to-xml\.cc$''
+              ''^src/libexpr/include/nix/expr/value-to-xml\.hh$''
+              ''^src/libexpr/include/nix/expr/value\.hh$''
+              ''^src/libexpr/value/context\.cc$''
+              ''^src/libexpr/include/nix/expr/value/context\.hh$''
+              ''^src/libfetchers/attrs\.cc$''
+              ''^src/libfetchers/cache\.cc$''
+              ''^src/libfetchers/include/nix/fetchers/cache\.hh$''
+              ''^src/libfetchers/fetch-settings\.cc$''
+              ''^src/libfetchers/include/nix/fetchers/fetch-settings\.hh$''
+              ''^src/libfetchers/fetch-to-store\.cc$''
+              ''^src/libfetchers/fetchers\.cc$''
+              ''^src/libfetchers/include/nix/fetchers/fetchers\.hh$''
+              ''^src/libfetchers/filtering-source-accessor\.cc$''
+              ''^src/libfetchers/include/nix/fetchers/filtering-source-accessor\.hh$''
+              ''^src/libfetchers/fs-source-accessor\.cc$''
+              ''^src/libfetchers/include/nix/fs-source-accessor\.hh$''
+              ''^src/libfetchers/git-utils\.cc$''
+              ''^src/libfetchers/include/nix/fetchers/git-utils\.hh$''
+              ''^src/libfetchers/github\.cc$''
+              ''^src/libfetchers/indirect\.cc$''
+              ''^src/libfetchers/memory-source-accessor\.cc$''
+              ''^src/libfetchers/path\.cc$''
+              ''^src/libfetchers/registry\.cc$''
+              ''^src/libfetchers/include/nix/fetchers/registry\.hh$''
+              ''^src/libfetchers/tarball\.cc$''
+              ''^src/libfetchers/include/nix/fetchers/tarball\.hh$''
+              ''^src/libfetchers/git\.cc$''
+              ''^src/libfetchers/mercurial\.cc$''
+              ''^src/libflake/config\.cc$''
+              ''^src/libflake/flake\.cc$''
+              ''^src/libflake/include/nix/flake/flake\.hh$''
+              ''^src/libflake/flakeref\.cc$''
+              ''^src/libflake/include/nix/flake/flakeref\.hh$''
+              ''^src/libflake/lockfile\.cc$''
+              ''^src/libflake/include/nix/flake/lockfile\.hh$''
+              ''^src/libflake/url-name\.cc$''
+              ''^src/libmain/common-args\.cc$''
+              ''^src/libmain/include/nix/main/common-args\.hh$''
+              ''^src/libmain/loggers\.cc$''
+              ''^src/libmain/include/nix/main/loggers\.hh$''
+              ''^src/libmain/progress-bar\.cc$''
+              ''^src/libmain/shared\.cc$''
+              ''^src/libmain/include/nix/main/shared\.hh$''
+              ''^src/libmain/unix/stack\.cc$''
+              ''^src/libstore/binary-cache-store\.cc$''
+              ''^src/libstore/include/nix/store/binary-cache-store\.hh$''
+              ''^src/libstore/include/nix/store/build-result\.hh$''
+              ''^src/libstore/include/nix/store/builtins\.hh$''
+              ''^src/libstore/builtins/buildenv\.cc$''
+              ''^src/libstore/include/nix/store/builtins/buildenv\.hh$''
+              ''^src/libstore/include/nix/store/common-protocol-impl\.hh$''
+              ''^src/libstore/common-protocol\.cc$''
+              ''^src/libstore/include/nix/store/common-protocol\.hh$''
+              ''^src/libstore/include/nix/store/common-ssh-store-config\.hh$''
+              ''^src/libstore/content-address\.cc$''
+              ''^src/libstore/include/nix/store/content-address\.hh$''
+              ''^src/libstore/daemon\.cc$''
+              ''^src/libstore/include/nix/store/daemon\.hh$''
+              ''^src/libstore/derivations\.cc$''
+              ''^src/libstore/include/nix/store/derivations\.hh$''
+              ''^src/libstore/derived-path-map\.cc$''
+              ''^src/libstore/include/nix/store/derived-path-map\.hh$''
+              ''^src/libstore/derived-path\.cc$''
+              ''^src/libstore/include/nix/store/derived-path\.hh$''
+              ''^src/libstore/downstream-placeholder\.cc$''
+              ''^src/libstore/include/nix/store/downstream-placeholder\.hh$''
+              ''^src/libstore/dummy-store\.cc$''
+              ''^src/libstore/export-import\.cc$''
+              ''^src/libstore/filetransfer\.cc$''
+              ''^src/libstore/include/nix/store/filetransfer\.hh$''
+              ''^src/libstore/include/nix/store/gc-store\.hh$''
+              ''^src/libstore/globals\.cc$''
+              ''^src/libstore/include/nix/store/globals\.hh$''
+              ''^src/libstore/http-binary-cache-store\.cc$''
+              ''^src/libstore/legacy-ssh-store\.cc$''
+              ''^src/libstore/include/nix/store/legacy-ssh-store\.hh$''
+              ''^src/libstore/include/nix/store/length-prefixed-protocol-helper\.hh$''
+              ''^src/libstore/linux/personality\.cc$''
+              ''^src/libstore/linux/include/nix/store/personality\.hh$''
+              ''^src/libstore/local-binary-cache-store\.cc$''
+              ''^src/libstore/local-fs-store\.cc$''
+              ''^src/libstore/include/nix/store/local-fs-store\.hh$''
+              ''^src/libstore/log-store\.cc$''
+              ''^src/libstore/include/nix/store/log-store\.hh$''
+              ''^src/libstore/machines\.cc$''
+              ''^src/libstore/include/nix/store/machines\.hh$''
+              ''^src/libstore/make-content-addressed\.cc$''
+              ''^src/libstore/include/nix/store/make-content-addressed\.hh$''
+              ''^src/libstore/misc\.cc$''
+              ''^src/libstore/names\.cc$''
+              ''^src/libstore/include/nix/store/names\.hh$''
+              ''^src/libstore/nar-accessor\.cc$''
+              ''^src/libstore/include/nix/store/nar-accessor\.hh$''
+              ''^src/libstore/nar-info-disk-cache\.cc$''
+              ''^src/libstore/include/nix/store/nar-info-disk-cache\.hh$''
+              ''^src/libstore/nar-info\.cc$''
+              ''^src/libstore/include/nix/store/nar-info\.hh$''
+              ''^src/libstore/outputs-spec\.cc$''
+              ''^src/libstore/include/nix/store/outputs-spec\.hh$''
+              ''^src/libstore/parsed-derivations\.cc$''
+              ''^src/libstore/path-info\.cc$''
+              ''^src/libstore/include/nix/store/path-info\.hh$''
+              ''^src/libstore/path-references\.cc$''
+              ''^src/libstore/include/nix/store/path-regex\.hh$''
+              ''^src/libstore/path-with-outputs\.cc$''
+              ''^src/libstore/path\.cc$''
+              ''^src/libstore/include/nix/store/path\.hh$''
+              ''^src/libstore/pathlocks\.cc$''
+              ''^src/libstore/include/nix/store/pathlocks\.hh$''
+              ''^src/libstore/profiles\.cc$''
+              ''^src/libstore/include/nix/store/profiles\.hh$''
+              ''^src/libstore/realisation\.cc$''
+              ''^src/libstore/include/nix/store/realisation\.hh$''
+              ''^src/libstore/remote-fs-accessor\.cc$''
+              ''^src/libstore/include/nix/store/remote-fs-accessor\.hh$''
+              ''^src/libstore/include/nix/store/remote-store-connection\.hh$''
+              ''^src/libstore/remote-store\.cc$''
+              ''^src/libstore/include/nix/store/remote-store\.hh$''
+              ''^src/libstore/s3-binary-cache-store\.cc$''
+              ''^src/libstore/include/nix/store/s3\.hh$''
+              ''^src/libstore/serve-protocol-impl\.cc$''
+              ''^src/libstore/include/nix/store/serve-protocol-impl\.hh$''
+              ''^src/libstore/serve-protocol\.cc$''
+              ''^src/libstore/include/nix/store/serve-protocol\.hh$''
+              ''^src/libstore/sqlite\.cc$''
+              ''^src/libstore/include/nix/store/sqlite\.hh$''
+              ''^src/libstore/ssh-store\.cc$''
+              ''^src/libstore/ssh\.cc$''
+              ''^src/libstore/include/nix/store/ssh\.hh$''
+              ''^src/libstore/store-api\.cc$''
+              ''^src/libstore/include/nix/store/store-api\.hh$''
+              ''^src/libstore/include/nix/store/store-dir-config\.hh$''
+              ''^src/libstore/build/derivation-goal\.cc$''
+              ''^src/libstore/include/nix/store/build/derivation-goal\.hh$''
+              ''^src/libstore/build/drv-output-substitution-goal\.cc$''
+              ''^src/libstore/include/nix/store/build/drv-output-substitution-goal\.hh$''
+              ''^src/libstore/build/entry-points\.cc$''
+              ''^src/libstore/build/goal\.cc$''
+              ''^src/libstore/include/nix/store/build/goal\.hh$''
+              ''^src/libstore/unix/build/hook-instance\.cc$''
+              ''^src/libstore/unix/build/derivation-builder\.cc$''
+              ''^src/libstore/unix/include/nix/store/build/derivation-builder\.hh$''
+              ''^src/libstore/build/substitution-goal\.cc$''
+              ''^src/libstore/include/nix/store/build/substitution-goal\.hh$''
+              ''^src/libstore/build/worker\.cc$''
+              ''^src/libstore/include/nix/store/build/worker\.hh$''
+              ''^src/libstore/builtins/fetchurl\.cc$''
+              ''^src/libstore/builtins/unpack-channel\.cc$''
+              ''^src/libstore/gc\.cc$''
+              ''^src/libstore/local-overlay-store\.cc$''
+              ''^src/libstore/include/nix/store/local-overlay-store\.hh$''
+              ''^src/libstore/local-store\.cc$''
+              ''^src/libstore/include/nix/store/local-store\.hh$''
+              ''^src/libstore/unix/user-lock\.cc$''
+              ''^src/libstore/unix/include/nix/store/user-lock\.hh$''
+              ''^src/libstore/optimise-store\.cc$''
+              ''^src/libstore/unix/pathlocks\.cc$''
+              ''^src/libstore/posix-fs-canonicalise\.cc$''
+              ''^src/libstore/include/nix/store/posix-fs-canonicalise\.hh$''
+              ''^src/libstore/uds-remote-store\.cc$''
+              ''^src/libstore/include/nix/store/uds-remote-store\.hh$''
+              ''^src/libstore/windows/build\.cc$''
+              ''^src/libstore/include/nix/store/worker-protocol-impl\.hh$''
+              ''^src/libstore/worker-protocol\.cc$''
+              ''^src/libstore/include/nix/store/worker-protocol\.hh$''
+              ''^src/libutil-c/nix_api_util_internal\.h$''
+              ''^src/libutil/archive\.cc$''
+              ''^src/libutil/include/nix/util/archive\.hh$''
+              ''^src/libutil/args\.cc$''
+              ''^src/libutil/include/nix/util/args\.hh$''
+              ''^src/libutil/include/nix/util/args/root\.hh$''
+              ''^src/libutil/include/nix/util/callback\.hh$''
+              ''^src/libutil/canon-path\.cc$''
+              ''^src/libutil/include/nix/util/canon-path\.hh$''
+              ''^src/libutil/include/nix/util/chunked-vector\.hh$''
+              ''^src/libutil/include/nix/util/closure\.hh$''
+              ''^src/libutil/include/nix/util/comparator\.hh$''
+              ''^src/libutil/compute-levels\.cc$''
+              ''^src/libutil/include/nix/util/config-impl\.hh$''
+              ''^src/libutil/configuration\.cc$''
+              ''^src/libutil/include/nix/util/configuration\.hh$''
+              ''^src/libutil/current-process\.cc$''
+              ''^src/libutil/include/nix/util/current-process\.hh$''
+              ''^src/libutil/english\.cc$''
+              ''^src/libutil/include/nix/util/english\.hh$''
+              ''^src/libutil/error\.cc$''
+              ''^src/libutil/include/nix/util/error\.hh$''
+              ''^src/libutil/include/nix/util/exit\.hh$''
+              ''^src/libutil/experimental-features\.cc$''
+              ''^src/libutil/include/nix/util/experimental-features\.hh$''
+              ''^src/libutil/file-content-address\.cc$''
+              ''^src/libutil/include/nix/util/file-content-address\.hh$''
+              ''^src/libutil/file-descriptor\.cc$''
+              ''^src/libutil/include/nix/util/file-descriptor\.hh$''
