* Option to turn off position information to test the impact on

maximal sharing.

.clang-format

@@ -1,35 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 4
-BreakBeforeBraces: Custom
-BraceWrapping:
-  AfterStruct: true
-  AfterClass: true
-  AfterFunction: true
-  AfterUnion: true
-  SplitEmptyRecord: false
-PointerAlignment: Middle
-FixNamespaceComments: true
-SortIncludes: Never
-#IndentPPDirectives: BeforeHash
-SpaceAfterCStyleCast: true
-SpaceAfterTemplateKeyword: false
-AccessModifierOffset: -4
-AlignAfterOpenBracket: AlwaysBreak
-AlignEscapedNewlines: Left
-ColumnLimit: 120
-BreakStringLiterals: false
-BitFieldColonSpacing: None
-AllowShortFunctionsOnASingleLine: Empty
-AlwaysBreakTemplateDeclarations: Yes
-BinPackParameters: false
-BreakConstructorInitializers: BeforeComma
-EmptyLineAfterAccessModifier: Leave # change to always/never later?
-EmptyLineBeforeAccessModifier: Leave
-#PackConstructorInitializers: BinPack
-BreakBeforeBinaryOperators: NonAssignment
-AlwaysBreakBeforeMultilineStrings: true
-IndentPPDirectives: AfterHash
-PPIndentWidth: 2
-BinPackArguments: false
-BreakBeforeTernaryOperators: true
-SeparateDefinitionBlocks: Always

.clang-tidy

@@ -1,3 +0,0 @@
-# We use pointers to aggregates in a couple of places, intentionally.
-# void * would look weird.
-Checks: '-bugprone-sizeof-expression'

.coderabbit.yaml

@@ -1,18 +0,0 @@
-# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
-# Disable CodeRabbit auto-review to prevent verbose comments on PRs.
-# When enabled: false, CodeRabbit won't attempt reviews and won't post
-# "Review skipped" or other automated comments.
-reviews:
-  auto_review:
-    enabled: false
-  review_status: false
-  high_level_summary: false
-  poem: false
-  sequence_diagrams: false
-  changed_files_summary: false
-  tools:
-    github-checks:
-      enabled: false
-chat:
-  art: false
-  auto_reply: false

.dir-locals.el

@@ -1,18 +0,0 @@
-((c++-mode . (
-  (c-file-style . "k&r")
-  (c-basic-offset . 4)
-  (c-block-comment-prefix . "  ")
-  (indent-tabs-mode . nil)
-  (tab-width . 4)
-  (show-trailing-whitespace . t)
-  (indicate-empty-lines . t)
-  (eval . (c-set-offset 'innamespace 0))
-  (eval . (c-set-offset 'defun-open 0))
-  (eval . (c-set-offset 'inline-open 0))
-  (eval . (c-set-offset 'arglist-intro '+))
-  (eval . (c-set-offset 'arglist-cont 0))
-  (eval . (c-set-offset 'arglist-cont-nonempty '+))
-  (eval . (c-set-offset 'substatement-open 0))
-  (eval . (c-set-offset 'access-label '-))
-  (eval . (c-set-offset 'inlambda 0))
-  )))

.editorconfig

@@ -1,26 +0,0 @@
-# EditorConfig configuration for nix
-# http://EditorConfig.org
-
-# Top-most EditorConfig file
-root = true
-
-# Unix-style newlines with a newline ending every file, UTF-8 charset
-[*]
-end_of_line = lf
-insert_final_newline = true
-trim_trailing_whitespace = true
-charset = utf-8
-
-# Match Nix files, set indent to spaces with width of two
-[*.nix]
-indent_style = space
-indent_size = 2
-
-# Match C++/C/shell/Perl, set indent to spaces with width of four
-[*.{hpp,cc,hh,c,h,sh,pl,xs}]
-indent_style = space
-indent_size = 4
-
-# Match diffs, avoid to trim trailing whitespace
-[*.{diff,patch}]
-trim_trailing_whitespace = false

.git-blame-ignore-revs

@@ -1,6 +0,0 @@
-# bulk initial re-formatting with clang-format
-e4f62e46088919428a68bd8014201dc8e379fed7 # !autorebase ./maintainers/format.sh --until-stable
-# meson re-formatting
-385e2c3542c707d95e3784f7f6d623f67e77ab61 # !autorebase ./maintainers/format.sh --until-stable
-# nixfmt 1.0.0
-1d943f581908f35075a84a3d89c2eba3ff35067f # !autorebase ./maintainers/format.sh --until-stable

.github/CODEOWNERS

@@ -1,17 +0,0 @@
-# Pull requests concerning the listed files will automatically invite the respective maintainers as reviewers.
-# This file is not used for denoting any kind of ownership, but is merely a tool for handling notifications.
-#
-# Merge permissions are required for maintaining an entry in this file.
-# For documentation on this mechanism, see https://help.github.com/articles/about-codeowners/
-
-# Default reviewers if nothing else matches
-* @edolstra
-
-# This file
-.github/CODEOWNERS @edolstra
-
-# Documentation of built-in functions
-src/libexpr/primops.cc @roberth
-
-# Libstore layer
-/src/libstore @ericson2314

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,54 +0,0 @@
----
-name: Bug report
-about: Report unexpected or incorrect behaviour
-title: ''
-labels: bug
-assignees: ''
-
----
-
-## Describe the bug
-
-<!--
-  A clear and concise description of what the bug is.
-
-  If you have a problem with a specific package or NixOS,
-  you probably want to file an issue at https://github.com/NixOS/nixpkgs/issues.
--->
-
-## Steps To Reproduce
-
-<!--
-  Example:
-
-  1. Clone this repository: ...
-  2. Run `nix-... ...`
-  3. Observe unexpected behaviour
--->
-
-## Expected behavior
-
-<!-- A clear and concise description of what you expected to happen. -->
-
-## Metadata
-
-<!-- Please insert the output of running `nix-env --version` below this line -->
-
-## Additional context
-
-<!-- Add any other context about the problem here. -->
-
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open bug issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open bug issues and pull requests]: https://github.com/NixOS/nix/labels/bug
-
----
-
-Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,39 +0,0 @@
----
-name: Feature request
-about: Suggest a new feature
-title: ''
-labels: feature
-assignees: ''
-
----
-
-## Is your feature request related to a problem?
-
-<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
-
-## Proposed solution
-
-<!-- A clear and concise description of what you want to happen. -->
-
-## Alternative solutions
-
-<!-- A clear and concise description of any alternative solutions or features you've considered. -->
-
-## Additional context
-
-<!-- Add any other context or screenshots about the feature request here. -->
-
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open feature issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open feature issues and pull requests]: https://github.com/NixOS/nix/labels/feature
-
----
-
-Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/installer.md

@@ -1,47 +0,0 @@
----
-name: Installer issue
-about: Report problems with installation
-title: ''
-labels: installer
-assignees: ''
-
----
-
-## Platform
-
-<!-- select the platform on which you tried to install Nix -->
-
-- [ ] Linux: <!-- state your distribution, e.g. Arch Linux, Ubuntu, ... -->
-- [ ] macOS
-- [ ] WSL
-
-## Additional information
-
-<!-- state special circumstances on your system or additional steps you have taken prior to installation -->
-
-## Output
-
-<details><summary>Output</summary>
-
-<!-- paste console output inside the below code block -->
-
-```log
-
-```
-
-</details>
-
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open installer issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open installer issues and pull requests]: https://github.com/NixOS/nix/labels/installer
-
----
-
-Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/ISSUE_TEMPLATE/missing_documentation.md

@@ -1,31 +0,0 @@
----
-name: Missing or incorrect documentation
-about: Help us improve the reference manual
-title: ''
-labels: documentation
-assignees: ''
-
----
-
-## Problem
-
-<!-- describe your problem -->
-
-## Proposal
-
-<!-- propose a solution -->
-
-## Checklist
-
-<!-- make sure this issue is not redundant or obsolete -->
-
-- [ ] checked [latest Nix manual] \([source])
-- [ ] checked [open documentation issues and pull requests] for possible duplicates
-
-[latest Nix manual]: https://nix.dev/manual/nix/development/
-[source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
-[open documentation issues and pull requests]: https://github.com/NixOS/nix/labels/documentation
-
----
-
-Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,42 +0,0 @@
-<!--
-
-IMPORTANT
-
-Nix is a non-trivial project, so for your contribution to be successful,
-it really is important to follow the contributing guidelines:
-
-https://github.com/NixOS/nix/blob/master/CONTRIBUTING.md
-
-Even if you've contributed to open source before, take a moment to read it,
-so you understand the process and the expectations.
-
-- what information to include in commit messages
-- proper attribution
-- volunteering contributions effectively
-- how to get help and our review process.
-
-PR stuck in review? We have two Nix team meetings per week online that are open for everyone in a jitsi conference:
-
-- https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com
-
--->
-
-## Motivation
-
-<!-- Briefly explain what the change is about and why it is desirable. -->
-
-## Context
-
-<!-- Provide context. Reference open issues if available. -->
-
-<!-- Non-trivial change: Briefly outline the implementation strategy. -->
-
-<!-- Invasive change: Discuss alternative designs or approaches you considered. -->
-
-<!-- Large change: Provide instructions to reviewers how to read the diff. -->
-
----
-
-Add :+1: to [pull requests you find important](https://github.com/NixOS/nix/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc).
-
-The Nix maintainer team uses a [GitHub project board](https://github.com/orgs/NixOS/projects/19) to [schedule and track reviews](https://github.com/NixOS/nix/tree/master/maintainers#project-board-protocol). 

.github/STALE-BOT.md

@@ -1,35 +0,0 @@
-# Stale bot information
-
-- Thanks for your contribution!
-- To remove the stale label, just leave a new comment.
-- _How to find the right people to ping?_ → [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.)
-- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on [Matrix - #users:nixos.org](https://matrix.to/#/#users:nixos.org).
-
-## Suggestions for PRs
-
-1. GitHub sometimes doesn't notify people who commented / reviewed a PR previously, when you (force) push commits. If you have addressed the reviews you can [officially ask for a review](https://docs.github.com/en/free-pro-team@latest/github/collaborating-with-issues-and-pull-requests/requesting-a-pull-request-review) from those who commented to you or anyone else.
-2. If it is unfinished but you plan to finish it, please mark it as a draft.
-3. If you don't expect to work on it any time soon, closing it with a short comment may encourage someone else to pick up your work.
-4. To get things rolling again, rebase the PR against the target branch and address valid comments.
-5. If you need a review to move forward, ask in [the Discourse thread for PRs that need help](https://discourse.nixos.org/t/prs-in-distress/3604).
-6. If all you need is a merge, check the git history to find and [request reviews](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/requesting-a-pull-request-review) from people who usually merge related contributions.
-
-## Suggestions for issues
-
-1. If it is resolved (either for you personally, or in general), please consider closing it.
-2. If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
-3. If you still have interest in resolving it, try to ping somebody who you believe might have an interest in the topic. Consider discussing the problem in [our Discourse Forum](https://discourse.nixos.org/).
-4. As with all open source projects, your best option is to submit a Pull Request that addresses this issue. We :heart: this attitude!
-
-**Memorandum on closing issues**
-
-Don't be afraid to close an issue that holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen--nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.
-
-## Useful GitHub search queries
-
-- [Open PRs with any stale-bot interaction](https://github.com/NixOS/nix/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+)
-- [Open PRs with any stale-bot interaction and `stale`](https://github.com/NixOS/nix/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+label%3A%22stale%22)
-- [Open PRs with any stale-bot interaction and NOT `stale`](https://github.com/NixOS/nix/pulls?q=is%3Apr+is%3Aopen+commenter%3Aapp%2Fstale+-label%3A%22stale%22+)
-- [Open Issues with any stale-bot interaction](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+)
-- [Open Issues with any stale-bot interaction and `stale`](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+label%3A%22stale%22+)
-- [Open Issues with any stale-bot interaction and NOT `stale`](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+commenter%3Aapp%2Fstale+-label%3A%22stale%22+)

