Merge pull request #12922 from NixOS/mergify/bp/2.24-maintenance/pr-12911

create cache entry for paths already in the nix store (backport #12911)

.clang-format

@@ -8,7 +8,7 @@ BraceWrapping:
   AfterUnion: true
   SplitEmptyRecord: false
 PointerAlignment: Middle
-FixNamespaceComments: true
+FixNamespaceComments: false
 SortIncludes: Never
 #IndentPPDirectives: BeforeHash
 SpaceAfterCStyleCast: true
@@ -31,5 +31,3 @@ AlwaysBreakBeforeMultilineStrings: true
 IndentPPDirectives: AfterHash
 PPIndentWidth: 2
 BinPackArguments: false
-BreakBeforeTernaryOperators: true
-SeparateDefinitionBlocks: Always

.coderabbit.yaml

@@ -1,18 +0,0 @@
-# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
-# Disable CodeRabbit auto-review to prevent verbose comments on PRs.
-# When enabled: false, CodeRabbit won't attempt reviews and won't post
-# "Review skipped" or other automated comments.
-reviews:
-  auto_review:
-    enabled: false
-  review_status: false
-  high_level_summary: false
-  poem: false
-  sequence_diagrams: false
-  changed_files_summary: false
-  tools:
-    github-checks:
-      enabled: false
-chat:
-  art: false
-  auto_reply: false

.git-blame-ignore-revs

@@ -1,6 +0,0 @@
-# bulk initial re-formatting with clang-format
-e4f62e46088919428a68bd8014201dc8e379fed7 # !autorebase ./maintainers/format.sh --until-stable
-# meson re-formatting
-385e2c3542c707d95e3784f7f6d623f67e77ab61 # !autorebase ./maintainers/format.sh --until-stable
-# nixfmt 1.0.0
-1d943f581908f35075a84a3d89c2eba3ff35067f # !autorebase ./maintainers/format.sh --until-stable

.github/CODEOWNERS

@@ -11,7 +11,16 @@
 .github/CODEOWNERS @edolstra
 
 # Documentation of built-in functions
-src/libexpr/primops.cc @roberth
+src/libexpr/primops.cc @roberth @fricklerhandwerk
+
+# Documentation of settings
+src/libexpr/eval-settings.hh @fricklerhandwerk
+src/libstore/globals.hh @fricklerhandwerk
+
+# Documentation
+doc/manual @fricklerhandwerk
+maintainers/*.md @fricklerhandwerk
+src/**/*.md @fricklerhandwerk
 
 # Libstore layer
 /src/libstore @ericson2314

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,54 +1,36 @@
 ---
 name: Bug report
-about: Report unexpected or incorrect behaviour
+about: Create a report to help us improve
 title: ''
 labels: bug
 assignees: ''
 
 ---
 
-## Describe the bug
+**Describe the bug**
 
-<!--
-  A clear and concise description of what the bug is.
+A clear and concise description of what the bug is.
 
-  If you have a problem with a specific package or NixOS,
-  you probably want to file an issue at https://github.com/NixOS/nixpkgs/issues.
--->
+If you have a problem with a specific package or NixOS,
+you probably want to file an issue at https://github.com/NixOS/nixpkgs/issues. 
 
-## Steps To Reproduce
+**Steps To Reproduce**
 
-<!--
-  Example:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
 
-  1. Clone this repository: ...
-  2. Run `nix-... ...`
-  3. Observe unexpected behaviour
--->
+**Expected behavior**
 
-## Expected behavior
+A clear and concise description of what you expected to happen.
 
-<!-- A clear and concise description of what you expected to happen. -->
+**`nix-env --version` output**
 
-## Metadata
+**Additional context**
 
-<!-- Please insert the output of running `nix-env --version` below this line -->
+Add any other context about the problem here.
 
-## Additional context
-
-<!-- Add any other context about the problem here. -->
-
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open bug issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open bug issues and pull requests]: https://github.com/NixOS/nix/labels/bug
-
----
+**Priorities**
 
 Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,39 +1,24 @@
 ---
 name: Feature request
-about: Suggest a new feature
+about: Suggest an idea for this project
 title: ''
 labels: feature
 assignees: ''
 
 ---
 
-## Is your feature request related to a problem?
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 
-<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
 
-## Proposed solution
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
 
-<!-- A clear and concise description of what you want to happen. -->
+**Additional context**
+Add any other context or screenshots about the feature request here.
 
-## Alternative solutions
-
-<!-- A clear and concise description of any alternative solutions or features you've considered. -->
-
-## Additional context
-
-<!-- Add any other context or screenshots about the feature request here. -->
-
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open feature issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open feature issues and pull requests]: https://github.com/NixOS/nix/labels/feature
-
----
+**Priorities**
 
 Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/installer.md

@@ -23,25 +23,14 @@ assignees: ''
 
 <details><summary>Output</summary>
 
-<!-- paste console output inside the below code block -->
-
 ```log
 
+<!-- paste console output here and remove this comment -->
+
 ```
 
 </details>
 
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open installer issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open installer issues and pull requests]: https://github.com/NixOS/nix/labels/installer
-
----
+## Priorities
 
 Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/missing_documentation.md

@@ -22,10 +22,10 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open documentation issues and pull requests] for possible duplicates
 
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
+[source]: https://github.com/NixOS/nix/tree/master/doc/manual/src
 [open documentation issues and pull requests]: https://github.com/NixOS/nix/labels/documentation
 
----
+## Priorities
 
 Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,32 +1,7 @@
-<!--
-
-IMPORTANT
-
-Nix is a non-trivial project, so for your contribution to be successful,
-it really is important to follow the contributing guidelines:
-
-https://github.com/NixOS/nix/blob/master/CONTRIBUTING.md
-
-Even if you've contributed to open source before, take a moment to read it,
-so you understand the process and the expectations.
-
-- what information to include in commit messages
-- proper attribution
-- volunteering contributions effectively
-- how to get help and our review process.
-
-PR stuck in review? We have two Nix team meetings per week online that are open for everyone in a jitsi conference:
-
-- https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com
-
--->
-
-## Motivation
-
+# Motivation
 <!-- Briefly explain what the change is about and why it is desirable. -->
 
-## Context
-
+# Context
 <!-- Provide context. Reference open issues if available. -->
 
 <!-- Non-trivial change: Briefly outline the implementation strategy. -->
@@ -35,7 +10,7 @@ PR stuck in review? We have two Nix team meetings per week online that are open
 
 <!-- Large change: Provide instructions to reviewers how to read the diff. -->
 
----
+# Priorities and Process
 
 Add :+1: to [pull requests you find important](https://github.com/NixOS/nix/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc).
 

.github/STALE-BOT.md

@@ -3,7 +3,7 @@
 - Thanks for your contribution!
 - To remove the stale label, just leave a new comment.
 - _How to find the right people to ping?_ → [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.)
-- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on [Matrix - #users:nixos.org](https://matrix.to/#/#users:nixos.org).
+- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on [Matrix - #nix:nixos.org](https://matrix.to/#/#nix:nixos.org).
 
 ## Suggestions for PRs
 

.github/actions/install-nix-action/action.yaml

@@ -1,131 +0,0 @@
-name: "Install Nix"
-description: "Helper action for installing Nix with support for dogfooding from master"
-inputs:
-  dogfood:
-    description: "Whether to use Nix installed from the latest artifact from master branch"
-    required: true # Be explicit about the fact that we are using unreleased artifacts
-  experimental-installer:
-    description: "Whether to use the experimental installer to install Nix"
-    default: false
-  experimental-installer-version:
-    description: "Version of the experimental installer to use. If `latest`, the newest artifact from the default branch is used."
-    # TODO: This should probably be pinned to a release after https://github.com/NixOS/experimental-nix-installer/pull/49 lands in one
-    default: "latest"
-  extra_nix_config:
-    description: "Gets appended to `/etc/nix/nix.conf` if passed."
-  install_url:
-    description: "URL of the Nix installer"
-    required: false
-    default: "https://releases.nixos.org/nix/nix-2.32.1/install"
-  tarball_url:
-    description: "URL of the Nix tarball to use with the experimental installer"
-    required: false
-  github_token:
-    description: "Github token"
-    required: true
-  use_cache:
-    description: "Whether to setup magic-nix-cache"
-    default: true
-    required: false
-runs:
-  using: "composite"
-  steps:
-    - name: "Download nix install artifact from master"
-      shell: bash
-      id: download-nix-installer
-      if: inputs.dogfood == 'true'
-      run: |
-        RUN_ID=$(gh run list --repo "$DOGFOOD_REPO" --workflow ci.yml --branch master --status success --json databaseId --jq ".[0].databaseId")
-
-        if [ "$RUNNER_OS" == "Linux" ]; then
-          INSTALLER_ARTIFACT="installer-linux"
-        elif [ "$RUNNER_OS" == "macOS" ]; then
-          INSTALLER_ARTIFACT="installer-darwin"
-        else
-          echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS"
-          exit 1
-        fi
-
-        INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$INSTALLER_ARTIFACT"
-        mkdir -p "$INSTALLER_DOWNLOAD_DIR"
-
-        gh run download "$RUN_ID" --repo "$DOGFOOD_REPO" -n "$INSTALLER_ARTIFACT" -D "$INSTALLER_DOWNLOAD_DIR"
-        echo "installer-path=file://$INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-        TARBALL_PATH="$(find "$INSTALLER_DOWNLOAD_DIR" -name 'nix*.tar.xz' -print | head -n 1)"
-        echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
-
-        echo "::notice ::Dogfooding Nix installer from master (https://github.com/$DOGFOOD_REPO/actions/runs/$RUN_ID)"
-      env:
-        GH_TOKEN: ${{ inputs.github_token }}
-        DOGFOOD_REPO: "NixOS/nix"
-    - name: "Gather system info for experimental installer"
-      shell: bash
-      if: ${{ inputs.experimental-installer == 'true' }}
-      run: |
-        echo "::notice Using experimental installer from $EXPERIMENTAL_INSTALLER_REPO (https://github.com/$EXPERIMENTAL_INSTALLER_REPO)"
-
-        if [ "$RUNNER_OS" == "Linux" ]; then
-          EXPERIMENTAL_INSTALLER_SYSTEM="linux"
-          echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-        elif [ "$RUNNER_OS" == "macOS" ]; then
-          EXPERIMENTAL_INSTALLER_SYSTEM="darwin"
-          echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-        else
-          echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS"
-          exit 1
-        fi
-
-        if [ "$RUNNER_ARCH" == "X64" ]; then
-          EXPERIMENTAL_INSTALLER_ARCH=x86_64
-          echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV"
-        elif [ "$RUNNER_ARCH" == "ARM64" ]; then
-          EXPERIMENTAL_INSTALLER_ARCH=aarch64
-          echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV"
-        else
-          echo "::error ::Unsupported RUNNER_ARCH: $RUNNER_ARCH"
-          exit 1
-        fi
-
-        echo "EXPERIMENTAL_INSTALLER_ARTIFACT=nix-installer-$EXPERIMENTAL_INSTALLER_ARCH-$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-      env:
-        EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer"
-    - name: "Download latest experimental installer"
-      shell: bash
-      id: download-latest-experimental-installer
-      if: ${{ inputs.experimental-installer == 'true' && inputs.experimental-installer-version == 'latest' }}
-      run: |
-        RUN_ID=$(gh run list --repo "$EXPERIMENTAL_INSTALLER_REPO" --workflow ci.yml --branch main --status success --json databaseId --jq ".[0].databaseId")
-
-        EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$EXPERIMENTAL_INSTALLER_ARTIFACT"
-        mkdir -p "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR"
-
-        gh run download "$RUN_ID" --repo "$EXPERIMENTAL_INSTALLER_REPO" -n "$EXPERIMENTAL_INSTALLER_ARTIFACT" -D "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR"
-        # Executable permissions are lost in artifacts
-        find $EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR -type f -exec chmod +x {} +
-        echo "installer-path=$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-      env:
-        GH_TOKEN: ${{ inputs.github_token }}
-        EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer"
-    - uses: cachix/install-nix-action@c134e4c9e34bac6cab09cf239815f9339aaaf84e # v31.5.1
-      if: ${{ inputs.experimental-installer != 'true' }}
-      with:
-        # Ternary operator in GHA: https://www.github.com/actions/runner/issues/409#issuecomment-752775072
-        install_url: ${{ inputs.dogfood == 'true' && format('{0}/install', steps.download-nix-installer.outputs.installer-path) || inputs.install_url }}
-        install_options: ${{ inputs.dogfood == 'true' && format('--tarball-url-prefix {0}', steps.download-nix-installer.outputs.installer-path) || '' }}
-        extra_nix_config: ${{ inputs.extra_nix_config }}
-    - uses: DeterminateSystems/nix-installer-action@786fff0690178f1234e4e1fe9b536e94f5433196 # v20
-      if: ${{ inputs.experimental-installer == 'true' }}
-      with:
-        diagnostic-endpoint: ""
-        # TODO: It'd be nice to use `artifacts.nixos.org` for both of these, maybe through an `/experimental-installer/latest` endpoint? or `/commit/<hash>`?
-        local-root: ${{ inputs.experimental-installer-version == 'latest' && steps.download-latest-experimental-installer.outputs.installer-path || '' }}
-        source-url: ${{ inputs.experimental-installer-version != 'latest' && 'https://artifacts.nixos.org/experimental-installer/tag/${{ inputs.experimental-installer-version }}/${{ env.EXPERIMENTAL_INSTALLER_ARTIFACT }}' || '' }}
-        nix-package-url: ${{ inputs.dogfood == 'true' && steps.download-nix-installer.outputs.tarball-path || (inputs.tarball_url || '') }}
-        extra-conf: ${{ inputs.extra_nix_config }}
-    - uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13
-      if: ${{ inputs.use_cache == 'true' }}
-      with:
-        diagnostic-endpoint: ''
-        use-flakehub: false
-        use-gha-cache: true
-        source-revision: 92d9581367be2233c2d5714a2640e1339f4087d8 # main

.github/labeler.yml

@@ -1,7 +1,7 @@
 "c api":
   - changed-files:
     - any-glob-to-any-file: "src/lib*-c/**/*"
-    - any-glob-to-any-file: "src/*test*/**/nix_api_*"
+    - any-glob-to-any-file: "test/unit/**/nix_api_*"
     - any-glob-to-any-file: "doc/external-api/**/*"
 
 "contributor-experience":
@@ -9,7 +9,7 @@
     - any-glob-to-any-file: "CONTRIBUTING.md"
     - any-glob-to-any-file: ".github/ISSUE_TEMPLATE/*"
     - any-glob-to-any-file: ".github/PULL_REQUEST_TEMPLATE.md"
-    - any-glob-to-any-file: "doc/manual/source/contributing/**"
+    - any-glob-to-any-file: "doc/manual/src/contributing/**"
 
 "documentation":
   - changed-files:

.github/workflows/backport.yml

@@ -1,37 +0,0 @@
-name: Backport
-on:
-  pull_request_target:
-    types: [closed, labeled]
-permissions:
-  contents: read
-jobs:
-  backport:
-    name: Backport Pull Request
-    permissions:
-      # for korthout/backport-action
-      contents: write
-      pull-requests: write
-    if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
-    runs-on: ubuntu-24.04-arm
-    steps:
-      - name: Generate GitHub App token
-        id: generate-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.CI_APP_ID }}
-          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
-      - uses: actions/checkout@v5
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          # required to find all branches
-          fetch-depth: 0
-      - name: Create backport PRs
-        uses: korthout/backport-action@d07416681cab29bf2661702f925f020aaa962997 # v3.4.1
-        id: backport
-        with:
-          # Config README: https://github.com/korthout/backport-action#backport-action
-          github_token: ${{ steps.generate-token.outputs.token }}
-          github_workspace: ${{ github.workspace }}
-          auto_merge_enabled: true
-          pull_description: |-
-            Automatic backport to `${target_branch}`, triggered by a label in #${pull_number}.

.github/workflows/ci.yml

@@ -2,21 +2,7 @@ name: "CI"
 
 on:
   pull_request:
-  merge_group:
   push:
-    branches:
-      - master
-  workflow_dispatch:
-    inputs:
-      dogfood:
-        description: 'Use dogfood Nix build'
-        required: false
-        default: true
-        type: boolean
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
 
 permissions: read-all
 
@@ -24,43 +10,13 @@ jobs:
   eval:
     runs-on: ubuntu-24.04
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        extra_nix_config:
-          experimental-features = nix-command flakes
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        use_cache: false
-    - run: nix flake show --all-systems --json
-
-  pre-commit-checks:
-    name: pre-commit checks
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: actions/checkout@v5
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-          extra_nix_config: experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - run: ./ci/gha/tests/pre-commit-checks
-
-  basic-checks:
-    name: aggregate basic checks
-    if: ${{ always() }}
-    runs-on: ubuntu-24.04
-    needs: [pre-commit-checks, eval]
-    steps:
-      - name: Exit with any errors
-        if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
-        run: |
-          exit 1
+    - uses: cachix/install-nix-action@v30
+    - run: nix --experimental-features 'nix-command flakes' flake show --all-systems --json
 
   tests:
-    needs: basic-checks
     strategy:
       fail-fast: false
       matrix:
@@ -68,74 +24,34 @@ jobs:
           - scenario: on ubuntu
             runs-on: ubuntu-24.04
             os: linux
-            instrumented: false
-            primary: true
-            stdenv: stdenv
           - scenario: on macos
             runs-on: macos-14
             os: darwin
-            instrumented: false
-            primary: true
-            stdenv: stdenv
-          - scenario: on ubuntu (with sanitizers / coverage)
-            runs-on: ubuntu-24.04
-            os: linux
-            instrumented: true
-            primary: false
-            stdenv: clangStdenv
     name: tests ${{ matrix.scenario }}
     runs-on: ${{ matrix.runs-on }}
     timeout-minutes: 60
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
+    - uses: cachix/install-nix-action@V27
       with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
         # The sandbox would otherwise be disabled by default on Darwin
-        extra_nix_config: "sandbox = true"
+        extra_nix_config: |
+          sandbox = true
+          max-jobs = 1
+    - uses: DeterminateSystems/magic-nix-cache-action@main
     # Since ubuntu 22.30, unprivileged usernamespaces are no longer allowed to map to the root user:
     # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
     - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
       if: matrix.os == 'linux'
-    - name: Run component tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix componentTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-    - name: Run VM tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix vmTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-      if: ${{ matrix.os == 'linux' }}
-    - name: Run flake checks and prepare the installer tarball
-      run: |
-        ci/gha/tests/build-checks
-        ci/gha/tests/prepare-installer-for-github-actions
-      if: ${{ matrix.primary }}
-    - name: Collect code coverage
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix codeCoverage.coverageReports -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}" \
-          --out-link coverage-reports
-        cat coverage-reports/index.txt >> $GITHUB_STEP_SUMMARY
-      if: ${{ matrix.instrumented }}
-    - name: Upload coverage reports
-      uses: actions/upload-artifact@v5
-      with:
-        name: coverage-reports
-        path: coverage-reports/
-      if: ${{ matrix.instrumented }}
+    - run: scripts/build-checks
+    - run: scripts/prepare-installer-for-github-actions
     - name: Upload installer tarball
-      uses: actions/upload-artifact@v5
+      uses: actions/upload-artifact@v4
       with:
         name: installer-${{matrix.os}}
         path: out/*
-      if: ${{ matrix.primary }}
 
   installer_test:
     needs: [tests]
@@ -146,46 +62,25 @@ jobs:
           - scenario: on ubuntu
             runs-on: ubuntu-24.04
             os: linux
-            experimental-installer: false
           - scenario: on macos
             runs-on: macos-14
             os: darwin
-            experimental-installer: false
-          - scenario: on ubuntu (experimental)
-            runs-on: ubuntu-24.04
-            os: linux
-            experimental-installer: true
-          - scenario: on macos (experimental)
-            runs-on: macos-14
-            os: darwin
-            experimental-installer: true
     name: installer test ${{ matrix.scenario }}
     runs-on: ${{ matrix.runs-on }}
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
     - name: Download installer tarball
-      uses: actions/download-artifact@v6
+      uses: actions/download-artifact@v4
       with:
         name: installer-${{matrix.os}}
         path: out
-    - name: Looking up the installer tarball URL
-      id: installer-tarball-url
-      run: |
-        echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT"
-        TARBALL_PATH="$(find "$GITHUB_WORKSPACE/out" -name 'nix*.tar.xz' -print | head -n 1)"
-        echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
-    - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31.8.4
-      if: ${{ !matrix.experimental-installer }}
+    - name: Serving installer
+      id: serving_installer
+      run: ./scripts/serve-installer-for-github-actions
+    - uses: cachix/install-nix-action@v30
       with:
-        install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }}
-        install_options: ${{ format('--tarball-url-prefix {0}', steps.installer-tarball-url.outputs.installer-url) }}
-    - uses: ./.github/actions/install-nix-action
-      if: ${{ matrix.experimental-installer }}
-      with:
-        dogfood: false
-        experimental-installer: true
-        tarball_url: ${{ steps.installer-tarball-url.outputs.tarball-path }}
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        install_url: 'http://localhost:8126/install'
+        install_options: "--tarball-url-prefix http://localhost:8126/"
     - run: sudo apt install fish zsh
       if: matrix.os == 'linux'
     - run: brew install fish
@@ -204,20 +99,20 @@ jobs:
   check_secrets:
     permissions:
       contents: none
-    name: Check presence of secrets
+    name: Check Docker secrets present for installer tests
     runs-on: ubuntu-24.04
     outputs:
       docker: ${{ steps.secret.outputs.docker }}
     steps:
-      - name: Check for DockerHub secrets
+      - name: Check for secrets
         id: secret
         env:
           _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
         run: |
-          echo "docker=${{ env._DOCKER_SECRETS != '' }}" >> $GITHUB_OUTPUT
+          echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
 
   docker_push_image:
-    needs: [tests, check_secrets]
+    needs: [tests, vm_tests, check_secrets]
     permissions:
       contents: read
       packages: write
@@ -227,16 +122,21 @@ jobs:
       github.ref_name == 'master'
     runs-on: ubuntu-24.04
     steps:
-    - uses: actions/checkout@v5
+    - name: Check for secrets
+      id: secret
+      env:
+        _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
+      run: |
+        echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
+    - uses: cachix/install-nix-action@V27
       with:
-        dogfood: false
-        extra_nix_config: |
-          experimental-features = flakes nix-command
-    - run: echo NIX_VERSION="$(nix eval .\#nix.version | tr -d \")" >> $GITHUB_ENV
-    - run: nix build .#dockerImage -L
+        install_url: https://releases.nixos.org/nix/nix-2.20.3/install
+    - uses: DeterminateSystems/magic-nix-cache-action@main
+    - run: echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#nix.version | tr -d \")" >> $GITHUB_ENV
+    - run: nix --experimental-features 'nix-command flakes' build .#dockerImage -L
     - run: docker load -i ./result/image.tar.gz
     - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
     - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
@@ -271,48 +171,44 @@ jobs:
         docker tag nix:$NIX_VERSION $IMAGE_ID:master
         docker push $IMAGE_ID:master
 