+              ''^src/libutil/include/nix/util/file-path-impl\.hh$''
+              ''^src/libutil/include/nix/util/file-path\.hh$''
+              ''^src/libutil/file-system\.cc$''
+              ''^src/libutil/include/nix/util/file-system\.hh$''
+              ''^src/libutil/include/nix/util/finally\.hh$''
+              ''^src/libutil/include/nix/util/fmt\.hh$''
+              ''^src/libutil/fs-sink\.cc$''
+              ''^src/libutil/include/nix/util/fs-sink\.hh$''
+              ''^src/libutil/git\.cc$''
+              ''^src/libutil/include/nix/util/git\.hh$''
+              ''^src/libutil/hash\.cc$''
+              ''^src/libutil/include/nix/util/hash\.hh$''
+              ''^src/libutil/hilite\.cc$''
+              ''^src/libutil/include/nix/util/hilite\.hh$''
+              ''^src/libutil/source-accessor\.hh$''
+              ''^src/libutil/include/nix/util/json-impls\.hh$''
+              ''^src/libutil/json-utils\.cc$''
+              ''^src/libutil/include/nix/util/json-utils\.hh$''
+              ''^src/libutil/linux/cgroup\.cc$''
+              ''^src/libutil/linux/namespaces\.cc$''
+              ''^src/libutil/logging\.cc$''
+              ''^src/libutil/include/nix/util/logging\.hh$''
+              ''^src/libutil/memory-source-accessor\.cc$''
+              ''^src/libutil/include/nix/util/memory-source-accessor\.hh$''
+              ''^src/libutil/include/nix/util/pool\.hh$''
+              ''^src/libutil/position\.cc$''
+              ''^src/libutil/include/nix/util/position\.hh$''
+              ''^src/libutil/posix-source-accessor\.cc$''
+              ''^src/libutil/include/nix/util/posix-source-accessor\.hh$''
+              ''^src/libutil/include/nix/util/processes\.hh$''
+              ''^src/libutil/include/nix/util/ref\.hh$''
+              ''^src/libutil/references\.cc$''
+              ''^src/libutil/include/nix/util/references\.hh$''
+              ''^src/libutil/regex-combinators\.hh$''
+              ''^src/libutil/serialise\.cc$''
+              ''^src/libutil/include/nix/util/serialise\.hh$''
+              ''^src/libutil/include/nix/util/signals\.hh$''
+              ''^src/libutil/signature/local-keys\.cc$''
+              ''^src/libutil/include/nix/util/signature/local-keys\.hh$''
+              ''^src/libutil/signature/signer\.cc$''
+              ''^src/libutil/include/nix/util/signature/signer\.hh$''
+              ''^src/libutil/source-accessor\.cc$''
+              ''^src/libutil/include/nix/util/source-accessor\.hh$''
+              ''^src/libutil/source-path\.cc$''
+              ''^src/libutil/include/nix/util/source-path\.hh$''
+              ''^src/libutil/include/nix/util/split\.hh$''
+              ''^src/libutil/suggestions\.cc$''
+              ''^src/libutil/include/nix/util/suggestions\.hh$''
+              ''^src/libutil/include/nix/util/sync\.hh$''
+              ''^src/libutil/terminal\.cc$''
+              ''^src/libutil/include/nix/util/terminal\.hh$''
+              ''^src/libutil/thread-pool\.cc$''
+              ''^src/libutil/include/nix/util/thread-pool\.hh$''
+              ''^src/libutil/include/nix/util/topo-sort\.hh$''
+              ''^src/libutil/include/nix/util/types\.hh$''
+              ''^src/libutil/unix/file-descriptor\.cc$''
+              ''^src/libutil/unix/file-path\.cc$''
+              ''^src/libutil/unix/processes\.cc$''
+              ''^src/libutil/unix/include/nix/util/signals-impl\.hh$''
+              ''^src/libutil/unix/signals\.cc$''
+              ''^src/libutil/unix-domain-socket\.cc$''
+              ''^src/libutil/unix/users\.cc$''
+              ''^src/libutil/include/nix/util/url-parts\.hh$''
+              ''^src/libutil/url\.cc$''
+              ''^src/libutil/include/nix/util/url\.hh$''
+              ''^src/libutil/users\.cc$''
+              ''^src/libutil/include/nix/util/users\.hh$''
+              ''^src/libutil/util\.cc$''
+              ''^src/libutil/include/nix/util/util\.hh$''
+              ''^src/libutil/include/nix/util/variant-wrapper\.hh$''
+              ''^src/libutil/widecharwidth/widechar_width\.h$'' # vendored source
+              ''^src/libutil/windows/file-descriptor\.cc$''
+              ''^src/libutil/windows/file-path\.cc$''
+              ''^src/libutil/windows/processes\.cc$''
+              ''^src/libutil/windows/users\.cc$''
+              ''^src/libutil/windows/windows-error\.cc$''
+              ''^src/libutil/windows/include/nix/util/windows-error\.hh$''
+              ''^src/libutil/xml-writer\.cc$''
+              ''^src/libutil/include/nix/util/xml-writer\.hh$''
+              ''^src/nix-build/nix-build\.cc$''
+              ''^src/nix-channel/nix-channel\.cc$''
+              ''^src/nix-collect-garbage/nix-collect-garbage\.cc$''
+              ''^src/nix-env/buildenv.nix$''
+              ''^src/nix-env/nix-env\.cc$''
+              ''^src/nix-env/user-env\.cc$''
+              ''^src/nix-env/user-env\.hh$''
+              ''^src/nix-instantiate/nix-instantiate\.cc$''
+              ''^src/nix-store/dotgraph\.cc$''
+              ''^src/nix-store/graphml\.cc$''
+              ''^src/nix-store/nix-store\.cc$''
+              ''^src/nix/add-to-store\.cc$''
+              ''^src/nix/app\.cc$''
+              ''^src/nix/build\.cc$''
+              ''^src/nix/bundle\.cc$''
+              ''^src/nix/cat\.cc$''
+              ''^src/nix/config-check\.cc$''
+              ''^src/nix/config\.cc$''
+              ''^src/nix/copy\.cc$''
+              ''^src/nix/derivation-add\.cc$''
+              ''^src/nix/derivation-show\.cc$''
+              ''^src/nix/derivation\.cc$''
+              ''^src/nix/develop\.cc$''
+              ''^src/nix/diff-closures\.cc$''
+              ''^src/nix/dump-path\.cc$''
+              ''^src/nix/edit\.cc$''
+              ''^src/nix/eval\.cc$''
+              ''^src/nix/flake\.cc$''
+              ''^src/nix/fmt\.cc$''
+              ''^src/nix/hash\.cc$''
+              ''^src/nix/log\.cc$''
+              ''^src/nix/ls\.cc$''
+              ''^src/nix/main\.cc$''
+              ''^src/nix/make-content-addressed\.cc$''
+              ''^src/nix/nar\.cc$''
+              ''^src/nix/optimise-store\.cc$''
+              ''^src/nix/path-from-hash-part\.cc$''
+              ''^src/nix/path-info\.cc$''
+              ''^src/nix/prefetch\.cc$''
+              ''^src/nix/profile\.cc$''
+              ''^src/nix/realisation\.cc$''
+              ''^src/nix/registry\.cc$''
+              ''^src/nix/repl\.cc$''
+              ''^src/nix/run\.cc$''
+              ''^src/nix/run\.hh$''
+              ''^src/nix/search\.cc$''
+              ''^src/nix/sigs\.cc$''
+              ''^src/nix/store-copy-log\.cc$''
+              ''^src/nix/store-delete\.cc$''
+              ''^src/nix/store-gc\.cc$''
+              ''^src/nix/store-info\.cc$''
+              ''^src/nix/store-repair\.cc$''
+              ''^src/nix/store\.cc$''
+              ''^src/nix/unix/daemon\.cc$''
+              ''^src/nix/upgrade-nix\.cc$''
+              ''^src/nix/verify\.cc$''
+              ''^src/nix/why-depends\.cc$''
+
+              ''^tests/functional/plugins/plugintest\.cc''
+              ''^tests/functional/test-libstoreconsumer/main\.cc''
+              ''^tests/nixos/ca-fd-leak/sender\.c''
+              ''^tests/nixos/ca-fd-leak/smuggler\.c''
+              ''^tests/nixos/user-sandboxing/attacker\.c''
+              ''^src/libexpr-test-support/include/nix/expr/tests/libexpr\.hh''
+              ''^src/libexpr-test-support/tests/value/context\.cc''
+              ''^src/libexpr-test-support/include/nix/expr/tests/value/context\.hh''
+              ''^src/libexpr-tests/derived-path\.cc''
+              ''^src/libexpr-tests/error_traces\.cc''
+              ''^src/libexpr-tests/eval\.cc''
+              ''^src/libexpr-tests/json\.cc''
+              ''^src/libexpr-tests/main\.cc''
+              ''^src/libexpr-tests/primops\.cc''
+              ''^src/libexpr-tests/search-path\.cc''
+              ''^src/libexpr-tests/trivial\.cc''
+              ''^src/libexpr-tests/value/context\.cc''
+              ''^src/libexpr-tests/value/print\.cc''
+              ''^src/libfetchers-tests/public-key\.cc''
+              ''^src/libflake-tests/flakeref\.cc''
+              ''^src/libflake-tests/url-name\.cc''
+              ''^src/libstore-test-support/tests/derived-path\.cc''
+              ''^src/libstore-test-support/include/nix/store/tests/derived-path\.hh''
+              ''^src/libstore-test-support/include/nix/store/tests/nix_api_store\.hh''
+              ''^src/libstore-test-support/tests/outputs-spec\.cc''
+              ''^src/libstore-test-support/include/nix/store/tests/outputs-spec\.hh''
+              ''^src/libstore-test-support/path\.cc''
+              ''^src/libstore-test-support/include/nix/store/tests/path\.hh''
+              ''^src/libstore-test-support/include/nix/store/tests/protocol\.hh''
+              ''^src/libstore-tests/common-protocol\.cc''
+              ''^src/libstore-tests/content-address\.cc''
+              ''^src/libstore-tests/derivation\.cc''
+              ''^src/libstore-tests/derived-path\.cc''
+              ''^src/libstore-tests/downstream-placeholder\.cc''
+              ''^src/libstore-tests/machines\.cc''
+              ''^src/libstore-tests/nar-info-disk-cache\.cc''
+              ''^src/libstore-tests/nar-info\.cc''
+              ''^src/libstore-tests/outputs-spec\.cc''
+              ''^src/libstore-tests/path-info\.cc''
+              ''^src/libstore-tests/path\.cc''
+              ''^src/libstore-tests/serve-protocol\.cc''
+              ''^src/libstore-tests/worker-protocol\.cc''
+              ''^src/libutil-test-support/include/nix/util/tests/characterization\.hh''
+              ''^src/libutil-test-support/hash\.cc''
+              ''^src/libutil-test-support/include/nix/util/tests/hash\.hh''
+              ''^src/libutil-tests/args\.cc''
+              ''^src/libutil-tests/canon-path\.cc''
+              ''^src/libutil-tests/chunked-vector\.cc''
+              ''^src/libutil-tests/closure\.cc''
+              ''^src/libutil-tests/compression\.cc''
+              ''^src/libutil-tests/config\.cc''
+              ''^src/libutil-tests/file-content-address\.cc''
+              ''^src/libutil-tests/git\.cc''
+              ''^src/libutil-tests/hash\.cc''
+              ''^src/libutil-tests/hilite\.cc''
+              ''^src/libutil-tests/json-utils\.cc''
+              ''^src/libutil-tests/logging\.cc''
+              ''^src/libutil-tests/lru-cache\.cc''
+              ''^src/libutil-tests/pool\.cc''
+              ''^src/libutil-tests/references\.cc''
+              ''^src/libutil-tests/suggestions\.cc''
+              ''^src/libutil-tests/url\.cc''
+              ''^src/libutil-tests/xml-writer\.cc''
            ];
          };
          shellcheck = {
@@ -173,6 +611,8 @@
              ''^tests/functional/gc-concurrent\.sh$''
              ''^tests/functional/gc-concurrent2\.builder\.sh$''
              ''^tests/functional/gc-non-blocking\.sh$''
+              ''^tests/functional/git-hashing/common\.sh$''
+              ''^tests/functional/git-hashing/simple\.sh$''
              ''^tests/functional/hash-convert\.sh$''
              ''^tests/functional/impure-derivations\.sh$''
              ''^tests/functional/impure-eval\.sh$''
@@ -248,6 +688,7 @@
              ''^tests/functional/user-envs\.builder\.sh$''
              ''^tests/functional/user-envs\.sh$''
              ''^tests/functional/why-depends\.sh$''
+              ''^src/libutil-tests/data/git/check-data\.sh$''
            ];
          };
        };
--- a/maintainers/format.sh
+++ b/maintainers/format.sh
@@ -1,16 +1,11 @@
 #!/usr/bin/env bash