.github/actions/install-nix-action/action.yaml

@@ -1,131 +0,0 @@
-name: "Install Nix"
-description: "Helper action for installing Nix with support for dogfooding from master"
-inputs:
-  dogfood:
-    description: "Whether to use Nix installed from the latest artifact from master branch"
-    required: true # Be explicit about the fact that we are using unreleased artifacts
-  experimental-installer:
-    description: "Whether to use the experimental installer to install Nix"
-    default: false
-  experimental-installer-version:
-    description: "Version of the experimental installer to use. If `latest`, the newest artifact from the default branch is used."
-    # TODO: This should probably be pinned to a release after https://github.com/NixOS/experimental-nix-installer/pull/49 lands in one
-    default: "latest"
-  extra_nix_config:
-    description: "Gets appended to `/etc/nix/nix.conf` if passed."
-  install_url:
-    description: "URL of the Nix installer"
-    required: false
-    default: "https://releases.nixos.org/nix/nix-2.32.1/install"
-  tarball_url:
-    description: "URL of the Nix tarball to use with the experimental installer"
-    required: false
-  github_token:
-    description: "Github token"
-    required: true
-  use_cache:
-    description: "Whether to setup magic-nix-cache"
-    default: true
-    required: false
-runs:
-  using: "composite"
-  steps:
-    - name: "Download nix install artifact from master"
-      shell: bash
-      id: download-nix-installer
-      if: inputs.dogfood == 'true'
-      run: |
-        RUN_ID=$(gh run list --repo "$DOGFOOD_REPO" --workflow ci.yml --branch master --status success --json databaseId --jq ".[0].databaseId")
-
-        if [ "$RUNNER_OS" == "Linux" ]; then
-          INSTALLER_ARTIFACT="installer-linux"
-        elif [ "$RUNNER_OS" == "macOS" ]; then
-          INSTALLER_ARTIFACT="installer-darwin"
-        else
-          echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS"
-          exit 1
-        fi
-
-        INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$INSTALLER_ARTIFACT"
-        mkdir -p "$INSTALLER_DOWNLOAD_DIR"
-
-        gh run download "$RUN_ID" --repo "$DOGFOOD_REPO" -n "$INSTALLER_ARTIFACT" -D "$INSTALLER_DOWNLOAD_DIR"
-        echo "installer-path=file://$INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-        TARBALL_PATH="$(find "$INSTALLER_DOWNLOAD_DIR" -name 'nix*.tar.xz' -print | head -n 1)"
-        echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
-
-        echo "::notice ::Dogfooding Nix installer from master (https://github.com/$DOGFOOD_REPO/actions/runs/$RUN_ID)"
-      env:
-        GH_TOKEN: ${{ inputs.github_token }}
-        DOGFOOD_REPO: "NixOS/nix"
-    - name: "Gather system info for experimental installer"
-      shell: bash
-      if: ${{ inputs.experimental-installer == 'true' }}
-      run: |
-        echo "::notice Using experimental installer from $EXPERIMENTAL_INSTALLER_REPO (https://github.com/$EXPERIMENTAL_INSTALLER_REPO)"
-
-        if [ "$RUNNER_OS" == "Linux" ]; then
-          EXPERIMENTAL_INSTALLER_SYSTEM="linux"
-          echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-        elif [ "$RUNNER_OS" == "macOS" ]; then
-          EXPERIMENTAL_INSTALLER_SYSTEM="darwin"
-          echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-        else
-          echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS"
-          exit 1
-        fi
-
-        if [ "$RUNNER_ARCH" == "X64" ]; then
-          EXPERIMENTAL_INSTALLER_ARCH=x86_64
-          echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV"
-        elif [ "$RUNNER_ARCH" == "ARM64" ]; then
-          EXPERIMENTAL_INSTALLER_ARCH=aarch64
-          echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV"
-        else
-          echo "::error ::Unsupported RUNNER_ARCH: $RUNNER_ARCH"
-          exit 1
-        fi
-
-        echo "EXPERIMENTAL_INSTALLER_ARTIFACT=nix-installer-$EXPERIMENTAL_INSTALLER_ARCH-$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-      env:
-        EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer"
-    - name: "Download latest experimental installer"
-      shell: bash
-      id: download-latest-experimental-installer
-      if: ${{ inputs.experimental-installer == 'true' && inputs.experimental-installer-version == 'latest' }}
-      run: |
-        RUN_ID=$(gh run list --repo "$EXPERIMENTAL_INSTALLER_REPO" --workflow ci.yml --branch main --status success --json databaseId --jq ".[0].databaseId")
-
-        EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$EXPERIMENTAL_INSTALLER_ARTIFACT"
-        mkdir -p "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR"
-
-        gh run download "$RUN_ID" --repo "$EXPERIMENTAL_INSTALLER_REPO" -n "$EXPERIMENTAL_INSTALLER_ARTIFACT" -D "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR"
-        # Executable permissions are lost in artifacts
-        find $EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR -type f -exec chmod +x {} +
-        echo "installer-path=$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-      env:
-        GH_TOKEN: ${{ inputs.github_token }}
-        EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer"
-    - uses: cachix/install-nix-action@c134e4c9e34bac6cab09cf239815f9339aaaf84e # v31.5.1
-      if: ${{ inputs.experimental-installer != 'true' }}
-      with:
-        # Ternary operator in GHA: https://www.github.com/actions/runner/issues/409#issuecomment-752775072
-        install_url: ${{ inputs.dogfood == 'true' && format('{0}/install', steps.download-nix-installer.outputs.installer-path) || inputs.install_url }}
-        install_options: ${{ inputs.dogfood == 'true' && format('--tarball-url-prefix {0}', steps.download-nix-installer.outputs.installer-path) || '' }}
-        extra_nix_config: ${{ inputs.extra_nix_config }}
-    - uses: DeterminateSystems/nix-installer-action@786fff0690178f1234e4e1fe9b536e94f5433196 # v20
-      if: ${{ inputs.experimental-installer == 'true' }}
-      with:
-        diagnostic-endpoint: ""
-        # TODO: It'd be nice to use `artifacts.nixos.org` for both of these, maybe through an `/experimental-installer/latest` endpoint? or `/commit/<hash>`?
-        local-root: ${{ inputs.experimental-installer-version == 'latest' && steps.download-latest-experimental-installer.outputs.installer-path || '' }}
-        source-url: ${{ inputs.experimental-installer-version != 'latest' && 'https://artifacts.nixos.org/experimental-installer/tag/${{ inputs.experimental-installer-version }}/${{ env.EXPERIMENTAL_INSTALLER_ARTIFACT }}' || '' }}
-        nix-package-url: ${{ inputs.dogfood == 'true' && steps.download-nix-installer.outputs.tarball-path || (inputs.tarball_url || '') }}
-        extra-conf: ${{ inputs.extra_nix_config }}
-    - uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13
-      if: ${{ inputs.use_cache == 'true' }}
-      with:
-        diagnostic-endpoint: ''
-        use-flakehub: false
-        use-gha-cache: true
-        source-revision: 92d9581367be2233c2d5714a2640e1339f4087d8 # main

.github/dependabot.yml

@@ -1,6 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"

.github/labeler.yml

@@ -1,43 +0,0 @@
-"c api":
-  - changed-files:
-    - any-glob-to-any-file: "src/lib*-c/**/*"
-    - any-glob-to-any-file: "src/*test*/**/nix_api_*"
-    - any-glob-to-any-file: "doc/external-api/**/*"
-
-"contributor-experience":
-  - changed-files:
-    - any-glob-to-any-file: "CONTRIBUTING.md"
-    - any-glob-to-any-file: ".github/ISSUE_TEMPLATE/*"
-    - any-glob-to-any-file: ".github/PULL_REQUEST_TEMPLATE.md"
-    - any-glob-to-any-file: "doc/manual/source/contributing/**"
-
-"documentation":
-  - changed-files:
-    - any-glob-to-any-file: "doc/manual/**/*"
-    - any-glob-to-any-file: "src/nix/**/*.md"
-
-"store":
-  - changed-files:
-    - any-glob-to-any-file: "src/libstore/store-api.*"
-    - any-glob-to-any-file: "src/libstore/*-store.*"
-
-"fetching":
-  - changed-files:
-    - any-glob-to-any-file: "src/libfetchers/**/*"
-
-"repl":
-  - changed-files:
-    - any-glob-to-any-file: "src/libcmd/repl.*"
-    - any-glob-to-any-file: "src/nix/repl.*"
-
-"new-cli":
-  - changed-files:
-    - any-glob-to-any-file: "src/nix/**/*"
-
-"with-tests":
-  - changed-files:
-    # Unit tests
-    - any-glob-to-any-file: "src/*/tests/**/*"
-    # Functional and integration tests
-    - any-glob-to-any-file: "tests/functional/**/*"
-

.github/stale.yml

@@ -1,9 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-daysUntilStale: 180
-daysUntilClose: false
-exemptLabels:
-  - "critical"
-  - "never-stale"
-staleLabel: "stale"
-markComment: false
-closeComment: false

.github/workflows/backport.yml

@@ -1,37 +0,0 @@
-name: Backport
-on:
-  pull_request_target:
-    types: [closed, labeled]
-permissions:
-  contents: read
-jobs:
-  backport:
-    name: Backport Pull Request
-    permissions:
-      # for korthout/backport-action
-      contents: write
-      pull-requests: write
-    if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
-    runs-on: ubuntu-24.04-arm
-    steps:
-      - name: Generate GitHub App token
-        id: generate-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.CI_APP_ID }}
-          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
-      - uses: actions/checkout@v5
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          # required to find all branches
-          fetch-depth: 0
-      - name: Create backport PRs
-        uses: korthout/backport-action@d07416681cab29bf2661702f925f020aaa962997 # v3.4.1
-        id: backport
-        with:
-          # Config README: https://github.com/korthout/backport-action#backport-action
-          github_token: ${{ steps.generate-token.outputs.token }}
-          github_workspace: ${{ github.workspace }}
-          auto_merge_enabled: true
-          pull_description: |-
-            Automatic backport to `${target_branch}`, triggered by a label in #${pull_number}.

.github/workflows/ci.yml

@@ -1,318 +0,0 @@
-name: "CI"
-
-on:
-  pull_request:
-  merge_group:
-  push:
-    branches:
-      - master
-  workflow_dispatch:
-    inputs:
-      dogfood:
-        description: 'Use dogfood Nix build'
-        required: false
-        default: true
-        type: boolean
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-permissions: read-all
-
-jobs:
-  eval:
-    runs-on: ubuntu-24.04
-    steps:
-    - uses: actions/checkout@v5
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        extra_nix_config:
-          experimental-features = nix-command flakes
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        use_cache: false
-    - run: nix flake show --all-systems --json
-
-  pre-commit-checks:
-    name: pre-commit checks
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: actions/checkout@v5
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-          extra_nix_config: experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - run: ./ci/gha/tests/pre-commit-checks
-
-  basic-checks:
-    name: aggregate basic checks
-    if: ${{ always() }}
-    runs-on: ubuntu-24.04
-    needs: [pre-commit-checks, eval]
-    steps:
-      - name: Exit with any errors
-        if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
-        run: |
-          exit 1
-
-  tests:
-    needs: basic-checks
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - scenario: on ubuntu
-            runs-on: ubuntu-24.04
-            os: linux
-            instrumented: false
-            primary: true
-            stdenv: stdenv
-          - scenario: on macos
-            runs-on: macos-14
-            os: darwin
-            instrumented: false
-            primary: true
-            stdenv: stdenv
-          - scenario: on ubuntu (with sanitizers / coverage)
-            runs-on: ubuntu-24.04
-            os: linux
-            instrumented: true
-            primary: false
-            stdenv: clangStdenv
-    name: tests ${{ matrix.scenario }}
-    runs-on: ${{ matrix.runs-on }}
-    timeout-minutes: 60
-    steps:
-    - uses: actions/checkout@v5
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        # The sandbox would otherwise be disabled by default on Darwin
-        extra_nix_config: "sandbox = true"
-    # Since ubuntu 22.30, unprivileged usernamespaces are no longer allowed to map to the root user:
-    # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
-    - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
-      if: matrix.os == 'linux'
-    - name: Run component tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix componentTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-    - name: Run VM tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix vmTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-      if: ${{ matrix.os == 'linux' }}
-    - name: Run flake checks and prepare the installer tarball
-      run: |
-        ci/gha/tests/build-checks
-        ci/gha/tests/prepare-installer-for-github-actions
-      if: ${{ matrix.primary }}
-    - name: Collect code coverage
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix codeCoverage.coverageReports -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}" \
-          --out-link coverage-reports
-        cat coverage-reports/index.txt >> $GITHUB_STEP_SUMMARY
-      if: ${{ matrix.instrumented }}
-    - name: Upload coverage reports
-      uses: actions/upload-artifact@v5
-      with:
-        name: coverage-reports
-        path: coverage-reports/
-      if: ${{ matrix.instrumented }}
-    - name: Upload installer tarball
-      uses: actions/upload-artifact@v5
-      with:
-        name: installer-${{matrix.os}}
-        path: out/*
-      if: ${{ matrix.primary }}
-
-  installer_test:
-    needs: [tests]
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - scenario: on ubuntu
-            runs-on: ubuntu-24.04
-            os: linux
-            experimental-installer: false
-          - scenario: on macos
-            runs-on: macos-14
-            os: darwin
-            experimental-installer: false
-          - scenario: on ubuntu (experimental)
-            runs-on: ubuntu-24.04
-            os: linux
-            experimental-installer: true
-          - scenario: on macos (experimental)
-            runs-on: macos-14
-            os: darwin
-            experimental-installer: true
-    name: installer test ${{ matrix.scenario }}
-    runs-on: ${{ matrix.runs-on }}
-    steps:
-    - uses: actions/checkout@v5
-    - name: Download installer tarball
-      uses: actions/download-artifact@v6
-      with:
-        name: installer-${{matrix.os}}
-        path: out
-    - name: Looking up the installer tarball URL
-      id: installer-tarball-url
-      run: |
-        echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT"
-        TARBALL_PATH="$(find "$GITHUB_WORKSPACE/out" -name 'nix*.tar.xz' -print | head -n 1)"
-        echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
-    - uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31.8.4
-      if: ${{ !matrix.experimental-installer }}
-      with:
-        install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }}
-        install_options: ${{ format('--tarball-url-prefix {0}', steps.installer-tarball-url.outputs.installer-url) }}
-    - uses: ./.github/actions/install-nix-action
-      if: ${{ matrix.experimental-installer }}
-      with:
-        dogfood: false
-        experimental-installer: true
-        tarball_url: ${{ steps.installer-tarball-url.outputs.tarball-path }}
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-    - run: sudo apt install fish zsh
-      if: matrix.os == 'linux'
-    - run: brew install fish
-      if: matrix.os == 'darwin'
-    - run: exec bash -c "nix-instantiate -E 'builtins.currentTime' --eval"
-    - run: exec sh -c "nix-instantiate -E 'builtins.currentTime' --eval"
-    - run: exec zsh -c "nix-instantiate -E 'builtins.currentTime' --eval"
-    - run: exec fish -c "nix-instantiate -E 'builtins.currentTime' --eval"
-    - run: exec bash -c "nix-channel --add https://releases.nixos.org/nixos/unstable/nixos-23.05pre466020.60c1d71f2ba nixpkgs"
-    - run: exec bash -c "nix-channel --update && nix-env -iA nixpkgs.hello && hello"
-
-  # Steps to test CI automation in your own fork.
-  # 1. Sign-up for https://hub.docker.com/
-  # 2. Store your dockerhub username as DOCKERHUB_USERNAME in "Repository secrets" of your fork repository settings (https://github.com/$githubuser/nix/settings/secrets/actions)
-  # 3. Create an access token in https://hub.docker.com/settings/security and store it as DOCKERHUB_TOKEN in "Repository secrets" of your fork
-  check_secrets:
-    permissions:
-      contents: none
-    name: Check presence of secrets
-    runs-on: ubuntu-24.04
-    outputs:
-      docker: ${{ steps.secret.outputs.docker }}
-    steps:
-      - name: Check for DockerHub secrets
-        id: secret
-        env:
-          _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
-        run: |
-          echo "docker=${{ env._DOCKER_SECRETS != '' }}" >> $GITHUB_OUTPUT
-
-  docker_push_image:
-    needs: [tests, check_secrets]
-    permissions:
-      contents: read
-      packages: write
-    if: >-
-      needs.check_secrets.outputs.docker == 'true' &&
-      github.event_name == 'push' &&
-      github.ref_name == 'master'
-    runs-on: ubuntu-24.04
-    steps:
-    - uses: actions/checkout@v5
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        dogfood: false
-        extra_nix_config: |
-          experimental-features = flakes nix-command
-    - run: echo NIX_VERSION="$(nix eval .\#nix.version | tr -d \")" >> $GITHUB_ENV
-    - run: nix build .#dockerImage -L
-    - run: docker load -i ./result/image.tar.gz
-    - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
-    - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
-    # We'll deploy the newly built image to both Docker Hub and Github Container Registry.
-    #
-    # Push to Docker Hub first
-    - name: Login to Docker Hub
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
-    - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
-    - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
-    # Push to GitHub Container Registry as well
-    - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-    - name: Push image
-      run: |
-        IMAGE_ID=ghcr.io/${{ github.repository_owner }}/nix
-        # Change all uppercase to lowercase
-        IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
-
-        docker tag nix:$NIX_VERSION $IMAGE_ID:$NIX_VERSION
-        docker tag nix:$NIX_VERSION $IMAGE_ID:latest
-        docker push $IMAGE_ID:$NIX_VERSION
-        docker push $IMAGE_ID:latest
-        # deprecated 2024-02-24
-        docker tag nix:$NIX_VERSION $IMAGE_ID:master
-        docker push $IMAGE_ID:master
-
-  flake_regressions:
-    needs: tests
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Checkout nix
-        uses: actions/checkout@v5
-      - name: Checkout flake-regressions
-        uses: actions/checkout@v5
-        with:
-          repository: NixOS/flake-regressions
-          path: flake-regressions
-      - name: Checkout flake-regressions-data
-        uses: actions/checkout@v5
-        with:
-          repository: NixOS/flake-regressions-data
-          path: flake-regressions/tests
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-          extra_nix_config:
-            experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh
-
-  profile_build:
-    needs: tests
-    runs-on: ubuntu-24.04
-    timeout-minutes: 60
-    if: >-
-      github.event_name == 'push' &&
-      github.ref_name == 'master'
-    steps:
-    - uses: actions/checkout@v5
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        extra_nix_config: |
-          experimental-features = flakes nix-command ca-derivations impure-derivations
-          max-jobs = 1
-    - run: |
-        nix build -L --file ./ci/gha/profile-build buildTimeReport --out-link build-time-report.md
-        cat build-time-report.md >> $GITHUB_STEP_SUMMARY