+  vm_tests:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - run: nix build -L .#hydraJobs.tests.githubFlakes .#hydraJobs.tests.tarballFlakes .#hydraJobs.tests.functional_user
+
+  meson_build:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      # Only meson packages that don't have a tests.run derivation.
+      # Those that have it are already built and tested as part of nix flake check.
+      - run: nix build -L .#hydraJobs.build.{nix-cmd,nix-main}.$(nix-instantiate --eval --expr builtins.currentSystem | sed -e 's/"//g')
+
   flake_regressions:
-    needs: tests
+    needs: vm_tests
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout nix
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       - name: Checkout flake-regressions
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
         with:
           repository: NixOS/flake-regressions
           path: flake-regressions
       - name: Checkout flake-regressions-data
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
         with:
           repository: NixOS/flake-regressions-data
           path: flake-regressions/tests
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-          extra_nix_config:
-            experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh
-
-  profile_build:
-    needs: tests
-    runs-on: ubuntu-24.04
-    timeout-minutes: 60
-    if: >-
-      github.event_name == 'push' &&
-      github.ref_name == 'master'
-    steps:
-    - uses: actions/checkout@v5
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        extra_nix_config: |
-          experimental-features = flakes nix-command ca-derivations impure-derivations
-          max-jobs = 1
-    - run: |
-        nix build -L --file ./ci/gha/profile-build buildTimeReport --out-link build-time-report.md
-        cat build-time-report.md >> $GITHUB_STEP_SUMMARY
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - run: nix build --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH scripts/flake-regressions.sh

.github/workflows/labels.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-24.04
     if: github.repository_owner == 'NixOS'
     steps:
-    - uses: actions/labeler@v6
+    - uses: actions/labeler@v5
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         sync-labels: false

.gitignore

@@ -1,12 +1,113 @@
+Makefile.config
+perl/Makefile.config
+
+# /
+/aclocal.m4
+/autom4te.cache
+/precompiled-headers.h.gch
+/config.*
+/configure
+/stamp-h1
+/svn-revision
+/libtool
+/config/config.*
 # Default meson build dir
 /build
 
+# /doc/manual/
+/doc/manual/*.1
+/doc/manual/*.5
+/doc/manual/*.8
+/doc/manual/generated/*
+/doc/manual/nix.json
+/doc/manual/conf-file.json
+/doc/manual/language.json
+/doc/manual/xp-features.json
+/doc/manual/src/SUMMARY.md
+/doc/manual/src/SUMMARY-rl-next.md
+/doc/manual/src/store/types/*
+!/doc/manual/src/store/types/index.md.in
+/doc/manual/src/command-ref/new-cli
+/doc/manual/src/command-ref/conf-file.md
+/doc/manual/src/command-ref/experimental-features-shortlist.md
+/doc/manual/src/contributing/experimental-feature-descriptions.md
+/doc/manual/src/language/builtins.md
+/doc/manual/src/language/builtin-constants.md
+/doc/manual/src/release-notes/rl-next.md
+
+# /scripts/
+/scripts/nix-profile.sh
+/scripts/nix-profile-daemon.sh
+/scripts/nix-profile.fish
+/scripts/nix-profile-daemon.fish
+
+# /src/libexpr/
+/src/libexpr/lexer-tab.cc
+/src/libexpr/lexer-tab.hh
+/src/libexpr/parser-tab.cc
+/src/libexpr/parser-tab.hh
+/src/libexpr/parser-tab.output
+/src/libexpr/nix.tbl
+/src/libexpr/tests
+/tests/unit/libexpr/libnixexpr-tests
+
+# /src/libfetchers
+/tests/unit/libfetchers/libnixfetchers-tests
+
+# /src/libflake
+/tests/unit/libflake/libnixflake-tests
+
+# /src/libstore/
+*.gen.*
+/src/libstore/tests
+/tests/unit/libstore/libnixstore-tests
+
+# /src/libutil/
+/src/libutil/tests
+/tests/unit/libutil/libnixutil-tests
+
+/src/nix/nix
+
+/src/nix/generated-doc
+
+# /src/nix-env/
+/src/nix-env/nix-env
+
+# /src/nix-instantiate/
+/src/nix-instantiate/nix-instantiate
+
+# /src/nix-store/
+/src/nix-store/nix-store
+
+/src/nix-prefetch-url/nix-prefetch-url
+
+/src/nix-collect-garbage/nix-collect-garbage
+
+# /src/nix-channel/
+/src/nix-channel/nix-channel
+
+# /src/nix-build/
+/src/nix-build/nix-build
+
+/src/nix-copy-closure/nix-copy-closure
+
+/src/error-demo/error-demo
+
+/src/build-remote/build-remote
+
 # /tests/functional/
+/tests/functional/test-tmp
 /tests/functional/common/subst-vars.sh
+/tests/functional/result*
 /tests/functional/restricted-innocent
+/tests/functional/shell
+/tests/functional/shell.drv
+/tests/functional/config.nix
+/tests/functional/ca/config.nix
+/tests/functional/dyn-drv/config.nix
+/tests/functional/repl-result-out
 /tests/functional/debugger-test-out
 /tests/functional/test-libstoreconsumer/test-libstoreconsumer
-/tests/functional/nix-shell
 
 # /tests/functional/lang/
 /tests/functional/lang/*.out
@@ -14,9 +115,27 @@
 /tests/functional/lang/*.err
 /tests/functional/lang/*.ast
 
-/outputs
+/perl/lib/Nix/Config.pm
+/perl/lib/Nix/Store.cc
 
+/misc/systemd/nix-daemon.service
+/misc/systemd/nix-daemon.socket
+/misc/systemd/nix-daemon.conf
+/misc/upstart/nix-daemon.conf
+
+outputs/
+
+*.a
+*.o
+*.o.tmp
+*.so
+*.dylib
+*.dll
+*.exe
+*.dep
 *~
+*.pc
+*.plist
 
 # GNU Global
 GPATH
@@ -31,6 +150,8 @@ GTAGS
 compile_commands.json
 *.compile_commands.json
 
+nix-rust/target
+
 result
 result-*
 
@@ -45,8 +166,3 @@ result-*
 
 # Mac OS
 .DS_Store
-
-flake-regressions
-
-# direnv
-.direnv/

.mergify.yml

@@ -0,0 +1,94 @@
+queue_rules:
+  - name: default
+    # all required tests need to go here
+    merge_conditions:
+      - check-success=installer
+      - check-success=installer_test (macos-latest)
+      - check-success=installer_test (ubuntu-latest)
+      - check-success=tests on macos
+      - check-success=tests on ubuntu
+      - check-success=installer test on macos
+      - check-success=installer test on ubuntu
+      - check-success=vm_tests
+    merge_method: rebase
+    batch_size: 5
+
+pull_request_rules:
+  - name: merge using the merge queue
+    conditions:
+      - base=master
+      - label~=merge-queue|dependencies
+    actions:
+      queue: {}
+
+# The rules below will first create backport pull requests and put those in a merge queue.
+
+  - name: backport patches to 2.18
+    conditions:
+      - label=backport 2.18-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.18-maintenance
+        labels:
+          - merge-queue
+
+  - name: backport patches to 2.19
+    conditions:
+      - label=backport 2.19-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.19-maintenance
+        labels:
+          - merge-queue
+
+  - name: backport patches to 2.20
+    conditions:
+      - label=backport 2.20-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.20-maintenance
+        labels:
+          - merge-queue
+
+  - name: backport patches to 2.21
+    conditions:
+      - label=backport 2.21-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.21-maintenance
+        labels:
+          - merge-queue
+
+  - name: backport patches to 2.22
+    conditions:
+      - label=backport 2.22-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.22-maintenance
+        labels:
+          - merge-queue
+
+  - name: backport patches to 2.23
+    conditions:
+      - label=backport 2.23-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.23-maintenance
+        labels:
+          - merge-queue
+
+  - name: backport patches to 2.24
+    conditions:
+      - label=backport 2.24-maintenance
+    actions:
+      backport:
+        branches:
+          - "2.24-maintenance"
+        labels:
+          - merge-queue

.version

@@ -1 +1 @@
-2.33.0
+2.24.14

CONTRIBUTING.md

@@ -52,20 +52,6 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).
 
      Link related issues to inform interested parties and future contributors about your change.
      If your pull request closes one or multiple issues, mention that in the description using `Closes: #<number>`, as it will then happen automatically when your change is merged.
-   * Credit original authors when you're reusing or building on their work.
-   * Link to relevant changes in other projects, so that others can understand the full context of the change in the future when you or someone else will change or troubleshoot the code.
-     This is especially important when your change is based on work done in other repositories.
-
-     Example:
-     ```
-     This is based on the work of @user in <url>.
-     This solution took inspiration from <url>.
-
-     Co-authored-by: User Name <user@example.com>
-     ```
-
-     When cherry-picking from a different repository, use the `-x` flag, and then amend the commits to turn the hashes into URLs.
-
    * Make sure to have [a clean history of commits on your branch by using rebase](https://www.digitalocean.com/community/tutorials/how-to-rebase-and-update-a-pull-request).
    * [Mark the pull request as draft](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request) if you're not done with the changes.
 
@@ -79,7 +65,7 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).
      - Functional tests – [`tests/functional/**.sh`](./tests/functional)
      - Unit tests – [`src/*/tests`](./src/)
      - Integration tests – [`tests/nixos/*`](./tests/nixos)
-   - [ ] User documentation in the [manual](./doc/manual/source)
+   - [ ] User documentation in the [manual](./doc/manual/src)
    - [ ] API documentation in header files
    - [ ] Code and comments are self-explanatory
    - [ ] Commit message explains **why** the change was made
@@ -89,12 +75,12 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).
 
 ## Making changes to the Nix manual
 
-The Nix reference manual is hosted on https://nix.dev/manual/nix.
-The underlying source files are located in [`doc/manual/source`](./doc/manual/source).
+The Nix reference manual is hosted on https://nixos.org/manual/nix.
+The underlying source files are located in [`doc/manual/src`](./doc/manual/src).
 For small changes you can [use GitHub to edit these files](https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files)
 For larger changes see the [Nix reference manual](https://nix.dev/manual/nix/development/development/contributing.html).
 
 ## Getting help
 
 Whenever you're stuck or do not know how to proceed, you can always ask for help.
-We invite you to use our [Matrix room](https://matrix.to/#/#nix-dev:nixos.org) to ask questions.
+The appropriate channels to do so can be found on the [NixOS Community](https://nixos.org/community/) page.

COPYING

@@ -1,8 +1,8 @@
-                  GNU LESSER GENERAL PUBLIC LICENSE
-                       Version 2.1, February 1999
+		  GNU LESSER GENERAL PUBLIC LICENSE
+		       Version 2.1, February 1999
 
  Copyright (C) 1991, 1999 Free Software Foundation, Inc.
- <https://fsf.org/>
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -10,7 +10,7 @@
  as the successor of the GNU Library Public License, version 2, hence
  the version number 2.1.]
 
-                            Preamble
+			    Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -112,7 +112,7 @@ modification follow.  Pay close attention to the difference between a
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
 
-                  GNU LESSER GENERAL PUBLIC LICENSE
+		  GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License Agreement applies to any software library or other
@@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
 on the Library (independent of the use of the Library in a tool for
 writing it).  Whether that is true depends on what the Library does
 and what the program that uses the Library does.
-
+  
   1. You may copy and distribute verbatim copies of the Library's
 complete source code as you receive it, in any medium, provided that
 you conspicuously and appropriately publish on each copy an
@@ -432,7 +432,7 @@ decision will be guided by the two goals of preserving the free status
 of all derivatives of our free software and of promoting the sharing
 and reuse of software generally.
 
-                            NO WARRANTY
+			    NO WARRANTY
 
   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
 WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
@@ -455,7 +455,7 @@ FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
 SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
 
-                     END OF TERMS AND CONDITIONS
+		     END OF TERMS AND CONDITIONS
 
            How to Apply These Terms to Your New Libraries
 
@@ -484,7 +484,8 @@ convey the exclusion of warranty; and each file should have at least the
     Lesser General Public License for more details.
 
     You should have received a copy of the GNU Lesser General Public
-    License along with this library; if not, see <https://www.gnu.org/licenses/>.
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -495,7 +496,9 @@ necessary.  Here is a sample; alter the names:
   Yoyodyne, Inc., hereby disclaims all copyright interest in the
   library `Frob' (a library for tweaking knobs) written by James Random Hacker.
 
-  <signature of Moe Ghoul>, 1 April 1990
-  Moe Ghoul, President of Vice
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
 
 That's all there is to it!
+
+

HACKING.md

@@ -1 +0,0 @@
-doc/manual/source/development/building.md

Makefile

@@ -0,0 +1,128 @@
+# External build directory support
+
+include mk/build-dir.mk
+
+-include $(buildprefix)Makefile.config
+clean-files += $(buildprefix)Makefile.config
+
+# List makefiles
+
+include mk/platform.mk
+
+ifeq ($(ENABLE_BUILD), yes)
+makefiles = \
+  mk/precompiled-headers.mk \
+  local.mk \
+  src/libutil/local.mk \
+  src/libstore/local.mk \
+  src/libfetchers/local.mk \
+  src/libmain/local.mk \
+  src/libexpr/local.mk \
+  src/libflake/local.mk \
+  src/libcmd/local.mk \
+  src/nix/local.mk \
+  src/libutil-c/local.mk \
+  src/libstore-c/local.mk \
+  src/libexpr-c/local.mk
+
+ifdef HOST_UNIX
+makefiles += \
+  scripts/local.mk \
+  maintainers/local.mk \
+  misc/bash/local.mk \
+  misc/fish/local.mk \
+  misc/zsh/local.mk \
+  misc/systemd/local.mk \
+  misc/launchd/local.mk \
+  misc/upstart/local.mk
+endif
+endif
+
+ifeq ($(ENABLE_UNIT_TESTS), yes)
+makefiles += \
+  tests/unit/libutil/local.mk \
+  tests/unit/libutil-support/local.mk \
+  tests/unit/libstore/local.mk \
+  tests/unit/libstore-support/local.mk \
+  tests/unit/libfetchers/local.mk \
+  tests/unit/libexpr/local.mk \
+  tests/unit/libexpr-support/local.mk \
+  tests/unit/libflake/local.mk
+endif
+
+ifeq ($(ENABLE_FUNCTIONAL_TESTS), yes)
+ifdef HOST_UNIX
+makefiles += \
+  tests/functional/local.mk \
+  tests/functional/flakes/local.mk \
+  tests/functional/ca/local.mk \
+  tests/functional/git-hashing/local.mk \
+  tests/functional/dyn-drv/local.mk \
+  tests/functional/local-overlay-store/local.mk \
+  tests/functional/test-libstoreconsumer/local.mk \
+  tests/functional/plugins/local.mk
+endif
+endif
+
+# Some makefiles require access to built programs and must be included late.
+makefiles-late =
+
+ifeq ($(ENABLE_DOC_GEN), yes)
+makefiles-late += doc/manual/local.mk
+endif
+
+# Miscellaneous global Flags
+
+OPTIMIZE = 1
+
+ifeq ($(OPTIMIZE), 1)
+  GLOBAL_CXXFLAGS += -O3 $(CXXLTO)
+  GLOBAL_LDFLAGS += $(CXXLTO)
+else
+  GLOBAL_CXXFLAGS += -O0 -U_FORTIFY_SOURCE
+  unexport NIX_HARDENING_ENABLE
+endif
+
+ifdef HOST_WINDOWS
+  # Windows DLLs are stricter about symbol visibility than Unix shared
+  # objects --- see https://gcc.gnu.org/wiki/Visibility for details.
+  # This is a temporary sledgehammer to export everything like on Unix,
+  # and not detail with this yet.
+  #
+  # TODO do not do this, and instead do fine-grained export annotations.
+  GLOBAL_LDFLAGS += -Wl,--export-all-symbols
+endif
+
+GLOBAL_CXXFLAGS += -g -Wall -Wdeprecated-copy -Wignored-qualifiers -Wimplicit-fallthrough -Werror=unused-result -Werror=suggest-override -include $(buildprefix)config.h -std=c++2a -I src
+
+# Include the main lib, causing rules to be defined
+
+include mk/lib.mk
+
+# Fallback stub rules for better UX when things are disabled
+#
+# These must be defined after `mk/lib.mk`. Otherwise the first rule
+# incorrectly becomes the default target.
+
+ifneq ($(ENABLE_UNIT_TESTS), yes)
+.PHONY: check
+check:
+	@echo "Unit tests are disabled. Configure without '--disable-unit-tests', or avoid calling 'make check'."
+	@exit 1
+endif
+
+ifneq ($(ENABLE_FUNCTIONAL_TESTS), yes)
+.PHONY: installcheck
+installcheck:
+	@echo "Functional tests are disabled. Configure without '--disable-functional-tests', or avoid calling 'make installcheck'."
+	@exit 1
+endif
+
+# Documentation fallback stub rules.
+
+ifneq ($(ENABLE_DOC_GEN), yes)
+.PHONY: manual-html manpages
+manual-html manpages:
+	@echo "Generated docs are disabled. Configure without '--disable-doc-gen', or avoid calling 'make manpages' and 'make manual-html'."
+	@exit 1
+endif

Makefile.config.in

@@ -0,0 +1,54 @@
+AR = @AR@
+BDW_GC_LIBS = @BDW_GC_LIBS@
+BOOST_LDFLAGS = @BOOST_LDFLAGS@
+BUILD_SHARED_LIBS = @BUILD_SHARED_LIBS@
+CC = @CC@
+CFLAGS = @CFLAGS@
+CXX = @CXX@
+CXXFLAGS = @CXXFLAGS@
+CXXLTO = @CXXLTO@
+EDITLINE_LIBS = @EDITLINE_LIBS@
+ENABLE_BUILD = @ENABLE_BUILD@
+ENABLE_DOC_GEN = @ENABLE_DOC_GEN@
+ENABLE_FUNCTIONAL_TESTS = @ENABLE_FUNCTIONAL_TESTS@
+ENABLE_S3 = @ENABLE_S3@
+ENABLE_UNIT_TESTS = @ENABLE_UNIT_TESTS@
+GTEST_LIBS = @GTEST_LIBS@
+HAVE_LIBCPUID = @HAVE_LIBCPUID@
+HAVE_SECCOMP = @HAVE_SECCOMP@
+HOST_OS = @host_os@
+INSTALL_UNIT_TESTS = @INSTALL_UNIT_TESTS@
+LDFLAGS = @LDFLAGS@
+LIBARCHIVE_LIBS = @LIBARCHIVE_LIBS@
+LIBBROTLI_LIBS = @LIBBROTLI_LIBS@
+LIBCURL_LIBS = @LIBCURL_LIBS@
+LIBGIT2_LIBS = @LIBGIT2_LIBS@
+LIBSECCOMP_LIBS = @LIBSECCOMP_LIBS@
+LOWDOWN_LIBS = @LOWDOWN_LIBS@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+SHELL = @bash@
+SODIUM_LIBS = @SODIUM_LIBS@
+SQLITE3_LIBS = @SQLITE3_LIBS@
+bash = @bash@
+bindir = @bindir@
+checkbindir = @checkbindir@
+checklibdir = @checklibdir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+embedded_sandbox_shell = @embedded_sandbox_shell@
+exec_prefix = @exec_prefix@
+includedir = @includedir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+lsof = @lsof@
+mandir = @mandir@
+pkglibdir = $(libdir)/$(PACKAGE_NAME)
+prefix = @prefix@
+sandbox_shell = @sandbox_shell@
+storedir = @storedir@
+sysconfdir = @sysconfdir@
+system = @system@

README.md

@@ -1,7 +1,7 @@
 # Nix
 
 [![Open Collective supporters](https://opencollective.com/nixos/tiers/supporter/badge.svg?label=Supporters&color=brightgreen)](https://opencollective.com/nixos)
-[![CI](https://github.com/NixOS/nix/workflows/CI/badge.svg)](https://github.com/NixOS/nix/actions/workflows/ci.yml)
+[![Test](https://github.com/NixOS/nix/workflows/Test/badge.svg)](https://github.com/NixOS/nix/actions)
 
 Nix is a powerful package manager for Linux and other Unix systems that makes package
 management reliable and reproducible. Please refer to the [Nix manual](https://nix.dev/reference/nix-manual)
@@ -15,7 +15,7 @@ Full reference documentation can be found in the [Nix manual](https://nix.dev/re
 
 ## Building and developing
 
-Follow instructions in the Nix reference manual to [set up a development environment and build Nix from source](https://nix.dev/manual/nix/development/development/building.html).
+Follow instructions in the Nix reference manual to [set up a development environment and build Nix from source](https://nix.dev/manual/nix/development/building.html).
 