 if ! type -p pre-commit &>/dev/null; then
-  echo "format.sh: pre-commit not found. Please use \`nix develop -c ./maintainers/format.sh\`.";
+  echo "format.sh: pre-commit not found. Please use \`nix develop\`.";
  exit 1;
 fi;
 if test -z "$_NIX_PRE_COMMIT_HOOKS_CONFIG"; then
-  echo "format.sh: _NIX_PRE_COMMIT_HOOKS_CONFIG not set. Please use \`nix develop -c ./maintainers/format.sh\`.";
+  echo "format.sh: _NIX_PRE_COMMIT_HOOKS_CONFIG not set. Please use \`nix develop\`.";
  exit 1;
 fi;
-
-while ! pre-commit run --config "$_NIX_PRE_COMMIT_HOOKS_CONFIG" --all-files; do
-    if [ "${1:-}" != "--until-stable" ]; then
-        exit 1
-    fi
-done
+pre-commit run --config "$_NIX_PRE_COMMIT_HOOKS_CONFIG" --all-files
--- a/maintainers/onboarding.md
+++ b/maintainers/onboarding.md
@@ -3,9 +3,5 @@

 - https://github.com/NixOS/nixos-homepage/
 - https://github.com/orgs/NixOS/teams/nix-team
- Matrix rooms
-  - [private] Nix maintainer team
-  - Nix ∪ Lix devs (also private)
-  - any open security issues if present and needed
-
+- Matrix room
 - Team member should subscribe to notifications for the [Nix development category on Discourse](https://discourse.nixos.org/c/dev/nix/50)
--- a/maintainers/release-notes
+++ b/maintainers/release-notes
@@ -157,7 +157,7 @@ section_title="Release $version_full ($DATE)"

  if ! $IS_PATCH; then
    echo
-    echo "## Contributors"
+    echo "# Contributors"
    echo
    VERSION=$version_full ./maintainers/release-credits
  fi
--- a/maintainers/release-notes-todo
+++ b/maintainers/release-notes-todo
@@ -1,58 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-# debug:
-# set -x
-
-START_REF="${1}"
-END_REF="${2:-upstream/master}"
-
-# Get the merge base
-MERGE_BASE=$(git merge-base "$START_REF" "$END_REF")
-unset START_REF
-
-# Get date range
-START_DATE=$(git show -s --format=%cI "$MERGE_BASE")
-END_DATE=$(git show -s --format=%cI "$END_REF")
-
-echo "Checking PRs merged between $START_DATE and $END_DATE" >&2
-
-# Get all commits between merge base and HEAD
-COMMITS=$(git rev-list "$MERGE_BASE..$END_REF")
-
-# Convert to set for fast lookup
-declare -A commit_set
-for commit in $COMMITS; do
-    commit_set["$commit"]=1
-done
-
-# Get the current changelog
-LOG_DONE="$(changelog-d doc/manual/rl-next)"
-is_done(){
-    local nr="$1"
-    echo "$LOG_DONE" | grep -E "^- .*/pull/$nr)"
-}
-
-# Query merged PRs in date range
-gh pr list \
-    --repo NixOS/nix \
-    --state merged \
-    --limit 1000 \
-    --json number,title,author,mergeCommit \
-    --search "merged:$START_DATE..$END_DATE" | \
-jq -r '.[] | [.number, .mergeCommit.oid, .title, .author.login] | @tsv' | \
-while IFS=$'\t' read -r pr_num merge_commit _title author; do
-    # Check if this PR's merge commit is in our branch
-    if [[ -n "${commit_set[$merge_commit]:-}" ]]; then
-        # Full detail, not suitable for comment due to mass ping and duplicate title
-        # echo "- #$pr_num $_title (@$author)"
-        echo "- #$pr_num ($author)"
-        if is_done "$pr_num"
-        then
-            echo "  - [x] has note"
-        else
-            echo "  - [ ] has note"
-        fi
-        echo "  - [ ] skip"
-    fi
-done
--- a/maintainers/release-process.md
+++ b/maintainers/release-process.md
@@ -24,18 +24,11 @@ release:
 * In a checkout of the Nix repo, make sure you're on `master` and run
  `git pull`.

-* Compile a release notes to-do list by running
-
-  ```console
-  $ ./maintainers/release-notes-todo PREV_RELEASE HEAD
-  ```
-
 * Compile the release notes by running

  ```console
  $ export VERSION=X.YY
  $ git checkout -b release-notes
-  $ export GITHUB_TOKEN=...
  $ ./maintainers/release-notes
  ```

@@ -46,6 +39,10 @@ release:
 * Proof-read / edit / rearrange the release notes if needed. Breaking changes
  and highlights should go to the top.

+* Run `maintainers/release-credits` to make sure the credits script works
+  and produces a sensible output. Some emails might not automatically map to
+  a GitHub handle.
+
 * Push.

  ```console
@@ -133,8 +130,6 @@ release:

  Commit and push this to the maintenance branch.

-* Create a backport label.
-
 * Bump the version of `master`:

  ```console
@@ -142,7 +137,6 @@ release:
  $ git pull
  $ NEW_VERSION=2.13.0
  $ echo $NEW_VERSION > .version
-  $ ... edit .mergify.yml to add the previous version ...
  $ git checkout -b bump-$NEW_VERSION
  $ git commit -a -m 'Bump version'
  $ git push --set-upstream origin bump-$NEW_VERSION
@@ -150,6 +144,10 @@ release:

  Make a pull request and auto-merge it.

+* Create a backport label.
+
+* Add the new backport label to `.mergify.yml`.
+
 * Post an [announcement on Discourse](https://discourse.nixos.org/c/announcements/8), including the contents of
  `rl-$VERSION.md`.

--- a/meson.build
+++ b/meson.build
@@ -1,15 +1,13 @@
 # This is just a stub project to include all the others as subprojects
 # for development shell purposes

-project(
-  'nix-dev-shell',
-  'cpp',
+project('nix-dev-shell', 'cpp',
  version : files('.version'),
  subproject_dir : 'src',
  default_options : [
    'localstatedir=/nix/var',
  ],
-  meson_version : '>= 1.1',
+  meson_version : '>= 1.1'
 )

 # Internal Libraries
@@ -28,7 +26,7 @@ subproject('nix')
 if get_option('doc-gen')
  subproject('internal-api-docs')
  subproject('external-api-docs')
-  if meson.can_run_host_binaries()
+  if not meson.is_cross_build()
    subproject('nix-manual')
  endif
 endif
--- a/meson.format
+++ b/meson.format
@@ -1,7 +0,0 @@
-indent_by = '  '
-space_array = true
-kwargs_force_multiline = false
-wide_colon = true
-group_arg_value = true
-indent_before_comments = ' '
-use_editor_config = true
--- a/meson.options
+++ b/meson.options
@@ -1,29 +1,13 @@
 # vim: filetype=meson

-option(
-  'doc-gen',
-  type : 'boolean',
-  value : false,
+option('doc-gen', type : 'boolean', value : false,
  description : 'Generate documentation',
 )

-option(
-  'unit-tests',
-  type : 'boolean',
-  value : true,
+option('unit-tests', type : 'boolean', value : true,
  description : 'Build unit tests',
 )

-option(
-  'bindings',
-  type : 'boolean',
-  value : true,
+option('bindings', type : 'boolean', value : true,
  description : 'Build language bindings (e.g. Perl)',
 )
-
-option(
-  'benchmarks',
-  type : 'boolean',
-  value : false,
-  description : 'Build benchmarks (requires gbenchmark)',
-)
--- a/misc/freebsd/meson.build
+++ b/misc/freebsd/meson.build
@@ -1,10 +0,0 @@
-configure_file(
-  input : 'nix-daemon.in',
-  output : 'nix-daemon',
-  install : true,
-  install_dir : get_option('prefix') / 'etc/rc.d',
-  install_mode : 'rwxr-xr-x',
-  configuration : {
-    'bindir' : bindir,
-  },
-)
--- a/misc/freebsd/nix-daemon.in
+++ b/misc/freebsd/nix-daemon.in
@@ -1,49 +0,0 @@
-#!/bin/sh
-#
-# PROVIDE: nix_daemon
-# REQUIRE: DAEMON
-# KEYWORD: shutdown
-#
-# Add the following lines to /etc/rc.conf to enable nix-daemon:
-#
-# nix_daemon_enable="YES"
-#
-
-# shellcheck source=/dev/null
-. /etc/rc.subr
-
-name="nix_daemon"
-# shellcheck disable=SC2034
-rcvar="nix_daemon_enable"
-
-load_rc_config $name
-
-: "${nix_daemon_enable:=NO}"
-
-command="@bindir@/nix-daemon"
-command_args=""
-pidfile="/var/run/nix-daemon.pid"
-
-# shellcheck disable=SC2034
-start_cmd="${name}_start"
-# shellcheck disable=SC2034
-stop_cmd="${name}_stop"
-
-nix_daemon_start() {
-    echo "Starting ${name}."
-    # command_args is intentionally unquoted to allow multiple arguments
-    # shellcheck disable=SC2086
-    /usr/sbin/daemon -c -f -p "${pidfile}" "${command}" ${command_args}
-}
-
-nix_daemon_stop() {
-    if [ -f "${pidfile}" ]; then
-        echo "Stopping ${name}."
-        kill -TERM "$(cat "${pidfile}")"
-        rm -f "${pidfile}"
-    else
-        echo "${name} is not running."
-    fi
-}
-
-run_rc_command "$1"
--- a/misc/launchd/meson.build
+++ b/misc/launchd/meson.build
@@ -9,5 +9,5 @@ configure_file(
    # 'storedir' : store_dir,
    # 'localstatedir' : localstatedir,
    # 'bindir' : bindir,
-},
+  },
 )
--- a/misc/meson.build
+++ b/misc/meson.build
@@ -9,7 +9,3 @@ endif
 if host_machine.system() == 'darwin'
  subdir('launchd')
 endif
-
-if host_machine.system() == 'freebsd'
-  subdir('freebsd')
-endif
--- a/misc/systemd/nix-daemon.conf.in
+++ b/misc/systemd/nix-daemon.conf.in
@@ -1,2 +1 @@
-d @localstatedir@/nix/daemon-socket 0755 root root -  -
-d @localstatedir@/nix/builds        0755 root root 7d -
+d @localstatedir@/nix/daemon-socket 0755 root root - -
--- a/nix-meson-build-support/big-objs/meson.build
+++ b/nix-meson-build-support/big-objs/meson.build
@@ -2,5 +2,5 @@ if host_machine.system() == 'windows'
  # libexpr's primops creates a large object
  # Without the following flag, we'll get errors when cross-compiling to mingw32:
  # Fatal error: can't write 66 bytes to section .text of src/libexpr/libnixexpr.dll.p/primops.cc.obj: 'file too big'
-  add_project_arguments([ '-Wa,-mbig-obj' ], language : 'cpp')
+  add_project_arguments([ '-Wa,-mbig-obj' ], language: 'cpp')
 endif
--- a/nix-meson-build-support/common/meson.build
+++ b/nix-meson-build-support/common/meson.build
@@ -18,25 +18,3 @@ add_project_arguments(
  '-Wno-deprecated-declarations',
  language : 'cpp',
 )
-
-# GCC doesn't benefit much from precompiled headers.
-do_pch = cxx.get_id() == 'clang'
-
-# This is a clang-only option for improving build times.
-# It forces the instantiation of templates in the PCH itself and
-# not every translation unit it's included in.
-# It's available starting from clang 11, which is old enough to not
-# bother checking the version.
-# This feature helps in particular with the expensive nlohmann::json template
-# instantiations in libutil and libstore.
-if cxx.get_id() == 'clang'
-  add_project_arguments('-fpch-instantiate-templates', language : 'cpp')
-endif
-
-# Clang gets grumpy about missing libasan symbols if -shared-libasan is not
-# passed when building shared libs, at least on Linux
-if cxx.get_id() == 'clang' and ('address' in get_option('b_sanitize') or 'undefined' in get_option(
-  'b_sanitize',
-))
-  add_project_link_arguments('-shared-libasan', language : 'cpp')
-endif
--- a/nix-meson-build-support/default-system-cpu/meson.build
+++ b/nix-meson-build-support/default-system-cpu/meson.build
@@ -1,19 +0,0 @@
-# This attempts to translate meson cpu_family and cpu_name specified via
-# --cross-file [1] into a nix *system double*. Nixpkgs mostly respects ([2]) the
-# conventions outlined in [1].
-#
-# [1]: https://mesonbuild.com/Reference-tables.html#cpu-families
-# [2]: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/lib/meson.nix
-
-nix_system_cpu = {'ppc64' : 'powerpc64', 'ppc' : 'powerpc', 'x86' : 'i686'}.get(
-  host_machine.cpu_family(),
-  host_machine.cpu_family(),
-)
-
-if (host_machine.cpu_family() in [ 'ppc64', 'ppc' ]) and host_machine.endian() == 'little'
-  nix_system_cpu += 'le'
-elif host_machine.cpu_family() in [ 'mips64', 'mips' ] and host_machine.endian() == 'little'
-  nix_system_cpu += 'el'
-elif host_machine.cpu_family() == 'arm'
-  nix_system_cpu = host_machine.cpu()
-endif
--- a/nix-meson-build-support/deps-lists/meson.build
+++ b/nix-meson-build-support/deps-lists/meson.build
@@ -6,7 +6,7 @@
 # *interface*.
 #
 # See `man pkg-config` for some details.
-deps_private = []
+deps_private = [ ]