.github/workflows/labels.yml

@@ -1,24 +0,0 @@
-name: "Label PR"
-
-on:
-  pull_request_target:
-    types: [edited, opened, synchronize, reopened]
-
-# WARNING:
-# When extending this action, be aware that $GITHUB_TOKEN allows some write
-# access to the GitHub API. This means that it should not evaluate user input in
-# a way that allows code injection.
-
-permissions:
-  contents: read
-  pull-requests: write
-
-jobs:
-  labels:
-    runs-on: ubuntu-24.04
-    if: github.repository_owner == 'NixOS'
-    steps:
-    - uses: actions/labeler@v6
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        sync-labels: false

.gitignore

@@ -1,52 +0,0 @@
-# Default meson build dir
-/build
-
-# /tests/functional/
-/tests/functional/common/subst-vars.sh
-/tests/functional/restricted-innocent
-/tests/functional/debugger-test-out
-/tests/functional/test-libstoreconsumer/test-libstoreconsumer
-/tests/functional/nix-shell
-
-# /tests/functional/lang/
-/tests/functional/lang/*.out
-/tests/functional/lang/*.out.xml
-/tests/functional/lang/*.err
-/tests/functional/lang/*.ast
-
-/outputs
-
-*~
-
-# GNU Global
-GPATH
-GRTAGS
-GSYMS
-GTAGS
-
-# ccls
-/.ccls-cache
-
-# auto-generated compilation database
-compile_commands.json
-*.compile_commands.json
-
-result
-result-*
-
-# IDE
-.vscode/
-.idea/
-
-.pre-commit-config.yaml
-
-# clangd and possibly more
-.cache/
-
-# Mac OS
-.DS_Store
-
-flake-regressions
-
-# direnv
-.direnv/

.shellcheckrc

@@ -1,4 +0,0 @@
-external-sources=true
-source-path=SCRIPTDIR
-# Hack for scripts in e.g. tests/functional/ca
-source-path=SCRIPTDIR/..

.version

@@ -1 +0,0 @@
-2.33.0

AUTHORS

@@ -0,0 +1,8 @@
+The following people contributed to Nix, in alphabetical order:
+
+Martin Bravenboer
+Eelco Dolstra
+Niels Janssen
+Armijn Hemel
+Rob Vermaas
+Eelco Visser

CITATION.cff

@@ -1,42 +0,0 @@
-cff-version: 1.2.0
-title: Nix
-message: >-
-  If you use this software, please cite it using the
-  metadata from this file.
-type: software
-authors:
-  - given-names: Eelco
-    family-names: Dolstra
-    email: edolstra@gmail.com
-  - name: The Nix contributors
-    website: 'https://github.com/NixOS/nix'
-references:
-  - title: The Purely Functional Software Deployment Model
-    authors:
-    - family-names: Dolstra
-      given-names: Eelco
-    year: 2006
-    type: thesis
-    thesis-type: PhD thesis
-    isbn: 90-393-4130-3
-    url: https://dspace.library.uu.nl/handle/1874/7540
-    database-provider: Utrecht University Repository
-    institution:
-      name: Utrecht University
-    keywords:
-    - configuration management
-    - software deployment
-    - purely functional
-    - component-based software engineering
-repository-code: 'https://github.com/NixOS/nix'
-url: 'https://nixos.org/'
-abstract: >-
-  Nix, a purely functional package manager, is a powerful
-  package manager for Linux and other Unix systems that
-  makes package management reliable and reproducible.
-keywords:
-  - reproducibility
-  - open-source
-  - c++
-  - functional
-license: LGPL-2.1

CONTRIBUTING.md

@@ -1,100 +0,0 @@
-# Contributing to Nix
-
-Welcome and thank you for your interest in contributing to Nix!
-We appreciate your support.
-
-Reading and following these guidelines will help us make the contribution process easy and effective for everyone involved.
-
-## Report a bug
-
-1. Check on the [GitHub issue tracker](https://github.com/NixOS/nix/issues) if your bug was already reported.
-
-2. If you were not able to find the bug or feature [open a new issue](https://github.com/NixOS/nix/issues/new/choose)
-
-3. The issue templates will guide you in specifying your issue.
-   The more complete the information you provide, the more likely it can be found by others and the more useful it is in the future.
-   Make sure reported bugs can be reproduced easily.
-
-4. Once submitted, do not expect issues to be picked up or solved right away.
-   The only way to ensure this, is to [work on the issue yourself](#making-changes-to-nix).
-
-## Report a security vulnerability
-
-Check out the [security policy](https://github.com/NixOS/nix/security/policy).
-
-## Making changes to Nix
-
-1. Search for related issues that cover what you're going to work on.
-   It could help to mention there that you will work on the issue.
-
-   We strongly recommend first-time contributors not to propose new features but rather fix tightly-scoped problems in order to build trust and a working relationship with maintainers.
-
-   Issues labeled [good first issue](https://github.com/NixOS/nix/labels/good%20first%20issue) should be relatively easy to fix and are likely to get merged quickly.
-   Pull requests addressing issues labeled [idea approved](https://github.com/NixOS/nix/labels/idea%20approved) or [RFC](https://github.com/NixOS/nix/labels/RFC) are especially welcomed by maintainers and will receive prioritised review.
-
-   If you are proficient with C++, addressing one of the [popular issues](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc) will be highly appreciated by maintainers and Nix users all over the world.
-   For far-reaching changes, please investigate possible blockers and design implications, and coordinate with maintainers before investing too much time in writing code that may not end up getting merged.
-
-   If there is no relevant issue yet and you're not sure whether your change is likely to be accepted, [open an issue](https://github.com/NixOS/nix/issues/new/choose) yourself.
-
-2. Check for [pull requests](https://github.com/NixOS/nix/pulls) that might already cover the contribution you are about to make.
-   There are many open pull requests that might already do what you intend to work on.
-   You can use [labels](https://github.com/NixOS/nix/labels) to filter for relevant topics.
-
-3. Check the [Nix reference manual](https://nix.dev/manual/nix/development/development/building.html) for information on building Nix and running its tests.
-
-   For contributions to the command line interface, please check the [CLI guidelines](https://nix.dev/manual/nix/development/development/cli-guideline.html).
-
-4. Make your change!
-
-5. [Create a pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) for your changes.
-   * Clearly explain the problem that you're solving.
-
-     Link related issues to inform interested parties and future contributors about your change.
-     If your pull request closes one or multiple issues, mention that in the description using `Closes: #<number>`, as it will then happen automatically when your change is merged.
-   * Credit original authors when you're reusing or building on their work.
-   * Link to relevant changes in other projects, so that others can understand the full context of the change in the future when you or someone else will change or troubleshoot the code.
-     This is especially important when your change is based on work done in other repositories.
-
-     Example:
-     ```
-     This is based on the work of @user in <url>.
-     This solution took inspiration from <url>.
-
-     Co-authored-by: User Name <user@example.com>
-     ```
-
-     When cherry-picking from a different repository, use the `-x` flag, and then amend the commits to turn the hashes into URLs.
-
-   * Make sure to have [a clean history of commits on your branch by using rebase](https://www.digitalocean.com/community/tutorials/how-to-rebase-and-update-a-pull-request).
-   * [Mark the pull request as draft](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request) if you're not done with the changes.
-
-6. Do not expect your pull request to be reviewed immediately.
-   Nix maintainers follow a [structured process for reviews and design decisions](https://github.com/NixOS/nix/tree/master/maintainers#project-board-protocol), which may or may not prioritise your work.
-
-   Following this checklist will make the process smoother for everyone:
-
-   - [ ] Fixes an [idea approved](https://github.com/NixOS/nix/labels/idea%20approved) issue
-   - [ ] Tests, as appropriate:
-     - Functional tests – [`tests/functional/**.sh`](./tests/functional)
-     - Unit tests – [`src/*/tests`](./src/)
-     - Integration tests – [`tests/nixos/*`](./tests/nixos)
-   - [ ] User documentation in the [manual](./doc/manual/source)
-   - [ ] API documentation in header files
-   - [ ] Code and comments are self-explanatory
-   - [ ] Commit message explains **why** the change was made
-   - [ ] New feature or incompatible change: [add a release note](https://nix.dev/manual/nix/development/development/contributing.html#add-a-release-note)
-
-7. If you need additional feedback or help to getting pull request into shape, ask other contributors using [@mentions](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#mentioning-people-and-teams).
-
-## Making changes to the Nix manual
-
-The Nix reference manual is hosted on https://nix.dev/manual/nix.
-The underlying source files are located in [`doc/manual/source`](./doc/manual/source).
-For small changes you can [use GitHub to edit these files](https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files)
-For larger changes see the [Nix reference manual](https://nix.dev/manual/nix/development/development/contributing.html).
-
-## Getting help
-
-Whenever you're stuck or do not know how to proceed, you can always ask for help.
-We invite you to use our [Matrix room](https://matrix.to/#/#nix-dev:nixos.org) to ask questions.

COPYING

@@ -1,8 +1,8 @@
-                  GNU LESSER GENERAL PUBLIC LICENSE
-                       Version 2.1, February 1999
+		  GNU LESSER GENERAL PUBLIC LICENSE
+		       Version 2.1, February 1999
 
  Copyright (C) 1991, 1999 Free Software Foundation, Inc.
- <https://fsf.org/>
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -10,7 +10,7 @@
  as the successor of the GNU Library Public License, version 2, hence
  the version number 2.1.]
 