 ## Contributing
 
@@ -31,7 +31,7 @@ Today, a world-wide developer community contributes to Nix and the ecosystem tha
 - [Nixpkgs](https://github.com/NixOS/nixpkgs) is [the largest, most up-to-date free software repository in the world](https://repology.org/repositories/graphs)
 - [NixOS](https://github.com/NixOS/nixpkgs/tree/master/nixos) is a Linux distribution that can be configured fully declaratively
 - [Discourse](https://discourse.nixos.org/)
-- Matrix: [#users:nixos.org](https://matrix.to/#/#users:nixos.org) for user support and [#nix-dev:nixos.org](https://matrix.to/#/#nix-dev:nixos.org) for development
+- [Matrix](https://matrix.to/#/#nix:nixos.org)
 
 ## License
 

build-utils-meson/deps-lists/meson.build

@@ -6,7 +6,7 @@
 # *interface*.
 #
 # See `man pkg-config` for some details.
-deps_private = []
+deps_private = [ ]
 
 # These are public dependencies with pkg-config files. Public is the
 # opposite of private: these dependencies are used in installed header
@@ -23,14 +23,14 @@ deps_private = []
 # N.B. For distributions that care about "ABI" stability and not just
 # "API" stability, the private dependencies also matter as they can
 # potentially affect the public ABI.
-deps_public = []
+deps_public = [ ]
 
 # These are subproject deps (type == "internal"). They are other
 # packages in `/src` in this repo. The private vs public distinction is
 # the same as above.
-deps_private_subproject = []
-deps_public_subproject = []
+deps_private_subproject = [ ]
+deps_public_subproject = [ ]
 
 # These are dependencencies without pkg-config files. Ideally they are
 # just private, but they may also be public (e.g. boost).
-deps_other = []
+deps_other = [ ]

build-utils-meson/diagnostics/meson.build

@@ -0,0 +1,11 @@
+add_project_arguments(
+  '-Wdeprecated-copy',
+  '-Werror=suggest-override',
+  '-Werror=switch',
+  '-Werror=switch-enum',
+  '-Werror=unused-result',
+  '-Wignored-qualifiers',
+  '-Wimplicit-fallthrough',
+  '-Wno-deprecated-declarations',
+  language : 'cpp',
+)

build-utils-meson/export-all-symbols/meson.build

@@ -5,7 +5,7 @@ if host_machine.system() == 'cygwin' or host_machine.system() == 'windows'
   # and not detail with this yet.
   #
   # TODO do not do this, and instead do fine-grained export annotations.
-  linker_export_flags = [ '-Wl,--export-all-symbols' ]
+  linker_export_flags = ['-Wl,--export-all-symbols']
 else
   linker_export_flags = []
 endif

build-utils-meson/export/meson.build

@@ -0,0 +1,30 @@
+requires_private = []
+foreach dep : deps_private_subproject
+  requires_private  += dep.name()
+endforeach
+requires_private += deps_private
+
+requires_public  = []
+foreach dep : deps_public_subproject
+  requires_public  += dep.name()
+endforeach
+requires_public += deps_public
+
+import('pkgconfig').generate(
+  this_library,
+  filebase : meson.project_name(),
+  name : 'Nix',
+  description : 'Nix Package Manager',
+  subdirs : ['nix'],
+  extra_cflags : ['-std=c++2a'],
+  requires : requires_public,
+  requires_private : requires_private,
+  libraries_private : libraries_private,
+)
+
+meson.override_dependency(meson.project_name(), declare_dependency(
+  include_directories : include_dirs,
+  link_with : this_library,
+  compile_args : ['-std=c++2a'],
+  dependencies : deps_public_subproject + deps_public,
+))

build-utils-meson/generate-header/meson.build

@@ -0,0 +1,7 @@
+bash = find_program('bash', native: true)
+
+gen_header = generator(
+  bash,
+  arguments : [ '-c', '{ echo \'R"__NIX_STR(\' && cat @INPUT@ && echo \')__NIX_STR"\'; } > "$1"', '_ignored_argv0', '@OUTPUT@' ],
+  output : '@PLAINNAME@.gen.hh',
+)

build-utils-meson/threads/meson.build

@@ -0,0 +1,6 @@
+# This is only conditional to work around
+# https://github.com/mesonbuild/meson/issues/13293. It should be
+# unconditional.
+if not (host_machine.system() == 'windows' and cxx.get_id() == 'gcc')
+  deps_private += dependency('threads')
+endif

ci/gha/profile-build/default.nix

@@ -1,101 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-}:
-
-let
-  inherit (pkgs) lib;
-
-  nixComponentsInstrumented =
-    (nixFlake.lib.makeComponents {
-      inherit pkgs;
-      getStdenv = p: p.clangStdenv;
-    }).overrideScope
-      (
-        _: _: {
-          mesonComponentOverrides = finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "buildprofile" ];
-            nativeBuildInputs = [ pkgs.clangbuildanalyzer ] ++ prevAttrs.nativeBuildInputs or [ ];
-            __impure = true;
-
-            env = {
-              CFLAGS = "-ftime-trace";
-              CXXFLAGS = "-ftime-trace";
-            };
-
-            preBuild = ''
-              ClangBuildAnalyzer --start $PWD
-            '';
-
-            postBuild = ''
-              ClangBuildAnalyzer --stop $PWD $buildprofile
-            '';
-          };
-        }
-      );
-
-  componentsToProfile = {
-    "nix-util" = { };
-    "nix-util-c" = { };
-    "nix-util-test-support" = { };
-    "nix-util-tests" = { };
-    "nix-store" = { };
-    "nix-store-c" = { };
-    "nix-store-test-support" = { };
-    "nix-store-tests" = { };
-    "nix-fetchers" = { };
-    "nix-fetchers-c" = { };
-    "nix-fetchers-tests" = { };
-    "nix-expr" = { };
-    "nix-expr-c" = { };
-    "nix-expr-test-support" = { };
-    "nix-expr-tests" = { };
-    "nix-flake" = { };
-    "nix-flake-c" = { };
-    "nix-flake-tests" = { };
-    "nix-main" = { };
-    "nix-main-c" = { };
-    "nix-cmd" = { };
-    "nix-cli" = { };
-  };
-
-  componentDerivationsToProfile = builtins.intersectAttrs componentsToProfile nixComponentsInstrumented;
-  componentBuildProfiles = lib.mapAttrs (
-    n: v: lib.getOutput "buildprofile" v
-  ) componentDerivationsToProfile;
-
-  buildTimeReport =
-    pkgs.runCommand "build-time-report"
-      {
-        __impure = true;
-        __structuredAttrs = true;
-        nativeBuildInputs = [ pkgs.clangbuildanalyzer ];
-        inherit componentBuildProfiles;
-      }
-      ''
-        {
-          echo "# Build time performance profile for components:"
-          echo
-          echo "This reports the build profile collected via \`-ftime-trace\` for each component."
-          echo
-        } >> $out
-
-        for name in "''\${!componentBuildProfiles[@]}"; do
-          {
-            echo "<details><summary><strong>$name</strong></summary>"
-            echo
-            echo '````'
-            ClangBuildAnalyzer --analyze "''\${componentBuildProfiles[$name]}"
-            echo '````'
-            echo
-            echo "</details>"
-          } >> $out
-        done
-      '';
-in
-
-{
-  inherit buildTimeReport;
-  inherit componentDerivationsToProfile;
-}

ci/gha/tests/default.nix

@@ -1,257 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  nixComponents ? (
-    nixFlake.lib.makeComponents {
-      inherit pkgs;
-      inherit getStdenv;
-    }
-  ),
-  getStdenv ? p: p.stdenv,
-  componentTestsPrefix ? "",
-  withSanitizers ? false,
-  withCoverage ? false,
-  ...
-}:
-
-let
-  inherit (pkgs) lib;
-  hydraJobs = nixFlake.hydraJobs;
-  packages' = nixFlake.packages.${system};
-  stdenv = (getStdenv pkgs);
-
-  collectCoverageLayer = finalAttrs: prevAttrs: {
-    env =
-      let
-        # https://clang.llvm.org/docs/SourceBasedCodeCoverage.html#the-code-coverage-workflow
-        coverageFlags = [
-          "-fprofile-instr-generate"
-          "-fcoverage-mapping"
-        ];
-      in
-      {
-        CFLAGS = toString coverageFlags;
-        CXXFLAGS = toString coverageFlags;
-      };
-
-    # Done in a pre-configure hook, because $NIX_BUILD_TOP needs to be substituted.
-    preConfigure = prevAttrs.preConfigure or "" + ''
-      mappingFlag=" -fcoverage-prefix-map=$NIX_BUILD_TOP/${finalAttrs.src.name}=${finalAttrs.src}"
-      CFLAGS+="$mappingFlag"
-      CXXFLAGS+="$mappingFlag"
-    '';
-  };
-
-  componentOverrides = (lib.optional withCoverage collectCoverageLayer);
-in
-
-rec {
-  nixComponentsInstrumented = nixComponents.overrideScope (
-    final: prev: {
-      withASan = withSanitizers;
-      withUBSan = withSanitizers;
-
-      nix-store-tests = prev.nix-store-tests.override { withBenchmarks = true; };
-      # Boehm is incompatible with ASAN.
-      nix-expr = prev.nix-expr.override { enableGC = !withSanitizers; };
-
-      mesonComponentOverrides = lib.composeManyExtensions componentOverrides;
-      # Unclear how to make Perl bindings work with a dynamically linked ASAN.
-      nix-perl-bindings = if withSanitizers then null else prev.nix-perl-bindings;
-    }
-  );
-
-  # Import NixOS tests using the instrumented components
-  nixosTests = import ../../../tests/nixos {
-    inherit lib pkgs;
-    nixComponents = nixComponentsInstrumented;
-    nixpkgs = nixFlake.inputs.nixpkgs;
-    inherit (nixFlake.inputs) nixpkgs-23-11;
-  };
-
-  /**
-    Top-level tests for the flake outputs, as they would be built by hydra.
-    These tests generally can't be overridden to run with sanitizers.
-  */
-  topLevel = {
-    installerScriptForGHA = hydraJobs.installerScriptForGHA.${system};
-    installTests = hydraJobs.installTests.${system};
-    nixpkgsLibTests = hydraJobs.tests.nixpkgsLibTests.${system};
-    rl-next = pkgs.buildPackages.runCommand "test-rl-next-release-notes" { } ''
-      LANG=C.UTF-8 ${pkgs.changelog-d}/bin/changelog-d ${../../../doc/manual/rl-next} >$out
-    '';
-    repl-completion = pkgs.callPackage ../../../tests/repl-completion.nix { inherit (packages') nix; };
-
-    /**
-      Checks for our packaging expressions.
-      This shouldn't build anything significant; just check that things
-      (including derivations) are _set up_ correctly.
-    */
-    packaging-overriding =
-      let
-        nix = packages'.nix;
-      in
-      assert (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src.patches == [ pkgs.emptyFile ];
-      if pkgs.stdenv.buildPlatform.isDarwin then
-        lib.warn "packaging-overriding check currently disabled because of a permissions issue on macOS" pkgs.emptyFile
-      else
-        # If this fails, something might be wrong with how we've wired the scope,
-        # or something could be broken in Nixpkgs.
-        pkgs.testers.testEqualContents {
-          assertion = "trivial patch does not change source contents";
-          expected = "${../../..}";
-          actual =
-            # Same for all components; nix-util is an arbitrary pick
-            (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src;
-        };
-  };
-
-  disable =
-    let
-      inherit (pkgs.stdenv) hostPlatform;
-    in
-    args@{
-      pkgName,
-      testName,
-      test,
-    }:
-    lib.any (b: b) [
-      # FIXME: Nix manual is impure and does not produce all settings on darwin
-      (hostPlatform.isDarwin && pkgName == "nix-manual" && testName == "linkcheck")
-    ];
-
-  componentTests =
-    (lib.concatMapAttrs (
-      pkgName: pkg:
-      lib.concatMapAttrs (
-        testName: test:
-        lib.optionalAttrs (!disable { inherit pkgName testName test; }) {
-          "${componentTestsPrefix}${pkgName}-${testName}" = test;
-        }
-      ) (pkg.tests or { })
-    ) nixComponentsInstrumented)
-    // lib.optionalAttrs (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) {
-      "${componentTestsPrefix}nix-functional-tests" = nixComponentsInstrumented.nix-functional-tests;
-      "${componentTestsPrefix}nix-json-schema-checks" = nixComponentsInstrumented.nix-json-schema-checks;
-    };
-
-  codeCoverage =
-    let
-      componentsTestsToProfile =
-        (builtins.mapAttrs (n: v: nixComponentsInstrumented.${n}.tests.run) {
-          "nix-util-tests" = { };
-          "nix-store-tests" = { };
-          "nix-fetchers-tests" = { };
-          "nix-expr-tests" = { };
-          "nix-flake-tests" = { };
-        })
-        // {
-          inherit (nixComponentsInstrumented) nix-functional-tests;
-        };
-
-      coverageProfileDrvs = lib.mapAttrs (
-        n: v:
-        v.overrideAttrs (
-          finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "profraw" ];
-            env = {
-              LLVM_PROFILE_FILE = "${placeholder "profraw"}/%m";
-            };
-          }
-        )
-      ) componentsTestsToProfile;
-
-      coverageProfiles = lib.mapAttrsToList (n: v: lib.getOutput "profraw" v) coverageProfileDrvs;
-
-      mergedProfdata =
-        pkgs.runCommand "merged-profdata"
-          {
-            __structuredAttrs = true;
-            nativeBuildInputs = [ pkgs.llvmPackages.libllvm ];
-            inherit coverageProfiles;
-          }
-          ''
-            rawProfiles=()
-            for dir in "''\${coverageProfiles[@]}"; do
-              rawProfiles+=($dir/*)
-            done
-            llvm-profdata merge -sparse -output $out "''\${rawProfiles[@]}"
-          '';
-
-      coverageReports =
-        let
-          nixComponentDrvs = lib.filter (lib.isDerivation) (lib.attrValues nixComponentsInstrumented);
-        in
-        pkgs.runCommand "code-coverage-report"
-          {
-            nativeBuildInputs = [
-              pkgs.llvmPackages.libllvm
-              pkgs.jq
-            ];
-            __structuredAttrs = true;
-            nixComponents = nixComponentDrvs;
-          }
-          ''
-            # ${toString (lib.map (v: v.src) nixComponentDrvs)}
-
-            binaryFiles=()
-            for dir in "''\${nixComponents[@]}"; do
-              readarray -t filesInDir < <(find "$dir" -type f -executable)
-              binaryFiles+=("''\${filesInDir[@]}")
-            done
-
-            arguments=$(concatStringsSep " -object " binaryFiles)
-            llvm-cov show $arguments -instr-profile ${mergedProfdata} -output-dir $out -format=html
-
-            {
-              echo "# Code coverage summary (generated via \`llvm-cov\`):"
-              echo
-              echo '```'
-              llvm-cov report $arguments -instr-profile ${mergedProfdata} -format=text -use-color=false
-              echo '```'
-              echo
-            } >> $out/index.txt
-
-            llvm-cov export $arguments -instr-profile ${mergedProfdata} -format=text > $out/coverage.json
-
-            mkdir -p $out/nix-support
-
-            coverageTotals=$(jq ".data[0].totals" $out/coverage.json)
-
-            # Mostly inline from pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh [1],
-            # which we can't use here, because we rely on LLVM's infra for source code coverage collection.
-            # [1]: https://github.com/NixOS/nixpkgs/blob/67bb48c4c8e327417d6d5aa7e538244b209e852b/pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh#L16
-            declare -A metricsArray=(["lineCoverage"]="lines" ["functionCoverage"]="functions" ["branchCoverage"]="branches")
-
-            for metricName in "''\${!metricsArray[@]}"; do
-              key="''\${metricsArray[$metricName]}"
-              metric=$(echo "$coverageTotals" | jq ".$key.percent * 10 | round / 10")
-              echo "$metricName $metric %" >> $out/nix-support/hydra-metrics
-            done
-
-            echo "report coverage $out" >> $out/nix-support/hydra-build-products
-          '';
-    in
-    assert withCoverage;
-    assert stdenv.cc.isClang;
-    {
-      inherit coverageProfileDrvs mergedProfdata coverageReports;
-    };
-
-  vmTests = {
-    inherit (nixosTests) s3-binary-cache-store;
-  }
-  // lib.optionalAttrs (!withSanitizers && !withCoverage) {
-    # evalNixpkgs uses non-instrumented components from hydraJobs, so only run it
-    # when not testing with sanitizers to avoid rebuilding nix
-    inherit (hydraJobs.tests) evalNixpkgs;
-    # FIXME: CI times out when building vm tests instrumented
-    inherit (nixosTests)
-      functional_user
-      githubFlakes
-      nix-docker
-      tarballFlakes
-      ;
-  };
-}

ci/gha/tests/pre-commit-checks

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-system=$(nix eval --raw --impure --expr builtins.currentSystem)
-
-echo "::group::Running pre-commit checks"
-
-if nix build ".#checks.$system.pre-commit" -L; then
-    echo "::endgroup::"
-    exit 0
-fi
-
-echo "::error ::Changes do not pass pre-commit checks"
-
-cat <<EOF
-The code isn't formatted or doesn't pass lints. You can run pre-commit locally with:
-
-    nix develop -c ./maintainers/format.sh
-EOF
-
-echo "::endgroup::"
-
-exit 1

ci/gha/tests/wrapper.nix

@@ -1,16 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  stdenv ? "stdenv",
-  componentTestsPrefix ? "",
-  withInstrumentation ? false,
-}@args:
-import ./. (
-  args
-  // {
-    getStdenv = p: p.${stdenv};
-    withSanitizers = withInstrumentation;
-    withCoverage = withInstrumentation;
-  }
-)

config/install-sh

@@ -0,0 +1,527 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2011-11-20.07; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# 'make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	# Protect names problematic for 'test' and other utilities.
+	case $dst_arg in
+	  -* | [=\(\)!]) dst_arg=./$dst_arg;;
+	esac
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+    # Protect names problematic for 'test' and other utilities.
+    case $dst_arg in
+      -* | [=\(\)!]) dst_arg=./$dst_arg;;
+    esac
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call 'install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  do_exit='(exit $ret); exit $ret'
+  trap "ret=129; $do_exit" 1
+  trap "ret=130; $do_exit" 2
+  trap "ret=141; $do_exit" 13
+  trap "ret=143; $do_exit" 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names problematic for 'test' and other utilities.
+  case $src in
+    -* | [=\(\)!]) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+    dst=$dst_arg
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	[-=\(\)!]*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test X"$d" = X && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:

configure.ac

@@ -0,0 +1,456 @@
+AC_INIT([nix],[m4_esyscmd(bash -c "echo -n $(cat ./.version)$VERSION_SUFFIX")])
+AC_CONFIG_MACRO_DIRS([m4])
+AC_CONFIG_SRCDIR(README.md)
+AC_CONFIG_AUX_DIR(config)
+
+AC_PROG_SED
+
+# Construct a Nix system name (like "i686-linux"):
+# https://www.gnu.org/software/autoconf/manual/html_node/Canonicalizing.html#index-AC_005fCANONICAL_005fHOST-1
+# The inital value is produced by the `config/config.guess` script:
+# upstream: https://git.savannah.gnu.org/cgit/config.git/tree/config.guess
+# It has the following form, which is not documented anywhere:
+# <cpu>-<vendor>-<os>[<version>][-<abi>]
+# If `./configure` is passed any of the `--host`, `--build`, `--target` options, the value comes from `config/config.sub` instead:
+# upstream: https://git.savannah.gnu.org/cgit/config.git/tree/config.sub
+AC_CANONICAL_HOST
+AC_MSG_CHECKING([for the canonical Nix system name])
+
+AC_ARG_WITH(system, AS_HELP_STRING([--with-system=SYSTEM],[Platform identifier (e.g., `i686-linux').]),
+  [system=$withval],
+  [case "$host_cpu" in
+     i*86)
+        machine_name="i686";;
+     amd64)
+        machine_name="x86_64";;
+     armv6|armv7)
+        machine_name="${host_cpu}l";;
+     *)
+        machine_name="$host_cpu";;
+   esac
+
+   case "$host_os" in
+     linux-gnu*|linux-musl*)
+        # For backward compatibility, strip the `-gnu' part.
+        system="$machine_name-linux";;
+     *)
+        # Strip the version number from names such as `gnu0.3',
+        # `darwin10.2.0', etc.
+        system="$machine_name-`echo $host_os | "$SED" -e's/@<:@0-9.@:>@*$//g'`";;
+   esac])
+
+AC_MSG_RESULT($system)
+AC_SUBST(system)
+AC_DEFINE_UNQUOTED(SYSTEM, ["$system"], [platform identifier ('cpu-os')])
+
+
+# State should be stored in /nix/var, unless the user overrides it explicitly.
+test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var
+
+# Assign a default value to C{,XX}FLAGS as the default configure script sets them
+# to -O2 otherwise, which we don't want to have hardcoded
+CFLAGS=${CFLAGS-""}
+CXXFLAGS=${CXXFLAGS-""}
+
+AC_PROG_CC
+AC_PROG_CXX
+AC_PROG_CPP
+
+AC_CHECK_TOOL([AR], [ar])
+
+# Use 64-bit file system calls so that we can support files > 2 GiB.
+AC_SYS_LARGEFILE
+
+
+# OS-specific stuff.
+case "$host_os" in
+  solaris*)
+    # Solaris requires -lsocket -lnsl for network functions
+    LDFLAGS="-lsocket -lnsl $LDFLAGS"
+    ;;
+  darwin*)
+    # Need to link to libsandbox.
+    LDFLAGS="-lsandbox $LDFLAGS"
+    ;;
+esac
+
+
+ENSURE_NO_GCC_BUG_80431
+
+
+# Check for pubsetbuf.
+AC_MSG_CHECKING([for pubsetbuf])
+AC_LANG_PUSH(C++)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <iostream>
+using namespace std;
+static char buf[1024];]],
+    [[cerr.rdbuf()->pubsetbuf(buf, sizeof(buf));]])],
+    [AC_MSG_RESULT(yes) AC_DEFINE(HAVE_PUBSETBUF, 1, [Whether pubsetbuf is available.])],
+    AC_MSG_RESULT(no))
+AC_LANG_POP(C++)
+
+
+AC_CHECK_FUNCS([statvfs pipe2])
+
+
+# Check for lutimes and utimensat, optionally used for changing the
+# mtime of symlinks.
+AC_CHECK_DECLS([AT_SYMLINK_NOFOLLOW], [], [], [[#include <fcntl.h>]])
+AC_CHECK_FUNCS([lutimes utimensat])
+
+
+# Check whether the store optimiser can optimise symlinks.
+AC_MSG_CHECKING([whether it is possible to create a link to a symlink])
+ln -s bla tmp_link
+if ln tmp_link tmp_link2 2> /dev/null; then
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(CAN_LINK_SYMLINK, 1, [Whether link() works on symlinks.])
+else
+    AC_MSG_RESULT(no)
+fi
+rm -f tmp_link tmp_link2
+
+
+# Check for <locale>.
+AC_LANG_PUSH(C++)
+AC_CHECK_HEADERS([locale])
+AC_LANG_POP(C++)
+
+
+AC_DEFUN([NEED_PROG],
+[
+AC_PATH_PROG($1, $2)
+if test -z "$$1"; then
+    AC_MSG_ERROR([$2 is required])
+fi
+])
+
+NEED_PROG(bash, bash)
+AC_PATH_PROG(flex, flex, false)
+AC_PATH_PROG(bison, bison, false)
+AC_PATH_PROG(dot, dot)
+AC_PATH_PROG(lsof, lsof, lsof)
+
+
+AC_SUBST(coreutils, [$(dirname $(type -p cat))])
+
+
+AC_ARG_WITH(store-dir, AS_HELP_STRING([--with-store-dir=PATH],[path of the Nix store (defaults to /nix/store)]),
+  storedir=$withval, storedir='/nix/store')
+AC_SUBST(storedir)
+
+
+# Running the functional tests without building Nix is useful for testing
+# different pre-built versions of Nix against each other.
+AC_ARG_ENABLE(build, AS_HELP_STRING([--disable-build],[Do not build nix]),
+  ENABLE_BUILD=$enableval, ENABLE_BUILD=yes)
+AC_SUBST(ENABLE_BUILD)
+
+# Building without unit tests is useful for bootstrapping with a smaller footprint
+# or running the tests in a separate derivation. Otherwise, we do compile and
+# run them.
+
+AC_ARG_ENABLE(unit-tests, AS_HELP_STRING([--disable-unit-tests],[Do not build the tests]),
+  ENABLE_UNIT_TESTS=$enableval, ENABLE_UNIT_TESTS=$ENABLE_BUILD)
+AC_SUBST(ENABLE_UNIT_TESTS)
+
+AS_IF(
+  [test "$ENABLE_BUILD" == "no" && test "$ENABLE_UNIT_TESTS" == "yes"],
+  [AC_MSG_ERROR([Cannot enable unit tests when building overall is disabled. Please do not pass '--enable-unit-tests' or do not pass '--disable-build'.])])
+
+AC_ARG_ENABLE(functional-tests, AS_HELP_STRING([--disable-functional-tests],[Do not build the tests]),
+  ENABLE_FUNCTIONAL_TESTS=$enableval, ENABLE_FUNCTIONAL_TESTS=yes)
+AC_SUBST(ENABLE_FUNCTIONAL_TESTS)
+
+# documentation generation switch
+AC_ARG_ENABLE(doc-gen, AS_HELP_STRING([--disable-doc-gen],[disable documentation generation]),
+  ENABLE_DOC_GEN=$enableval, ENABLE_DOC_GEN=$ENABLE_BUILD)
+AC_SUBST(ENABLE_DOC_GEN)
+
+AS_IF(
+  [test "$ENABLE_BUILD" == "no" && test "$ENABLE_DOC_GEN" == "yes"],
+  [AC_MSG_ERROR([Cannot enable generated docs when building overall is disabled. Please do not pass '--enable-doc-gen' or do not pass '--disable-build'.])])
+
+AS_IF(
+  [test "$ENABLE_FUNCTIONAL_TESTS" == "yes" || test "$ENABLE_DOC_GEN" == "yes"],
+  [NEED_PROG(jq, jq)])
+
+AS_IF(
+  [test "$ENABLE_DOC_GEN" == "yes"],
+  [NEED_PROG(man, man)])
+
+AS_IF([test "$ENABLE_BUILD" == "yes"],[
+
+# Look for boost, a required dependency.
+# Note that AX_BOOST_BASE only exports *CPP* BOOST_CPPFLAGS, no CXX flags,
+# and CPPFLAGS are not passed to the C++ compiler automatically.
+# Thus we append the returned CPPFLAGS to the CXXFLAGS here.
+AX_BOOST_BASE([1.66], [CXXFLAGS="$BOOST_CPPFLAGS $CXXFLAGS"], [AC_MSG_ERROR([Nix requires boost.])])
+# For unknown reasons, setting this directly in the ACTION-IF-FOUND above
+# ends up with LDFLAGS being empty, so we set it afterwards.
+LDFLAGS="$BOOST_LDFLAGS $LDFLAGS"
+
+# On some platforms, new-style atomics need a helper library
+AC_MSG_CHECKING(whether -latomic is needed)
+AC_LINK_IFELSE([AC_LANG_SOURCE([[
+#include <stdint.h>
+uint64_t v;
+int main() {
+    return (int)__atomic_load_n(&v, __ATOMIC_ACQUIRE);
+}]])], GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC=no, GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC=yes)
+AC_MSG_RESULT($GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC)
+if test "x$GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC" = xyes; then
+    LDFLAGS="-latomic $LDFLAGS"
+fi
+
+AC_ARG_ENABLE(install-unit-tests, AS_HELP_STRING([--enable-install-unit-tests],[Install the unit tests for running later (default no)]),
+  INSTALL_UNIT_TESTS=$enableval, INSTALL_UNIT_TESTS=no)
+AC_SUBST(INSTALL_UNIT_TESTS)
+
+AC_ARG_WITH(check-bin-dir, AS_HELP_STRING([--with-check-bin-dir=PATH],[path to install unit tests for running later (defaults to $libexecdir/nix)]),
+  checkbindir=$withval, checkbindir=$libexecdir/nix)
+AC_SUBST(checkbindir)
+
+AC_ARG_WITH(check-lib-dir, AS_HELP_STRING([--with-check-lib-dir=PATH],[path to install unit tests for running later (defaults to $libdir)]),
+  checklibdir=$withval, checklibdir=$libdir)
+AC_SUBST(checklibdir)
+
+# LTO is currently broken with clang for unknown reasons; ld segfaults in the llvm plugin
+AC_ARG_ENABLE(lto, AS_HELP_STRING([--enable-lto],[Enable LTO (only supported with GCC) [default=no]]),
+  lto=$enableval, lto=no)
+if test "$lto" = yes; then
+    if $CXX --version | grep -q GCC; then
+        AC_SUBST(CXXLTO, [-flto=jobserver])
+    else
+        echo "error: LTO is only supported with GCC at the moment" >&2
+        exit 1
+    fi
+else
+    AC_SUBST(CXXLTO, [""])
+fi
+
+PKG_PROG_PKG_CONFIG
+
+AC_ARG_ENABLE(shared, AS_HELP_STRING([--enable-shared],[Build shared libraries for Nix [default=yes]]),
+  shared=$enableval, shared=yes)
+if test "$shared" = yes; then
+  AC_SUBST(BUILD_SHARED_LIBS, 1, [Whether to build shared libraries.])
+else
+  AC_SUBST(BUILD_SHARED_LIBS, 0, [Whether to build shared libraries.])
+  PKG_CONFIG="$PKG_CONFIG --static"
+fi
+
+# Look for OpenSSL, a required dependency. FIXME: this is only (maybe)
+# used by S3BinaryCacheStore.
+PKG_CHECK_MODULES([OPENSSL], [libcrypto >= 1.1.1], [CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"])
+
+
+# Look for libarchive.
+PKG_CHECK_MODULES([LIBARCHIVE], [libarchive >= 3.1.2], [CXXFLAGS="$LIBARCHIVE_CFLAGS $CXXFLAGS"])
+# Workaround until https://github.com/libarchive/libarchive/issues/1446 is fixed
+if test "$shared" != yes; then
+    LIBARCHIVE_LIBS+=' -lz'
+fi
+
+# Look for SQLite, a required dependency.
+PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"])
+
+# Look for libcurl, a required dependency.
+PKG_CHECK_MODULES([LIBCURL], [libcurl], [CXXFLAGS="$LIBCURL_CFLAGS $CXXFLAGS"])
+
+# Look for editline or readline, a required dependency.
+# The the libeditline.pc file was added only in libeditline >= 1.15.2,
+# see https://github.com/troglobit/editline/commit/0a8f2ef4203c3a4a4726b9dd1336869cd0da8607,
+# Older versions are no longer supported.
+AC_ARG_WITH(
+  [readline-flavor],
+  AS_HELP_STRING([--with-readline-flavor],[Which library to use for nice line editting with the Nix language REPL" [default=editline]]),
+  [readline_flavor=$withval],
+  [readline_flavor=editline])
+AS_CASE(["$readline_flavor"],
+  [editline], [
+    readline_flavor_pc=libeditline
+  ],
+  [readline], [
+    readline_flavor_pc=readline
+    AC_DEFINE([USE_READLINE], [1], [Use readline instead of editline])
+  ],
+  [AC_MSG_ERROR([bad value "$readline_flavor" for --with-readline-flavor, must be one of: editline, readline])])
+PKG_CHECK_MODULES([EDITLINE], [$readline_flavor_pc], [CXXFLAGS="$EDITLINE_CFLAGS $CXXFLAGS"])
+
+# Look for libsodium.
+PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"])
+
+# Look for libbrotli{enc,dec}.
+PKG_CHECK_MODULES([LIBBROTLI], [libbrotlienc libbrotlidec], [CXXFLAGS="$LIBBROTLI_CFLAGS $CXXFLAGS"])
+
+# Look for libcpuid.
+have_libcpuid=
+if test "$machine_name" = "x86_64"; then
+    AC_ARG_ENABLE([cpuid],
+                  AS_HELP_STRING([--disable-cpuid], [Do not determine microarchitecture levels with libcpuid (relevant to x86_64 only)]))
+    if test "x$enable_cpuid" != "xno"; then
+      PKG_CHECK_MODULES([LIBCPUID], [libcpuid],
+        [CXXFLAGS="$LIBCPUID_CFLAGS $CXXFLAGS"
+         have_libcpuid=1
+         AC_DEFINE([HAVE_LIBCPUID], [1], [Use libcpuid])]
+      )
+    fi
+fi
+AC_SUBST(HAVE_LIBCPUID, [$have_libcpuid])
+
+
+# Look for libseccomp, required for Linux sandboxing.
+case "$host_os" in
+  linux*)
+    AC_ARG_ENABLE([seccomp-sandboxing],
+                  AS_HELP_STRING([--disable-seccomp-sandboxing],[Don't build support for seccomp sandboxing (only recommended if your arch doesn't support libseccomp yet!)
+                                ]))
+    if test "x$enable_seccomp_sandboxing" != "xno"; then
+      PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
+                        [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS" CFLAGS="$LIBSECCOMP_CFLAGS $CFLAGS"])
+      have_seccomp=1
+      AC_DEFINE([HAVE_SECCOMP], [1], [Whether seccomp is available and should be used for sandboxing.])
+      AC_COMPILE_IFELSE([
+        AC_LANG_SOURCE([[
+          #include <seccomp.h>
+          #ifndef __SNR_fchmodat2
+          # error "Missing support for fchmodat2"
+          #endif
+        ]])
+      ], [], [
+        echo "libseccomp is missing __SNR_fchmodat2. Please provide libseccomp 2.5.5 or later"
+        exit 1
+      ])
+    else
+      have_seccomp=
+    fi
+    ;;
+  *)
+    have_seccomp=
+    ;;
+esac
+AC_SUBST(HAVE_SECCOMP, [$have_seccomp])
+
+# Optional dependencies for better normalizing file system data
+AC_CHECK_HEADERS([sys/xattr.h])
+AS_IF([test "$ac_cv_header_sys_xattr_h" = "yes"],[
+  AC_CHECK_FUNCS([llistxattr lremovexattr])
+  AS_IF([test "$ac_cv_func_llistxattr" = "yes" && test "$ac_cv_func_lremovexattr" = "yes"],[
+    AC_DEFINE([HAVE_ACL_SUPPORT], [1], [Define if we can manipulate file system Access Control Lists])
+  ])
+])
+
+# Look for aws-cpp-sdk-s3.
+AC_LANG_PUSH(C++)
+AC_CHECK_HEADERS([aws/s3/S3Client.h],
+  [AC_DEFINE([ENABLE_S3], [1], [Whether to enable S3 support via aws-sdk-cpp.]) enable_s3=1],
+  [AC_DEFINE([ENABLE_S3], [0], [Whether to enable S3 support via aws-sdk-cpp.]) enable_s3=])
+AC_SUBST(ENABLE_S3, [$enable_s3])
+AC_LANG_POP(C++)
+
+
+# Whether to use the Boehm garbage collector.
+AC_ARG_ENABLE(gc, AS_HELP_STRING([--enable-gc],[enable garbage collection in the Nix expression evaluator (requires Boehm GC) [default=yes]]),
+  gc=$enableval, gc=yes)
+if test "$gc" = yes; then
+  PKG_CHECK_MODULES([BDW_GC], [bdw-gc])
+  CXXFLAGS="$BDW_GC_CFLAGS $CXXFLAGS"
+  AC_DEFINE(HAVE_BOEHMGC, 1, [Whether to use the Boehm garbage collector.])
+
+  # See `fixupBoehmStackPointer`, for the integration between Boehm GC
+  # and Boost coroutines.
+  old_CFLAGS="$CFLAGS"
+  # Temporary set `-pthread` just for the next check
+  CFLAGS="$CFLAGS -pthread"
+  AC_CHECK_FUNCS([pthread_attr_get_np pthread_getattr_np])
+  CFLAGS="$old_CFLAGS"
+fi
+
+AS_IF([test "$ENABLE_UNIT_TESTS" == "yes"],[
+
+# Look for gtest.
+PKG_CHECK_MODULES([GTEST], [gtest_main gmock_main])
+
+# Look for rapidcheck.
+PKG_CHECK_MODULES([RAPIDCHECK], [rapidcheck rapidcheck_gtest])
+
+])
+
+# Look for nlohmann/json.
+PKG_CHECK_MODULES([NLOHMANN_JSON], [nlohmann_json >= 3.9])
+
+
+# Look for lowdown library.
+AC_ARG_ENABLE([markdown], AS_HELP_STRING([--enable-markdown], [Enable Markdown rendering in the Nix binary (requires lowdown) [default=auto]]),
+  enable_markdown=$enableval, enable_markdown=auto)
+AS_CASE(["$enable_markdown"],
+  [yes | auto], [
+    PKG_CHECK_MODULES([LOWDOWN], [lowdown >= 0.9.0], [
+      CXXFLAGS="$LOWDOWN_CFLAGS $CXXFLAGS"
+      have_lowdown=1
+      AC_DEFINE(HAVE_LOWDOWN, 1, [Whether lowdown is available and should be used for Markdown rendering.])
+    ], [
+      AS_IF([test "x$enable_markdown" == "xyes"], [AC_MSG_ERROR([--enable-markdown was specified, but lowdown was not found.])])
+    ])
+  ],
+  [no], [have_lowdown=],
+  [AC_MSG_ERROR([bad value "$enable_markdown" for --enable-markdown, must be one of: yes, no, auto])])
+
+
+# Look for libgit2.
+PKG_CHECK_MODULES([LIBGIT2], [libgit2])
+
+
+# Look for toml11, a required dependency.
+AC_LANG_PUSH(C++)
+AC_CHECK_HEADER([toml.hpp], [], [AC_MSG_ERROR([toml11 is not found.])])
+AC_LANG_POP(C++)
+
+# Setuid installations.
+AC_CHECK_FUNCS([setresuid setreuid lchown])
+
+
+# Nice to have, but not essential.
+AC_CHECK_FUNCS([strsignal posix_fallocate sysconf])
+
+
+AC_ARG_WITH(sandbox-shell, AS_HELP_STRING([--with-sandbox-shell=PATH],[path of a statically-linked shell to use as /bin/sh in sandboxes]),
+  sandbox_shell=$withval)
+AC_SUBST(sandbox_shell)
+if test ${cross_compiling:-no} = no && ! test -z ${sandbox_shell+x}; then
+  AC_MSG_CHECKING([whether sandbox-shell has the standalone feature])
+  # busybox shell sometimes allows executing other busybox applets,
+  # even if they are not in the path, breaking our sandbox
+  if PATH= $sandbox_shell -c "busybox" 2>&1 | grep -qv "not found"; then
+    AC_MSG_RESULT(enabled)
+    AC_MSG_ERROR([Please disable busybox FEATURE_SH_STANDALONE])
+  else
+    AC_MSG_RESULT(disabled)
+  fi
+fi
+
+AC_ARG_ENABLE(embedded-sandbox-shell, AS_HELP_STRING([--enable-embedded-sandbox-shell],[include the sandbox shell in the Nix binary [default=no]]),
+  embedded_sandbox_shell=$enableval, embedded_sandbox_shell=no)
+AC_SUBST(embedded_sandbox_shell)
+if test "$embedded_sandbox_shell" = yes; then
+  AC_DEFINE(HAVE_EMBEDDED_SANDBOX_SHELL, 1, [Include the sandbox shell in the Nix binary.])
+fi
+
+])
+
+
+# Expand all variables in config.status.
+test "$prefix" = NONE && prefix=$ac_default_prefix
+test "$exec_prefix" = NONE && exec_prefix='${prefix}'
+for name in $ac_subst_vars; do
+    declare $name="$(eval echo "${!name}")"
+    declare $name="$(eval echo "${!name}")"
+    declare $name="$(eval echo "${!name}")"
+done
+
+rm -f Makefile.config
+
+AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_FILES([])
+AC_OUTPUT

doc/manual/.version

@@ -1 +0,0 @@
-../../.version

doc/manual/anchors.jq

@@ -3,7 +3,7 @@
 
 
 def transform_anchors_html:
-    . | gsub($empty_anchor_regex; "<a id=\"" + .anchor + "\"></a>")
+    . | gsub($empty_anchor_regex; "<a name=\"" + .anchor + "\"></a>")
       | gsub($anchor_regex; "<a href=\"#" + .anchor + "\" id=\"" + .anchor + "\">" + .text + "</a>");
 
 

doc/manual/book.toml

@@ -0,0 +1,21 @@
+[book]
+title = "Nix Reference Manual"
+
+[output.html]
+additional-css = ["custom.css"]
+additional-js = ["redirects.js"]
+edit-url-template = "https://github.com/NixOS/nix/tree/master/doc/manual/{path}"
+git-repository-url = "https://github.com/NixOS/nix"
+
+[preprocessor.anchors]
+renderers = ["html"]
+command = "jq --from-file doc/manual/anchors.jq"
+
+[output.linkcheck]
+# no Internet during the build (in the sandbox)
+follow-web-links = false
+
+# mdbook-linkcheck does not understand [foo]{#bar} style links, resulting in
+# excessive "Potential incomplete link" warnings. No other kind of warning was
+# produced at the time of writing.
+warning-policy = "ignore"

doc/manual/book.toml.in

@@ -1,35 +0,0 @@
-[book]
-title = "Nix @version@ Reference Manual"
-src = "source"
-
-[output.html]
-additional-css = ["custom.css"]
-additional-js = ["redirects.js"]
-edit-url-template = "https://github.com/NixOS/nix/tree/master/doc/manual/{path}"
-git-repository-url = "https://github.com/NixOS/nix"
-mathjax-support = true
-
-# Handles replacing @docroot@ with a path to ./source relative to that markdown file,
-# {{#include handlebars}}, and the @generated@ syntax used within these. it mostly
-# but not entirely replaces the links preprocessor (which we cannot simply use due
-# to @generated@ files living in a different directory to make meson happy). we do
-# not want to disable the links preprocessor entirely though because that requires
-# disabling *all* built-in preprocessors and selectively reenabling those we want.
-[preprocessor.substitute]
-command = "python3 ./substitute.py"
-before = ["anchors", "links"]
-
-[preprocessor.anchors]
-renderers = ["html"]
-command = "jq --from-file ./anchors.jq"
-
-[output.markdown]
-
-[output.linkcheck]
-# no Internet during the build (in the sandbox)
-follow-web-links = false
-
-# mdbook-linkcheck does not understand [foo]{#bar} style links, resulting in
-# excessive "Potential incomplete link" warnings. No other kind of warning was
-# produced at the time of writing.
-warning-policy = "ignore"

doc/manual/custom.css

@@ -12,8 +12,8 @@ h1.menu-title::before {
 }
 
 
-.menu-bar {
-  padding: 0.5em 0em;
+h1.menu-title {
+  padding: 0.5em;
 }
 
 .sidebar .sidebar-scrollbox {

doc/manual/generate-deps.py

@@ -1,22 +0,0 @@
-#!/usr/bin/env python3
-
-import glob
-import sys
-
-# meson expects makefile-style dependency declarations, i.e.
-#
-#   target: dependency...
-#
-# meson seems to pass depfiles straight on to ninja even though
-# it also parses the file itself (or at least has code to do so
-# in its tree), so we must live by ninja's rules: only slashes,
-# spaces and octothorpes can be escaped, anything else is taken
-# literally. since the rules for these aren't even the same for
-# all three we will just fail when we encounter any of them (if
-# asserts are off for some reason the depfile will likely point
-# to nonexistent paths, making everything phony and thus fine.)
-for path in glob.glob(sys.argv[1] + '/**', recursive=True):
-    assert '\\' not in path
-    assert ' ' not in path
-    assert '#' not in path
-    print("ignored:", path)

doc/manual/generate-store-info.nix

@@ -33,7 +33,6 @@ let
     {
       settings,
       doc,
-      uri-schemes,
       experimentalFeature,
     }:
     let

doc/manual/generate-store-types.nix

@@ -24,9 +24,7 @@ let
     in
     concatStringsSep "\n" (map showEntry storesList);
 
-  "index.md" = replaceStrings [ "@store-types@" ] [ index ] (
-    readFile ./source/store/types/index.md.in
-  );
+  "index.md" = replaceStrings [ "@store-types@" ] [ index ] (readFile ./src/store/types/index.md.in);
 