 # These are public dependencies with pkg-config files. Public is the
 # opposite of private: these dependencies are used in installed header
@@ -23,14 +23,14 @@ deps_private = []
 # N.B. For distributions that care about "ABI" stability and not just
 # "API" stability, the private dependencies also matter as they can
 # potentially affect the public ABI.
-deps_public = []
+deps_public = [ ]

 # These are subproject deps (type == "internal"). They are other
 # packages in `/src` in this repo. The private vs public distinction is
 # the same as above.
-deps_private_subproject = []
-deps_public_subproject = []
+deps_private_subproject = [ ]
+deps_public_subproject = [ ]

 # These are dependencencies without pkg-config files. Ideally they are
 # just private, but they may also be public (e.g. boost).
-deps_other = []
+deps_other = [ ]
--- a/nix-meson-build-support/export-all-symbols/meson.build
+++ b/nix-meson-build-support/export-all-symbols/meson.build
@@ -5,7 +5,7 @@ if host_machine.system() == 'cygwin' or host_machine.system() == 'windows'
  # and not detail with this yet.
  #
  # TODO do not do this, and instead do fine-grained export annotations.
-  linker_export_flags = [ '-Wl,--export-all-symbols' ]
+  linker_export_flags = ['-Wl,--export-all-symbols']
 else
  linker_export_flags = []
 endif
--- a/nix-meson-build-support/export/meson.build
+++ b/nix-meson-build-support/export/meson.build
@@ -1,41 +1,32 @@
 requires_private = []
 foreach dep : deps_private_subproject
-  requires_private += dep.name()
+  requires_private  += dep.name()
 endforeach
 requires_private += deps_private

-requires_public = []
+requires_public  = []
 foreach dep : deps_public_subproject
-  requires_public += dep.name()
+  requires_public  += dep.name()
 endforeach
 requires_public += deps_public

 extra_pkg_config_variables = get_variable('extra_pkg_config_variables', {})
-
-extra_cflags = []
-if not meson.project_name().endswith('-c')
-  extra_cflags += [ '-std=c++23' ]
-endif
-
 import('pkgconfig').generate(
  this_library,
  filebase : meson.project_name(),
  name : 'Nix',
  description : 'Nix Package Manager',
-  extra_cflags : extra_cflags,
+  extra_cflags : ['-std=c++2a'],
  requires : requires_public,
  requires_private : requires_private,
  libraries_private : libraries_private,
  variables : extra_pkg_config_variables,
 )

-meson.override_dependency(
-  meson.project_name(),
-  declare_dependency(
-    include_directories : include_dirs,
-    link_with : this_library,
-    compile_args : [ '-std=c++23' ],
-    dependencies : deps_public_subproject + deps_public,
-    variables : extra_pkg_config_variables,
-  ),
-)
+meson.override_dependency(meson.project_name(), declare_dependency(
+  include_directories : include_dirs,
+  link_with : this_library,
+  compile_args : ['-std=c++2a'],
+  dependencies : deps_public_subproject + deps_public,
+  variables : extra_pkg_config_variables,
+))
--- a/nix-meson-build-support/generate-header/meson.build
+++ b/nix-meson-build-support/generate-header/meson.build
@@ -1,12 +1,7 @@
-bash = find_program('bash', native : true)
+bash = find_program('bash', native: true)

 gen_header = generator(
  bash,
-  arguments : [
-    '-c',
-    '{ echo \'R"__NIX_STR(\' && cat @INPUT@ && echo \')__NIX_STR"\'; } > "$1"',
-    '_ignored_argv0',
-    '@OUTPUT@',
-  ],
+  arguments : [ '-c', '{ echo \'R"__NIX_STR(\' && cat @INPUT@ && echo \')__NIX_STR"\'; } > "$1"', '_ignored_argv0', '@OUTPUT@' ],
  output : '@PLAINNAME@.gen.hh',
 )
--- a/nix-meson-build-support/windows-version/meson.build
+++ b/nix-meson-build-support/windows-version/meson.build
@@ -2,5 +2,5 @@ if host_machine.system() == 'windows'
  # https://learn.microsoft.com/en-us/cpp/porting/modifying-winver-and-win32-winnt?view=msvc-170
  # #define _WIN32_WINNT_WIN8 0x0602
  # We currently don't use any API which requires higher than this.
-  add_project_arguments([ '-D_WIN32_WINNT=0x0602' ], language : 'cpp')
+  add_project_arguments([ '-D_WIN32_WINNT=0x0602' ], language: 'cpp')
 endif
--- a/packaging/binary-tarball.nix
+++ b/packaging/binary-tarball.nix
@@ -37,9 +37,6 @@ runCommand "nix-binary-tarball-${version}" env ''
  substitute ${../scripts/install-systemd-multi-user.sh} $TMPDIR/install-systemd-multi-user.sh \
    --subst-var-by nix ${nix} \
    --subst-var-by cacert ${cacert}
-  substitute ${../scripts/install-freebsd-multi-user.sh} $TMPDIR/install-freebsd-multi-user.sh \
-    --subst-var-by nix ${nix} \
-    --subst-var-by cacert ${cacert}
  substitute ${../scripts/install-multi-user.sh} $TMPDIR/install-multi-user \
    --subst-var-by nix ${nix} \
    --subst-var-by cacert ${cacert}
@@ -51,7 +48,6 @@ runCommand "nix-binary-tarball-${version}" env ''
    shellcheck $TMPDIR/create-darwin-volume.sh
    shellcheck $TMPDIR/install-darwin-multi-user.sh
    shellcheck $TMPDIR/install-systemd-multi-user.sh
-    shellcheck $TMPDIR/install-freebsd-multi-user.sh

    # SC1091: Don't panic about not being able to source
    #         /etc/profile
@@ -68,7 +64,6 @@ runCommand "nix-binary-tarball-${version}" env ''
  chmod +x $TMPDIR/create-darwin-volume.sh
  chmod +x $TMPDIR/install-darwin-multi-user.sh
  chmod +x $TMPDIR/install-systemd-multi-user.sh
-  chmod +x $TMPDIR/install-freebsd-multi-user.sh
  chmod +x $TMPDIR/install-multi-user
  dir=nix-${version}-${system}
  fn=$out/$dir.tar.xz
@@ -87,7 +82,6 @@ runCommand "nix-binary-tarball-${version}" env ''
    $TMPDIR/create-darwin-volume.sh \
    $TMPDIR/install-darwin-multi-user.sh \
    $TMPDIR/install-systemd-multi-user.sh \
-    $TMPDIR/install-freebsd-multi-user.sh \
    $TMPDIR/install-multi-user \
    $TMPDIR/reginfo \
    $(cat ${installerClosureInfo}/store-paths)
--- a/packaging/components.nix
+++ b/packaging/components.nix
@@ -54,12 +54,12 @@ let
    preConfigure =
      prevAttrs.preConfigure or ""
      +
-      # Update the repo-global .version file.
-      # Symlink ./.version points there, but by default only workDir is writable.
-      ''
-        chmod u+w ./.version
-        echo ${finalAttrs.version} > ./.version
-      '';
+        # Update the repo-global .version file.
+        # Symlink ./.version points there, but by default only workDir is writable.
+        ''
+          chmod u+w ./.version
+          echo ${finalAttrs.version} > ./.version
+        '';
  };

  localSourceLayer =
@@ -148,8 +148,7 @@ let
    nativeBuildInputs = [
      meson
      ninja
-    ]
-    ++ prevAttrs.nativeBuildInputs or [ ];
+    ] ++ prevAttrs.nativeBuildInputs or [ ];
    mesonCheckFlags = prevAttrs.mesonCheckFlags or [ ] ++ [
      "--print-errorlogs"
    ];
@@ -167,17 +166,6 @@ let
    outputs = prevAttrs.outputs or [ "out" ] ++ [ "dev" ];
  };

-  fixupStaticLayer = finalAttrs: prevAttrs: {
-    postFixup =
-      prevAttrs.postFixup or ""
-      + lib.optionalString (stdenv.hostPlatform.isStatic) ''
-        # HACK: Otherwise the result will have the entire buildInputs closure
-        # injected by the pkgsStatic stdenv
-        # <https://github.com/NixOS/nixpkgs/issues/83667>
-        rm -f $out/nix-support/propagated-build-inputs
-      '';
-  };
-
  # Work around weird `--as-needed` linker behavior with BSD, see
  # https://github.com/mesonbuild/meson/issues/3593
  bsdNoLinkAsNeeded =
@@ -313,7 +301,6 @@ in
    scope.sourceLayer
    setVersionLayer
    mesonLayer
-    fixupStaticLayer
    scope.mesonComponentOverrides
  ];
  mkMesonExecutable = mkPackageBuilder [
@@ -323,7 +310,6 @@ in
    setVersionLayer
    mesonLayer
    mesonBuildLayer
-    fixupStaticLayer
    scope.mesonComponentOverrides
  ];
  mkMesonLibrary = mkPackageBuilder [
@@ -334,7 +320,6 @@ in
    setVersionLayer
    mesonBuildLayer
    mesonLibraryLayer
-    fixupStaticLayer
    scope.mesonComponentOverrides
  ];

@@ -366,33 +351,18 @@ in

  nix-cmd = callPackage ../src/libcmd/package.nix { };

-  /**
-    The Nix command line interface. Note that this does not include its tests, whereas `nix-everything` does.
-  */
  nix-cli = callPackage ../src/nix/package.nix { version = fineVersion; };

  nix-functional-tests = callPackage ../tests/functional/package.nix {
    version = fineVersion;
  };

-  /**
-    The manual as would be published on https://nix.dev/reference/nix-manual
-  */
  nix-manual = callPackage ../doc/manual/package.nix { version = fineVersion; };
-  /**
-    Doxygen pages for C++ code
-  */
  nix-internal-api-docs = callPackage ../src/internal-api-docs/package.nix { version = fineVersion; };
-  /**
-    Doxygen pages for the public C API
-  */
  nix-external-api-docs = callPackage ../src/external-api-docs/package.nix { version = fineVersion; };

  nix-perl-bindings = callPackage ../src/perl/package.nix { };

-  /**
-    Combined package that has the CLI, libraries, and (assuming non-cross, no overrides) it requires that all tests succeed.
-  */
  nix-everything = callPackage ../packaging/everything.nix { } // {
    # Note: no `passthru.overrideAllMesonComponents` etc
    #       This would propagate into `nix.overrideAttrs f`, but then discard
--- a/packaging/dependencies.nix
+++ b/packaging/dependencies.nix
@@ -50,40 +50,8 @@ scope: {
        requiredSystemFeatures = [ ];
      };