-                            Preamble
+			    Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -112,7 +112,7 @@ modification follow.  Pay close attention to the difference between a
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
 
-                  GNU LESSER GENERAL PUBLIC LICENSE
+		  GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License Agreement applies to any software library or other
@@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
 on the Library (independent of the use of the Library in a tool for
 writing it).  Whether that is true depends on what the Library does
 and what the program that uses the Library does.
-
+  
   1. You may copy and distribute verbatim copies of the Library's
 complete source code as you receive it, in any medium, provided that
 you conspicuously and appropriately publish on each copy an
@@ -432,7 +432,7 @@ decision will be guided by the two goals of preserving the free status
 of all derivatives of our free software and of promoting the sharing
 and reuse of software generally.
 
-                            NO WARRANTY
+			    NO WARRANTY
 
   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
 WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
@@ -455,7 +455,7 @@ FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
 SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
 
-                     END OF TERMS AND CONDITIONS
+		     END OF TERMS AND CONDITIONS
 
            How to Apply These Terms to Your New Libraries
 
@@ -484,7 +484,8 @@ convey the exclusion of warranty; and each file should have at least the
     Lesser General Public License for more details.
 
     You should have received a copy of the GNU Lesser General Public
-    License along with this library; if not, see <https://www.gnu.org/licenses/>.
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -495,7 +496,9 @@ necessary.  Here is a sample; alter the names:
   Yoyodyne, Inc., hereby disclaims all copyright interest in the
   library `Frob' (a library for tweaking knobs) written by James Random Hacker.
 
-  <signature of Moe Ghoul>, 1 April 1990
-  Moe Ghoul, President of Vice
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
 
 That's all there is to it!
+
+

HACKING.md

@@ -1 +0,0 @@
-doc/manual/source/development/building.md

INSTALL

@@ -0,0 +1,229 @@
+Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
+Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   These are generic installation instructions.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  (Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.)
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You only need
+`configure.ac' if you want to change it or regenerate `configure' using
+a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.  If you're
+     using `csh' on an old version of System V, you might need to type
+     `sh ./configure' instead to prevent `csh' from trying to execute
+     `configure' itself.
+
+     Running `configure' takes awhile.  While running, it prints some
+     messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   If you have to use a `make' that does not support the `VPATH'
+variable, you have to compile the package for one architecture at a
+time in the source code directory.  After you have installed the
+package for one architecture, use `make distclean' before reconfiguring
+for another architecture.
+
+Installation Names
+==================
+
+   By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc.  You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the `--target=TYPE' option to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+will cause the specified gcc to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of the options to `configure', and exit.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+

Makefile.am

@@ -0,0 +1,55 @@
+SUBDIRS = externals src scripts corepkgs doc misc tests
+EXTRA_DIST = substitute.mk nix.spec nix.spec.in bootstrap.sh \
+  svn-revision nix.conf.example NEWS
+
+include ./substitute.mk
+
+nix.spec: nix.spec.in
+
+rpm: nix.spec dist
+	rpm $(EXTRA_RPM_FLAGS) -ta $(distdir).tar.gz
+
+relname:
+	echo -n $(distdir) > relname
+
+install-data-local: init-state
+	$(INSTALL) -d $(DESTDIR)$(sysconfdir)/nix
+	$(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix
+	if ! test -e $(DESTDIR)$(sysconfdir)/nix/nix.conf; then \
+		$(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix/nix.conf; \
+	fi
+
+if INIT_STATE
+
+# For setuid operation, you can enable the following:
+# INIT_FLAGS = -g @NIX_GROUP@ -o @NIX_USER@
+# GROUP_WRITABLE = -m 775
+
+init-state:
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/db
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/log/nix
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/log/nix/drvs
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/profiles
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/gcroots
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/temproots
+	$(INSTALL) $(INIT_FLAGS) $(GROUP_WRITABLE) -d $(DESTDIR)$(localstatedir)/nix/gcroots/tmp
+	$(INSTALL) $(INIT_FLAGS) $(GROUP_WRITABLE) -d $(DESTDIR)$(localstatedir)/nix/gcroots/channels
+	ln -sfn $(localstatedir)/nix/profiles $(DESTDIR)$(localstatedir)/nix/gcroots/profiles
+	$(INSTALL) $(INIT_FLAGS) -d $(DESTDIR)$(localstatedir)/nix/userpool
+	$(INSTALL) $(INIT_FLAGS) -m 1777 -d $(DESTDIR)$(prefix)/store
+	$(INSTALL) $(INIT_FLAGS) $(GROUP_WRITABLE) -d $(DESTDIR)$(localstatedir)/nix/manifests
+	ln -sfn $(localstatedir)/nix/manifests $(DESTDIR)$(localstatedir)/nix/gcroots/manifests
+#	$(bindir)/nix-store --init
+
+else
+init-state:
+endif
+
+svn-revision:
+	svnversion . > svn-revision
+
+all-local: NEWS
+
+NEWS: doc/manual/NEWS.txt
+	cp $(srcdir)/doc/manual/NEWS.txt NEWS

README

@@ -0,0 +1,9 @@
+For installation and usage instructions, please read the manual, which
+can be found in `docs/manual/manual.html', and additionally at the Nix
+website at <http://www.cs.uu.nl/groups/ST/Trace/Nix>.
+
+
+Acknowledgments
+
+This product includes software developed by the OpenSSL Project for
+use in the OpenSSL Toolkit (http://www.OpenSSL.org/)

README.md

@@ -1,38 +0,0 @@
-# Nix
-
-[![Open Collective supporters](https://opencollective.com/nixos/tiers/supporter/badge.svg?label=Supporters&color=brightgreen)](https://opencollective.com/nixos)
-[![CI](https://github.com/NixOS/nix/workflows/CI/badge.svg)](https://github.com/NixOS/nix/actions/workflows/ci.yml)
-
-Nix is a powerful package manager for Linux and other Unix systems that makes package
-management reliable and reproducible. Please refer to the [Nix manual](https://nix.dev/reference/nix-manual)
-for more details.
-
-## Installation and first steps
-
-Visit [nix.dev](https://nix.dev) for [installation instructions](https://nix.dev/tutorials/install-nix) and [beginner tutorials](https://nix.dev/tutorials/first-steps).
-
-Full reference documentation can be found in the [Nix manual](https://nix.dev/reference/nix-manual).
-
-## Building and developing
-
-Follow instructions in the Nix reference manual to [set up a development environment and build Nix from source](https://nix.dev/manual/nix/development/development/building.html).
-
-## Contributing
-
-Check the [contributing guide](./CONTRIBUTING.md) if you want to get involved with developing Nix.
-
-## Additional resources
-
-Nix was created by Eelco Dolstra and developed as the subject of his PhD thesis [The Purely Functional Software Deployment Model](https://edolstra.github.io/pubs/phd-thesis.pdf), published 2006.
-Today, a world-wide developer community contributes to Nix and the ecosystem that has grown around it.
-
-- [The Nix, Nixpkgs, NixOS Community on nixos.org](https://nixos.org/)
-- [Official documentation on nix.dev](https://nix.dev)
-- [Nixpkgs](https://github.com/NixOS/nixpkgs) is [the largest, most up-to-date free software repository in the world](https://repology.org/repositories/graphs)
-- [NixOS](https://github.com/NixOS/nixpkgs/tree/master/nixos) is a Linux distribution that can be configured fully declaratively
-- [Discourse](https://discourse.nixos.org/)
-- Matrix: [#users:nixos.org](https://matrix.to/#/#users:nixos.org) for user support and [#nix-dev:nixos.org](https://matrix.to/#/#nix-dev:nixos.org) for development
-
-## License
-
-Nix is released under the [LGPL v2.1](./COPYING).

aterm-gc.supp

@@ -0,0 +1,184 @@
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:mark_memory_young
+   fun:mark_phase_young
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:AT_isValidSymbol
+   fun:mark_memory_young
+   fun:mark_phase_young
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:AT_isValidSymbol
+   fun:mark_memory_young
+   fun:mark_phase_young
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:mark_memory_young
+   fun:mark_phase_young
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:AT_isInsideValidTerm
+   fun:mark_memory_young
+   fun:mark_phase_young
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:AT_isInsideValidTerm
+   fun:mark_memory_young
+   fun:mark_phase_young
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:mark_memory_young
+   fun:mark_phase_young
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:AT_markTerm_young
+   fun:mark_memory_young
+   fun:mark_phase_young
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:AT_markTerm_young
+   fun:mark_memory_young
+   fun:mark_phase_young
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:mark_memory
+   fun:mark_phase
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:mark_memory
+   fun:mark_phase
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:AT_isValidSymbol
+   fun:mark_memory
+   fun:mark_phase
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:AT_isValidSymbol
+   fun:mark_memory
+   fun:mark_phase
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:AT_isInsideValidTerm
+   fun:mark_memory
+   fun:mark_phase
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:AT_isInsideValidTerm
+   fun:mark_memory
+   fun:mark_phase
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:AT_markTerm
+   fun:mark_memory
+   fun:mark_phase
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:AT_markTerm
+   fun:mark_memory
+   fun:mark_phase
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:AT_markTerm
+   fun:mark_memory
+   fun:mark_phase
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Cond
+   fun:mark_phase_young
+   fun:AT_collect_minor
+}
+
+{
+   ATerm library conservatively scans for GC roots
+   Memcheck:Value4
+   fun:mark_phase_young
+   fun:AT_collect_minor
+}
+
+{
+   <insert a suppression name here>
+   Memcheck:Cond
+   fun:AT_isValidSymbol
+   fun:mark_phase_young
+   fun:AT_collect_minor
+}
+
+{
+   <insert a suppression name here>
+   Memcheck:Value4
+   fun:AT_isValidSymbol
+   fun:mark_phase_young
+   fun:AT_collect_minor
+}
+
+{
+   <insert a suppression name here>
+   Memcheck:Value4
+   fun:AT_isInsideValidTerm
+   fun:mark_phase_young
+   fun:AT_collect_minor
+}
+
+{
+   <insert a suppression name here>
+   Memcheck:Cond
+   fun:AT_isInsideValidTerm
+   fun:mark_phase_young
+   fun:AT_collect_minor
+}