   tableOfContents =
     let

doc/manual/local.mk

@@ -0,0 +1,231 @@
+# The version of Nix used to generate the doc. Can also be
+# `$(nix_INSTALL_PATH)` or just `nix` (to grap ambient from the `PATH`),
+# if one prefers.
+doc_nix = $(nix_PATH)
+
+MANUAL_SRCS := \
+	$(call rwildcard, $(d)/src, *.md) \
+	$(call rwildcard, $(d)/src, */*.md)
+
+man-pages := $(foreach n, \
+	nix-env.1 nix-store.1 \
+	nix-build.1 nix-shell.1 nix-instantiate.1 \
+	nix-collect-garbage.1 \
+	nix-prefetch-url.1 nix-channel.1 \
+	nix-hash.1 nix-copy-closure.1 \
+	nix.conf.5 nix-daemon.8 \
+	nix-profiles.5 \
+, $(d)/$(n))
+
+# man pages for subcommands
+# convert from `$(d)/src/command-ref/nix-{1}/{2}.md` to `$(d)/nix-{1}-{2}.1`
+# FIXME: unify with how nix3-cli man pages are generated
+man-pages += $(foreach subcommand, \
+	$(filter-out %opt-common.md %env-common.md, $(wildcard $(d)/src/command-ref/nix-*/*.md)), \
+	$(d)/$(subst /,-,$(subst $(d)/src/command-ref/,,$(subst .md,.1,$(subcommand)))))
+
+clean-files += $(d)/*.1 $(d)/*.5 $(d)/*.8
+
+# Provide a dummy environment for nix, so that it will not access files outside the macOS sandbox.
+# Set cores to 0 because otherwise `nix config show` resolves the cores based on the current machine
+dummy-env = env -i \
+	HOME=/dummy \
+	NIX_CONF_DIR=/dummy \
+	NIX_SSL_CERT_FILE=/dummy/no-ca-bundle.crt \
+	NIX_STATE_DIR=/dummy \
+	NIX_CONFIG='cores = 0'
+
+nix-eval = $(dummy-env) $(doc_nix) eval --experimental-features nix-command -I nix=doc/manual --store dummy:// --impure --raw
+
+# re-implement mdBook's include directive to make it usable for terminal output and for proper @docroot@ substitution
+define process-includes
+	while read -r line; do \
+		set -euo pipefail; \
+		filename="$$(dirname $(1))/$$(sed 's/{{#include \(.*\)}}/\1/'<<< $$line)"; \
+		test -f "$$filename" || ( echo "#include-d file '$$filename' does not exist." >&2; exit 1; ); \
+		matchline="$$(sed 's|/|\\/|g' <<< $$line)"; \
+		sed -i "/$$matchline/r $$filename" $(2); \
+		sed -i "s/$$matchline//" $(2); \
+	done < <(grep '{{#include' $(1))
+endef
+
+$(d)/nix-env-%.1: $(d)/src/command-ref/nix-env/%.md
+	@printf "Title: %s\n\n" "$(subst nix-env-,nix-env --,$$(basename "$@" .1))" > $^.tmp
+	$(render-subcommand)
+
+$(d)/nix-store-%.1: $(d)/src/command-ref/nix-store/%.md
+	@printf -- 'Title: %s\n\n' "$(subst nix-store-,nix-store --,$$(basename "$@" .1))" > $^.tmp
+	$(render-subcommand)
+
+# FIXME: there surely is some more deduplication to be achieved here with even darker Make magic
+define render-subcommand
+  @cat $^ >> $^.tmp
+	@$(call process-includes,$^,$^.tmp)
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=1 $^.tmp -o $@
+	@# fix up `lowdown`'s automatic escaping of `--`
+	@# https://github.com/kristapsdz/lowdown/blob/edca6ce6d5336efb147321a43c47a698de41bb7c/entity.c#L202
+	@sed -i 's/\e\[u2013\]/--/' $@
+	@rm $^.tmp
+endef
+
+
+$(d)/%.1: $(d)/src/command-ref/%.md
+	@printf "Title: %s\n\n" "$$(basename $@ .1)" > $^.tmp
+	@cat $^ >> $^.tmp
+	@$(call process-includes,$^,$^.tmp)
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=1 $^.tmp -o $@
+	@rm $^.tmp
+
+$(d)/%.8: $(d)/src/command-ref/%.md
+	@printf "Title: %s\n\n" "$$(basename $@ .8)" > $^.tmp
+	@cat $^ >> $^.tmp
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=8 $^.tmp -o $@
+	@rm $^.tmp
+
+$(d)/nix.conf.5: $(d)/src/command-ref/conf-file.md
+	@printf "Title: %s\n\n" "$$(basename $@ .5)" > $^.tmp
+	@cat $^ >> $^.tmp
+	@$(call process-includes,$^,$^.tmp)
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=5 $^.tmp -o $@
+	@rm $^.tmp
+
+$(d)/nix-profiles.5: $(d)/src/command-ref/files/profiles.md
+	@printf "Title: %s\n\n" "$$(basename $@ .5)" > $^.tmp
+	@cat $^ >> $^.tmp
+	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=5 $^.tmp -o $@
+	@rm $^.tmp
+
+$(d)/src/SUMMARY.md: $(d)/src/SUMMARY.md.in $(d)/src/SUMMARY-rl-next.md $(d)/src/store/types $(d)/src/command-ref/new-cli $(d)/src/development/experimental-feature-descriptions.md
+	@cp $< $@
+	@$(call process-includes,$@,$@)
+
+$(d)/src/store/types: $(d)/nix.json $(d)/utils.nix $(d)/generate-store-info.nix  $(d)/generate-store-types.nix $(d)/src/store/types/index.md.in $(doc_nix)
+	@# FIXME: build out of tree!
+	@rm -rf $@.tmp
+	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-store-types.nix (builtins.fromJSON (builtins.readFile $<)).stores'
+	@# do not destroy existing contents
+	@mv $@.tmp/* $@/
+
+$(d)/src/command-ref/new-cli: $(d)/nix.json $(d)/utils.nix $(d)/generate-manpage.nix $(d)/generate-settings.nix $(d)/generate-store-info.nix $(doc_nix)
+	@rm -rf $@ $@.tmp
+	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-manpage.nix true (builtins.readFile $<)'
+	@mv $@.tmp $@
+
+$(d)/src/command-ref/conf-file.md: $(d)/conf-file.json $(d)/utils.nix $(d)/generate-settings.nix $(d)/src/command-ref/conf-file-prefix.md $(d)/src/command-ref/experimental-features-shortlist.md $(doc_nix)
+	@cat doc/manual/src/command-ref/conf-file-prefix.md > $@.tmp
+	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-settings.nix { prefix = "conf"; } (builtins.fromJSON (builtins.readFile $<))' >> $@.tmp;
+	@mv $@.tmp $@
+
+$(d)/nix.json: $(doc_nix)
+	$(trace-gen) $(dummy-env) $(doc_nix) __dump-cli > $@.tmp
+	@mv $@.tmp $@
+
+$(d)/conf-file.json: $(doc_nix)
+	$(trace-gen) $(dummy-env) $(doc_nix) config show --json --experimental-features nix-command > $@.tmp
+	@mv $@.tmp $@
+
+$(d)/src/development/experimental-feature-descriptions.md: $(d)/xp-features.json $(d)/utils.nix $(d)/generate-xp-features.nix $(doc_nix)
+	@rm -rf $@ $@.tmp
+	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-xp-features.nix (builtins.fromJSON (builtins.readFile $<))'
+	@mv $@.tmp $@
+
+$(d)/src/command-ref/experimental-features-shortlist.md: $(d)/xp-features.json $(d)/utils.nix $(d)/generate-xp-features-shortlist.nix $(doc_nix)
+	@rm -rf $@ $@.tmp
+	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-xp-features-shortlist.nix (builtins.fromJSON (builtins.readFile $<))'
+	@mv $@.tmp $@
+
+$(d)/xp-features.json: $(doc_nix)
+	$(trace-gen) $(dummy-env) $(doc_nix) __dump-xp-features > $@.tmp
+	@mv $@.tmp $@
+
+$(d)/src/language/builtins.md: $(d)/language.json $(d)/generate-builtins.nix $(d)/src/language/builtins-prefix.md $(doc_nix)
+	@cat doc/manual/src/language/builtins-prefix.md > $@.tmp
+	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtins.nix (builtins.fromJSON (builtins.readFile $<))' >> $@.tmp;
+	@cat doc/manual/src/language/builtins-suffix.md >> $@.tmp
+	@mv $@.tmp $@
+
+$(d)/language.json: $(doc_nix)
+	$(trace-gen) $(dummy-env) $(doc_nix) __dump-language > $@.tmp
+	@mv $@.tmp $@
+
+# Generate "Upcoming release" notes (or clear it and remove from menu)
+$(d)/src/release-notes/rl-next.md: $(d)/rl-next $(d)/rl-next/*
+	@if type -p changelog-d > /dev/null; then \
+		echo "  GEN   " $@; \
+		changelog-d doc/manual/rl-next > $@; \
+	else \
+		echo "  NULL  " $@; \
+		true > $@; \
+	fi
+
+$(d)/src/SUMMARY-rl-next.md: $(d)/src/release-notes/rl-next.md
+	$(trace-gen) true
+	@if [ -s $< ]; then \
+		echo '  - [Upcoming release](release-notes/rl-next.md)' > $@; \
+	else \
+	  true > $@; \
+	fi
+
+# Generate the HTML manual.
+.PHONY: manual-html
+manual-html: $(docdir)/manual/index.html
+
+# Open the built HTML manual in the default browser.
+manual-html-open: $(docdir)/manual/index.html
+	@echo "  OPEN  " $<; \
+	  xdg-open $< \
+		  || open $< \
+			|| { \
+		echo "Could not open the manual in a browser. Please open '$<'" >&2; \
+		false; \
+		}
+install: $(docdir)/manual/index.html
+
+# Generate 'nix' manpages.
+.PHONY: manpages
+manpages: $(mandir)/man1/nix3-manpages
+install: $(mandir)/man1/nix3-manpages
+man: doc/manual/generated/man1/nix3-manpages
+all: doc/manual/generated/man1/nix3-manpages
+
+# FIXME: unify with how the other man pages are generated.
+# this one works differently and does not use any of the amenities provided by `/mk/lib.mk`.
+$(mandir)/man1/nix3-manpages: doc/manual/generated/man1/nix3-manpages
+	@mkdir -p $(DESTDIR)$$(dirname $@)
+	$(trace-install) install -m 0644 $$(dirname $<)/* $(DESTDIR)$$(dirname $@)
+
+doc/manual/generated/man1/nix3-manpages: $(d)/src/command-ref/new-cli
+	@mkdir -p $(DESTDIR)$$(dirname $@)
+	$(trace-gen) for i in doc/manual/src/command-ref/new-cli/*.md; do \
+		name=$$(basename $$i .md); \
+		tmpFile=$$(mktemp); \
+		if [[ $$name = SUMMARY ]]; then continue; fi; \
+		printf "Title: %s\n\n" "$$name" > $$tmpFile; \
+		cat $$i >> $$tmpFile; \
+		lowdown -sT man --nroff-nolinks -M section=1 $$tmpFile -o $(DESTDIR)$$(dirname $@)/$$name.1; \
+		rm $$tmpFile; \
+	done
+	@touch $@
+
+# the `! -name 'documentation.md'` filter excludes the one place where
+# `@docroot@` is to be preserved for documenting the mechanism
+# FIXME: maybe contributing guides should live right next to the code
+# instead of in the manual
+$(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/anchors.jq $(d)/custom.css $(d)/src/SUMMARY.md $(d)/src/store/types $(d)/src/command-ref/new-cli $(d)/src/development/experimental-feature-descriptions.md $(d)/src/command-ref/conf-file.md $(d)/src/language/builtins.md $(d)/src/release-notes/rl-next.md $(d)/src/figures $(d)/src/favicon.png $(d)/src/favicon.svg
+	$(trace-gen) \
+		tmp="$$(mktemp -d)"; \
+		cp -r doc/manual "$$tmp"; \
+		find "$$tmp" -name '*.md' | while read -r file; do \
+			$(call process-includes,$$file,$$file); \
+		done; \
+		find "$$tmp" -name '*.md' ! -name 'documentation.md' | while read -r file; do \
+			docroot="$$(realpath --relative-to="$$(dirname "$$file")" $$tmp/manual/src)"; \
+			sed -i "s,@docroot@,$$docroot,g" "$$file"; \
+		done; \
+		set -euo pipefail; \
+		RUST_LOG=warn mdbook build "$$tmp/manual" -d $(DESTDIR)$(docdir)/manual.tmp 2>&1 \
+			| { grep -Fv "because fragment resolution isn't implemented" || :; }; \
+		rm -rf "$$tmp/manual"
+	@rm -rf $(DESTDIR)$(docdir)/manual
+	@mv $(DESTDIR)$(docdir)/manual.tmp/html $(DESTDIR)$(docdir)/manual
+	@rm -rf $(DESTDIR)$(docdir)/manual.tmp

doc/manual/meson.build

@@ -1,368 +0,0 @@
-project(
-  'nix-manual',
-  version : files('.version'),
-  meson_version : '>= 1.1',
-  license : 'LGPL-2.1-or-later',
-)
-
-nix = find_program('nix', native : true)
-
-mdbook = find_program('mdbook', native : true)
-bash = find_program('bash', native : true)
-rsync = find_program('rsync', required : true, native : true)
-
-pymod = import('python')
-python = pymod.find_installation('python3')
-
-nix_env_for_docs = {
-  'HOME' : '/dummy',
-  'NIX_CONF_DIR' : '/dummy',
-  'NIX_SSL_CERT_FILE' : '/dummy/no-ca-bundle.crt',
-  'NIX_STATE_DIR' : '/dummy',
-  'NIX_CONFIG' : 'cores = 0',
-}
-
-nix_for_docs = [ nix, '--experimental-features', 'nix-command' ]
-nix_eval_for_docs_common = nix_for_docs + [
-  'eval',
-  '-I',
-  'nix=' + meson.current_source_dir(),
-  '--store', 'dummy://',
-  '--impure',
-]
-nix_eval_for_docs = nix_eval_for_docs_common + '--raw'
-
-conf_file_json = custom_target(
-  command : nix_for_docs + [ 'config', 'show', '--json' ],
-  capture : true,
-  output : 'conf-file.json',
-  env : nix_env_for_docs,
-)
-
-language_json = custom_target(
-  command : [ nix, '__dump-language' ],
-  output : 'language.json',
-  capture : true,
-  env : nix_env_for_docs,
-)
-
-nix3_cli_json = custom_target(
-  command : [ nix, '__dump-cli' ],
-  capture : true,
-  output : 'nix.json',
-  env : nix_env_for_docs,
-)
-
-generate_manual_deps = files(
-  'generate-deps.py',
-)
-
-# Generates types
-subdir('source/store')
-# Generates builtins.md and builtin-constants.md.
-subdir('source/language')
-# Generates new-cli pages, experimental-features-shortlist.md, and conf-file.md.
-subdir('source/command-ref')
-# Generates experimental-feature-descriptions.md.
-subdir('source/development')
-# Generates rl-next-generated.md.
-subdir('source/release-notes')
-subdir('source')
-
-# Hacky way to figure out if `nix` is an `ExternalProgram` or
-# `Executable`. Only the latter can occur in custom target input lists.
-if nix.full_path().startswith(meson.build_root())
-  nix_input = nix
-else
-  nix_input = []
-endif
-
-manual = custom_target(
-  'manual',
-  command : [
-    bash,
-    '-euo',
-    'pipefail',
-    '-c',
-    '''
-        @0@ @INPUT0@ @CURRENT_SOURCE_DIR@ > @DEPFILE@
-        @0@ @INPUT1@ summary @2@ < @CURRENT_SOURCE_DIR@/source/SUMMARY.md.in > @2@/source/SUMMARY.md
-        sed -e 's|@version@|@3@|g' < @INPUT2@ > @2@/book.toml
-        @4@ -r -L --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
-        (cd @2@; RUST_LOG=warn @1@ build -d @2@ 3>&2 2>&1 1>&3) | { grep -Fv "because fragment resolution isn't implemented" || :; } 3>&2 2>&1 1>&3
-        rm -rf @2@/manual
-        mv @2@/html @2@/manual
-        # Remove Mathjax 2.7, because we will actually use MathJax 3.x
-        find @2@/manual | grep .html | xargs sed -i -e '/2.7.1.MathJax.js/d'
-        find @2@/manual -iname meson.build -delete
-    '''.format(
-      python.full_path(),
-      mdbook.full_path(),
-      meson.current_build_dir(),
-      meson.project_version(),
-      rsync.full_path(),
-    ),
-  ],
-  input : [
-    generate_manual_deps,
-    'substitute.py',
-    'book.toml.in',
-    'anchors.jq',
-    'custom.css',
-    nix3_cli_files,
-    experimental_features_shortlist_md,
-    experimental_feature_descriptions_md,
-    types_dir,
-    conf_file_md,
-    builtins_md,
-    rl_next_generated,
-    summary_rl_next,
-    json_schema_generated_files,
-    nix_input,
-  ],
-  output : [
-    'manual',
-    'markdown',
-  ],
-  depfile : 'manual.d',
-  env : {
-    'RUST_LOG' : 'info',
-    'MDBOOK_SUBSTITUTE_SEARCH' : meson.current_build_dir() / 'source',
-  },
-)
-manual_html = manual[0]
-manual_md = manual[1]
-
-install_subdir(
-  manual_html.full_path(),
-  install_dir : get_option('datadir') / 'doc/nix',
-)
-
-nix_nested_manpages = [
-  [
-    'nix-env',
-    [
-      'delete-generations',
-      'install',
-      'list-generations',
-      'query',
-      'rollback',
-      'set-flag',
-      'set',
-      'switch-generation',
-      'switch-profile',
-      'uninstall',
-      'upgrade',
-    ],
-  ],
-  [
-    'nix-store',
-    [
-      'add-fixed',
-      'add',
-      'delete',
-      'dump-db',
-      'dump',
-      'export',
-      'gc',
-      'generate-binary-cache-key',
-      'import',
-      'load-db',
-      'optimise',
-      'print-env',
-      'query',
-      'read-log',
-      'realise',
-      'repair-path',
-      'restore',
-      'serve',
-      'verify',
-      'verify-path',
-    ],
-  ],
-]
-
-foreach command : nix_nested_manpages
-  foreach page : command[1]
-    title = command[0] + ' --' + page
-    section = '1'
-    custom_target(
-      command : [
-        bash,
-        files('./render-manpage.sh'),
-        '--out-no-smarty',
-        title,
-        section,
-        '@INPUT0@/command-ref' / command[0] / (page + '.md'),
-        '@OUTPUT0@',
-      ],
-      input : [
-        manual_md,
-        nix_input,
-      ],
-      output : command[0] + '-' + page + '.1',
-      install : true,
-      install_dir : get_option('mandir') / 'man1',
-    )
-  endforeach
-endforeach
-
-nix3_manpages = [
-  'nix3-build',
-  'nix3-bundle',
-  'nix3-config',
-  'nix3-config-check',
-  'nix3-config-show',
-  'nix3-copy',
-  'nix3-daemon',
-  'nix3-derivation-add',
-  'nix3-derivation',
-  'nix3-derivation-show',
-  'nix3-develop',
-  'nix3-edit',
-  'nix3-env-shell',
-  'nix3-eval',
-  'nix3-flake-archive',
-  'nix3-flake-check',
-  'nix3-flake-clone',
-  'nix3-flake-info',
-  'nix3-flake-init',
-  'nix3-flake-lock',
-  'nix3-flake',
-  'nix3-flake-metadata',
-  'nix3-flake-new',
-  'nix3-flake-prefetch',
-  'nix3-flake-show',
-  'nix3-flake-update',
-  'nix3-fmt',
-  'nix3-hash-file',
-  'nix3-hash',
-  'nix3-hash-convert',
-  'nix3-hash-path',
-  'nix3-hash-to-base16',
-  'nix3-hash-to-base32',
-  'nix3-hash-to-base64',
-  'nix3-hash-to-sri',
-  'nix3-help',
-  'nix3-help-stores',
-  'nix3-key-convert-secret-to-public',
-  'nix3-key-generate-secret',
-  'nix3-key',
-  'nix3-log',
-  'nix3-nar-cat',
-  'nix3-nar-dump-path',
-  'nix3-nar-ls',
-  'nix3-nar-pack',
-  'nix3-nar',
-  'nix3-path-info',
-  'nix3-print-dev-env',
-  'nix3-profile',
-  'nix3-profile-add',
-  'nix3-profile-diff-closures',
-  'nix3-profile-history',
-  'nix3-profile-list',
-  'nix3-profile-remove',
-  'nix3-profile-rollback',
-  'nix3-profile-upgrade',
-  'nix3-profile-wipe-history',
-  'nix3-realisation-info',
-  'nix3-realisation',
-  'nix3-registry-add',
-  'nix3-registry-list',
-  'nix3-registry',
-  'nix3-registry-pin',
-  'nix3-registry-remove',
-  'nix3-repl',
-  'nix3-run',
-  'nix3-search',
-  'nix3-store-add',
-  'nix3-store-add-file',
-  'nix3-store-add-path',
-  'nix3-store-cat',
-  'nix3-store-copy-log',
-  'nix3-store-copy-sigs',
-  'nix3-store-delete',
-  'nix3-store-diff-closures',
-  'nix3-store-dump-path',
-  'nix3-store-gc',
-  'nix3-store-info',
-  'nix3-store-ls',
-  'nix3-store-make-content-addressed',
-  'nix3-store',
-  'nix3-store-optimise',
-  'nix3-store-path-from-hash-part',
-  'nix3-store-prefetch-file',
-  'nix3-store-repair',
-  'nix3-store-sign',
-  'nix3-store-verify',
-  'nix3-upgrade-nix',
-  'nix3-why-depends',
-  'nix',
-]
-
-foreach page : nix3_manpages
-  section = '1'
-  custom_target(
-    command : [
-      bash,
-      '@INPUT0@',
-      page,
-      section,
-      '@INPUT1@/command-ref/new-cli/@0@.md'.format(page),
-      '@OUTPUT@',
-    ],
-    input : [
-      files('./render-manpage.sh'),
-      manual_md,
-      nix_input,
-    ],
-    output : page + '.1',
-    install : true,
-    install_dir : get_option('mandir') / 'man1',
-  )
-endforeach
-
-nix_manpages = [
-  [ 'nix-env', 1 ],
-  [ 'nix-store', 1 ],
-  [ 'nix-build', 1 ],
-  [ 'nix-shell', 1 ],
-  [ 'nix-instantiate', 1 ],
-  [ 'nix-collect-garbage', 1 ],
-  [ 'nix-prefetch-url', 1 ],
-  [ 'nix-channel', 1 ],
-  [ 'nix-hash', 1 ],
-  [ 'nix-copy-closure', 1 ],
-  [ 'nix.conf', 5, conf_file_md.full_path() ],
-  [ 'nix-daemon', 8 ],
-  [ 'nix-profiles', 5, 'files/profiles.md' ],
-]
-
-foreach entry : nix_manpages
-  title = entry[0]
-  # nix.conf.5 and nix-profiles.5 are based off of conf-file.md and files/profiles.md,
-  # rather than a stem identical to its mdbook source.
-  # Therefore we use an optional third element of this array to override the name pattern
-  md_file = entry.get(2, title + '.md')
-  section = entry[1].to_string()
-  md_file_resolved = join_paths('@INPUT1@/command-ref/', md_file)
-  custom_target(
-    command : [
-      bash,
-      '@INPUT0@',
-      title,
-      section,
-      md_file_resolved,
-      '@OUTPUT@',
-    ],
-    input : [
-      files('./render-manpage.sh'),
-      manual_md,
-      entry.get(3, []),
-      nix_input,
-    ],
-    output : '@0@.@1@'.format(entry[0], entry[1]),
-    install : true,
-    install_dir : get_option('mandir') / 'man@0@'.format(entry[1]),
-  )
-endforeach

doc/manual/package.nix

@@ -1,118 +0,0 @@
-{
-  lib,
-  mkMesonDerivation,
-
-  meson,
-  ninja,
-  lowdown-unsandboxed,
-  mdbook,
-  mdbook-linkcheck,
-  jq,
-  python3,
-  rsync,
-  nix-cli,
-  changelog-d,
-  json-schema-for-humans,
-  officialRelease,
-
-  # Configuration Options
-
-  version,
-
-  # `tests` attribute
-  testers,
-}:
-
-let
-  inherit (lib) fileset;
-in
-
-mkMesonDerivation (finalAttrs: {
-  pname = "nix-manual";
-  inherit version;
-
-  workDir = ./.;
-  fileset =
-    fileset.difference
-      (fileset.unions [
-        ../../.version
-        # For example JSON
-        ../../src/libutil-tests/data/memory-source-accessor
-        ../../src/libutil-tests/data/hash
-        ../../src/libstore-tests/data/content-address
-        ../../src/libstore-tests/data/store-path
-        ../../src/libstore-tests/data/realisation
-        ../../src/libstore-tests/data/derived-path
-        ../../src/libstore-tests/data/path-info
-        ../../src/libstore-tests/data/nar-info
-        ../../src/libstore-tests/data/build-result
-        # Too many different types of files to filter for now
-        ../../doc/manual
-        ./.
-      ])
-      # Do a blacklist instead
-      ../../doc/manual/package.nix;
-
-  # TODO the man pages should probably be separate
-  outputs = [
-    "out"
-    "man"
-  ];
-
-  nativeBuildInputs = [
-    nix-cli
-    meson
-    ninja
-    (lib.getBin lowdown-unsandboxed)
-    mdbook
-    mdbook-linkcheck
-    jq
-    python3
-    rsync
-    json-schema-for-humans
-    changelog-d
-  ]
-  ++ lib.optionals (!officialRelease) [
-    # When not an official release, we likely have changelog entries that have
-    # yet to be rendered.
-    # When released, these are rendered into a committed file to save a dependency.
-    changelog-d
-  ];
-
-  preConfigure = ''
-    chmod u+w ./.version
-    echo ${finalAttrs.version} > ./.version
-  '';
-
-  postInstall = ''
-    mkdir -p ''$out/nix-support
-    echo "doc manual ''$out/share/doc/nix/manual" >> ''$out/nix-support/hydra-build-products
-  '';
-
-  /**
-    The root of the HTML manual.
-    E.g. "${nix-manual.site}/index.html" exists.
-  */
-  passthru.site = finalAttrs.finalPackage + "/share/doc/nix/manual";
-
-  passthru.tests = {
-    # https://nixos.org/manual/nixpkgs/stable/index.html#tester-lycheeLinkCheck
-    linkcheck = testers.lycheeLinkCheck {
-      inherit (finalAttrs.finalPackage) site;
-      extraConfig = {
-        exclude = [
-          # Exclude auto-generated JSON schema documentation which has
-          # auto-generated fragment IDs that don't match the link references
-          ".*/protocols/json/.*\\.html"
-          # Exclude undocumented builtins
-          ".*/language/builtins\\.html#builtins-addErrorContext"
-          ".*/language/builtins\\.html#builtins-appendContext"
-        ];
-      };
-    };
-  };
-
-  meta = {
-    platforms = lib.platforms.all;
-  };
-})

doc/manual/redirects.js

@@ -1,7 +1,7 @@
 // redirect rules for URL fragments (client-side) to prevent link rot.
 // this must be done on the client side, as web servers do not see the fragment part of the URL.
 // it will only work with JavaScript enabled in the browser, but this is the best we can do here.
-// see source/_redirects for path redirects (server-side)
+// see src/_redirects for path redirects (server-side)
 