-  boehmgc =
-    (pkgs.boehmgc.override {
-      enableLargeConfig = true;
-    }).overrideAttrs
-      (attrs: {
-        # Increase the initial mark stack size to avoid stack
-        # overflows, since these inhibit parallel marking (see
-        # GC_mark_some()). To check whether the mark stack is too
-        # small, run Nix with GC_PRINT_STATS=1 and look for messages
-        # such as `Mark stack overflow`, `No room to copy back mark
-        # stack`, and `Grew mark stack to ... frames`.
-        NIX_CFLAGS_COMPILE = "-DINITIAL_MARK_STACK_SIZE=1048576";
-      });
-
-  lowdown = pkgs.lowdown.overrideAttrs (prevAttrs: rec {
-    version = "2.0.2";
-    src = pkgs.fetchurl {
-      url = "https://kristaps.bsd.lv/lowdown/snapshots/lowdown-${version}.tar.gz";
-      hash = "sha512-cfzhuF4EnGmLJf5EGSIbWqJItY3npbRSALm+GarZ7SMU7Hr1xw0gtBFMpOdi5PBar4TgtvbnG4oRPh+COINGlA==";
-    };
-    nativeBuildInputs = prevAttrs.nativeBuildInputs ++ [ pkgs.buildPackages.bmake ];
-    postInstall =
-      lib.replaceStrings [ "lowdown.so.1" "lowdown.1.dylib" ] [ "lowdown.so.2" "lowdown.2.dylib" ]
-        prevAttrs.postInstall;
-  });
-
-  toml11 = pkgs.toml11.overrideAttrs rec {
-    version = "4.4.0";
-    src = pkgs.fetchFromGitHub {
-      owner = "ToruNiina";
-      repo = "toml11";
-      tag = "v${version}";
-      hash = "sha256-sgWKYxNT22nw376ttGsTdg0AMzOwp8QH3E8mx0BZJTQ=";
-    };
+  boehmgc = pkgs.boehmgc.override {
+    enableLargeConfig = true;
  };

  # TODO Hack until https://github.com/NixOS/nixpkgs/issues/45462 is fixed.
@@ -94,7 +62,6 @@ scope: {
        "--with-context"
        "--with-coroutine"
        "--with-iostreams"
-        "--with-url"
      ];
      enableIcu = false;
    }).overrideAttrs
--- a/packaging/dev-shell.nix
+++ b/packaging/dev-shell.nix
@@ -71,16 +71,17 @@ pkgs.nixComponents2.nix-util.overrideAttrs (
    # We use this shell with the local checkout, not unpackPhase.
    src = null;

-    env = {
-      # For `make format`, to work without installing pre-commit
-      _NIX_PRE_COMMIT_HOOKS_CONFIG = "${(pkgs.formats.yaml { }).generate "pre-commit-config.yaml"
-        modular.pre-commit.settings.rawConfig
-      }";
-    }
-    // lib.optionalAttrs stdenv.hostPlatform.isLinux {
-      CC_LD = "mold";
-      CXX_LD = "mold";
-    };
+    env =
+      {
+        # For `make format`, to work without installing pre-commit
+        _NIX_PRE_COMMIT_HOOKS_CONFIG = "${(pkgs.formats.yaml { }).generate "pre-commit-config.yaml"
+          modular.pre-commit.settings.rawConfig
+        }";
+      }
+      // lib.optionalAttrs stdenv.hostPlatform.isLinux {
+        CC_LD = "mold";
+        CXX_LD = "mold";
+      };

    mesonFlags =
      map (transformFlag "libutil") (ignoreCrossFile pkgs.nixComponents2.nix-util.mesonFlags)
@@ -112,31 +113,27 @@ pkgs.nixComponents2.nix-util.overrideAttrs (
      ) pkgs.buildPackages.mesonEmulatorHook
      ++ [
        pkgs.buildPackages.cmake
-        pkgs.buildPackages.gnused
        pkgs.buildPackages.shellcheck
        pkgs.buildPackages.changelog-d
        modular.pre-commit.settings.package
        (pkgs.writeScriptBin "pre-commit-hooks-install" modular.pre-commit.settings.installationScript)
        pkgs.buildPackages.nixfmt-rfc-style
-        pkgs.buildPackages.gdb
      ]
      ++ lib.optional (stdenv.cc.isClang && stdenv.hostPlatform == stdenv.buildPlatform) (
        lib.hiPrio pkgs.buildPackages.clang-tools
      )
      ++ lib.optional stdenv.hostPlatform.isLinux pkgs.buildPackages.mold-wrapped;

-    buildInputs = [
-      pkgs.gbenchmark
-    ]
-    ++ attrs.buildInputs or [ ]
-    ++ pkgs.nixComponents2.nix-util.buildInputs
-    ++ pkgs.nixComponents2.nix-store.buildInputs
-    ++ pkgs.nixComponents2.nix-store-tests.externalBuildInputs
-    ++ pkgs.nixComponents2.nix-fetchers.buildInputs
-    ++ pkgs.nixComponents2.nix-expr.buildInputs
-    ++ pkgs.nixComponents2.nix-expr.externalPropagatedBuildInputs
-    ++ pkgs.nixComponents2.nix-cmd.buildInputs
-    ++ lib.optionals havePerl pkgs.nixComponents2.nix-perl-bindings.externalBuildInputs
-    ++ lib.optional havePerl pkgs.perl;
+    buildInputs =
+      attrs.buildInputs or [ ]
+      ++ pkgs.nixComponents2.nix-util.buildInputs
+      ++ pkgs.nixComponents2.nix-store.buildInputs
+      ++ pkgs.nixComponents2.nix-store-tests.externalBuildInputs
+      ++ pkgs.nixComponents2.nix-fetchers.buildInputs
+      ++ pkgs.nixComponents2.nix-expr.buildInputs
+      ++ pkgs.nixComponents2.nix-expr.externalPropagatedBuildInputs
+      ++ pkgs.nixComponents2.nix-cmd.buildInputs
+      ++ lib.optionals havePerl pkgs.nixComponents2.nix-perl-bindings.externalBuildInputs
+      ++ lib.optional havePerl pkgs.perl;
  }
 )
--- a/packaging/everything.nix
+++ b/packaging/everything.nix
@@ -47,25 +47,25 @@
 }:

 let
-  libs = {
-    inherit
-      nix-util
-      nix-util-c
-      nix-store
-      nix-store-c
-      nix-fetchers
-      nix-fetchers-c
-      nix-expr
-      nix-expr-c
-      nix-flake
-      nix-flake-c
-      nix-main
-      nix-main-c
-      nix-cmd
-      ;
-  }
-  //
-    lib.optionalAttrs
+  libs =
+    {
+      inherit
+        nix-util
+        nix-util-c
+        nix-store
+        nix-store-c
+        nix-fetchers
+        nix-fetchers-c
+        nix-expr
+        nix-expr-c
+        nix-flake
+        nix-flake-c
+        nix-main
+        nix-main-c
+        nix-cmd
+        ;
+    }
+    // lib.optionalAttrs
      (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform)
      {
        # Currently fails in static build
@@ -127,19 +127,20 @@ stdenv.mkDerivation (finalAttrs: {
  */
  dontFixup = true;

-  checkInputs = [
-    # Make sure the unit tests have passed
-    nix-util-tests.tests.run
-    nix-store-tests.tests.run
-    nix-expr-tests.tests.run
-    nix-fetchers-tests.tests.run
-    nix-flake-tests.tests.run
+  checkInputs =
+    [
+      # Make sure the unit tests have passed
+      nix-util-tests.tests.run
+      nix-store-tests.tests.run
+      nix-expr-tests.tests.run
+      nix-fetchers-tests.tests.run
+      nix-flake-tests.tests.run

-    # Make sure the functional tests have passed
-    nix-functional-tests
-  ]
-  ++
-    lib.optionals (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform)
+      # Make sure the functional tests have passed
+      nix-functional-tests
+    ]
+    ++ lib.optionals
+      (!stdenv.hostPlatform.isStatic && stdenv.buildPlatform.canExecute stdenv.hostPlatform)
      [
        # Perl currently fails in static build
        # TODO: Split out tests into a separate derivation?
--- a/packaging/hydra.nix
+++ b/packaging/hydra.nix
@@ -223,17 +223,10 @@ in
  dockerImage = lib.genAttrs linux64BitSystems (system: self.packages.${system}.dockerImage);

  # # Line coverage analysis.
-  coverage =
-    (import ./../ci/gha/tests rec {
-      withCoverage = true;
-      pkgs = nixpkgsFor.x86_64-linux.nativeForStdenv.clangStdenv;
-      nixComponents = pkgs.nixComponents2;
-      nixFlake = null;
-      getStdenv = p: p.clangStdenv;
-    }).codeCoverage.coverageReports.overrideAttrs
-      {
-        name = "nix-coverage"; # For historical consistency
-      };
+  # coverage = nixpkgsFor.x86_64-linux.native.nix.override {
+  #   pname = "nix-coverage";
+  #   withCoverageChecks = true;
+  # };