blacklisting/check-env.pl

@@ -0,0 +1,252 @@
+#! /usr/bin/perl -w -I /home/eelco/.nix-profile/lib/site_perl
+
+use strict;
+use XML::LibXML;
+#use XML::Simple;
+
+my $blacklistFN = shift @ARGV;
+die unless defined $blacklistFN;
+my $userEnv = shift @ARGV;
+die unless defined $userEnv;
+
+
+# Read the blacklist.
+my $parser = XML::LibXML->new();
+my $blacklist = $parser->parse_file($blacklistFN)->getDocumentElement;
+
+#print $blacklist->toString() , "\n";
+
+
+# Get all the elements of the user environment.
+my $userEnvElems = `nix-store --query --references '$userEnv'`;
+die "cannot query user environment elements" if $? != 0;
+my @userEnvElems = split ' ', $userEnvElems;
+
+
+my %storePathHashes;
+
+
+sub getElemNodes {
+    my $node = shift;
+    my @elems = ();
+    foreach my $node ($node->getChildNodes) {
+        push @elems, $node if $node->nodeType == XML_ELEMENT_NODE;
+    }
+    return @elems;
+}
+
+
+my %referencesCache;
+sub getReferences {
+    my $path = shift;
+    return $referencesCache{$path} if defined $referencesCache{$path};
+    
+    my $references = `nix-store --query --references '$path'`;
+    die "cannot query references" if $? != 0;
+    $referencesCache{$path} = [split ' ', $references];
+    
+    return $referencesCache{$path};
+}
+
+
+my %attrsCache;
+sub getAttr {
+    my $path = shift;
+    my $name = shift;
+    my $key = "$path/$name";
+    return $referencesCache{$key} if defined $referencesCache{$key};
+
+    my $value = `nix-store --query --binding '$name' '$path' 2> /dev/null`;
+    $value = "" if $? != 0; # !!!
+    chomp $value;
+    $referencesCache{$key} = $value;
+
+    return $value;
+}
+
+
+sub evalCondition;
+
+
+sub traverse {
+    my $done = shift;
+    my $set = shift;
+    my $path = shift;
+    my $stopCondition = shift;
+
+    return if defined $done->{$path};
+    $done->{$path} = 1;
+    $set->{$path} = 1;
+
+#    print "  in $path\n";
+
+    if (!evalCondition({$path => 1}, $stopCondition)) {
+#        print "  STOPPING in $path\n";
+        return;
+    }
+
+    # Get the requisites of the deriver.
+
+    foreach my $reference (@{getReferences $path}) {
+        traverse($done, $set, $reference, $stopCondition);
+    }
+}
+
+
+sub evalSet {
+    my $inSet = shift;
+    my $expr = shift;
+    my $name = $expr->getName;
+    
+    if ($name eq "traverse") {
+        my $stopCondition = (getElemNodes $expr)[0];
+        my $done = { };
+        my $set = { };
+        foreach my $path (keys %{$inSet}) {
+            traverse($done, $set, $path, $stopCondition);
+        }
+        return $set;
+    }
+
+    else {
+        die "unknown element `$name'";
+    }
+}
+
+
+# Function for evaluating conditions.
+sub evalCondition {
+    my $storePaths = shift;
+    my $condition = shift;
+    my $elemName = $condition->getName;
+    
+    if ($elemName eq "containsSource") {
+        my $hash = $condition->attributes->getNamedItem("hash")->getValue;
+        foreach my $path (keys %{$storePathHashes{$hash}}) {
+            return 1 if defined $storePaths->{$path};
+        }
+        return 0;
+    }
+
+    elsif ($elemName eq "hasName") { 
+        my $nameRE = $condition->attributes->getNamedItem("name")->getValue;
+        foreach my $path (keys %{$storePaths}) {
+            return 1 if $path =~ /$nameRE/;
+        }
+        return 0;
+    }
+    
+    elsif ($elemName eq "hasAttr") { 
+        my $name = $condition->attributes->getNamedItem("name")->getValue;
+        my $valueRE = $condition->attributes->getNamedItem("value")->getValue;
+        foreach my $path (keys %{$storePaths}) {
+            if ($path =~ /\.drv$/) {
+                my $value = getAttr($path, $name);
+#                print "    $path $name $value\n";
+                return 1 if $value =~ /$valueRE/;
+            }
+        }
+        return 0;
+    }
+    
+    elsif ($elemName eq "and") {
+        my $result = 1;
+        foreach my $node (getElemNodes $condition) {
+            $result &= evalCondition($storePaths, $node);
+        }
+        return $result;
+    }
+
+    elsif ($elemName eq "not") {
+        return !evalCondition($storePaths, (getElemNodes $condition)[0]);
+    }
+    
+    elsif ($elemName eq "within") {
+        my @elems = getElemNodes $condition;
+        my $set = evalSet($storePaths, $elems[0]);
+        return evalCondition($set, $elems[1]);
+    }
+
+    elsif ($elemName eq "true") {
+        return 1;
+    }
+
+    elsif ($elemName eq "false") {
+        return 0;
+    }
+
+    else {
+        die "unknown element `$elemName'";
+    }
+}
+
+
+sub evalOr {
+    my $storePaths = shift;
+    my $nodes = shift;
+
+    my $result = 0;
+    foreach my $node (@{$nodes}) {
+        $result |= evalCondition($storePaths, $node);
+    }
+    
+    return $result;
+}
+
+
+# Iterate over all elements, check them.
+foreach my $userEnvElem (@userEnvElems) {
+
+    # Get the deriver of this path.
+    my $deriver = `nix-store --query --deriver '$userEnvElem'`;
+    die "cannot query deriver" if $? != 0;
+    chomp $deriver;
+
+    if ($deriver eq "unknown-deriver") {
+#        print "  deriver unknown, cannot check sources\n";
+        next;
+    }
+
+    print "CHECKING $userEnvElem\n";
+
+
+    # Get the requisites of the deriver.
+#    my $requisites = `nix-store --query --requisites --include-outputs '$deriver'`;
+#    die "cannot query requisites" if $? != 0;
+#    my @requisites = split ' ', $requisites;
+
+
+    # Get the hashes of the requisites.
+#    my $hashes = `nix-store --query --hash @requisites`;
+#    die "cannot query hashes" if $? != 0;
+#    my @hashes = split ' ', $hashes;
+#    for (my $i = 0; $i < scalar @requisites; $i++) {
+#        die unless $i < scalar @hashes;
+#        my $hash = $hashes[$i];
+#        $storePathHashes{$hash} = {} unless defined $storePathHashes{$hash};
+#        my $r = $storePathHashes{$hash}; # !!! fix
+#        $$r{$requisites[$i]} = 1;
+#    }
+
+
+    # Evaluate each blacklist item.
+    foreach my $item ($blacklist->getChildrenByTagName("item")) {
+        my $itemId = $item->getAttributeNode("id")->getValue;
+#        print "  CHECKING FOR $itemId\n";
+
+        my $condition = ($item->getChildrenByTagName("condition"))[0];
+        die unless $condition;
+
+        # Evaluate the condition.
+        my @elems = getElemNodes $condition;
+        if (evalOr({$deriver => 1}, \@elems)) {
+            # Oops, condition triggered.
+            my $reason = ($item->getChildrenByTagName("reason"))[0]->getChildNodes->to_literal;
+            $reason =~ s/\s+/ /g;
+            $reason =~ s/^\s+//g;
+
+            print "    VULNERABLE TO `$itemId': $reason\n";
+        }
+    }
+}
+

bootstrap.sh

@@ -0,0 +1,7 @@
+#! /bin/sh -e
+mkdir -p config
+libtoolize --copy
+aclocal
+autoheader
+automake --add-missing --copy
+autoconf

ci/gha/profile-build/default.nix

@@ -1,101 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-}:
-
-let
-  inherit (pkgs) lib;
-
-  nixComponentsInstrumented =
-    (nixFlake.lib.makeComponents {
-      inherit pkgs;
-      getStdenv = p: p.clangStdenv;
-    }).overrideScope
-      (
-        _: _: {
-          mesonComponentOverrides = finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "buildprofile" ];
-            nativeBuildInputs = [ pkgs.clangbuildanalyzer ] ++ prevAttrs.nativeBuildInputs or [ ];
-            __impure = true;
-
-            env = {
-              CFLAGS = "-ftime-trace";
-              CXXFLAGS = "-ftime-trace";
-            };
-
-            preBuild = ''
-              ClangBuildAnalyzer --start $PWD
-            '';
-
-            postBuild = ''
-              ClangBuildAnalyzer --stop $PWD $buildprofile
-            '';
-          };
-        }
-      );
-
-  componentsToProfile = {
-    "nix-util" = { };
-    "nix-util-c" = { };
-    "nix-util-test-support" = { };
-    "nix-util-tests" = { };
-    "nix-store" = { };
-    "nix-store-c" = { };
-    "nix-store-test-support" = { };
-    "nix-store-tests" = { };
-    "nix-fetchers" = { };
-    "nix-fetchers-c" = { };
-    "nix-fetchers-tests" = { };
-    "nix-expr" = { };
-    "nix-expr-c" = { };
-    "nix-expr-test-support" = { };
-    "nix-expr-tests" = { };
-    "nix-flake" = { };
-    "nix-flake-c" = { };
-    "nix-flake-tests" = { };
-    "nix-main" = { };
-    "nix-main-c" = { };
-    "nix-cmd" = { };
-    "nix-cli" = { };
-  };
-
-  componentDerivationsToProfile = builtins.intersectAttrs componentsToProfile nixComponentsInstrumented;
-  componentBuildProfiles = lib.mapAttrs (
-    n: v: lib.getOutput "buildprofile" v
-  ) componentDerivationsToProfile;
-
-  buildTimeReport =
-    pkgs.runCommand "build-time-report"
-      {
-        __impure = true;
-        __structuredAttrs = true;
-        nativeBuildInputs = [ pkgs.clangbuildanalyzer ];
-        inherit componentBuildProfiles;
-      }
-      ''
-        {
-          echo "# Build time performance profile for components:"
-          echo
-          echo "This reports the build profile collected via \`-ftime-trace\` for each component."
-          echo
-        } >> $out
-
-        for name in "''\${!componentBuildProfiles[@]}"; do
-          {
-            echo "<details><summary><strong>$name</strong></summary>"
-            echo
-            echo '````'
-            ClangBuildAnalyzer --analyze "''\${componentBuildProfiles[$name]}"
-            echo '````'
-            echo
-            echo "</details>"
-          } >> $out
-        done
-      '';
-in
-
-{
-  inherit buildTimeReport;
-  inherit componentDerivationsToProfile;
-}

ci/gha/tests/build-checks

@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-system=$(nix eval --raw --impure --expr builtins.currentSystem)
-nix eval --json ".#checks.$system" --apply builtins.attrNames | \
-  jq -r '.[]' | \
-  xargs -P0 -I '{}' sh -c "nix build -L .#checks.$system.{} || { echo 'FAILED: \033[0;31mnix build -L .#checks.$system.{}\\033[0m'; kill 0; }"

ci/gha/tests/default.nix

@@ -1,257 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  nixComponents ? (
-    nixFlake.lib.makeComponents {
-      inherit pkgs;
-      inherit getStdenv;
-    }
-  ),
-  getStdenv ? p: p.stdenv,
-  componentTestsPrefix ? "",
-  withSanitizers ? false,
-  withCoverage ? false,
-  ...
-}:
-
-let
-  inherit (pkgs) lib;
-  hydraJobs = nixFlake.hydraJobs;
-  packages' = nixFlake.packages.${system};
-  stdenv = (getStdenv pkgs);
-
-  collectCoverageLayer = finalAttrs: prevAttrs: {
-    env =
-      let
-        # https://clang.llvm.org/docs/SourceBasedCodeCoverage.html#the-code-coverage-workflow
-        coverageFlags = [
-          "-fprofile-instr-generate"
-          "-fcoverage-mapping"
-        ];
-      in
-      {
-        CFLAGS = toString coverageFlags;
-        CXXFLAGS = toString coverageFlags;
-      };
-
-    # Done in a pre-configure hook, because $NIX_BUILD_TOP needs to be substituted.
-    preConfigure = prevAttrs.preConfigure or "" + ''
-      mappingFlag=" -fcoverage-prefix-map=$NIX_BUILD_TOP/${finalAttrs.src.name}=${finalAttrs.src}"
-      CFLAGS+="$mappingFlag"
-      CXXFLAGS+="$mappingFlag"
-    '';
-  };
-
-  componentOverrides = (lib.optional withCoverage collectCoverageLayer);
-in
-
-rec {
-  nixComponentsInstrumented = nixComponents.overrideScope (
-    final: prev: {
-      withASan = withSanitizers;
-      withUBSan = withSanitizers;
-
-      nix-store-tests = prev.nix-store-tests.override { withBenchmarks = true; };
-      # Boehm is incompatible with ASAN.
-      nix-expr = prev.nix-expr.override { enableGC = !withSanitizers; };
-
-      mesonComponentOverrides = lib.composeManyExtensions componentOverrides;
-      # Unclear how to make Perl bindings work with a dynamically linked ASAN.
-      nix-perl-bindings = if withSanitizers then null else prev.nix-perl-bindings;
-    }
-  );
-
-  # Import NixOS tests using the instrumented components
-  nixosTests = import ../../../tests/nixos {
-    inherit lib pkgs;
-    nixComponents = nixComponentsInstrumented;
-    nixpkgs = nixFlake.inputs.nixpkgs;
-    inherit (nixFlake.inputs) nixpkgs-23-11;
-  };
-
-  /**
-    Top-level tests for the flake outputs, as they would be built by hydra.
-    These tests generally can't be overridden to run with sanitizers.
-  */
-  topLevel = {
-    installerScriptForGHA = hydraJobs.installerScriptForGHA.${system};
-    installTests = hydraJobs.installTests.${system};
-    nixpkgsLibTests = hydraJobs.tests.nixpkgsLibTests.${system};
-    rl-next = pkgs.buildPackages.runCommand "test-rl-next-release-notes" { } ''
-      LANG=C.UTF-8 ${pkgs.changelog-d}/bin/changelog-d ${../../../doc/manual/rl-next} >$out
-    '';
-    repl-completion = pkgs.callPackage ../../../tests/repl-completion.nix { inherit (packages') nix; };
-
-    /**
-      Checks for our packaging expressions.
-      This shouldn't build anything significant; just check that things
-      (including derivations) are _set up_ correctly.
-    */
-    packaging-overriding =
-      let
-        nix = packages'.nix;
-      in
-      assert (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src.patches == [ pkgs.emptyFile ];
-      if pkgs.stdenv.buildPlatform.isDarwin then
-        lib.warn "packaging-overriding check currently disabled because of a permissions issue on macOS" pkgs.emptyFile
-      else
-        # If this fails, something might be wrong with how we've wired the scope,
-        # or something could be broken in Nixpkgs.
-        pkgs.testers.testEqualContents {
-          assertion = "trivial patch does not change source contents";
-          expected = "${../../..}";
-          actual =
-            # Same for all components; nix-util is an arbitrary pick
-            (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src;
-        };
-  };
-
-  disable =
-    let
-      inherit (pkgs.stdenv) hostPlatform;
-    in
-    args@{
-      pkgName,
-      testName,
-      test,
-    }:
-    lib.any (b: b) [
-      # FIXME: Nix manual is impure and does not produce all settings on darwin
-      (hostPlatform.isDarwin && pkgName == "nix-manual" && testName == "linkcheck")
-    ];
-
-  componentTests =
-    (lib.concatMapAttrs (
-      pkgName: pkg:
-      lib.concatMapAttrs (
-        testName: test:
-        lib.optionalAttrs (!disable { inherit pkgName testName test; }) {
-          "${componentTestsPrefix}${pkgName}-${testName}" = test;
-        }
-      ) (pkg.tests or { })
-    ) nixComponentsInstrumented)
-    // lib.optionalAttrs (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) {
-      "${componentTestsPrefix}nix-functional-tests" = nixComponentsInstrumented.nix-functional-tests;
-      "${componentTestsPrefix}nix-json-schema-checks" = nixComponentsInstrumented.nix-json-schema-checks;
-    };
-
-  codeCoverage =
-    let
-      componentsTestsToProfile =
-        (builtins.mapAttrs (n: v: nixComponentsInstrumented.${n}.tests.run) {
-          "nix-util-tests" = { };
-          "nix-store-tests" = { };
-          "nix-fetchers-tests" = { };
-          "nix-expr-tests" = { };
-          "nix-flake-tests" = { };
-        })
-        // {
-          inherit (nixComponentsInstrumented) nix-functional-tests;
-        };
-
-      coverageProfileDrvs = lib.mapAttrs (
-        n: v:
-        v.overrideAttrs (
-          finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "profraw" ];
-            env = {
-              LLVM_PROFILE_FILE = "${placeholder "profraw"}/%m";
-            };
-          }
-        )
-      ) componentsTestsToProfile;
-
-      coverageProfiles = lib.mapAttrsToList (n: v: lib.getOutput "profraw" v) coverageProfileDrvs;
-
-      mergedProfdata =
-        pkgs.runCommand "merged-profdata"
-          {
-            __structuredAttrs = true;
-            nativeBuildInputs = [ pkgs.llvmPackages.libllvm ];
-            inherit coverageProfiles;
-          }
-          ''
-            rawProfiles=()
-            for dir in "''\${coverageProfiles[@]}"; do
-              rawProfiles+=($dir/*)
-            done
-            llvm-profdata merge -sparse -output $out "''\${rawProfiles[@]}"
-          '';
-
-      coverageReports =
-        let
-          nixComponentDrvs = lib.filter (lib.isDerivation) (lib.attrValues nixComponentsInstrumented);
-        in
-        pkgs.runCommand "code-coverage-report"
-          {
-            nativeBuildInputs = [
-              pkgs.llvmPackages.libllvm
-              pkgs.jq
-            ];
-            __structuredAttrs = true;
-            nixComponents = nixComponentDrvs;
-          }
-          ''
-            # ${toString (lib.map (v: v.src) nixComponentDrvs)}
-
-            binaryFiles=()
-            for dir in "''\${nixComponents[@]}"; do
-              readarray -t filesInDir < <(find "$dir" -type f -executable)
-              binaryFiles+=("''\${filesInDir[@]}")
-            done
-
-            arguments=$(concatStringsSep " -object " binaryFiles)
-            llvm-cov show $arguments -instr-profile ${mergedProfdata} -output-dir $out -format=html
-
-            {
-              echo "# Code coverage summary (generated via \`llvm-cov\`):"
-              echo
-              echo '```'
-              llvm-cov report $arguments -instr-profile ${mergedProfdata} -format=text -use-color=false
-              echo '```'
-              echo
-            } >> $out/index.txt
-
-            llvm-cov export $arguments -instr-profile ${mergedProfdata} -format=text > $out/coverage.json
-
-            mkdir -p $out/nix-support
-
-            coverageTotals=$(jq ".data[0].totals" $out/coverage.json)
-
-            # Mostly inline from pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh [1],
-            # which we can't use here, because we rely on LLVM's infra for source code coverage collection.
-            # [1]: https://github.com/NixOS/nixpkgs/blob/67bb48c4c8e327417d6d5aa7e538244b209e852b/pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh#L16
-            declare -A metricsArray=(["lineCoverage"]="lines" ["functionCoverage"]="functions" ["branchCoverage"]="branches")
-
-            for metricName in "''\${!metricsArray[@]}"; do
-              key="''\${metricsArray[$metricName]}"
-              metric=$(echo "$coverageTotals" | jq ".$key.percent * 10 | round / 10")
-              echo "$metricName $metric %" >> $out/nix-support/hydra-metrics
-            done
-
-            echo "report coverage $out" >> $out/nix-support/hydra-build-products
-          '';
-    in
-    assert withCoverage;
-    assert stdenv.cc.isClang;
-    {
-      inherit coverageProfileDrvs mergedProfdata coverageReports;
-    };
-
-  vmTests = {
-    inherit (nixosTests) s3-binary-cache-store;
-  }
-  // lib.optionalAttrs (!withSanitizers && !withCoverage) {
-    # evalNixpkgs uses non-instrumented components from hydraJobs, so only run it
-    # when not testing with sanitizers to avoid rebuilding nix
-    inherit (hydraJobs.tests) evalNixpkgs;
-    # FIXME: CI times out when building vm tests instrumented
-    inherit (nixosTests)
-      functional_user
-      githubFlakes
-      nix-docker
-      tarballFlakes
-      ;
-  };
-}