 // redirects are declared as follows:
 // each entry has as its key a path matching the requested URL path, relative to the mdBook document root.
@@ -344,10 +344,6 @@ const redirects = {
   },
   "language/syntax.html": {
     "scoping-rules": "scoping.html",
-    "string-literal": "string-literals.html",
-  },
-  "language/derivations.md": {
-    "builder-execution": "store/drv/building.md#builder-execution",
   },
   "installation/installing-binary.html": {
     "linux": "uninstall.html#linux",
@@ -374,9 +370,7 @@ const redirects = {
   },
   "glossary.html": {
     "gloss-local-store": "store/types/local-store.html",
-    "package-attribute-set": "#package",
     "gloss-chroot-store": "store/types/local-store.html",
-    "gloss-content-addressed-derivation": "#gloss-content-addressing-derivation",
   },
 };
 

doc/manual/remove_before_wrapper.py

@@ -1,33 +0,0 @@
-#!/usr/bin/env python3
-
-import os
-import subprocess
-import sys
-import shutil
-import typing as t
-
-def main():
-    if len(sys.argv) < 4 or '--' not in sys.argv:
-        print("Usage: remove-before-wrapper <output> -- <nix command...>")
-        sys.exit(1)
-
-    # Extract the parts
-    output: str = sys.argv[1]
-    nix_command_idx: int = sys.argv.index('--') + 1
-    nix_command: t.List[str] = sys.argv[nix_command_idx:]
-
-    output_temp: str = output + '.tmp'
-
-    # Remove the output and temp output in case they exist
-    shutil.rmtree(output, ignore_errors=True)
-    shutil.rmtree(output_temp, ignore_errors=True)
-
-    # Execute nix command with `--write-to` tempary output
-    nix_command_write_to = nix_command + ['--write-to', output_temp]
-    subprocess.run(nix_command_write_to, check=True)
-
-    # Move the temporary output to the intended location
-    os.rename(output_temp, output)
-
-if __name__ == "__main__":
-    main()

doc/manual/render-manpage.sh

@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-lowdown_args=
-
-if [ "$1" = --out-no-smarty ]; then
-    lowdown_args=--out-no-smarty
-    shift
-fi
-
-[ "$#" = 4 ] || {
-    echo "wrong number of args passed" >&2
-    exit 1
-}
-
-title="$1"
-section="$2"
-infile="$3"
-outfile="$4"
-
-(
-    printf "Title: %s\n\n" "$title"
-    cat "$infile"
-) | lowdown -sT man --nroff-nolinks $lowdown_args -M section="$section" -o "$outfile"

doc/manual/rl-next/channels-subdomain.md

@@ -1,9 +0,0 @@
----
-synopsis: Channel URLs migrated to channels.nixos.org subdomain
-prs: [14518]
-issues: [14517]
----
-
-Channel URLs have been updated from `https://nixos.org/channels/` to `https://channels.nixos.org/` throughout Nix.
-
-The subdomain provides better reliability with IPv6 support and improved CDN distribution. The old domain apex (`nixos.org/channels/`) currently redirects to the new location but may be deprecated in the future.

doc/manual/rl-next/curl-cloexec.md

@@ -0,0 +1,10 @@
+---
+synopsis: Set FD_CLOEXEC on sockets created by curl
+issues: []
+prs: [12439]
+---
+
+
+Curl creates sockets without setting FD_CLOEXEC/SOCK_CLOEXEC, this can cause connections to remain open forever when using commands like `nix shell`
+
+This change sets the FD_CLOEXEC flag using a CURLOPT_SOCKOPTFUNCTION callback.

doc/manual/rl-next/json-format-changes.md

@@ -1,55 +0,0 @@
----
-synopsis: "JSON format changes for store path info and derivations"
-prs: []
-issues: []
----
-
-JSON formats for store path info and derivations have been updated with new versions and structured fields.
-
-## Store Path Info JSON (Version 2)
-
-The store path info JSON format has been updated from version 1 to version 2:
-
-- **Added `version` field**:
-
-  All store path info JSON now includes `"version": 2`.
-
-- **Structured `ca` field**:
-
-  Content address is now a structured JSON object instead of a string:
-
-  - Old: `"ca": "fixed:r:sha256:1abc..."`
-  - New: `"ca": {"method": "nar", "hash": {"algorithm": "sha256", "format": "base64", "hash": "EMIJ+giQ..."}}`
-  - Still `null` values for input-addressed store objects
-
-- **Structured hash fields**:
-
-  Hash values (`narHash` and `downloadHash`) are now structured JSON objects instead of strings:
-
-  - Old: `"narHash": "sha256:FePFYIlMuycIXPZbWi7LGEiMmZSX9FMbaQenWBzm1Sc="`
-  - New: `"narHash": {"algorithm": "sha256", "format": "base64", "hash": "FePFYIlM..."}`
-  - Same structure applies to `downloadHash` in NAR info contexts
-
-Nix currently only produces, and doesn't consume this format.
-
-**Affected command**: `nix path-info --json`
-
-## Derivation JSON (Version 4)
-
-The derivation JSON format has been updated from version 3 to version 4:
-
-- **Restructured inputs**:
-
-  Inputs are now nested under an `inputs` object:
-
-  - Old: `"inputSrcs": [...], "inputDrvs": {...}`
-  - New: `"inputs": {"srcs": [...], "drvs": {...}}`
-
-- **Consistent content addresses**:
-
-  Floating content-addressed outputs now use structured JSON format.
-  This is the same format as `ca` in in store path info (after the new version).
-
-Version 3 and earlier formats are *not* accepted when reading.
-
-**Affected command**: `nix derivation`, namely it's `show` and `add` sub-commands.

doc/manual/rl-next/libcurl-pausing.md

@@ -1,12 +0,0 @@
----
-synopsis: Fix "download buffer is full; consider increasing the 'download-buffer-size' setting" warning
-prs: [14614]
-issues: [11728]
----
-
-The underlying issue that led to [#11728](https://github.com/NixOS/nix/issues/11728) has been resolved by utilizing
-[libcurl write pausing functionality](https://curl.se/libcurl/c/curl_easy_pause.html) to control backpressure when unpacking to slow destinations like the git-backed tarball cache. The default value of `download-buffer-size` is now 1 MiB and it's no longer recommended to increase it, since the root cause has been fixed.
-
-This is expected to improve download performance on fast connections, since previously a single slow download consumer would stall the thread and prevent any other transfers from progressing.
-
-Many thanks go out to the [Lix project](https://lix.systems/) for the [implementation](https://git.lix.systems/lix-project/lix/commit/4ae6fb5a8f0d456b8d2ba2aaca3712b4e49057fc) that served as inspiration for this change and for triaging libcurl [issues with pausing](https://github.com/curl/curl/issues/19334).

doc/manual/rl-next/s3-curl-implementation.md

@@ -1,40 +0,0 @@
----
-synopsis: "Improved S3 binary cache support via HTTP"
-prs: [13752, 13823, 14026, 14120, 14131, 14135, 14144, 14170, 14190, 14198, 14206, 14209, 14222, 14223, 14330, 14333, 14335, 14336, 14337, 14350, 14356, 14357, 14374, 14375, 14376, 14377, 14391, 14393, 14420, 14421]
-issues: [13084, 12671, 11748, 12403]
----
-
-S3 binary cache operations now happen via HTTP, leveraging `libcurl`'s native
-AWS SigV4 authentication instead of the AWS C++ SDK, providing significant
-improvements:
-
-- **Reduced memory usage**: Eliminates memory buffering issues that caused
-  segfaults with large files
-- **Fixed upload reliability**: Resolves AWS SDK chunking errors
-  (`InvalidChunkSizeError`)
-- **Lighter dependencies**: Uses lightweight `aws-crt-cpp` instead of full
-  `aws-cpp-sdk`, reducing build complexity
-
-The new implementation requires curl >= 7.75.0 and `aws-crt-cpp` for credential
-management.
-
-All existing S3 URL formats and parameters remain supported, however the store
-settings for configuring multipart uploads have changed:
-
-- **`multipart-upload`** (default: `false`): Enable multipart uploads for large
-  files. When enabled, files exceeding the multipart threshold will be uploaded
-  in multiple parts.
-
-- **`multipart-threshold`** (default: `100 MiB`): Minimum file size for using
-  multipart uploads. Files smaller than this will use regular PUT requests.
-  Only takes effect when `multipart-upload` is enabled.
-
-- **`multipart-chunk-size`** (default: `5 MiB`): Size of each part in multipart
-  uploads. Must be at least 5 MiB (AWS S3 requirement). Larger chunk sizes
-  reduce the number of requests but use more memory.
-
-- **`buffer-size`**: Has been replaced by `multipart-chunk-size` and is now an alias to it.
-
-Note that this change also means Nix now supports S3 binary cache stores even
-if built without `aws-crt-cpp`, but only for public buckets which do not
-require authentication.

doc/manual/rl-next/s3-object-versioning.md

@@ -1,14 +0,0 @@
----
-synopsis: "S3 URLs now support object versioning via versionId parameter"
-prs: [14274]
-issues: [13955]
----
-
-S3 URLs now support a `versionId` query parameter to fetch specific versions
-of objects from S3 buckets with versioning enabled. This allows pinning to
-exact object versions for reproducibility and protection against unexpected
-changes:
-
-```
-s3://bucket/key?region=us-east-1&versionId=abc123def456
-```

doc/manual/rl-next/s3-storage-class.md

@@ -1,21 +0,0 @@
----
-synopsis: "S3 binary cache stores now support storage class configuration"
-prs: [14464]
-issues: [7015]
----
-
-S3 binary cache stores now support configuring the storage class for uploaded objects via the `storage-class` parameter. This allows users to optimize costs by selecting appropriate storage tiers based on access patterns.
-
-Example usage:
-
-```bash
-# Use Glacier storage for long-term archival
-nix copy --to 's3://my-bucket?storage-class=GLACIER' /nix/store/...
-
-# Use Intelligent Tiering for automatic cost optimization
-nix copy --to 's3://my-bucket?storage-class=INTELLIGENT_TIERING' /nix/store/...
-```
-
-The storage class applies to both regular uploads and multipart uploads. When not specified, objects use the bucket's default storage class.
-
-See the [S3 storage classes documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-class-intro.html) for available storage classes and their characteristics.

doc/manual/source/advanced-topics/distributed-builds.md

@@ -1,110 +0,0 @@
-# Remote Builds
-
-A local Nix installation can forward Nix builds to other machines,
-this allows multiple builds to be performed in parallel.
-
-Remote builds also allow Nix to perform multi-platform builds in a
-semi-transparent way. For example, if you perform a build for a
-`x86_64-darwin` on an `i686-linux` machine, Nix can automatically
-forward the build to a `x86_64-darwin` machine, if one is available.
-
-## Requirements
-
-For a local machine to forward a build to a remote machine, the remote machine must:
-
-- Have Nix installed
-- Be running an SSH server, e.g. `sshd`
-- Be accessible via SSH from the local machine over the network
-- Have the local machine's public SSH key in `/etc/ssh/authorized_keys.d/<username>`
-- Have the username of the SSH user in the `trusted-users` setting in `nix.conf`
-
-## Testing
-
-To test connecting to a remote [Nix instance] (in this case `mac`), run:
-
-```console
-nix store info --store ssh://username@mac
-```
-
-To specify an SSH identity file as part of the remote store URI add a
-query parameter, e.g.
-
-```console
-nix store info --store ssh://username@mac?ssh-key=/home/alice/my-key
-```
-
-Since builds should be non-interactive, the key should not have a
-passphrase. Alternatively, you can load identities ahead of time into
-`ssh-agent` or `gpg-agent`.
-
-In a multi-user installation (default), builds are executed by the Nix
-Daemon. The Nix Daemon cannot prompt for a passphrase via the terminal
-or `ssh-agent`, so the SSH key must not have a passphrase.
-
-In addition, the Nix Daemon's user (typically root) needs to have SSH
-access to the remote builder.
-
-Access can be verified by running `sudo su`, and then validating SSH
-access, e.g. by running `ssh mac`. SSH identity files for root users
-are usually stored in `/root/.ssh/` (Linux) or `/var/root/.ssh` (MacOS).
-
-If you get the error
-
-```console
-bash: nix: command not found
-error: cannot connect to 'mac'
-```
-
-then you need to ensure that the `PATH` of non-interactive login shells
-contains Nix.
-
-The [list of remote build machines](@docroot@/command-ref/conf-file.md#conf-builders) can be specified on the command line or in the Nix configuration file.
-For example, the following command allows you to build a derivation for `x86_64-darwin` on a Linux machine:
-
-```console
-uname
-```
-
-```console
-Linux
-```
-
-```console
-nix build --impure \
- --expr '(with import <nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo" {} "uname > $out")' \
- --builders 'ssh://mac x86_64-darwin'
-```
-
-```console
-[1/0/1 built, 0.0 MiB DL] building foo on ssh://mac
-```
-
-```console
-cat ./result
-```
-
-```console
-Darwin
-```
-
-It is possible to specify multiple build machines separated by a semicolon or a newline, e.g.
-
-```console
-  --builders 'ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd'
-```
-
-Remote build machines can also be configured in [`nix.conf`](@docroot@/command-ref/conf-file.md), e.g.
-
-    builders = ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd
-
-After making changes to `nix.conf`, restart the Nix daemon for changes to take effect.
-
-Finally, remote build machines can be configured in a separate configuration
-file included in `builders` via the syntax `@/path/to/file`. For example,
-
-    builders = @/etc/nix/machines
-
-causes the list of machines in `/etc/nix/machines` to be included.
-(This is the default.)
-
-[Nix instance]: @docroot@/glossary.md#gloss-nix-instance

doc/manual/source/advanced-topics/eval-profiler.md

@@ -1,33 +0,0 @@
-# Using the `eval-profiler`
-
-Nix evaluator supports [evaluation](@docroot@/language/evaluation.md)
-[profiling](<https://en.wikipedia.org/wiki/Profiling_(computer_programming)>)
-compatible with `flamegraph.pl`. The profiler samples the nix
-function call stack at regular intervals. It can be enabled with the
-[`eval-profiler`](@docroot@/command-ref/conf-file.md#conf-eval-profiler)
-setting:
-
-```console
-$ nix-instantiate "<nixpkgs>" -A hello --eval-profiler flamegraph
-```
-
-Stack sampling frequency and the output file path can be configured with
-[`eval-profile-file`](@docroot@/command-ref/conf-file.md#conf-eval-profile-file)
-and [`eval-profiler-frequency`](@docroot@/command-ref/conf-file.md#conf-eval-profiler-frequency).
-By default the collected profile is saved to `nix.profile` file in the current working directory.
-
-The collected profile can be directly consumed by `flamegraph.pl`:
-
-```console
-$ flamegraph.pl nix.profile > flamegraph.svg
-```
-
-The line information in the profile contains the location of the [call
-site](https://en.wikipedia.org/wiki/Call_site) position and the name of the
-function being called (when available). For example:
-
-```
-/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5:primop import
-```
-
-Here `import` primop is called at `/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5`.

doc/manual/source/command-ref/meson.build

@@ -1,56 +0,0 @@
-xp_features_json = custom_target(
-  command : [ nix, '__dump-xp-features' ],
-  capture : true,
-  output : 'xp-features.json',
-  env : nix_env_for_docs,
-)
-
-experimental_features_shortlist_md = custom_target(
-  command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
-  ],
-  input : [
-    '../../generate-xp-features-shortlist.nix',
-    xp_features_json,
-  ],
-  output : 'experimental-features-shortlist.md',
-  capture : true,
-  env : nix_env_for_docs,
-)
-
-nix3_cli_files = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', 'import @INPUT1@ true (builtins.readFile ./@INPUT2@)',
-  ],
-  input : [
-    '../../remove_before_wrapper.py',
-    '../../generate-manpage.nix',
-    nix3_cli_json,
-  ],
-  output : 'new-cli',
-  env : nix_env_for_docs,
-)
-
-conf_file_md_body = custom_target(
-  command : [
-    nix_eval_for_docs,
-    '--expr', 'import @INPUT0@ { prefix = "conf"; } (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
-  ],
-  capture : true,
-  input : [
-    '../../generate-settings.nix',
-    conf_file_json,
-  ],
-  output : 'conf-file.body.md',
-  env : nix_env_for_docs,
-)
-
-conf_file_md = custom_target(
-  command : [ 'cat', '@INPUT0@', '@INPUT1@' ],
-  capture : true,
-  input : [
-    'conf-file-prefix.md',
-    conf_file_md_body,
-  ],
-  output : 'conf-file.md',
-)

doc/manual/source/development/benchmarking.md

@@ -1,187 +0,0 @@
-# Running Benchmarks
-
-This guide explains how to build and run performance benchmarks in the Nix codebase.
-
-## Overview
-
-Nix uses the [Google Benchmark](https://github.com/google/benchmark) framework for performance testing. Benchmarks help measure and track the performance of critical operations like derivation parsing.
-
-## Building Benchmarks
-
-Benchmarks are disabled by default and must be explicitly enabled during the build configuration. For accurate results, use a debug-optimized release build.
-
-### Development Environment Setup
-
-First, enter the development shell which includes the necessary dependencies:
-
-```bash
-nix develop .#native-ccacheStdenv
-```
-
-### Configure Build with Benchmarks
-
-From the project root, configure the build with benchmarks enabled and optimization:
-
-```bash
-cd build
-meson configure -Dbenchmarks=true -Dbuildtype=debugoptimized
-```
-
-The `debugoptimized` build type provides:
-- Compiler optimizations for realistic performance measurements
-- Debug symbols for profiling and analysis
-- Balance between performance and debuggability
-
-### Build the Benchmarks
-
-Build the project including benchmarks:
-
-```bash
-ninja
-```
-
-This will create benchmark executables in the build directory. Currently available:
-- `build/src/libstore-tests/nix-store-benchmarks` - Store-related performance benchmarks
-
-Additional benchmark executables will be created as more benchmarks are added to the codebase.
-
-## Running Benchmarks
-
-### Basic Usage
-
-Run benchmark executables directly. For example, to run store benchmarks:
-
-```bash
-./build/src/libstore-tests/nix-store-benchmarks
-```
-
-As more benchmark executables are added, run them similarly from their respective build directories.
-
-### Filtering Benchmarks
-
-Run specific benchmarks using regex patterns:
-
-```bash
-# Run only derivation parser benchmarks
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter="derivation.*"
-
-# Run only benchmarks for hello.drv
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter=".*hello.*"
-```
-
-### Output Formats
-
-Generate benchmark results in different formats:
-
-```bash
-# JSON output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > results.json
-
-# CSV output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=csv > results.csv
-```
-
-### Advanced Options
-
-```bash
-# Run benchmarks multiple times for better statistics
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_repetitions=10
-
-# Set minimum benchmark time (useful for micro-benchmarks)
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_min_time=2
-
-# Compare against baseline
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-
-# Display time in custom units
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_time_unit=ms
-```
-
-## Writing New Benchmarks
-
-To add new benchmarks:
-
-1. Create a new `.cc` file in the appropriate `*-tests` directory
-2. Include the benchmark header:
-   ```cpp
-   #include <benchmark/benchmark.h>
-   ```
-
-3. Write benchmark functions:
-   ```cpp
-   static void BM_YourBenchmark(benchmark::State & state)
-   {
-       // Setup code here
-
-       for (auto _ : state) {
-           // Code to benchmark
-       }
-   }
-   BENCHMARK(BM_YourBenchmark);
-   ```
-
-4. Add the file to the corresponding `meson.build`:
-   ```meson
-   benchmarks_sources = files(
-       'your-benchmark.cc',
-       # existing benchmarks...
-   )
-   ```
-
-## Profiling with Benchmarks
-
-For deeper performance analysis, combine benchmarks with profiling tools:
-
-```bash
-# Using Linux perf
-perf record ./build/src/libstore-tests/nix-store-benchmarks
-perf report
-```
-
-### Using Valgrind Callgrind
-
-Valgrind's callgrind tool provides detailed profiling information that can be visualized with kcachegrind:
-
-```bash
-# Profile with callgrind
-valgrind --tool=callgrind ./build/src/libstore-tests/nix-store-benchmarks
-
-# Visualize the results with kcachegrind
-kcachegrind callgrind.out.*
-```
-
-This provides:
-- Function call graphs
-- Instruction-level profiling
-- Source code annotation
-- Interactive visualization of performance bottlenecks
-
-## Continuous Performance Testing
-
-```bash
-# Save baseline results
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > baseline.json
-
-# Compare against baseline in CI
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-```
-
-## Troubleshooting
-
-### Benchmarks not building
-
-Ensure benchmarks are enabled:
-```bash
-meson configure build | grep benchmarks
-# Should show: benchmarks true
-```
-
-### Inconsistent results
-
-- Ensure your system is not under heavy load
-- Disable CPU frequency scaling for consistent results
-- Run benchmarks multiple times with `--benchmark_repetitions`
-
-## See Also
-
-- [Google Benchmark documentation](https://github.com/google/benchmark/blob/main/docs/user_guide.md)

doc/manual/source/development/debugging.md

@@ -1,86 +0,0 @@
-# Debugging Nix
-
-This section shows how to build and debug Nix with debug symbols enabled.
-
-Additionally, see [Testing Nix](./testing.md) for further instructions on how to debug Nix in the context of a unit test or functional test.
-
-## Building Nix with Debug Symbols
-
-In the development shell, set the `mesonBuildType` environment variable to `debug` before configuring the build:
-
-```console
-[nix-shell]$ export mesonBuildType=debugoptimized
-```
-
-Then, proceed to build Nix as described in [Building Nix](./building.md).
-This will build Nix with debug symbols, which are essential for effective debugging.
-
-It is also possible to build without optimization for faster build:
-
-```console
-[nix-shell]$ NIX_HARDENING_ENABLE=$(printLines $NIX_HARDENING_ENABLE | grep -v fortify)
-[nix-shell]$ export mesonBuildType=debug
-```
-
-(The first line is needed because `fortify` hardening requires at least some optimization.)
-
-## Building Nix with sanitizers
-
-Nix can be built with [Address](https://clang.llvm.org/docs/AddressSanitizer.html) and
-[UB](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html) sanitizers using LLVM
-or GCC. This is useful when debugging memory corruption issues.
-
-```console
-[nix-shell]$ export mesonBuildType=debugoptimized
-[nix-shell]$ appendToVar mesonFlags "-Dlibexpr:gc=disabled" # Disable Boehm
-[nix-shell]$ appendToVar mesonFlags "-Dbindings=false" # Disable nix-perl
-[nix-shell]$ appendToVar mesonFlags "-Db_sanitize=address,undefined"
-```
-
-## Debugging the Nix Binary
-
-Obtain your preferred debugger within the development shell:
-
-```console
-[nix-shell]$ nix-shell -p gdb
-```
-
-On macOS, use `lldb`:
-
-```console
-[nix-shell]$ nix-shell -p lldb
-```
-
-### Launching the Debugger
-
-To debug the Nix binary, run:
-
-```console
-[nix-shell]$ gdb --args ../outputs/out/bin/nix
-```
-
-On macOS, use `lldb`:
-
-```console
-[nix-shell]$ lldb -- ../outputs/out/bin/nix
-```
-
-### Using the Debugger
-
-Inside the debugger, you can set breakpoints, run the program, and inspect variables.
-
-```gdb
-(gdb) break main
-(gdb) run <arguments>
-```
-
-Refer to the [GDB Documentation](https://www.gnu.org/software/gdb/documentation/) for comprehensive usage instructions.
-
-On macOS, use `lldb`:
-
-```lldb
-(lldb) breakpoint set --name main
-(lldb) process launch -- <arguments>
-```
-
-Refer to the [LLDB Tutorial](https://lldb.llvm.org/use/tutorial.html) for comprehensive usage instructions.