  # Nix's manual
  manual = nixpkgsFor.x86_64-linux.native.nixComponents2.nix-manual;
@@ -247,9 +240,7 @@ in
  # System tests.
  tests =
    import ../tests/nixos {
-      inherit lib nixpkgs;
-      pkgs = nixpkgsFor.x86_64-linux.native;
-      nixComponents = nixpkgsFor.x86_64-linux.native.nixComponents2;
+      inherit lib nixpkgs nixpkgsFor;
      inherit (self.inputs) nixpkgs-23-11;
    }
    // {
--- a/precompiled-headers.h
+++ b/precompiled-headers.h
@@ -0,0 +1,63 @@
+#include <algorithm>
+#include <array>
+#include <atomic>
+#include <cassert>
+#include <cctype>
+#include <chrono>
+#include <climits>
+#include <cmath>
+#include <condition_variable>
+#include <cstddef>
+#include <cstdint>
+#include <cstdio>
+#include <cstdlib>
+#include <cstring>
+#include <exception>
+#include <functional>
+#include <future>
+#include <iostream>
+#include <limits>
+#include <list>
+#include <locale>
+#include <map>
+#include <memory>
+#include <mutex>
+#include <numeric>
+#include <optional>
+#include <queue>
+#include <random>
+#include <regex>
+#include <set>
+#include <sstream>
+#include <stack>
+#include <stdexcept>
+#include <string>
+#include <thread>
+#include <unordered_map>
+#include <unordered_set>
+#include <vector>
+
+#include <boost/format.hpp>
+
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#ifndef _WIN32
+# include <grp.h>
+# include <netdb.h>
+# include <pwd.h>
+# include <sys/resource.h>
+# include <sys/select.h>
+# include <sys/socket.h>
+# include <sys/utsname.h>
+# include <sys/wait.h>
+# include <termios.h>
+#endif
+
+#include <nlohmann/json.hpp>
--- a/ci/gha/tests/build-checks
+++ b/ci/gha/tests/build-checks
--- a/scripts/install-freebsd-multi-user.sh
+++ b/scripts/install-freebsd-multi-user.sh
@@ -1,173 +0,0 @@
-#!/usr/bin/env bash
-
-set -eu
-set -o pipefail
-
-# System specific settings
-# FreeBSD typically uses UIDs from 1001+ for regular users,
-# so we'll use a range that's unlikely to conflict
-export NIX_FIRST_BUILD_UID="${NIX_FIRST_BUILD_UID:-30001}"
-export NIX_BUILD_GROUP_ID="${NIX_BUILD_GROUP_ID:-30000}"
-export NIX_BUILD_USER_NAME_TEMPLATE="nixbld%d"
-
-# FreeBSD service paths
-readonly SERVICE_SRC=/etc/rc.d/nix-daemon
-readonly SERVICE_DEST=/usr/local/etc/rc.d/nix-daemon
-
-poly_cure_artifacts() {
-    :
-}
-
-poly_service_installed_check() {
-    if [ -f "$SERVICE_DEST" ]; then
-        return 0
-    else
-        return 1
-    fi
-}
-
-poly_service_uninstall_directions() {
-    cat <<EOF
-$1. Delete the rc.d service
-
-  sudo service nix-daemon stop
-  sudo rm -f $SERVICE_DEST
-  sudo sysrc -x nix_daemon_enable
-
-EOF
-}
-
-poly_service_setup_note() {
-    cat <<EOF
- - link the nix-daemon rc.d service to $SERVICE_DEST
-
-EOF
-}
-
-poly_extra_try_me_commands() {
-    cat <<EOF
-  $ sudo service nix-daemon start
-EOF
-}
-
-poly_configure_nix_daemon_service() {
-    task "Setting up the nix-daemon rc.d service"
-
-    # Ensure the rc.d directory exists
-    _sudo "to create the rc.d directory" \
-          mkdir -p /usr/local/etc/rc.d
-
-    # Link the pre-installed rc.d script
-    _sudo "to set up the nix-daemon service" \
-          ln -sfn "/nix/var/nix/profiles/default$SERVICE_SRC" "$SERVICE_DEST"
-
-    _sudo "to enable the nix-daemon service" \
-          sysrc nix_daemon_enable=YES
-
-    _sudo "to start the nix-daemon" \
-          service nix-daemon start
-}
-
-poly_group_exists() {
-    pw group show "$1" > /dev/null 2>&1
-}
-
-poly_group_id_get() {
-    pw group show "$1" | cut -d: -f3
-}
-
-poly_create_build_group() {
-    _sudo "Create the Nix build group, $NIX_BUILD_GROUP_NAME" \
-          pw groupadd -n "$NIX_BUILD_GROUP_NAME" -g "$NIX_BUILD_GROUP_ID" >&2
-}
-
-poly_user_exists() {
-    pw user show "$1" > /dev/null 2>&1
-}
-
-poly_user_id_get() {
-    pw user show "$1" | cut -d: -f3
-}
-
-poly_user_hidden_get() {
-    # FreeBSD doesn't have a concept of hidden users like macOS
-    echo "0"
-}
-
-poly_user_hidden_set() {
-    # No-op on FreeBSD
-    true
-}
-
-poly_user_home_get() {
-    pw user show "$1" | cut -d: -f9
-}
-
-poly_user_home_set() {
-    _sudo "in order to give $1 a safe home directory" \
-          pw usermod -n "$1" -d "$2"
-}
-
-poly_user_note_get() {
-    pw user show "$1" | cut -d: -f8
-}
-
-poly_user_note_set() {
-    _sudo "in order to give $1 a useful comment" \
-          pw usermod -n "$1" -c "$2"
-}
-
-poly_user_shell_get() {
-    pw user show "$1" | cut -d: -f10
-}
-
-poly_user_shell_set() {
-    _sudo "in order to prevent $1 from logging in" \
-          pw usermod -n "$1" -s "$2"
-}
-
-poly_user_in_group_check() {
-    groups "$1" 2>/dev/null | grep -q "\<$2\>"
-}
-
-poly_user_in_group_set() {
-    _sudo "Add $1 to the $2 group" \
-          pw groupmod -n "$2" -m "$1"
-}
-
-poly_user_primary_group_get() {
-    pw user show "$1" | cut -d: -f4
-}
-
-poly_user_primary_group_set() {
-    _sudo "to let the nix daemon use this user for builds" \
-          pw usermod -n "$1" -g "$2"
-}
-
-poly_create_build_user() {
-    username=$1
-    uid=$2
-    builder_num=$3
-
-    _sudo "Creating the Nix build user, $username" \
-          pw useradd \
-          -n "$username" \
-          -u "$uid" \
-          -g "$NIX_BUILD_GROUP_NAME" \
-          -G "$NIX_BUILD_GROUP_NAME" \
-          -d /var/empty \
-          -s /sbin/nologin \
-          -c "Nix build user $builder_num"
-}
-
-poly_prepare_to_install() {
-    # FreeBSD-specific preparation steps
-    :
-}
-
-poly_configure_default_profile_targets() {
-    # FreeBSD-specific profile locations
-    # FreeBSD uses /usr/local/etc for third-party shell configurations
-    # Include both profile (for login shells) and bashrc (for interactive shells)
-    echo "/usr/local/etc/profile /usr/local/etc/bashrc /usr/local/etc/profile.d/nix.sh /usr/local/etc/zshrc"
-}
--- a/scripts/install-multi-user.sh
+++ b/scripts/install-multi-user.sh
@@ -33,8 +33,7 @@ readonly NIX_BUILD_GROUP_NAME="nixbld"
 readonly NIX_ROOT="/nix"
 readonly NIX_EXTRA_CONF=${NIX_EXTRA_CONF:-}

-# PROFILE_TARGETS will be set later after OS-specific scripts are loaded
-PROFILE_TARGETS=()
+readonly PROFILE_TARGETS=("/etc/bashrc" "/etc/profile.d/nix.sh" "/etc/zshrc" "/etc/bash.bashrc" "/etc/zsh/zshrc")
 readonly PROFILE_BACKUP_SUFFIX=".backup-before-nix"
 readonly PROFILE_NIX_FILE="$NIX_ROOT/var/nix/profiles/default/etc/profile.d/nix-daemon.sh"

@@ -100,14 +99,6 @@ is_os_darwin() {
    fi
 }

-is_os_freebsd() {
-    if [ "$(uname -s)" = "FreeBSD" ]; then
-        return 0
-    else
-        return 1
-    fi
-}
-
 contact_us() {
    echo "You can open an issue at"
    echo "https://github.com/NixOS/nix/issues/new?labels=installer&template=installer.md"
@@ -507,10 +498,6 @@ You have aborted the installation.
 EOF
        fi
    fi
-
-    if is_os_freebsd; then
-        ok "Detected FreeBSD, will set up rc.d service for nix-daemon"
-    fi
 }

 setup_report() {
@@ -847,13 +834,8 @@ install_from_extracted_nix() {
    (
        cd "$EXTRACTED_NIX_PATH"

-        if is_os_darwin || is_os_freebsd; then
-            _sudo "to copy the basic Nix files to the new store at $NIX_ROOT/store" \
-                  cp -RPp ./store/* "$NIX_ROOT/store/"
-        else
-            _sudo "to copy the basic Nix files to the new store at $NIX_ROOT/store" \
-                  cp -RP --preserve=ownership,timestamps ./store/* "$NIX_ROOT/store/"
-        fi
+        _sudo "to copy the basic Nix files to the new store at $NIX_ROOT/store" \
+              cp -RPp ./store/* "$NIX_ROOT/store/"

        _sudo "to make the new store non-writable at $NIX_ROOT/store" \
              chmod -R ugo-w "$NIX_ROOT/store/"
@@ -1002,22 +984,11 @@ main() {
        # shellcheck source=./install-systemd-multi-user.sh
        . "$EXTRACTED_NIX_PATH/install-systemd-multi-user.sh" # most of this works on non-systemd distros also
        check_required_system_specific_settings "install-systemd-multi-user.sh"
-    elif is_os_freebsd; then
-        # shellcheck source=./install-freebsd-multi-user.sh
-        . "$EXTRACTED_NIX_PATH/install-freebsd-multi-user.sh"
-        check_required_system_specific_settings "install-freebsd-multi-user.sh"
    else
        failure "Sorry, I don't know what to do on $(uname)"
    fi


-    # Set profile targets after OS-specific scripts are loaded
-    if command -v poly_configure_default_profile_targets > /dev/null 2>&1; then
-        PROFILE_TARGETS=($(poly_configure_default_profile_targets))
-    else
-        PROFILE_TARGETS=("/etc/bashrc" "/etc/profile.d/nix.sh" "/etc/zshrc" "/etc/bash.bashrc" "/etc/zsh/zshrc")
-    fi
-
    welcome_to_nix

    if ! is_root; then
--- a/scripts/install-nix-from-tarball.sh
+++ b/scripts/install-nix-from-tarball.sh
@@ -26,10 +26,8 @@ if [ -z "$HOME" ]; then
    exit 1
 fi

-OS="$(uname -s)"
-
 # macOS support for 10.12.6 or higher
-if [ "$OS" = "Darwin" ]; then
+if [ "$(uname -s)" = "Darwin" ]; then
    IFS='.' read -r macos_major macos_minor macos_patch << EOF
 $(sw_vers -productVersion)
 EOF
@@ -41,11 +39,11 @@ EOF
 fi

 # Determine if we could use the multi-user installer or not
-if [ "$OS" = "Linux" ] || [ "$OS" = "FreeBSD" ]; then
-    echo "Note: a multi-user installation is possible. See https://nix.dev/manual/nix/stable/installation/installing-binary.html#multi-user-installation" >&2
+if [ "$(uname -s)" = "Linux" ]; then
+    echo "Note: a multi-user installation is possible. See https://nixos.org/manual/nix/stable/installation/installing-binary.html#multi-user-installation" >&2
 fi

-case "$OS" in
+case "$(uname -s)" in
    "Darwin")
        INSTALL_MODE=daemon;;
    *)
@@ -62,7 +60,7 @@ while [ $# -gt 0 ]; do
            ACTION=install
            ;;
        --no-daemon)
-            if [ "$OS" = "Darwin" ]; then
+            if [ "$(uname -s)" = "Darwin" ]; then
                printf '\e[1;31mError: --no-daemon installs are no-longer supported on Darwin/macOS!\e[0m\n' >&2
                exit 1
            fi
@@ -98,7 +96,7 @@ while [ $# -gt 0 ]; do
                echo "              providing multi-user support and better isolation for local builds."
                echo "              Both for security and reproducibility, this method is recommended if"
                echo "              supported on your platform."
-                echo "              See https://nix.dev/manual/nix/stable/installation/installing-binary.html#multi-user-installation"
+                echo "              See https://nixos.org/manual/nix/stable/installation/installing-binary.html#multi-user-installation"
                echo ""
                echo " --no-daemon: Simple, single-user installation that does not require root and is"
                echo "              trivial to uninstall."
@@ -125,13 +123,6 @@ while [ $# -gt 0 ]; do
 done

 if [ "$INSTALL_MODE" = "daemon" ]; then
-    # Check for bash on systems that don't have it by default
-    if [ "$OS" = "FreeBSD" ] && ! command -v bash >/dev/null 2>&1; then
-        printf '\e[1;31mError: bash is required for multi-user installation but was not found.\e[0m\n' >&2
-        printf 'Please install bash first:\n' >&2
-        printf '  pkg install bash\n' >&2
-        exit 1
-    fi
    printf '\e[1;31mSwitching to the Multi-user Installer\e[0m\n'
    exec "$self/install-multi-user" $ACTION
    exit 0
@@ -153,7 +144,7 @@ if ! [ -e "$dest" ]; then
 fi

 if ! [ -w "$dest" ]; then
-    echo "$0: directory $dest exists, but is not writable by you. This could indicate that another user has already performed a single-user installation of Nix on this system. If you wish to enable multi-user support see https://nix.dev/manual/nix/stable/installation/multi-user.html. If you wish to continue with a single-user install for $USER please run 'chown -R $USER $dest' as root." >&2
+    echo "$0: directory $dest exists, but is not writable by you. This could indicate that another user has already performed a single-user installation of Nix on this system. If you wish to enable multi-user support see https://nixos.org/manual/nix/stable/installation/multi-user.html. If you wish to continue with a single-user install for $USER please run 'chown -R $USER $dest' as root." >&2
    exit 1
 fi

@@ -176,11 +167,7 @@ for i in $(cd "$self/store" >/dev/null && echo ./*); do
        rm -rf "$i_tmp"
    fi
    if ! [ -e "$dest/store/$i" ]; then
-        if [ "$OS" = "Darwin" ] || [ "$OS" = "FreeBSD" ]; then
-            cp -RPp "$self/store/$i" "$i_tmp"
-        else
-            cp -RP --preserve=ownership,timestamps "$self/store/$i" "$i_tmp"
-        fi
+        cp -RPp "$self/store/$i" "$i_tmp"
        chmod -R a-w "$i_tmp"
        chmod +w "$i_tmp"
        mv "$i_tmp" "$dest/store/$i"
--- a/scripts/meson.build
+++ b/scripts/meson.build
@@ -2,19 +2,19 @@ configure_file(
  input : 'nix-profile.sh.in',
  output : 'nix-profile.sh',
  configuration : {
-    'localstatedir' : localstatedir,
-  },
+    'localstatedir': localstatedir,
+  }
 )

 foreach rc : [ '.sh', '.fish', '-daemon.sh', '-daemon.fish' ]
  configure_file(
-    input : 'nix-profile' + rc + '.in',
+    input : 'nix-profile' + rc  + '.in',
    output : 'nix' + rc,
    install : true,
    install_dir : get_option('profile-dir'),
    install_mode : 'rw-r--r--',
    configuration : {
-      'localstatedir' : localstatedir,
+      'localstatedir': localstatedir,
    },
  )
 endforeach
--- a/scripts/nix-profile-daemon.fish.in
+++ b/scripts/nix-profile-daemon.fish.in
@@ -1,16 +1,17 @@
 # Only execute this file once per shell.
-if test -z "$HOME" || test -n "$__ETC_PROFILE_NIX_SOURCED"
+if test -z "$HOME" || \
+    test -n "$__ETC_PROFILE_NIX_SOURCED"
    exit
 end