ci/gha/tests/pre-commit-checks

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-system=$(nix eval --raw --impure --expr builtins.currentSystem)
-
-echo "::group::Running pre-commit checks"
-
-if nix build ".#checks.$system.pre-commit" -L; then
-    echo "::endgroup::"
-    exit 0
-fi
-
-echo "::error ::Changes do not pass pre-commit checks"
-
-cat <<EOF
-The code isn't formatted or doesn't pass lints. You can run pre-commit locally with:
-
-    nix develop -c ./maintainers/format.sh
-EOF
-
-echo "::endgroup::"
-
-exit 1

ci/gha/tests/prepare-installer-for-github-actions

@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-nix build -L ".#installerScriptForGHA" ".#binaryTarball"
-
-mkdir -p out
-cp ./result/install "out/install"
-name="$(basename "$(realpath ./result-1)")"
-# everything before the first dash
-cp -r ./result-1 "out/${name%%-*}"

ci/gha/tests/wrapper.nix

@@ -1,16 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  stdenv ? "stdenv",
-  componentTestsPrefix ? "",
-  withInstrumentation ? false,
-}@args:
-import ./. (
-  args
-  // {
-    getStdenv = p: p.${stdenv};
-    withSanitizers = withInstrumentation;
-    withCoverage = withInstrumentation;
-  }
-)

configure.ac

@@ -0,0 +1,285 @@
+AC_INIT(nix, 0.11)
+AC_CONFIG_SRCDIR(README)
+AC_CONFIG_AUX_DIR(config)
+AM_INIT_AUTOMAKE([dist-bzip2 foreign])
+        
+# Change to `1' to produce a `stable' release (i.e., the `preREVISION'
+# suffix is not added).
+STABLE=0
+
+# Put the revision number in the version.
+if test "$STABLE" != "1"; then
+    if REVISION=`test -d $srcdir/.svn && svnversion -n $srcdir 2> /dev/null`; then
+        VERSION=${VERSION}pre${REVISION}
+    elif REVISION=`cat $srcdir/svn-revision 2> /dev/null`; then
+        VERSION=${VERSION}pre${REVISION}
+    fi
+fi
+
+AC_DEFINE_UNQUOTED(NIX_VERSION, ["$VERSION"], [version])
+
+AC_PREFIX_DEFAULT(/nix)
+
+AC_CANONICAL_HOST
+
+
+# Construct a Nix system name (like "i686-linux").
+AC_MSG_CHECKING([for the canonical Nix system name])
+cpu_name=$(uname -p | tr 'A-Z ' 'a-z_')
+machine_name=$(uname -m | tr 'A-Z ' 'a-z_')
+
+case $machine_name in
+    i*86)
+        machine_name=i686
+        ;;
+    x86_64)
+        machine_name=x86_64
+        ;;
+    ppc)
+        machine_name=powerpc
+        ;;
+    *)
+        if test "$cpu_name" != "unknown"; then
+            machine_name=$cpu_name
+        fi
+        ;;
+esac
+
+sys_name=$(uname -s | tr 'A-Z ' 'a-z_')
+
+case $sys_name in
+    cygwin*)
+        sys_name=cygwin
+        ;;
+esac
+
+AC_ARG_WITH(system, AC_HELP_STRING([--with-system=SYSTEM],
+  [platform identifier (e.g., `i686-linux')]),
+  system=$withval, system="${machine_name}-${sys_name}")
+AC_MSG_RESULT($system)
+AC_SUBST(system)
+AC_DEFINE_UNQUOTED(SYSTEM, ["$system"], [platform identifier (`cpu-os')])
+
+
+# Windows-specific stuff.
+if test "$sys_name" = "cygwin"; then
+    # We cannot delete open files.
+    AC_DEFINE(CANNOT_DELETE_OPEN_FILES, 1, [Whether it is impossible to delete open files.])
+
+    # Shared libraries don't work, currently.
+    AC_DISABLE_SHARED
+    AC_ENABLE_STATIC
+fi
+
+
+AC_PROG_CC
+AC_PROG_CXX
+
+
+# We are going to use libtool.
+AC_DISABLE_STATIC
+AC_ENABLE_SHARED
+AC_PROG_LIBTOOL
+
+
+# Use 64-bit file system calls so that we can support files > 2 GiB.
+CFLAGS="-D_FILE_OFFSET_BITS=64 $CFLAGS"
+CXXFLAGS="-D_FILE_OFFSET_BITS=64 $CXXFLAGS"
+
+
+# Check for pubsetbuf.
+AC_MSG_CHECKING([for pubsetbuf])
+AC_LANG_PUSH(C++)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <iostream>
+using namespace std;
+static char buf[1024];]],
+    [[cerr.rdbuf()->pubsetbuf(buf, sizeof(buf));]])],
+    [AC_MSG_RESULT(yes) AC_DEFINE(HAVE_PUBSETBUF, 1, [whether pubsetbuf is available])],
+    AC_MSG_RESULT(no))
+AC_LANG_POP(C++)
+
+
+# Check for <locale>
+AC_LANG_PUSH(C++)
+AC_CHECK_HEADERS([locale])
+AC_LANG_POP(C++)
+
+
+AC_DEFUN([NEED_PROG],
+[
+AC_PATH_PROG($1, $2)
+if test -z "$$1"; then
+    AC_MSG_ERROR([$2 is required])
+fi
+])
+
+NEED_PROG(curl, curl)
+NEED_PROG(shell, sh)
+NEED_PROG(patch, patch)
+AC_PATH_PROG(xmllint, xmllint, false)
+AC_PATH_PROG(xsltproc, xsltproc, false)
+AC_PATH_PROG(jing, jing, false) # needed because xmllint --relaxng seems broken
+AC_PATH_PROG(w3m, w3m, false)
+AC_PATH_PROG(flex, flex, false)
+AC_PATH_PROG(bison, bison, false)
+NEED_PROG(perl, perl)
+NEED_PROG(tar, tar)
+AC_PATH_PROG(dot, dot)
+
+AC_PATH_PROG(openssl_prog, openssl, openssl) # if not found, call openssl in $PATH
+AC_SUBST(openssl_prog)
+AC_DEFINE_UNQUOTED(OPENSSL_PATH, ["$openssl_prog"], [Path of the OpenSSL binary])
+
+# Test that Perl has the open/fork feature (Perl 5.8.0 and beyond).
+AC_MSG_CHECKING([whether Perl is recent enough])
+if ! $perl -e 'open(FOO, "-|", "true"); while (<FOO>) { print; }; close FOO or die;'; then
+    AC_MSG_RESULT(no)
+    AC_MSG_ERROR([Your Perl version is too old.  Nix requires Perl 5.8.0 or newer.])
+fi
+AC_MSG_RESULT(yes)
+
+NEED_PROG(cat, cat)
+NEED_PROG(tr, tr)
+AC_ARG_WITH(coreutils-bin, AC_HELP_STRING([--with-coreutils-bin=PATH],
+  [path of cat, mkdir, etc.]),
+  coreutils=$withval, coreutils=$(dirname $cat))
+AC_SUBST(coreutils)
+
+AC_ARG_WITH(docbook-rng, AC_HELP_STRING([--with-docbook-rng=PATH],
+  [path of the DocBook RelaxNG schema]),
+  docbookrng=$withval, docbookrng=/docbook-rng-missing)
+AC_SUBST(docbookrng)
+
+AC_ARG_WITH(docbook-xsl, AC_HELP_STRING([--with-docbook-xsl=PATH],
+  [path of the DocBook XSL stylesheets]),
+  docbookxsl=$withval, docbookxsl=/docbook-xsl-missing)
+AC_SUBST(docbookxsl)
+
+AC_ARG_WITH(xml-flags, AC_HELP_STRING([--with-xml-flags=FLAGS],
+  [extra flags to be passed to xmllint and xsltproc]),
+  xmlflags=$withval, xmlflags=)
+AC_SUBST(xmlflags)
+
+AC_ARG_WITH(store-dir, AC_HELP_STRING([--with-store-dir=PATH],
+  [path of the Nix store]),
+  storedir=$withval, storedir='${prefix}/store')
+AC_SUBST(storedir)
+
+AC_ARG_WITH(bdb, AC_HELP_STRING([--with-bdb=PATH],
+  [prefix of Berkeley DB]),
+  bdb=$withval, bdb=)
+AM_CONDITIONAL(HAVE_BDB, test -n "$bdb")
+if test -z "$bdb"; then
+  bdb_lib='-L${top_builddir}/externals/inst-bdb/lib -ldb_cxx'
+  bdb_include='-I${top_builddir}/externals/inst-bdb/include'
+else
+  bdb_lib="-L$bdb/lib -ldb_cxx"
+  bdb_include="-I$bdb/include"
+fi
+AC_SUBST(bdb_lib)
+AC_SUBST(bdb_include)
+
+AC_ARG_WITH(aterm, AC_HELP_STRING([--with-aterm=PATH],
+  [prefix of CWI ATerm library]),
+  aterm=$withval, aterm=)
+AM_CONDITIONAL(HAVE_ATERM, test -n "$aterm")
+if test -z "$aterm"; then
+  aterm_lib='-L${top_builddir}/externals/inst-aterm/lib -lATerm'
+  aterm_include='-I${top_builddir}/externals/inst-aterm/include'
+  aterm_bin='${top_builddir}/externals/inst-aterm/bin'
+else
+  aterm_lib="-L$aterm/lib -lATerm"
+  aterm_include="-I$aterm/include"
+  aterm_bin="$aterm/bin"
+fi
+AC_SUBST(aterm_lib)
+AC_SUBST(aterm_include)
+AC_SUBST(aterm_bin)
+
+AC_ARG_WITH(openssl, AC_HELP_STRING([--with-openssl=PATH],
+  [prefix of the OpenSSL library]),
+  openssl=$withval, openssl=)
+AM_CONDITIONAL(HAVE_OPENSSL, test -n "$openssl")
+if test -n "$openssl"; then
+  LDFLAGS="-L$openssl/lib -lcrypto $LDFLAGS"
+  CFLAGS="-I$openssl/include $CFLAGS"
+  CXXFLAGS="-I$openssl/include $CXXFLAGS"
+  AC_DEFINE(HAVE_OPENSSL, 1, [whether to use OpenSSL])
+fi
+
+AC_ARG_WITH(bzip2, AC_HELP_STRING([--with-bzip2=PATH],
+  [prefix of bzip2]),
+  bzip2=$withval, bzip2=)
+AM_CONDITIONAL(HAVE_BZIP2, test -n "$bzip2")
+if test -z "$bzip2"; then
+  # Headers and libraries will be used from the temporary installation
+  # in externals/inst-bzip2.
+  bzip2_lib='-L${top_builddir}/externals/inst-bzip2/lib -lbz2'
+  bzip2_include='-I${top_builddir}/externals/inst-bzip2/include'
+  # The binary will be copied to $libexecdir.
+  bzip2_bin='${libexecdir}'
+  # But for testing, we have to use the temporary copy :-(
+  bzip2_bin_test='${top_builddir}/externals/inst-bzip2/bin'
+else
+  bzip2_lib="-L$bzip2/lib -lbz2"
+  bzip2_include="-I$bzip2/include"
+  bzip2_bin="$bzip2/bin"
+  bzip2_bin_test="$bzip2/bin"
+fi   
+AC_SUBST(bzip2_lib)
+AC_SUBST(bzip2_include)
+AC_SUBST(bzip2_bin)
+AC_SUBST(bzip2_bin_test)
+
+
+AC_CHECK_LIB(pthread, pthread_mutex_init)
+
+
+AC_ARG_ENABLE(init-state, AC_HELP_STRING([--disable-init-state],
+  [do not initialise DB etc. in `make install']),
+  init_state=$enableval, init_state=yes)
+AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes")
+
+
+# Setuid installations.
+AC_CHECK_FUNCS([setresuid setreuid lchown])
+
+
+# This is needed if ATerm, Berkeley DB or bzip2 are static libraries,
+# and the Nix libraries are dynamic.
+if test "$(uname)" = "Darwin"; then
+    LDFLAGS="-all_load $LDFLAGS"
+fi
+
+
+AM_CONFIG_HEADER([config.h])
+AC_CONFIG_FILES([Makefile
+   externals/Makefile
+   src/Makefile
+   src/bin2c/Makefile
+   src/boost/Makefile
+   src/boost/format/Makefile
+   src/libutil/Makefile
+   src/libstore/Makefile
+   src/libmain/Makefile
+   src/nix-store/Makefile
+   src/nix-hash/Makefile
+   src/libexpr/Makefile
+   src/nix-instantiate/Makefile
+   src/nix-env/Makefile
+   src/nix-worker/Makefile
+   src/nix-setuid-helper/Makefile
+   src/nix-log2xml/Makefile
+   src/bsdiff-4.3/Makefile
+   scripts/Makefile
+   corepkgs/Makefile
+   corepkgs/nar/Makefile
+   corepkgs/buildenv/Makefile
+   corepkgs/channels/Makefile
+   doc/Makefile
+   doc/manual/Makefile
+   misc/Makefile
+   misc/emacs/Makefile
+   tests/Makefile
+  ])
+AC_OUTPUT