doc/manual/source/development/meson.build

@@ -1,12 +0,0 @@
-experimental_feature_descriptions_md = custom_target(
-  command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
-  ],
-  input : [
-    '../../generate-xp-features.nix',
-    xp_features_json,
-  ],
-  capture : true,
-  env : nix_env_for_docs,
-  output : 'experimental-feature-descriptions.md',
-)

doc/manual/source/language/constructs.md

@@ -1 +0,0 @@
-# Language Constructs

doc/manual/source/language/evaluation.md

@@ -1,77 +0,0 @@
-# Evaluation
-
-Evaluation is the process of turning a Nix expression into a [Nix value](types.md).
-
-This happens by a number of rules, such as:
-- Constructing values from literals. 
-  For example the number literal `1` is turned into the number value `1`.
-- Applying operators
-  For example the addition operator `+` is applied to two number values to produce a new number value.
-- Applying built-in functions
-  For example the expression `builtins.isInt 1` is evaluated to `true`.
-- Applying user-defined functions
-  For example the expression `(x: x + 1) 10` can[*](#laziness) be thought of rewriting `x` in the function body to the argument, `10 + 1`, which is then evaluated to `11`.
-
-These rules are applied as needed, driven by the specific use of the expression. For example, this can occur in the Nix command line interface or interactively with the [repl (read-eval-print loop)](@docroot@/command-ref/new-cli/nix3-repl.md), which is a useful tool when learning about evaluation.
-
-# Details
-
-## Values {#values}
-
-Nix values can be thought of as a subset of Nix expressions.
-For example, the expression `1 + 2` is not a value, because it can be reduced to `3`. The expression `3` is a value, because it cannot be reduced any further.
-
-Evaluation normally happens by applying rules to the "head" of the expression, which is the outermost part of the expression. The head of an expression like `[ 1 2 ]` is the list literal (`[ a1 a2 ]`), for `1 + 2` it is the addition operator (`+`), and for `f 1` it is the function application "operator" (` `).
-
-After applying all possible rules to the head until no rules can be applied, the expression is in "weak head normal form" (WHNF). This means that the outermost constructor of the expression is evaluated, but the inner values may or may not be. "Weak" only signifies that the expression may be a function. This is an historical or academic artifact, and Nix has no use for the non-weak "head normal form".
-
-## Laziness and thunks {#laziness}
-
-The Nix language implements _call by need_ (as opposed to _call by value_ or _call by reference_). <!-- No wikipedia link, which would be a huge distraction. --> Call by need is commonly known as laziness in functional programming, as it is a specific implementation of the concept where evaluation is deferred until the result is required, aiming to only evaluate the parts of an expression that are needed to produce the final result.
-
-Furthermore, the result of evaluation is preserved, in values, in `let` bindings, in function _parameters_, which behave a lot like `let` bindings, but with the notable exception of function _calls_. Results of function calls rely on being put into `let` bindings, etc to be reused. <!-- which would be prohibitively expensive and too strict, or we wouldn't have a cache key for the argument -->
-
-When discussing the process of evaluation in lower level terms, we may define values not as a subset of expressions, but separately, where each "value" is either a data constructor, a function or a _thunk_. A thunk is a delayed computation, represented by an expression reference and a "closure" &ndash; the values for the lexical scope around the delayed expression.
-
-As a user of the language, you generally don't have to think about thunks, as they are not part of the language semantics, but you may encounter them in the repl, in the [C API] or in discussions.
-
-## Strictness
-
-Instead of thinking about thunks, it is often more productive to think in terms of _strictness_.
-This term is used in functional programming to refer to the opposite of laziness, i.e. not just for something like error propagation. It refers to the need to evaluate certain expressions before evaluation can produce any result.
-
-Statements about strictness usually implicitly refer to weak head normal form.
-For example, we can say that the following function is strict in its argument:
-
-```nix
-x: isAttrs x || isFunction x
-```
-
-The above function must be strict in its argument `x` because determining its type requires evaluating `x` to at least some degree.
-
-The following function is not strict in its argument:
-
-```nix
-x: { isOk = isAttrs x || isFunction x; }
-```
-
-It is not strict, because it can return the attribute set before evaluating `x`.
-The attribute value for `isOk` _is_ strict in `x`.
-
-A function with a _set pattern_ is always strict in its argument, as a consequence of checking the argument's type and/or attribute names:
-
-```nix
-let f = { ... }: "ok";
-in f (throw "kablam")
-=> error: kablam
-```
-
-However, a set pattern does not add any strictness beyond WHNF of the attribute set argument.
-
-```nix
-let f = orig@{ x, ... }: "ok";
-in f { x = throw "error"; y = throw "error"; }
-=> "ok"
-```
-
-[C API]: @docroot@/c-api.md

doc/manual/source/language/meson.build

@@ -1,14 +0,0 @@
-builtins_md = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', '(builtins.readFile @INPUT3@) + import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)) + (builtins.readFile @INPUT4@)',
-  ],
-  input : [
-    '../../remove_before_wrapper.py',
-    '../../generate-builtins.nix',
-    language_json,
-    'builtins-prefix.md',
-    'builtins-suffix.md',
-  ],
-  output : 'builtins.md',
-  env : nix_env_for_docs,
-)

doc/manual/source/language/scope.md

@@ -1,28 +0,0 @@
-# Scoping rules
-
-A *scope* in the Nix language is a dictionary keyed by [name](./identifiers.md#names), mapping each name to an expression and a *definition type*.
-The definition type is either *explicit* or *implicit*.
-Each entry in this dictionary is a *definition*.
-
-Explicit definitions are created by the following expressions:
-- [let-expressions](syntax.md#let-expressions)
-- [recursive attribute set literals](syntax.md#recursive-sets) (`rec`)
-- [function literals](syntax.md#functions)
-
-Implicit definitions are only created by [with-expressions](./syntax.md#with-expressions).
-
-Every expression is *enclosed* by a scope.
-The outermost expression is enclosed by the [built-in, global scope](./builtins.md), which contains only explicit definitions.
-The expressions listed above *extend* their enclosing scope by adding new definitions, or replacing existing ones with the same name.
-An explicit definition can replace a definition of any type; an implicit definition can only replace another implicit definition.
-
-Each of the above expressions defines which of its subexpressions are enclosed by the extended scope.
-In all other cases, the same scope that encloses an expression is the enclosing scope for its subexpressions.
-
-The Nix language is [statically scoped](https://en.wikipedia.org/wiki/Scope_(computer_science)#Lexical_scope);
-the value of a variable is determined only by the variable's enclosing scope, and not by the dynamic context in which the variable is evaluated.
-
-> **Note**
->
-> Expressions entered into the [Nix REPL](@docroot@/command-ref/new-cli/nix3-repl.md) are enclosed by a scope that can be extended by command line arguments or previous REPL commands.
-> These ways of extending scope are not, strictly speaking, part of the Nix language.

doc/manual/source/language/values.md

@@ -1 +0,0 @@
-# Data Types

doc/manual/source/language/variables.md

@@ -1,10 +0,0 @@
-# Variables
-
-A *variable* is an [identifier](identifiers.md) used as an expression.
-
-> **Syntax**
->
-> *expression* → *identifier*
-
-A variable must have the same name as a definition in the [scope](./scope.md) that encloses it.
-The value of a variable is the value of the corresponding expression in the enclosing scope.

doc/manual/source/meson.build

@@ -1,21 +0,0 @@
-# Process JSON schema documentation
-subdir('protocols')
-
-summary_rl_next = custom_target(
-  command : [
-    bash,
-    '-euo',
-    'pipefail',
-    '-c',
-    '''
-      if [ -e "@INPUT@" ]; then
-        echo '  - [Upcoming release](release-notes/rl-next.md)'
-      fi
-    ''',
-  ],
-  input : [
-    rl_next_generated,
-  ],
-  capture : true,
-  output : 'SUMMARY-rl-next.md',
-)

doc/manual/source/protocols/derivation-aterm.md

@@ -1,40 +0,0 @@
-# Derivation "ATerm" file format
-
-For historical reasons, [store derivations][store derivation] are stored on-disk in "Annotated Term" (ATerm) format
-([guide](https://homepages.cwi.nl/~daybuild/daily-books/technology/aterm-guide/aterm-guide.html),
-[paper](https://doi.org/10.1002/(SICI)1097-024X(200003)30:3%3C259::AID-SPE298%3E3.0.CO;2-Y)).
-
-## The ATerm format used
-
-Derivations are serialised in one of the following formats:
-
-- ```
-  Derive(...)
-  ```
-
-  For all stable derivations.
-
-- ```
-  DrvWithVersion(<version-string>, ...)
-  ```
-
-  The only `version-string`s that are in use today are for [experimental features](@docroot@/development/experimental-features.md):
-
-  - `"xp-dyn-drv"` for the [`dynamic-derivations`](@docroot@/development/experimental-features.md#xp-feature-dynamic-derivations) experimental feature.
-
-## Use for encoding to store object
-
-When derivation is encoded to a [store object] we make the following choices:
-
-- The store path name is the derivation name with `.drv` suffixed at the end
-
-  Indeed, the ATerm format above does *not* contain the name of the derivation, on the assumption that a store path will also be provided out-of-band.
-
-- The derivation is content-addressed using the ["Text" method] of content-addressing derivations
-
-Currently we always encode derivations to store object using the ATerm format (and the previous two choices),
-but we reserve the option to encode new sorts of derivations differently in the future.
-
-[store derivation]: @docroot@/glossary.md#gloss-store-derivation
-[store object]: @docroot@/glossary.md#gloss-store-object
-["Text" method]: @docroot@/store/store-object/content-address.md#method-text

doc/manual/source/protocols/json/build-result.md

@@ -1,21 +0,0 @@
-{{#include build-result-v1-fixed.md}}
-
-## Examples
-
-### Successful build
-
-```json
-{{#include schema/build-result-v1/success.json}}
-```
-
-### Failed build (output rejected)
-
-```json
-{{#include schema/build-result-v1/output-rejected.json}}
-```
-
-### Failed build (non-deterministic)
-
-```json
-{{#include schema/build-result-v1/not-deterministic.json}}
-```

doc/manual/source/protocols/json/build-trace-entry.md

@@ -1,27 +0,0 @@
-{{#include build-trace-entry-v1-fixed.md}}
-
-## Examples
-
-### Simple build trace entry
-
-```json
-{{#include schema/build-trace-entry-v1/simple.json}}
-```
-
-### Build trace entry with dependencies
-
-```json
-{{#include schema/build-trace-entry-v1/with-dependent-realisations.json}}
-```
-
-### Build trace entry with signature
-
-```json
-{{#include schema/build-trace-entry-v1/with-signature.json}}
-```
-
-<!--
-## Raw Schema
-
-[JSON Schema for Build Trace Entry v1](schema/build-trace-entry-v1.json)
--->

doc/manual/source/protocols/json/content-address.md

@@ -1,21 +0,0 @@
-{{#include content-address-v1-fixed.md}}
-
-## Examples
-
-### [Text](@docroot@/store/store-object/content-address.html#method-text) method
-
-```json
-{{#include schema/content-address-v1/text.json}}
-```
-
-### [Nix Archive](@docroot@/store/store-object/content-address.html#method-nix-archive) method
-
-```json
-{{#include schema/content-address-v1/nar.json}}
-```
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for Hash v1](schema/content-address-v1.json)
--->

doc/manual/source/protocols/json/derivation.md

@@ -1,7 +0,0 @@
-{{#include derivation-v4-fixed.md}}
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for Derivation v3](schema/derivation-v4.json)
--->

doc/manual/source/protocols/json/deriving-path.md

@@ -1,21 +0,0 @@
-{{#include deriving-path-v1-fixed.md}}
-
-## Examples
-
-### Constant
-
-```json
-{{#include schema/deriving-path-v1/single_opaque.json}}
-```
-
-### Output of static derivation
-
-```json
-{{#include schema/deriving-path-v1/single_built.json}}
-```
-
-### Output of dynamic derivation
-
-```json
-{{#include schema/deriving-path-v1/single_built_built.json}}
-```

doc/manual/source/protocols/json/file-system-object.md

@@ -1,21 +0,0 @@
-{{#include file-system-object-v1-fixed.md}}
-
-## Examples
-
-### Simple
-
-```json
-{{#include schema/file-system-object-v1/simple.json}}
-```
-
-### Complex
-
-```json
-{{#include schema/file-system-object-v1/complex.json}}
-```
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for File System Object v1](schema/file-system-object-v1.json)
--->

doc/manual/source/protocols/json/fixup-json-schema-generated-doc.sed

@@ -1,18 +0,0 @@
-# For some reason, backticks in the JSON schema are being escaped rather
-# than being kept as intentional code spans. This removes all backtick
-# escaping, which is an ugly solution, but one that is fine, because we
-# are not using backticks for any other purpose.
-s/\\`/`/g
-
-# The way that semi-external references are rendered (i.e. ones to
-# sibling schema files, as opposed to separate website ones, is not nice
-# for humans. Replace it with a nice relative link within the manual
-# instead.
-#
-# As we have more such relative links, more replacements of this nature
-# should appear below.
-s^#/\$defs/\(regular\|symlink\|directory\)^In this schema^g
-s^\(./hash-v1.yaml\)\?#/$defs/algorithm^[JSON format for `Hash`](./hash.html#algorithm)^g
-s^\(./hash-v1.yaml\)^[JSON format for `Hash`](./hash.html)^g
-s^\(./content-address-v1.yaml\)\?#/$defs/method^[JSON format for `ContentAddress`](./content-address.html#method)^g
-s^\(./content-address-v1.yaml\)^[JSON format for `ContentAddress`](./content-address.html)^g

doc/manual/source/protocols/json/hash.md

@@ -1,33 +0,0 @@
-{{#include hash-v1-fixed.md}}
-
-## Examples
-
-### SHA-256 with Base64 encoding
-
-```json
-{{#include schema/hash-v1/sha256-base64.json}}
-```
-
-### SHA-256 with Base16 (hexadecimal) encoding
-
-```json
-{{#include schema/hash-v1/sha256-base16.json}}
-```
-
-### SHA-256 with Nix32 encoding
-
-```json
-{{#include schema/hash-v1/sha256-nix32.json}}
-```
-
-### BLAKE3 with Base64 encoding
-
-```json
-{{#include schema/hash-v1/blake3-base64.json}}
-```
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for Hash v1](schema/hash-v1.json)
--->

doc/manual/source/protocols/json/index.md

@@ -1 +0,0 @@
-# JSON Formats

doc/manual/source/protocols/json/json-schema-for-humans-config.yaml

@@ -1,17 +0,0 @@
-# Configuration file for json-schema-for-humans
-#
-# https://github.com/coveooss/json-schema-for-humans/blob/main/docs/examples/examples_md_default/Configuration.md
-
-template_name: md
-show_toc: true
-# impure timestamp and distracting
-with_footer: false
-recursive_detection_depth: 3
-show_breadcrumbs: false
-description_is_markdown: true
-template_md_options:
-  properties_table_columns:
-    - Property
-    - Type
-    - Pattern
-    - Title/Description

doc/manual/source/protocols/json/meson.build

@@ -1,81 +0,0 @@
-# Tests in: ../../../../src/json-schema-checks
-
-fs = import('fs')
-
-# Find json-schema-for-humans if available
-json_schema_for_humans = find_program('generate-schema-doc', required : false)
-
-# Configuration for json-schema-for-humans
-json_schema_config = files('json-schema-for-humans-config.yaml')
-
-schemas = [
-  'file-system-object-v1',
-  'hash-v1',
-  'content-address-v1',
-  'store-path-v1',
-  'store-object-info-v2',
-  'derivation-v4',
-  'deriving-path-v1',
-  'build-trace-entry-v1',
-  'build-result-v1',
-]
-
-schema_files = files()
-foreach schema_name : schemas
-  schema_files += files('schema' / schema_name + '.yaml')
-endforeach
-
-
-schema_outputs = []
-foreach schema_name : schemas
-  schema_outputs += schema_name + '.md'
-endforeach
-
-json_schema_generated_files = []
-
-# Generate markdown documentation from JSON schema
-# Note: output must be just a filename, not a path
-gen_file = custom_target(
-  schema_name + '-schema-docs.tmp',
-  command : [
-    json_schema_for_humans,
-    '--config-file',
-    json_schema_config,
-    meson.current_source_dir() / 'schema',
-    meson.current_build_dir(),
-  ],
-  input : schema_files + [
-    json_schema_config,
-  ],
-  output : schema_outputs,
-  capture : false,
-  build_by_default : true,
-)
-
-idx = 0
-if json_schema_for_humans.found()
-  foreach schema_name : schemas
-    #schema_file = 'schema' / schema_name + '.yaml'
-
-    # There is one so-so hack, and one horrible hack being done here.
-    sedded_file = custom_target(
-      schema_name + '-schema-docs',
-      command : [
-        'sed',
-        '-f',
-        # Out of line to avoid https://github.com/mesonbuild/meson/issues/1564
-        files('fixup-json-schema-generated-doc.sed'),
-        '@INPUT@',
-      ],
-      capture : true,
-      input : gen_file[idx],
-      output : schema_name + '-fixed.md',
-    )
-    idx += 1
-    json_schema_generated_files += [ sedded_file ]
-  endforeach
-else
-  warning(
-    'json-schema-for-humans not found, skipping JSON schema documentation generation',
-  )
-endif

doc/manual/source/protocols/json/schema/build-result-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/build-result

doc/manual/source/protocols/json/schema/build-result-v1.yaml

@@ -1,136 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/build-result-v1.json"
-title: Build Result
-description: |
-  This schema describes the JSON representation of Nix's `BuildResult` type, which represents the result of building a derivation or substituting store paths.
-
-  Build results can represent either successful builds (with built outputs) or various types of failures.
-
-oneOf:
-  - "$ref": "#/$defs/success"
-  - "$ref": "#/$defs/failure"
-type: object
-required:
-  - success
-  - status
-properties:
-  timesBuilt:
-    type: integer
-    minimum: 0
-    title: Times built
-    description: |
-      How many times this build was performed.
-
-  startTime:
-    type: integer
-    minimum: 0
-    title: Start time
-    description: |
-      The start time of the build (or one of the rounds, if it was repeated), as a Unix timestamp.
-
-  stopTime:
-    type: integer
-    minimum: 0
-    title: Stop time
-    description: |
-      The stop time of the build (or one of the rounds, if it was repeated), as a Unix timestamp.
-
-  cpuUser:
-    type: integer
-    minimum: 0
-    title: User CPU time
-    description: |
-      User CPU time the build took, in microseconds.
-
-  cpuSystem:
-    type: integer
-    minimum: 0
-    title: System CPU time
-    description: |
-      System CPU time the build took, in microseconds.
-
-"$defs":
-  success:
-    type: object
-    title: Successful Build Result
-    description: |
-      Represents a successful build with built outputs.
-    required:
-      - success
-      - status
-      - builtOutputs
-    properties:
-      success:
-        const: true
-        title: Success indicator
-        description: |
-          Always true for successful build results.
-
-      status:
-        type: string
-        title: Success status
-        description: |
-          Status string for successful builds.
-        enum:
-          - "Built"
-          - "Substituted"
-          - "AlreadyValid"
-          - "ResolvesToAlreadyValid"
-
-      builtOutputs:
-        type: object
-        title: Built outputs
-        description: |
-          A mapping from output names to their build trace entries.
-        additionalProperties:
-          "$ref": "build-trace-entry-v1.yaml"
-
-  failure:
-    type: object
-    title: Failed Build Result
-    description: |
-      Represents a failed build with error information.
-    required:
-      - success
-      - status
-      - errorMsg
-    properties:
-      success:
-        const: false
-        title: Success indicator
-        description: |
-          Always false for failed build results.
-
-      status:
-        type: string
-        title: Failure status
-        description: |
-          Status string for failed builds.
-        enum:
-          - "PermanentFailure"
-          - "InputRejected"
-          - "OutputRejected"
-          - "TransientFailure"
-          - "CachedFailure"
-          - "TimedOut"
-          - "MiscFailure"
-          - "DependencyFailed"
-          - "LogLimitExceeded"
-          - "NotDeterministic"
-          - "NoSubstituters"
-          - "HashMismatch"
-
-      errorMsg:
-        type: string
-        title: Error message
-        description: |
-          Information about the error if the build failed.
-
-      isNonDeterministic:
-        type: boolean
-        title: Non-deterministic flag
-        description: |
-          If timesBuilt > 1, whether some builds did not produce the same result.
-
-          Note that 'isNonDeterministic = false' does not mean the build is deterministic,
-          just that we don't have evidence of non-determinism.

doc/manual/source/protocols/json/schema/build-trace-entry-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/realisation

doc/manual/source/protocols/json/schema/build-trace-entry-v1.yaml

@@ -1,74 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/build-trace-entry-v1.json"
-title: Build Trace Entry
-description: |
-  A record of a successful build outcome for a specific derivation output.
-
-  This schema describes the JSON representation of a [build trace entry](@docroot@/store/build-trace.md) entry.
-
-  > **Warning**
-  >
-  > This JSON format is currently
-  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-ca-derivations)
-  > and subject to change.
-
-type: object
-required:
-  - id
-  - outPath
-  - dependentRealisations
-  - signatures
-properties:
-  id:
-    type: string
-    title: Derivation Output ID
-    pattern: "^sha256:[0-9a-f]{64}![a-zA-Z_][a-zA-Z0-9_-]*$"
-    description: |
-      Unique identifier for the derivation output that was built.
-
-      Format: `{hash-quotient-drv}!{output-name}`
-
-      - **hash-quotient-drv**: SHA-256 [hash of the quotient derivation](@docroot@/store/derivation/outputs/input-address.md#hash-quotient-drv).
-        Begins with `sha256:`.
-
-      - **output-name**: Name of the specific output (e.g., "out", "dev", "doc")
-
-      Example: `"sha256:ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad!foo"`
-
-  outPath:
-    "$ref": "store-path-v1.yaml"
-    title: Output Store Path
-    description: |
-      The path to the store object that resulted from building this derivation for the given output name.
-
-  dependentRealisations:
-    type: object
-    title: Underlying Base Build Trace
-    description: |
-      This is for [*derived*](@docroot@/store/build-trace.md#derived) build trace entries to ensure coherence.
-
-      Keys are derivation output IDs (same format as the main `id` field).
-      Values are the store paths that those dependencies resolved to.
-
-      As described in the linked section on derived build trace traces, derived build trace entries must be kept in addition and not instead of the underlying base build entries.
-      This is the set of base build trace entries that this derived build trace is derived from.
-      (The set is also a map since this miniature base build trace must be coherent, mapping each key to a single value.)
-
-    patternProperties:
-      "^sha256:[0-9a-f]{64}![a-zA-Z_][a-zA-Z0-9_-]*$":
-        $ref: "store-path-v1.yaml"
-        title: Dependent Store Path
-        description: Store path that this dependency resolved to during the build
-    additionalProperties: false
-
-  signatures:
-    type: array
-    title: Build Signatures
-    description: |
-      A set of cryptographic signatures attesting to the authenticity of this build trace entry.
-    items:
-      type: string
-      title: Signature
-      description: A single cryptographic signature
-
-additionalProperties: false

doc/manual/source/protocols/json/schema/content-address-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/content-address

doc/manual/source/protocols/json/schema/content-address-v1.yaml

@@ -1,55 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/content-address-v1.json"
-title: Content Address
-description: |
-  This schema describes the JSON representation of Nix's `ContentAddress` type, which conveys information about [content-addressing store objects](@docroot@/store/store-object/content-address.md).
-
-  > **Note**
-  >
-  > For current methods of content addressing, this data type is a bit suspicious, because it is neither simply a content address of a file system object (the `method` is richer), nor simply a content address of a store object (the `hash` doesn't account for the references).
-  > It should thus only be used in contexts where the references are also known / otherwise made tamper-resistant.
-
-  <!--
-  TODO currently `ContentAddress` is used in both of these, and so same rationale applies, but actually in both cases the JSON is currently ad-hoc.
-  That will be fixed, and as each is fixed, the example (along with a more precise link to the field in question) should be become part of the above note, so what is is saying is more clear.
-
-  > For example:
-
-  > - Fixed outputs of derivations are not allowed to have any references, so an empty reference set is statically known by assumption.
-
-  > - [Store object info](./store-object-info.md) includes the set of references along side the (optional) content address.
-
-  > This data type is thus safely used in both of these contexts.
-
-  -->
-
-type: object
-properties:
-  method:
-    "$ref": "#/$defs/method"
-  hash:
-    title: Content Address
-    description: |
-      This would be the content-address itself.
-
-      For all current methods, this is just a content address of the file system object of the store object, [as described in the store chapter](@docroot@/store/file-system-object/content-address.md), and not of the store object as a whole.
-      In particular, the references of the store object are *not* taken into account with this hash (and currently-supported methods).
-    "$ref": "./hash-v1.yaml"
-required:
-- method
-- hash
-additionalProperties: false
-"$defs":
-  method:
-    type: string
-    enum: [flat, nar, text, git]
-    title: Content-Addressing Method
-    description: |
-      A string representing the [method](@docroot@/store/store-object/content-address.md) of content addressing that is chosen.
-
-      Valid method strings are:
-
-      - [`flat`](@docroot@/store/store-object/content-address.md#method-flat) (provided the contents are a single file)
-      - [`nar`](@docroot@/store/store-object/content-address.md#method-nix-archive)
-      - [`text`](@docroot@/store/store-object/content-address.md#method-text)
-      - [`git`](@docroot@/store/store-object/content-address.md#method-git)