-set --global --export __ETC_PROFILE_NIX_SOURCED 1
+set --global __ETC_PROFILE_NIX_SOURCED 1

 # Local helpers

 function add_path --argument-names new_path
    if type -q fish_add_path
        # fish 3.2.0 or newer
-        fish_add_path --prepend --global $new_path
+	fish_add_path --prepend --global $new_path
    else
        # older versions of fish
        if not contains $new_path $fish_user_paths
@@ -23,33 +24,7 @@ end

 # Set up the per-user profile.

-set --local NIX_LINK "$HOME/.nix-profile"
-set --local NIX_LINK_NEW
-if test -n "$XDG_STATE_HOME"
-    set NIX_LINK_NEW "$XDG_STATE_HOME/nix/profile"
-else
-    set NIX_LINK_NEW "$HOME/.local/state/nix/profile"
-end
-if test -e "$NIX_LINK_NEW"
-    if test -t 2; and test -e "$NIX_LINK"
-        set --local warning "\033[1;35mwarning:\033[0m "
-        printf "$warning Both %s and legacy %s exist; using the former.\n" "$NIX_LINK_NEW" "$NIX_LINK" 1>&2
-
-        if test (realpath "$NIX_LINK") = (realpath "$NIX_LINK_NEW")
-            printf "         Since the profiles match, you can safely delete either of them.\n" 1>&2
-        else
-            # This should be an exceptionally rare occasion: the only way to get it would be to
-            # 1. Update to newer Nix;
-            # 2. Remove .nix-profile;
-            # 3. Set the $NIX_LINK_NEW to something other than the default user profile;
-            # 4. Roll back to older Nix.
-            # If someone did all that, they can probably figure out how to migrate the profile.
-            printf "$warning Profiles do not match. You should manually migrate from %s to %s.\n" "$NIX_LINK" "$NIX_LINK_NEW" 1>&2
-        end
-    end
-
-    set NIX_LINK "$NIX_LINK_NEW"
-end
+set --local NIX_LINK $HOME/.nix-profile

 # Set up environment.
 # This part should be kept in sync with nixpkgs:nixos/modules/programs/environment.nix
--- a/scripts/nix-profile.fish.in
+++ b/scripts/nix-profile.fish.in
@@ -1,16 +1,17 @@
 # Only execute this file once per shell.
-if test -z "$HOME" || test -n "$__ETC_PROFILE_NIX_SOURCED"
+if test -z "$HOME" || \
+    test -n "$__ETC_PROFILE_NIX_SOURCED"
    exit
 end

-set --global --export __ETC_PROFILE_NIX_SOURCED 1
+set --global __ETC_PROFILE_NIX_SOURCED 1

 # Local helpers

 function add_path --argument-names new_path
    if type -q fish_add_path
        # fish 3.2.0 or newer
-        fish_add_path --prepend --global $new_path
+	fish_add_path --prepend --global $new_path
    else
        # older versions of fish
        if not contains $new_path $fish_user_paths
@@ -23,38 +24,7 @@ end

 # Set up the per-user profile.

-set --local NIX_LINK
-if test -n "$NIX_STATE_HOME"
-    set NIX_LINK "$NIX_STATE_HOME/.nix-profile"
-else
-    set NIX_LINK "$HOME/.nix-profile"
-    set --local NIX_LINK_NEW
-    if test -n "$XDG_STATE_HOME"
-        set NIX_LINK_NEW "$XDG_STATE_HOME/nix/profile"
-    else
-        set NIX_LINK_NEW "$HOME/.local/state/nix/profile"
-    end
-    if test -e "$NIX_LINK_NEW"
-        if test -t 2; and test -e "$NIX_LINK"
-            set --local warning "\033[1;35mwarning:\033[0m "
-            printf "$warning Both %s and legacy %s exist; using the former.\n" "$NIX_LINK_NEW" "$NIX_LINK" 1>&2
-
-            if test (realpath "$NIX_LINK") = (realpath "$NIX_LINK_NEW")
-                printf "         Since the profiles match, you can safely delete either of them.\n" 1>&2
-            else
-                # This should be an exceptionally rare occasion: the only way to get it would be to
-                # 1. Update to newer Nix;
-                # 2. Remove .nix-profile;
-                # 3. Set the $NIX_LINK_NEW to something other than the default user profile;
-                # 4. Roll back to older Nix.
-                # If someone did all that, they can probably figure out how to migrate the profile.
-                printf "$warning Profiles do not match. You should manually migrate from %s to %s.\n" "$NIX_LINK" "$NIX_LINK_NEW" 1>&2
-            end
-        end
-
-        set NIX_LINK "$NIX_LINK_NEW"
-    end
-end
+set --local NIX_LINK $HOME/.nix-profile

 # Set up environment.
 # This part should be kept in sync with nixpkgs:nixos/modules/programs/environment.nix
--- a/ci/gha/tests/prepare-installer-for-github-actions
+++ b/ci/gha/tests/prepare-installer-for-github-actions
--- a/scripts/serve-installer-for-github-actions
+++ b/scripts/serve-installer-for-github-actions
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+if [[ ! -d out ]]; then
+  echo "run prepare-installer-for-github-actions first"
+  exit 1
+fi
+cd out
+PORT=${PORT:-8126}
+nohup python -m http.server "$PORT" >/dev/null 2>&1 &
+pid=$!
+
+while ! curl -s "http://localhost:$PORT"; do
+  sleep 1
+  if ! kill -0 $pid; then
+    echo "Failed to start http server"
+    exit 1
+  fi
+done
+
+echo 'To install nix, run the following command:'
+echo "sh <(curl http://localhost:$PORT/install) --tarball-url-prefix http://localhost:$PORT"
--- a/src/nix/build-remote/build-remote.cc
+++ b/src/nix/build-remote/build-remote.cc
@@ -6,7 +6,7 @@
 #include <tuple>
 #include <iomanip>
 #ifdef __APPLE__
-#  include <sys/time.h>
+#include <sys/time.h>
 #endif

 #include "nix/store/machines.hh"
@@ -22,12 +22,12 @@
 #include "nix/store/local-store.hh"
 #include "nix/cmd/legacy.hh"
 #include "nix/util/experimental-features.hh"
-#include "nix/store/globals.hh"

 using namespace nix;
 using std::cin;

-static void handleAlarm(int sig) {}
+static void handleAlarm(int sig) {
+}

 std::string escapeUri(std::string uri)
 {
@@ -42,15 +42,13 @@ static AutoCloseFD openSlotLock(const Machine & m, uint64_t slot)
    return openLockFile(fmt("%s/%s-%d", currentLoad, escapeUri(m.storeUri.render()), slot), true);
 }

-static bool allSupportedLocally(Store & store, const StringSet & requiredFeatures)
-{
+static bool allSupportedLocally(Store & store, const StringSet& requiredFeatures) {
    for (auto & feature : requiredFeatures)
-        if (!store.config.systemFeatures.get().count(feature))
-            return false;
+        if (!store.config.systemFeatures.get().count(feature)) return false;
    return true;
 }

-static int main_build_remote(int argc, char ** argv)
+static int main_build_remote(int argc, char * * argv)
 {
    {
        logger = makeJSONLogger(getStandardError());
@@ -87,7 +85,7 @@ static int main_build_remote(int argc, char ** argv)
           that gets cleared on reboot, but it wouldn't work on macOS. */
        auto currentLoadName = "/current-load";
        if (auto localStore = store.dynamic_pointer_cast<LocalFSStore>())
-            currentLoad = std::string{localStore->config.stateDir} + currentLoadName;
+            currentLoad = std::string { localStore->config.stateDir } + currentLoadName;
        else
            currentLoad = settings.nixStateDir + currentLoadName;

@@ -109,11 +107,8 @@ static int main_build_remote(int argc, char ** argv)

            try {
                auto s = readString(source);
-                if (s != "try")
-                    return 0;
-            } catch (EndOfFile &) {
-                return 0;
-            }
+                if (s != "try") return 0;
+            } catch (EndOfFile &) { return 0; }

            auto amWilling = readInt(source);
            auto neededSystem = readString(source);
@@ -122,10 +117,10 @@ static int main_build_remote(int argc, char ** argv)

            /* It would be possible to build locally after some builds clear out,
               so don't show the warning now: */
-            bool couldBuildLocally =
-                maxBuildJobs > 0
-                && (neededSystem == settings.thisSystem || settings.extraPlatforms.get().count(neededSystem) > 0)
-                && allSupportedLocally(*store, requiredFeatures);
+            bool couldBuildLocally = maxBuildJobs > 0
+                 &&  (  neededSystem == settings.thisSystem
+                     || settings.extraPlatforms.get().count(neededSystem) > 0)
+                 &&  allSupportedLocally(*store, requiredFeatures);
            /* It's possible to build this locally right now: */
            bool canBuildLocally = amWilling && couldBuildLocally;

@@ -144,8 +139,11 @@ static int main_build_remote(int argc, char ** argv)
                for (auto & m : machines) {
                    debug("considering building on remote machine '%s'", m.storeUri.render());

-                    if (m.enabled && m.systemSupported(neededSystem) && m.allSupported(requiredFeatures)
-                        && m.mandatoryMet(requiredFeatures)) {
+                    if (m.enabled &&
+                        m.systemSupported(neededSystem) &&
+                        m.allSupported(requiredFeatures) &&
+                        m.mandatoryMet(requiredFeatures))
+                    {
                        rightType = true;
                        AutoCloseFD free;
                        uint64_t load = 0;
@@ -187,7 +185,8 @@ static int main_build_remote(int argc, char ** argv)
                if (!bestSlotLock) {
                    if (rightType && !canBuildLocally)
                        std::cerr << "# postpone\n";
-                    else {
+                    else
+                    {
                        // build the hint template.
                        std::string errorText =
                            "Failed to find a machine for remote build!\n"
@@ -206,11 +205,16 @@ static int main_build_remote(int argc, char ** argv)
                            drvstr = "<unknown>";

                        auto error = HintFmt::fromFormatString(errorText);
-                        error % drvstr % neededSystem % concatStringsSep<StringSet>(", ", requiredFeatures)
+                        error
+                            % drvstr
+                            % neededSystem
+                            % concatStringsSep<StringSet>(", ", requiredFeatures)
                            % machines.size();

                        for (auto & m : machines)
-                            error % concatStringsSep<StringSet>(", ", m.systemTypes) % m.maxJobs
+                            error
+                                % concatStringsSep<StringSet>(", ", m.systemTypes)
+                                % m.maxJobs
                                % concatStringsSep<StringSet>(", ", m.supportedFeatures)
                                % concatStringsSep<StringSet>(", ", m.mandatoryFeatures);

@@ -238,7 +242,9 @@ static int main_build_remote(int argc, char ** argv)
                    sshStore->connect();
                } catch (std::exception & e) {
                    auto msg = chomp(drainFD(5, false));
-                    printError("cannot build on '%s': %s%s", storeUri, e.what(), msg.empty() ? "" : ": " + msg);
+                    printError("cannot build on '%s': %s%s",
+                        storeUri, e.what(),
+                        msg.empty() ? "" : ": " + msg);
                    bestMachine->enabled = false;
                    continue;
                }
@@ -247,7 +253,7 @@ static int main_build_remote(int argc, char ** argv)
            }
        }

-    connected:
+connected:
        close(5);

        assert(sshStore);
@@ -259,14 +265,13 @@ static int main_build_remote(int argc, char ** argv)