contrib/stack-collapse.py

@@ -1,38 +0,0 @@
-#!/usr/bin/env nix-shell
-#!nix-shell -i python3 -p python3 --pure
-
-# To be used with `--trace-function-calls` and `flamegraph.pl`.
-#
-# For example:
-#
-# nix-instantiate --trace-function-calls '<nixpkgs>' -A hello 2> nix-function-calls.trace
-# ./contrib/stack-collapse.py nix-function-calls.trace > nix-function-calls.folded
-# nix-shell -p flamegraph --run "flamegraph.pl nix-function-calls.folded > nix-function-calls.svg"
-
-import sys
-from pprint import pprint
-import fileinput
-
-stack = []
-timestack = []
-
-for line in fileinput.input():
-    components = line.strip().split(" ", 2)
-    if components[0] != "function-trace":
-        continue
-
-    direction = components[1]
-    components = components[2].rsplit(" ", 2)
-
-    loc = components[0]
-    _at = components[1]
-    time = int(components[2])
-
-    if direction == "entered":
-        stack.append(loc)
-        timestack.append(time)
-    elif direction == "exited":
-        dur = time - timestack.pop()
-        vst = ";".join(stack)
-        print(f"{vst} {dur}")
-        stack.pop()

corepkgs/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS = nar buildenv channels

corepkgs/buildenv/Makefile.am

@@ -0,0 +1,11 @@
+all-local: builder.pl
+
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs/buildenv
+	$(INSTALL_DATA) $(srcdir)/default.nix $(DESTDIR)$(datadir)/nix/corepkgs/buildenv
+	$(INSTALL_PROGRAM) builder.pl $(DESTDIR)$(datadir)/nix/corepkgs/buildenv
+
+include ../../substitute.mk
+
+EXTRA_DIST = default.nix builder.pl.in

corepkgs/buildenv/builder.pl.in

@@ -0,0 +1,163 @@
+#! @perl@ -w
+
+use strict;
+use Cwd;
+use IO::Handle;
+
+STDOUT->autoflush(1);
+
+my $out = $ENV{"out"};
+mkdir "$out", 0755 || die "error creating $out";
+
+
+my $symlinks = 0;
+
+my %priorities;
+
+
+# For each activated package, create symlinks.
+
+sub createLinks {
+    my $srcDir = shift;
+    my $dstDir = shift;
+    my $priority = shift;
+
+    my @srcFiles = glob("$srcDir/*");
+
+    foreach my $srcFile (@srcFiles) {
+        my $baseName = $srcFile;
+        $baseName =~ s/^.*\///g; # strip directory
+        my $dstFile = "$dstDir/$baseName";
+
+        # Urgh, hacky...
+	if ($srcFile =~ /\/propagated-build-inputs$/ ||
+            $srcFile =~ /\/nix-support$/ ||
+            $srcFile =~ /\/perllocal.pod$/ ||
+            $srcFile =~ /\/info\/dir$/ ||
+            $srcFile =~ /\/log$/)
+        {
+            # Do nothing.
+	}
+
+        elsif (-d $srcFile) {
+
+            lstat $dstFile;
+            
+            if (-d _) {
+                createLinks($srcFile, $dstFile, $priority);
+            }
+
+            elsif (-l _) {
+                my $target = readlink $dstFile or die;
+                if (!-d $target) {
+                    die "collission between directory `$srcFile' and non-directory `$target'";
+                }
+                unlink $dstFile or die "error unlinking `$dstFile': $!";
+                mkdir $dstFile, 0755 || 
+                    die "error creating directory `$dstFile': $!";
+                createLinks($target, $dstFile, $priorities{$dstFile});
+                createLinks($srcFile, $dstFile, $priority);
+            }
+
+            else {
+                symlink($srcFile, $dstFile) ||
+                    die "error creating link `$dstFile': $!";
+                $priorities{$dstFile} = $priority;
+                $symlinks++;
+            }
+        }
+
+        else {
+
+            if (-l $dstFile) {
+                my $target = readlink $dstFile;
+                my $prevPriority = $priorities{$dstFile};
+                die ( "Collission between `$srcFile' and `$target'. "
+                    . "Suggested solution: use `nix-env --set-flag "
+                    . "priority NUMBER PKGNAME' to change the priority of "
+                    . "one of the conflicting packages.\n" )
+                    if $prevPriority == $priority;
+                next if $prevPriority < $priority;
+                unlink $dstFile or die;
+            }
+            
+            symlink($srcFile, $dstFile) ||
+                die "error creating link `$dstFile': $!";
+            $priorities{$dstFile} = $priority;
+            $symlinks++;
+        }
+    }
+}
+
+
+my %done;
+my %postponed;
+
+sub addPkg;
+sub addPkg {
+    my $pkgDir = shift;
+    my $priority = shift;
+
+    return if (defined $done{$pkgDir});
+    $done{$pkgDir} = 1;
+
+#    print "symlinking $pkgDir\n";
+    createLinks("$pkgDir", "$out", $priority);
+
+    my $propagatedFN = "$pkgDir/nix-support/propagated-user-env-packages";
+    if (-e $propagatedFN) {
+        open PROP, "<$propagatedFN" or die;
+        my $propagated = <PROP>;
+        close PROP;
+        my @propagated = split ' ', $propagated;
+        foreach my $p (@propagated) {
+            $postponed{$p} = 1 unless defined $done{$p};
+        }
+    }
+}
+
+
+# Convert the stuff we get from the environment back into a coherent
+# data type.
+my @paths = split ' ', $ENV{"paths"};
+my @active = split ' ', $ENV{"active"};
+my @priority = split ' ', $ENV{"priority"};
+
+die if scalar @paths != scalar @active;
+die if scalar @paths != scalar @priority;
+
+my %pkgs;
+
+for (my $n = 0; $n < scalar @paths; $n++) {
+    $pkgs{$paths[$n]} =
+        { active => $active[$n]
+        , priority => $priority[$n] };
+}
+
+
+# Symlink to the packages that have been installed explicitly by the
+# user.
+foreach my $pkg (sort (keys %pkgs)) {
+    #print $pkg, " ", $pkgs{$pkg}->{priority}, "\n";
+    addPkg($pkg, $pkgs{$pkg}->{priority}) if $pkgs{$pkg}->{active} ne "false";
+}
+
+
+# Symlink to the packages that have been "propagated" by packages
+# installed by the user (i.e., package X declares that it want Y
+# installed as well).  We do these later because they have a lower
+# priority in case of collisions.
+my $priorityCounter = 1000; # don't care about collisions
+while (scalar(keys %postponed) > 0) {
+    my @pkgDirs = keys %postponed;
+    %postponed = ();
+    foreach my $pkgDir (sort @pkgDirs) {
+        addPkg($pkgDir, $priorityCounter++);
+    }
+}
+
+
+print STDERR "created $symlinks symlinks in user environment\n";
+
+
+symlink($ENV{"manifest"}, "$out/manifest") or die "cannot create manifest";

corepkgs/buildenv/default.nix

@@ -0,0 +1,14 @@
+{system, derivations, manifest}:
+
+derivation { 
+  name = "user-environment";
+  system = system;
+  builder = ./builder.pl;
+  
+  manifest = manifest;
+
+  # !!! grmbl, need structured data for passing this in a clean way.
+  paths = derivations;
+  active = map (x: if x ? meta && x.meta ? active then x.meta.active else "true") derivations;
+  priority = map (x: if x ? meta && x.meta ? priority then x.meta.priority else "5") derivations;
+}

corepkgs/channels/Makefile.am

@@ -0,0 +1,11 @@
+all-local: unpack.sh
+
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs/channels
+	$(INSTALL_DATA) $(srcdir)/unpack.nix $(DESTDIR)$(datadir)/nix/corepkgs/channels
+	$(INSTALL_PROGRAM) unpack.sh $(DESTDIR)$(datadir)/nix/corepkgs/channels
+
+include ../../substitute.mk
+
+EXTRA_DIST = unpack.nix unpack.sh.in

corepkgs/channels/unpack.nix

@@ -0,0 +1,7 @@
+{system, inputs}:
+
+derivation {
+  name = "channels";
+  builder = ./unpack.sh;
+  inherit system inputs;
+}

corepkgs/channels/unpack.sh.in

@@ -0,0 +1,26 @@
+#! @shell@ -e
+
+@coreutils@/mkdir $out
+@coreutils@/mkdir $out/tmp
+cd $out/tmp
+
+inputs=($inputs)
+for ((n = 0; n < ${#inputs[*]}; n += 2)); do
+    channelName=${inputs[n]}
+    channelTarball=${inputs[n+1]}
+    echo "unpacking channel $channelName"
+    @bunzip2@ < $channelTarball | @tar@ xf -
+
+    nr=1
+    attrName=$(echo $channelName | @tr@ -- '- ' '__')
+    dirName=$attrName
+    while test -e ../$dirName; do
+        nr=$((nr+1))
+        dirName=$attrName-$nr
+    done
+
+    @coreutils@/mv * ../$dirName # !!! hacky
+done
+
+cd ..
+@coreutils@/rmdir tmp

corepkgs/nar/Makefile.am

@@ -0,0 +1,11 @@
+all-local: nar.sh
+
+install-exec-local:
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs/nar
+	$(INSTALL_DATA) $(srcdir)/nar.nix $(DESTDIR)$(datadir)/nix/corepkgs/nar
+	$(INSTALL_PROGRAM) nar.sh $(DESTDIR)$(datadir)/nix/corepkgs/nar
+
+include ../../substitute.mk
+
+EXTRA_DIST = nar.nix nar.sh.in

corepkgs/nar/nar.nix

@@ -0,0 +1,7 @@
+{system, storePath, hashAlgo}: 
+
+derivation {
+  name = "nar";
+  builder = ./nar.sh;
+  inherit system storePath hashAlgo;
+}

corepkgs/nar/nar.sh.in

@@ -0,0 +1,14 @@
+#! @shell@ -e
+
+echo "packing $storePath into $out..."
+@coreutils@/mkdir $out
+dst=$out/tmp.nar.bz2
+@bindir@/nix-store --dump "$storePath" > tmp
+
+@bzip2@ < tmp > $dst
+
+@bindir@/nix-hash -vvvvv --flat --type $hashAlgo --base32 tmp > $out/nar-hash
+
+@bindir@/nix-hash --flat --type $hashAlgo --base32 $dst > $out/narbz2-hash
+
+@coreutils@/mv $out/tmp.nar.bz2 $out/$(@coreutils@/cat $out/narbz2-hash).nar.bz2

default.nix

@@ -1,9 +0,0 @@
-(import (
-  let
-    lock = builtins.fromJSON (builtins.readFile ./flake.lock);
-  in
-  fetchTarball {
-    url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
-    sha256 = lock.nodes.flake-compat.locked.narHash;
-  }
-) { src = ./.; }).defaultNix

doc/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS = manual

doc/dev/release-procedures.txt

@@ -0,0 +1,33 @@
+To produce a `stable' release from the trunk:
+
+-1. Update the release notes; make sure that the release date is
+    correct.
+
+0. Make sure that the trunk builds in the release supervisor.
+
+1. Branch the trunk, e.g., `svn cp .../trunk
+   .../branches/0.5-release'.
+
+2. Switch to the branch, e.g., `svn switch .../branches/0.5-release'.
+
+3. In `configure.ac', change `STABLE=0' into `STABLE=1' and commit.
+
+4. In the release supervisor, add a one-time job to build
+   `.../branches/0.5-release'.
+
+5. Make sure that the release succeeds.
+
+6. Move the branch to a tag, e.g., `svn mv .../branches/0.5-release
+   .../tags/0.5'.
+
+   Note that the branch should not be used for maintenance; it should
+   be deleted after the release has been created.  A maintenance
+   branch (e.g., `.../branches/0.5') should be created from the
+   original revision of the trunk (since maintenance releases should
+   also be tested first; hence, we cannot have `STABLE=1').  The same
+   procedure can then be followed to produce maintenance releases;
+   just substitute `.../branches/VERSION' for the trunk.
+
+7. Switch back to the trunk.
+
+8. Bump the version number in `configure.ac' (in AC_INIT).