doc/manual/source/protocols/json/schema/derivation-v4.yaml

@@ -1,299 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/derivation-v4.json"
-title: Derivation
-description: |
-  Experimental JSON representation of a Nix derivation (version 4).
-
-  This schema describes the JSON representation of Nix's `Derivation` type.
-
-  > **Warning**
-  >
-  > This JSON format is currently
-  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-  > and subject to change.
-
-type: object
-required:
-  - name
-  - version
-  - outputs
-  - inputs
-  - system
-  - builder
-  - args
-  - env
-properties:
-  name:
-    type: string
-    title: Derivation name
-    description: |
-      The name of the derivation.
-      Used when calculating store paths for the derivation’s outputs.
-
-  version:
-    const: 4
-    title: Format version (must be 4)
-    description: |
-      Must be `4`.
-      This is a guard that allows us to continue evolving this format.
-      The choice of `3` is fairly arbitrary, but corresponds to this informal version:
-
-      - Version 0: ATerm format
-
-      - Version 1: Original JSON format, with ugly `"r:sha256"` inherited from ATerm format.
-
-      - Version 2: Separate `method` and `hashAlgo` fields in output specs
-
-      - Version 3: Drop store dir from store paths, just include base name.
-
-      - Version 4: Two cleanups, batched together to lesson churn:
-
-        - Reorganize inputs into nested structure (`inputs.srcs` and `inputs.drvs`)
-
-        - Use canonical content address JSON format for floating content addressed derivation outputs.
-
-      Note that while this format is experimental, the maintenance of versions is best-effort, and not promised to identify every change.
-
-  outputs:
-    type: object
-    title: Output specifications
-    description: |
-     Information about the output paths of the derivation.
-     This is a JSON object with one member per output, where the key is the output name and the value is a JSON object as described.
-
-      > **Example**
-      >
-      > ```json
-      > "outputs": {
-      >   "out": {
-      >     "method": "nar",
-      >     "hashAlgo": "sha256",
-      >     "hash": "6fc80dcc62179dbc12fc0b5881275898f93444833d21b89dfe5f7fbcbb1d0d62"
-      >   }
-      > }
-      > ```
-    additionalProperties:
-      "$ref": "#/$defs/output/overall"
-
-  inputs:
-    type: object
-    title: Derivation inputs
-    description: |
-      Input dependencies for the derivation, organized into source paths and derivation dependencies.
-    required:
-      - srcs
-      - drvs
-    properties:
-      srcs:
-        type: array
-        title: Input source paths
-        description: |
-          List of store paths on which this derivation depends.
-
-          > **Example**
-          >
-          > ```json
-          > "srcs": [
-          >   "47y241wqdhac3jm5l7nv0x4975mb1975-separate-debug-info.sh",
-          >   "56d0w71pjj9bdr363ym3wj1zkwyqq97j-fix-pop-var-context-error.patch"
-          > ]
-          > ```
-        items:
-          $ref: "store-path-v1.yaml"
-      drvs:
-        type: object
-        title: Input derivations
-        description: |
-          Mapping of derivation paths to lists of output names they provide.
-
-          > **Example**
-          >
-          > ```json
-          > "drvs": {
-          >   "6lkh5yi7nlb7l6dr8fljlli5zfd9hq58-curl-7.73.0.drv": ["dev"],
-          >   "fn3kgnfzl5dzym26j8g907gq3kbm8bfh-unzip-6.0.drv": ["out"]
-          > }
-          > ```
-          >
-          > specifies that this derivation depends on the `dev` output of `curl`, and the `out` output of `unzip`.
-        patternProperties:
-          "^[0123456789abcdfghijklmnpqrsvwxyz]{32}-.+\\.drv$":
-            title: Store Path
-            description: |
-              A store path to a derivation, mapped to the outputs of that derivation.
-            oneOf:
-            - "$ref": "#/$defs/outputNames"
-            - "$ref": "#/$defs/dynamicOutputs"
-        additionalProperties: false
-    additionalProperties: false
-
-  system:
-    type: string
-    title: Build system type
-    description: |
-      The system type on which this derivation is to be built
-      (e.g. `x86_64-linux`).
-
-  builder:
-    type: string
-    title: Build program path
-    description: |
-      Absolute path of the program used to perform the build.
-      Typically this is the `bash` shell
-      (e.g. `/nix/store/r3j288vpmczbl500w6zz89gyfa4nr0b1-bash-4.4-p23/bin/bash`).
-
-  args:
-    type: array
-    title: Builder arguments
-    description: |
-      Command-line arguments passed to the `builder`.
-    items:
-      type: string
-
-  env:
-    type: object
-    title: Environment variables
-    description: |
-      Environment variables passed to the `builder`.
-    additionalProperties:
-      type: string
-
-  structuredAttrs:
-    title: Structured attributes
-    description: |
-      [Structured Attributes](@docroot@/store/derivation/index.md#structured-attrs), only defined if the derivation contains them.
-      Structured attributes are JSON, and thus embedded as-is.
-    type: object
-    additionalProperties: true
-
-"$defs":
-  output:
-    overall:
-      title: Derivation Output
-      description: |
-        A single output of a derivation, with different variants for different output types.
-      oneOf:
-        - "$ref": "#/$defs/output/inputAddressed"
-        - "$ref": "#/$defs/output/caFixed"
-        - "$ref": "#/$defs/output/caFloating"
-        - "$ref": "#/$defs/output/deferred"
-        - "$ref": "#/$defs/output/impure"
-
-    inputAddressed:
-      title: Input-Addressed Output
-      description: |
-        The traditional non-fixed-output derivation type.
-        The output path is determined from the derivation itself.
-
-        See [Input-addressing derivation outputs](@docroot@/store/derivation/outputs/input-address.md) for more details.
-      type: object
-      required:
-        - path
-      properties:
-        path:
-          $ref: "store-path-v1.yaml"
-          title: Output path
-          description: |
-            The output path determined from the derivation itself.
-      additionalProperties: false
-
-    caFixed:
-      title: Fixed Content-Addressed Output
-      description: |
-        The output is content-addressed, and the content-address is fixed in advance.
-
-        See [Fixed-output content-addressing](@docroot@/store/derivation/outputs/content-address.md#fixed) for more details.
-      "$ref": "./content-address-v1.yaml"
-      required:
-        - method
-        - hash
-      properties:
-        method:
-          description: |
-            Method of content addressing used for this output.
-        hash:
-          title: Expected hash value
-          description: |
-            The expected content hash.
-      additionalProperties: false
-
-    caFloating:
-      title: Floating Content-Addressed Output
-      description: |
-        Floating-output derivations, whose outputs are content
-        addressed, but not fixed, and so the output paths are dynamically calculated from
-        whatever the output ends up being.
-
-        See [Floating Content-Addressing](@docroot@/store/derivation/outputs/content-address.md#floating) for more details.
-      type: object
-      required:
-        - method
-        - hashAlgo
-      properties:
-        method:
-          "$ref": "./content-address-v1.yaml#/$defs/method"
-          description: |
-            Method of content addressing used for this output.
-        hashAlgo:
-          title: Hash algorithm
-          "$ref": "./hash-v1.yaml#/$defs/algorithm"
-          description: |
-            What hash algorithm to use for the given method of content-addressing.
-      additionalProperties: false
-
-    deferred:
-      title: Deferred Output
-      description: |
-        Input-addressed output which depends on a (CA) derivation whose outputs (and thus their content-address
-        are not yet known.
-      type: object
-      properties: {}
-      additionalProperties: false
-
-    impure:
-      title: Impure Output
-      description: |
-        Impure output which is just like a floating content-addressed output, but this derivation runs without sandboxing.
-        As such, we don't record it in the build trace, under the assumption that if we need it again, we should rebuild it, as it might produce something different.
-      required:
-        - impure
-        - method
-        - hashAlgo
-      properties:
-        impure:
-          const: true
-        method:
-          "$ref": "./content-address-v1.yaml#/$defs/method"
-          description: |
-            How the file system objects will be serialized for hashing.
-        hashAlgo:
-          title: Hash algorithm
-          "$ref": "./hash-v1.yaml#/$defs/algorithm"
-          description: |
-            How the serialization will be hashed.
-      additionalProperties: false
-
-  outputName:
-    type: string
-    title: Output name
-    description: Name of the derivation output to depend on
-
-  outputNames:
-    type: array
-    title: Output Names
-    description: Set of names of derivation outputs to depend on
-    items:
-      "$ref": "#/$defs/outputName"
-
-  dynamicOutputs:
-    type: object
-    title: Dynamic Outputs
-    description: |
-      **Experimental feature**: [`dynamic-derivations`](@docroot@/development/experimental-features.md#xp-feature-dynamic-derivations)
-
-      This recursive data type allows for depending on outputs of outputs.
-    properties:
-      outputs:
-        "$ref": "#/$defs/outputNames"
-      dynamicOutputs:
-          "$ref": "#/$defs/dynamicOutputs"

doc/manual/source/protocols/json/schema/deriving-path-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/derived-path

doc/manual/source/protocols/json/schema/deriving-path-v1.yaml

@@ -1,27 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/deriving-path-v1.json"
-title: Deriving Path
-description: |
-  This schema describes the JSON representation of Nix's [Deriving Path](@docroot@/store/derivation/index.md#deriving-path).
-oneOf:
-  - title: Constant
-    description: |
-      See [Constant](@docroot@/store/derivation/index.md#deriving-path-constant) deriving path.
-    $ref: "store-path-v1.yaml"
-  - title: Output
-    description: |
-      See [Output](@docroot@/store/derivation/index.md#deriving-path-output) deriving path.
-    type: object
-    properties:
-      drvPath:
-        "$ref": "#"
-        description: |
-          A deriving path to a [Derivation](@docroot@/store/derivation/index.md#store-derivation), whose output is being referred to.
-      output:
-        type: string
-        description: |
-          The name of an output produced by that derivation (e.g. "out", "doc", etc.).
-    required:
-      - drvPath
-      - output
-    additionalProperties: false

doc/manual/source/protocols/json/schema/file-system-object-v1

@@ -1 +0,0 @@
-../../../../../../src/libutil-tests/data/memory-source-accessor

doc/manual/source/protocols/json/schema/file-system-object-v1.yaml

@@ -1,71 +0,0 @@
-"$schema": http://json-schema.org/draft-04/schema#
-"$id": https://nix.dev/manual/nix/latest/protocols/json/schema/file-system-object-v1.json
-title: File System Object
-description: |
-  This schema describes the JSON representation of Nix's [File System Object](@docroot@/store/file-system-object.md).
-
-  The schema is recursive because file system objects contain other file system objects.
-type: object
-required: ["type"]
-properties:
-  type:
-    type: string
-    enum: ["regular", "symlink", "directory"]
-
-# Enforce conditional structure based on `type`
-anyOf:
-  - $ref: "#/$defs/regular"
-    required: ["type", "contents"]
-
-  - $ref: "#/$defs/directory"
-    required: ["type", "entries"]
-
-  - $ref: "#/$defs/symlink"
-    required: ["type", "target"]
-
-"$defs":
-  regular:
-    title: Regular File
-    description: |
-      See [Regular File](@docroot@/store/file-system-object.md#regular) in the manual for details.
-    required: ["contents"]
-    properties:
-      type:
-        const: "regular"
-      contents:
-        type: string
-        description: File contents
-      executable:
-        type: boolean
-        description: Whether the file is executable.
-        default: false
-    additionalProperties: false
-
-  directory:
-    title: Directory
-    description: |
-      See [Directory](@docroot@/store/file-system-object.md#directory) in the manual for details.
-    required: ["entries"]
-    properties:
-      type:
-        const: "directory"
-      entries:
-        type: object
-        description: |
-          Map of names to nested file system objects (for type=directory)
-        additionalProperties:
-          $ref: "#"
-    additionalProperties: false
-
-  symlink:
-    title: Symbolic Link
-    description: |
-      See [Symbolic Link](@docroot@/store/file-system-object.md#symlink) in the manual for details.
-    required: ["target"]
-    properties:
-      type:
-        const: "symlink"
-      target:
-        type: string
-        description: Target path of the symlink.
-    additionalProperties: false

doc/manual/source/protocols/json/schema/hash-v1

@@ -1 +0,0 @@
-../../../../../../src/libutil-tests/data/hash/

doc/manual/source/protocols/json/schema/hash-v1.yaml

@@ -1,54 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/hash-v1.json"
-title: Hash
-description: |
-  A cryptographic hash value used throughout Nix for content addressing and integrity verification.
-
-  This schema describes the JSON representation of Nix's `Hash` type.
-type: object
-properties:
-  algorithm:
-    "$ref": "#/$defs/algorithm"
-  format:
-    type: string
-    enum:
-    - base64
-    - nix32
-    - base16
-    - sri
-    title: Hash format
-    description: |
-      The encoding format of the hash value.
-
-      - `base64` uses standard Base64 encoding [RFC 4648, section 4](https://datatracker.ietf.org/doc/html/rfc4648#section-4)
-      - `nix32` is Nix-specific base-32 encoding
-      - `base16` is lowercase hexadecimal
-      - `sri` is the [Subresource Integrity format](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity).
-  hash:
-    type: string
-    title: Hash
-    description: |
-      The encoded hash value, itself.
-
-      It is specified in the format specified by the `format` field.
-      It must be the right length for the hash algorithm specified in the `algorithm` field, also.
-      The hash value does not include any algorithm prefix.
-required:
-- algorithm
-- format
-- hash
-additionalProperties: false
-"$defs":
-  algorithm:
-    type: string
-    enum:
-    - blake3
-    - md5
-    - sha1
-    - sha256
-    - sha512
-    title: Hash algorithm
-    description: |
-      The hash algorithm used to compute the hash value.
-
-      `blake3` is currently experimental and requires the [`blake-hashing`](@docroot@/development/experimental-features.md#xp-feature-blake3-hashes) experimental feature.

doc/manual/source/protocols/json/schema/nar-info-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/nar-info

doc/manual/source/protocols/json/schema/store-object-info-v2

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/path-info

doc/manual/source/protocols/json/schema/store-object-info-v2.yaml

@@ -1,258 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/store-object-info-v2.json"
-title: Store Object Info v2
-description: |
-  Information about a [store object](@docroot@/store/store-object.md).
-
-  This schema describes the JSON representation of store object metadata as returned by commands like [`nix path-info --json`](@docroot@/command-ref/new-cli/nix3-path-info.md).
-
-  > **Warning**
-  >
-  > This JSON format is currently
-  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-  > and subject to change.
-
-  ### Field Categories
-
-  Store object information can come in a few different variations.
-
-  Firstly, "impure" fields, which contain non-intrinsic information about the store object, may or may not be included.
-
-  Second, binary cache stores have extra non-intrinsic infomation about the store objects they contain.
-
-  Thirdly, [`nix path-info --json --closure-size`](@docroot@/command-ref/new-cli/nix3-path-info.html#opt-closure-size) can compute some extra information about not just the single store object in question, but the store object and its [closure](@docroot@/glossary.md#gloss-closure).
-
-  The impure and NAR fields are grouped into separate variants below.
-  See their descriptions for additional information.
-  The closure fields however as just included as optional fields, to avoid a combinatorial explosion of variants.
-
-oneOf:
-  - $ref: "#/$defs/base"
-
-  - $ref: "#/$defs/impure"
-
-  - $ref: "#/$defs/narInfo"
-
-$defs:
-  base:
-    title: Store Object Info
-    description: |
-      Basic store object metadata containing only intrinsic properties.
-      This is the minimal set of fields that describe what a store object contains.
-    type: object
-    required:
-      - version
-      - narHash
-      - narSize
-      - references
-      - ca
-    properties:
-      version:
-        type: integer
-        const: 2
-        title: Format version (must be 2)
-        description: |
-          Must be `2`.
-          This is a guard that allows us to continue evolving this format.
-          Here is the rough version history:
-
-          - Version 0: `.narinfo` line-oriented format
-
-          - Version 1: Original JSON format, with ugly `"r:sha256"` inherited from `.narinfo` format.
-
-          - Version 2: Use structured JSON type for `ca`
-
-      path:
-        type: string
-        title: Store Path
-        description: |
-          [Store path](@docroot@/store/store-path.md) to the given store object.
-
-          Note: This field may not be present in all contexts, such as when the path is used as the key and the the store object info the value in map.
-
-      narHash:
-        "$ref": "./hash-v1.yaml"
-        title: NAR Hash
-        description: |
-          Hash of the [file system object](@docroot@/store/file-system-object.md) part of the store object when serialized as a [Nix Archive](@docroot@/store/file-system-object/content-address.md#serial-nix-archive).
-
-      narSize:
-        type: integer
-        minimum: 0
-        title: NAR Size
-        description: |
-          Size of the [file system object](@docroot@/store/file-system-object.md) part of the store object when serialized as a [Nix Archive](@docroot@/store/file-system-object/content-address.md#serial-nix-archive).
-
-      references:
-        type: array
-        title: References
-        description: |
-          An array of [store paths](@docroot@/store/store-path.md), possibly including this one.
-        items:
-          type: string
-
-      ca:
-        oneOf:
-          - type: "null"
-            const: null
-          - "$ref": "./content-address-v1.yaml"
-        title: Content Address
-        description: |
-          If the store object is [content-addressed](@docroot@/store/store-object/content-address.md),
-          this is the content address of this store object's file system object, used to compute its store path.
-          Otherwise (i.e. if it is [input-addressed](@docroot@/glossary.md#gloss-input-addressed-store-object)), this is `null`.
-    additionalProperties: false
-
-  impure:
-    title: Store Object Info with Impure Fields
-    description: |
-      Store object metadata including impure fields that are not *intrinsic* properties.
-      In other words, the same store object in different stores could have different values for these impure fields.
-    type: object
-    required:
-      - version
-      - narHash
-      - narSize
-      - references
-      - ca
-      # impure
-      - deriver
-      - registrationTime
-      - ultimate
-      - signatures
-    properties:
-      version: { $ref: "#/$defs/base/properties/version" }
-      path: { $ref: "#/$defs/base/properties/path" }
-      narHash: { $ref: "#/$defs/base/properties/narHash" }
-      narSize: { $ref: "#/$defs/base/properties/narSize" }
-      references: { $ref: "#/$defs/base/properties/references" }
-      ca: { $ref: "#/$defs/base/properties/ca" }
-      deriver:
-        type: ["string", "null"]
-        title: Deriver
-        description: |
-          If known, the path to the [store derivation](@docroot@/glossary.md#gloss-store-derivation) from which this store object was produced.
-          Otherwise `null`.
-
-          > This is an "impure" field that may not be included in certain contexts.
-
-      registrationTime:
-        type: ["integer", "null"]
-        title: Registration Time
-        description: |
-          If known, when this derivation was added to the store (Unix timestamp).
-          Otherwise `null`.
-
-          > This is an "impure" field that may not be included in certain contexts.
-
-      ultimate:
-        type: boolean
-        title: Ultimate
-        description: |
-          Whether this store object is trusted because we built it ourselves, rather than substituted a build product from elsewhere.
-
-          > This is an "impure" field that may not be included in certain contexts.
-
-      signatures:
-        type: array
-        title: Signatures
-        description: |
-          Signatures claiming that this store object is what it claims to be.
-          Not relevant for [content-addressed](@docroot@/store/store-object/content-address.md) store objects,
-          but useful for [input-addressed](@docroot@/glossary.md#gloss-input-addressed-store-object) store objects.
-
-          > This is an "impure" field that may not be included in certain contexts.
-        items:
-          type: string
-
-      # Computed closure fields
-      closureSize:
-        type: integer
-        minimum: 0
-        title: Closure Size
-        description: |
-          The total size of this store object and every other object in its [closure](@docroot@/glossary.md#gloss-closure).
-
-          > This field is not stored at all, but computed by traversing the other fields across all the store objects in a closure.
-    additionalProperties: false
-
-  narInfo:
-    title: Store Object Info with Impure fields and NAR Info
-    description: |
-      The store object info in the "binary cache" family of Nix store type contain extra information pertaining to *downloads* of the store object in question.
-      (This store info is called "NAR info", since the downloads take the form of [Nix Archives](@docroot@/store/file-system-object/content-address.md#serial-nix-archive, and the metadata is served in a file with a `.narinfo` extension.)
-
-      This download information, being specific to how the store object happens to be stored and transferred, is also considered to be non-intrinsic / impure.
-    type: object
-    required:
-      - version
-      - narHash
-      - narSize
-      - references
-      - ca
-      # impure
-      - deriver
-      - registrationTime
-      - ultimate
-      - signatures
-      # nar
-      - url
-      - compression
-      - downloadHash
-      - downloadSize
-    properties:
-      version: { $ref: "#/$defs/base/properties/version" }
-      path: { $ref: "#/$defs/base/properties/path" }
-      narHash: { $ref: "#/$defs/base/properties/narHash" }
-      narSize: { $ref: "#/$defs/base/properties/narSize" }
-      references: { $ref: "#/$defs/base/properties/references" }
-      ca: { $ref: "#/$defs/base/properties/ca" }
-      deriver: { $ref: "#/$defs/impure/properties/deriver" }
-      registrationTime: { $ref: "#/$defs/impure/properties/registrationTime" }
-      ultimate: { $ref: "#/$defs/impure/properties/ultimate" }
-      signatures: { $ref: "#/$defs/impure/properties/signatures" }
-      closureSize: { $ref: "#/$defs/impure/properties/closureSize" }
-      url:
-        type: string
-        title: URL
-        description: |
-          Where to download a compressed archive of the file system objects of this store object.
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-      compression:
-        type: string
-        title: Compression
-        description: |
-          The compression format that the archive is in.
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-      downloadHash:
-        "$ref": "./hash-v1.yaml"
-        title: Download Hash
-        description: |
-          A digest for the compressed archive itself, as opposed to the data contained within.
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-      downloadSize:
-        type: integer
-        minimum: 0
-        title: Download Size
-        description: |
-          The size of the compressed archive itself.
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-      closureDownloadSize:
-        type: integer
-        minimum: 0
-        title: Closure Download Size
-        description: |
-          The total size of the compressed archive itself for this object, and the compressed archive of every object in this object's [closure](@docroot@/glossary.md#gloss-closure).
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-          > This field is not stored at all, but computed by traversing the other fields across all the store objects in a closure.
-    additionalProperties: false

doc/manual/source/protocols/json/schema/store-path-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/store-path