        AutoCloseFD uploadLock;
        {
-            auto setUpdateLock = [&](auto && fileName) {
+            auto setUpdateLock = [&](auto && fileName){
                uploadLock = openLockFile(currentLoad + "/" + escapeUri(fileName) + ".upload-lock", true);
            };
            try {
                setUpdateLock(storeUri);
            } catch (SysError & e) {
-                if (e.errNo != ENAMETOOLONG)
-                    throw;
+                if (e.errNo != ENAMETOOLONG) throw;
                // Try again hashing the store URL so we have a shorter path
                auto h = hashString(HashAlgorithm::MD5, storeUri);
                setUpdateLock(h.to_string(HashFormat::Base64, false));
@@ -310,7 +315,7 @@ static int main_build_remote(int argc, char ** argv)
        //
        // This condition mirrors that: that code enforces the "rules" outlined there;
        // we do the best we can given those "rules".
-        if (trustedOrLegacy || drv.type().isCA()) {
+        if (trustedOrLegacy || drv.type().isCA())  {
            // Hijack the inputs paths of the derivation to include all
            // the paths that come from the `inputDrvs` set. We don’t do
            // that for the derivations whose `inputDrvs` is empty
@@ -324,35 +329,29 @@ static int main_build_remote(int argc, char ** argv)
                drv.inputSrcs = store->parseStorePathSet(inputs);
            optResult = sshStore->buildDerivation(*drvPath, (const BasicDerivation &) drv);
            auto & result = *optResult;
-            if (!result.success()) {
-                if (settings.keepFailed) {
-                    warn(
-                        "The failed build directory was kept on the remote builder due to `--keep-failed`.%s",
-                        (settings.thisSystem == drv.platform || settings.extraPlatforms.get().count(drv.platform) > 0)
-                            ? " You can re-run the command with `--builders ''` to disable remote building for this invocation."
-                            : "");
-                }
-                throw Error(
-                    "build of '%s' on '%s' failed: %s", store->printStorePath(*drvPath), storeUri, result.errorMsg);
-            }
+            if (!result.success())
+                throw Error("build of '%s' on '%s' failed: %s", store->printStorePath(*drvPath), storeUri, result.errorMsg);
        } else {
-            copyClosure(*store, *sshStore, StorePathSet{*drvPath}, NoRepair, NoCheckSigs, substitute);
-            auto res = sshStore->buildPathsWithResults({DerivedPath::Built{
-                .drvPath = makeConstantStorePathRef(*drvPath),
-                .outputs = OutputsSpec::All{},
-            }});
+            copyClosure(*store, *sshStore, StorePathSet {*drvPath}, NoRepair, NoCheckSigs, substitute);
+            auto res = sshStore->buildPathsWithResults({
+                DerivedPath::Built {
+                    .drvPath = makeConstantStorePathRef(*drvPath),
+                    .outputs = OutputsSpec::All {},
+                }
+            });
            // One path to build should produce exactly one build result
            assert(res.size() == 1);
            optResult = std::move(res[0]);
        }

+
        auto outputHashes = staticOutputHashes(*store, drv);
        std::set<Realisation> missingRealisations;
        StorePathSet missingPaths;
        if (experimentalFeatureSettings.isEnabled(Xp::CaDerivations) && !drv.type().hasKnownOutputPaths()) {
            for (auto & outputName : wantedOutputs) {
                auto thisOutputHash = outputHashes.at(outputName);
-                auto thisOutputId = DrvOutput{thisOutputHash, outputName};
+                auto thisOutputId = DrvOutput{ thisOutputHash, outputName };
                if (!store->queryRealisation(thisOutputId)) {
                    debug("missing output %s", outputName);
                    assert(optResult);
--- a/src/external-api-docs/meson.build
+++ b/src/external-api-docs/meson.build
@@ -1,5 +1,4 @@
-project(
-  'nix-external-api-docs',
+project('nix-external-api-docs',
  version : files('.version'),
  meson_version : '>= 1.1',
  license : 'LGPL-2.1-or-later',
@@ -11,7 +10,7 @@ doxygen_cfg = configure_file(
  input : 'doxygen.cfg.in',
  output : 'doxygen.cfg',
  configuration : {
-    'PROJECT_NUMBER' : meson.project_version(),
+    'PROJECT_NUMBER': meson.project_version(),
    'OUTPUT_DIRECTORY' : meson.current_build_dir(),
    'src' : fs.parent(fs.parent(meson.project_source_root())),
  },
@@ -21,7 +20,7 @@ doxygen = find_program('doxygen', native : true, required : true)

 custom_target(
  'external-api-docs',
-  command : [ doxygen, doxygen_cfg ],
+  command : [ doxygen , doxygen_cfg ],
  input : [
    doxygen_cfg,
  ],
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Eelco Dolstra	0cd1fce3c3	Merge pull request #13230 from NixOS/mergify/bp/2.29-maintenance/pr-13228 libutil-tests/json-utils: fix -Werror=sign-compare error (backport #13228)	2025-05-19 16:46:37 +02:00
Jörg Thalheim	90eb2f759c	libutil-tests/json-utils: fix -Werror=sign-compare error I am on a newer different nixpkgs branch, so I am getting this error (cherry picked from commit `1290b7e53d`)	2025-05-19 14:16:43 +00:00
Jörg Thalheim	d1e4be6fb4	Merge pull request #13227 from NixOS/mergify/bp/2.29-maintenance/pr-13142 libstore: Use `boost::regex` for GC root discovery (backport #13142)	2025-05-18 22:26:54 +02:00
Sergei Zimmerman	29d98da636	libstore: Depend on boost_regex explicitly (cherry picked from commit `18a5589f9a`)	2025-05-18 19:46:17 +00:00
Sergei Zimmerman	91dc6e7fa0	packaging/dependencies: Use boost without enableIcu This reduces the closure size on master by 40MiB. ``` $ nix build github:nixos/nix/1e822bd4149a8bce1da81ee2ad9404986b07914c#nix-store --out-link closure-on-master $ nix build .#nix-store -L --out-link closure-without-icu $ nix path-info --closure-size -h ./closure-on-master /nix/store/8gwr38m5h6p7245ji9jv28a2a11w1isx-nix-store-2.29.0pre 124.4 MiB $ nix path-info --closure-size -h ./closure-without-icu /nix/store/k0gwfykjqpnmaqbwh23nk55lhanc9g24-nix-store-2.29.0pre 86.6 MiB ``` (cherry picked from commit `f3090ef703`)	2025-05-18 19:46:17 +00:00
Sergei Zimmerman	b33fd1e4fb	libstore: Use `boost::regex` for GC root discovery As it turns out using `std::regex` is actually the bottleneck for root discovery. Just substituting `std::` -> `boost::` makes root discovery twice as fast (3x if counting only userspace time). Some rather ad-hoc measurements to motivate the switch: (On master) ``` nix build github:nixos/nix/1e822bd4149a8bce1da81ee2ad9404986b07914c#nix-cli --out-link result-1e822bd4149a8bce1da81ee2ad9404986b07914c taskset -c 2,3 hyperfine "result-1e822bd4149a8bce1da81ee2ad9404986b07914c/bin/nix store gc --dry-run --max 0" Benchmark 1: result-1e822bd4149a8bce1da81ee2ad9404986b07914c/bin/nix store gc --dry-run --max 0 Time (mean ± σ): 481.6 ms ± 3.9 ms [User: 336.2 ms, System: 142.0 ms] Range (min … max): 474.6 ms … 487.7 ms 10 runs ``` (After this patch) ``` taskset -c 2,3 hyperfine "result/bin/nix store gc --dry-run --max 0" Benchmark 1: result/bin/nix store gc --dry-run --max 0 Time (mean ± σ): 254.7 ms ± 9.7 ms [User: 111.1 ms, System: 141.3 ms] Range (min … max): 246.5 ms … 281.3 ms 10 runs ``` `boost::regex` is a drop-in replacement for `std::regex`, but much faster. Doing a simple before/after comparison doesn't surface any change in behavior: ``` result/bin/nix store gc --dry-run -vvvvv --max 0 \|& grep "got additional" \| wc -l result-1e822bd4149a8bce1da81ee2ad9404986b07914c/bin/nix store gc --dry-run -vvvvv --max 0 \|& grep "got additional" \| wc -l ``` (cherry picked from commit `3a1301cd6d`)	2025-05-18 19:46:16 +00:00
mergify[bot]	1c618a9d87	Merge pull request #13222 from NixOS/mergify/bp/2.29-maintenance/pr-13221 doc: Render verbatim `@docroot@` on contributing page (backport #13221)	2025-05-17 18:00:31 +00:00
Robert Hensing	ab2abebfc3	doc: Render verbatim @docroot@ on contributing page In rendered form: ```diff -Add references to the manual using .. +Add references to the manual using [links like this](@docroot@/example.md) ``` (cherry picked from commit `147a34c573`)	2025-05-17 17:19:51 +00:00
John Ericson	0f132fc129	Merge pull request #13218 from NixOS/mergify/bp/2.29-maintenance/pr-13212 docs: remove repeated "allowedReferences" and other lexical illusion (backport #13212)	2025-05-16 12:36:46 -04:00
Peder Bergebakken Sundt	6fc6db3496	docs: remove lexical illusions detected with write-good I made this this non-markdown aware tool somewhat behave with some cursed fd+pandoc invocations (cherry picked from commit `ea5302c4a2`)	2025-05-16 15:56:26 +00:00
Peder Bergebakken Sundt	ca0bde3578	docs: remove repeated "allowedReferences" This is what write-good lints as a "lexical illusion" (cherry picked from commit `cb16cd707c`)	2025-05-16 15:56:26 +00:00
mergify[bot]	f51b537239	Merge pull request #13210 from NixOS/mergify/bp/2.29-maintenance/pr-13207 dev-shell: Drop bear dependency (backport #13207)	2025-05-15 22:32:16 +00:00
Sergei Zimmerman	2b7e3e9b81	dev-shell: Drop bear dependency Since the autotools-based build system has been removed and meson already generates compile database there's no need to have it in the devshell. (cherry picked from commit `67535263a5`)	2025-05-15 21:49:21 +00:00
Jörg Thalheim	fee8454dd0	Merge pull request #13205 from NixOS/mergify/bp/2.29-maintenance/pr-13202 Fix nix-copy-closure VM test (backport #13202)	2025-05-15 18:34:32 +02:00
Eelco Dolstra	dc238ba102	Fix nix-copy-closure VM test https://hydra.nixos.org/build/297112538 (cherry picked from commit `d626348f42`)	2025-05-15 15:51:43 +00:00
mergify[bot]	fa7a5ab07a	Merge pull request #13201 from NixOS/mergify/bp/2.29-maintenance/pr-13197 Update Nixpkgs to fix static builds (backport #13197)	2025-05-15 11:48:30 +00:00
Eelco Dolstra	27932ae6da	Merge pull request #13199 from NixOS/mergify/bp/2.29-maintenance/pr-13196 rename StoreDirConfigItself to StoreDirConfigBase (backport #13196)	2025-05-15 12:44:09 +02:00
Eelco Dolstra	631d23788e	Merge pull request #13198 from NixOS/mergify/bp/2.29-maintenance/pr-13195 Remove otherNixes.nix_2_18 (backport #13195)	2025-05-15 12:24:24 +02:00
Eelco Dolstra	4f03bfebd9	flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f02fddb8acef29a8b32f10a335d44828d7825b78?narHash=sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds%2Bhc%3D' (2025-05-01) → 'github:NixOS/nixpkgs/adaa24fbf46737f3f1b5497bf64bae750f82942e?narHash=sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY%3D' (2025-05-13) (cherry picked from commit `3ba49d7ec2`)	2025-05-15 10:21:25 +00:00
Jörg Thalheim	7f488dc7d3	rename StoreDirConfigItself to StoreDirConfigBase context: https://github.com/NixOS/nix/pull/13154#discussion_r2081904653 (cherry picked from commit `2dd2142754`)	2025-05-15 10:04:22 +00:00
Eelco Dolstra	1b2e88effd	Remove otherNixes.nix_2_18 Nixpkgs no longer has Nix 2.18, so this fails to evaluate. (cherry picked from commit `bc85e20fb9`)	2025-05-15 09:44:21 +00:00
John Ericson	4dcf21a2f6	Merge branch 'master' into 2.29-maintenance	2025-05-14 19:59:35 -04:00
John Ericson	ff24751bdd	Mark official release	2025-05-14 19:29:50 -04:00
@@ -1 +1 @@
 .32.0
 .29.0