doc/manual/.version

@@ -1 +0,0 @@
-../../.version

doc/manual/Makefile.am

@@ -0,0 +1,89 @@
+XMLLINT = $(xmllint) $(xmlflags)
+XSLTPROC = $(xsltproc) $(xmlflags) \
+ --param section.autolabel 1 \
+ --param section.label.includes.component.label 1 \
+ --param html.stylesheet \'style.css\' \
+ --param xref.with.number.and.title 1 \
+ --param toc.section.depth 3 \
+ --param admon.style \'\' \
+ --param callout.graphics.extension \'.gif\'
+
+# Note: we use GIF for now, since the PNGs shipped with Docbook aren't
+# transparent.
+
+man1_MANS = nix-env.1 nix-build.1 nix-store.1 nix-instantiate.1 \
+ nix-collect-garbage.1 nix-push.1 nix-pull.1 \
+ nix-prefetch-url.1 nix-channel.1 \
+ nix-pack-closure.1 nix-unpack-closure.1 \
+ nix-install-package.1 nix-hash.1 nix-copy-closure.1
+
+FIGURES = figures/user-environments.png
+
+MANUAL_SRCS = manual.xml introduction.xml installation.xml \
+ package-management.xml writing-nix-expressions.xml \
+ build-farm.xml \
+ $(man1_MANS:.1=.xml) \
+ troubleshooting.xml bugs.xml opt-common.xml opt-common-syn.xml \
+ env-common.xml quick-start.xml nix-lang-ref.xml glossary.xml \
+ conf-file.xml release-notes.xml \
+ style.css images
+
+manual.is-valid: $(MANUAL_SRCS) version.txt
+#	$(XMLLINT) --xinclude $< | $(XMLLINT) --noout --nonet --relaxng $(docbookrng)/docbook.rng -
+	if test "$(jing)" != "false"; then \
+		$(XMLLINT) --xinclude $< | $(jing) $(docbookrng)/docbook.rng /dev/fd/0; \
+	else \
+		echo "Not validating."; \
+	fi
+	touch $@
+
+version.txt:
+	echo -n $(VERSION) > version.txt
+
+man $(MANS): $(MANUAL_SRCS) manual.is-valid
+	$(XSLTPROC) --nonet --xinclude $(docbookxsl)/manpages/docbook.xsl manual.xml
+
+manual.html: $(MANUAL_SRCS) manual.is-valid images
+	$(XSLTPROC) --nonet --xinclude --output manual.html \
+	  $(docbookxsl)/html/docbook.xsl manual.xml
+
+
+NEWS_OPTS = \
+ --stringparam generate.toc "article nop" \
+ --stringparam section.autolabel.max.depth 0 \
+ --stringparam header.rule 0
+
+NEWS.html: release-notes.xml
+	$(XSLTPROC) --nonet --xinclude --output $@ $(NEWS_OPTS) \
+	  $(docbookxsl)/html/docbook.xsl release-notes.xml
+
+NEWS.txt: release-notes.xml
+	$(XSLTPROC) --nonet --xinclude quote-literals.xsl release-notes.xml | \
+	  $(XSLTPROC) --nonet --output $@.tmp.html $(NEWS_OPTS) \
+	  $(docbookxsl)/html/docbook.xsl -
+	LANG=en_US $(w3m) -dump $@.tmp.html > $@
+	rm $@.tmp.html
+
+
+all-local: manual.html NEWS.html NEWS.txt
+
+install-data-local: manual.html
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/manual
+	$(INSTALL_DATA) manual.html $(DESTDIR)$(datadir)/nix/manual
+	$(INSTALL_DATA) style.css $(DESTDIR)$(datadir)/nix/manual
+	cp -r images $(DESTDIR)$(datadir)/nix/manual/images
+	$(INSTALL) -d $(DESTDIR)$(datadir)/nix/manual/figures
+	$(INSTALL_DATA) $(FIGURES) $(DESTDIR)$(datadir)/nix/manual/figures
+
+images:
+	mkdir images
+#	cp $(docbookxsl)/images/*.gif images
+	mkdir images/callouts
+	cp $(docbookxsl)/images/callouts/*.gif images/callouts
+	chmod -R +w images
+
+KEEP = manual.html manual.is-valid version.txt $(MANS) NEWS.html NEWS.txt
+
+EXTRA_DIST = $(MANUAL_SRCS) $(FIGURES) $(KEEP)
+
+DISTCLEANFILES = $(KEEP)

doc/manual/anchors.jq

@@ -1,31 +0,0 @@
-"\\[\\]\\{#(?<anchor>[^\\}]+?)\\}" as $empty_anchor_regex |
-"\\[(?<text>[^\\]]+?)\\]\\{#(?<anchor>[^\\}]+?)\\}" as $anchor_regex |
-
-
-def transform_anchors_html:
-    . | gsub($empty_anchor_regex; "<a id=\"" + .anchor + "\"></a>")
-      | gsub($anchor_regex; "<a href=\"#" + .anchor + "\" id=\"" + .anchor + "\">" + .text + "</a>");
-
-
-def transform_anchors_strip:
-    . | gsub($empty_anchor_regex; "")
-      | gsub($anchor_regex; .text);
-
-
-def map_contents_recursively(transformer):
-    . + {
-        Chapter: (.Chapter + {
-            content: .Chapter.content | transformer,
-            sub_items: .Chapter.sub_items | map(map_contents_recursively(transformer)),
-        }),
-    };
-
-
-def process_command:
-    .[0] as $context |
-    .[1] as $body |
-    $body + {
-        sections: $body.sections | map(map_contents_recursively(if $context.renderer == "html" then transform_anchors_html else transform_anchors_strip end)),
-    };
-
-process_command

doc/manual/book.toml.in

@@ -1,35 +0,0 @@
-[book]
-title = "Nix @version@ Reference Manual"
-src = "source"
-
-[output.html]
-additional-css = ["custom.css"]
-additional-js = ["redirects.js"]
-edit-url-template = "https://github.com/NixOS/nix/tree/master/doc/manual/{path}"
-git-repository-url = "https://github.com/NixOS/nix"
-mathjax-support = true
-
-# Handles replacing @docroot@ with a path to ./source relative to that markdown file,
-# {{#include handlebars}}, and the @generated@ syntax used within these. it mostly
-# but not entirely replaces the links preprocessor (which we cannot simply use due
-# to @generated@ files living in a different directory to make meson happy). we do
-# not want to disable the links preprocessor entirely though because that requires
-# disabling *all* built-in preprocessors and selectively reenabling those we want.
-[preprocessor.substitute]
-command = "python3 ./substitute.py"
-before = ["anchors", "links"]
-
-[preprocessor.anchors]
-renderers = ["html"]
-command = "jq --from-file ./anchors.jq"
-
-[output.markdown]
-
-[output.linkcheck]
-# no Internet during the build (in the sandbox)
-follow-web-links = false
-
-# mdbook-linkcheck does not understand [foo]{#bar} style links, resulting in
-# excessive "Potential incomplete link" warnings. No other kind of warning was
-# produced at the time of writing.
-warning-policy = "ignore"

doc/manual/bugs.xml

@@ -0,0 +1,39 @@
+<appendix xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink">
+
+<title>Bugs / To-Do</title>
+
+
+<itemizedlist>
+
+<listitem><para>The man-pages generated from the DocBook documentation
+are ugly.</para></listitem>
+
+<listitem><para>Generations properly form a tree.  E.g., if after
+switching to generation 39, we perform an installation action, a
+generation 43 is created which is a descendant of 39, not 42.  So a
+rollback from 43 ought to go back to 39.  This is not currently
+implemented; generations form a linear sequence.</para></listitem>
+
+<listitem><para>For security, <command>nix-push</command> manifests
+should be digitally signed, and <command>nix-pull</command> should
+verify the signatures.  The actual NAR archives in the cache do not
+need to be signed, since the manifest contains cryptographic hashes of
+these files (and <filename>fetchurl.nix</filename> checks
+them).</para></listitem>
+
+<listitem><para>It would be useful to have an option in
+<command>nix-env --delete-generations</command> to remove non-current
+generations older than a certain age.</para></listitem>
+
+<listitem><para>There should be a flexible way to change the user
+environment builder.  Currently, you have to replace
+<filename><replaceable>prefix</replaceable>/share/nix/corepkgs/buildenv/builder.pl</filename>,
+which is hard-coded into <command>nix-env</command>.  Also, the
+default builder should be more powerful.  For instance, there should
+be some way to specify priorities to resolve
+collisions.</para></listitem>
+
+</itemizedlist>
+
+</appendix>

doc/manual/build-farm.xml

@@ -0,0 +1,137 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id='chap-build-farm'>
+
+<title>Setting up a Build Farm</title>
+
+
+<para>This chapter provides some sketchy information on how to set up
+a Nix-based build farm.  Nix is particularly suited as a basis for a
+build farm, since:
+
+<itemizedlist>
+
+  <listitem><para>Nix supports distributed builds: a local Nix
+  installation can forward Nix builds to other machines over the
+  network.  This allows multiple builds to be performed in parallel
+  (thus improving performance), but more in importantly, it allows Nix
+  to perform multi-platform builds in a semi-transparent way.  For
+  instance, if you perform a build for a
+  <literal>powerpc-darwin</literal> on an
+  <literal>i686-linux</literal> machine, Nix can automatically forward
+  the build to a <literal>powerpc-darwin</literal> machine, if
+  available.</para></listitem>
+
+  <listitem><para>The Nix expression language is ideal for describing
+  build jobs, plus all their dependencies.  For instance, if your
+  package has some dependency, you don't have to manually install it
+  on all the machines in the build farm; they will be built
+  automatically.</para></listitem>
+
+  <listitem><para>Proper release management requires that builds (if
+  deployed) are traceable: it should be possible to figure out from
+  exactly what sources they were built, in what configuration, etc.;
+  and it should be possible to reproduce the build, if necessary.  Nix
+  makes this possible since Nix's hashing scheme uniquely identifies
+  builds, and Nix expressions are self-contained.</para></listitem>
+
+  <listitem><para>Nix will only rebuild things that have actually
+  changed.  For instance, if the sources of a component haven't
+  changed between runs of the build farm, the component won't be
+  rebuild (unless it was garbage-collected).  Also, dependencies
+  typically don't change very often, so they only need to be built
+  once.</para></listitem>
+
+  <listitem><para>The results of a Nix build farm can be made
+  available through a channel, so successful builds can be deployed to
+  users immediately.</para></listitem>
+
+</itemizedlist>
+
+</para>
+
+
+<section><title>Overview</title>
+
+<para>TODO</para>
+
+<para>The sources of the Nix build farm are at <link
+xlink:href='https://svn.cs.uu.nl:12443/repos/trace/release/trunk'/>.</para>
+
+</section>
+
+
+<section xml:id='sec-distributed-builds'><title>Setting up distributed builds</title>
+
+<para>You can enable distributed builds by setting the environment
+variable <envar>NIX_BUILD_HOOK</envar> to point to a program that Nix
+will call whenever it wants to build a derivation.  The build hook
+(typically a shell or Perl script) can decline the build, in which Nix
+will perform it in the usual way if possible, or it can accept it, in
+which case it is responsible for somehow getting the inputs of the
+build to another machine, doing the build there, and getting the
+results back.  The details of the build hook protocol are described in
+the documentation of the <link
+linkend="envar-build-hook"><envar>NIX_BUILD_HOOK</envar>
+variable</link>.</para>
+
+<example xml:id='ex-remote-systems'><title>Remote machine configuration:
+<filename>remote-systems.conf</filename></title>
+<programlisting>
+nix@mcflurry.labs.cs.uu.nl  powerpc-darwin  /home/nix/.ssh/id_quarterpounder_auto  2
+nix@scratchy.labs.cs.uu.nl  i686-linux      /home/nix/.ssh/id_scratchy_auto        1
+</programlisting>
+</example>
+
+<para>An example build hook can be found in the Nix build farm
+sources: <link
+xlink:href='https://svn.cs.uu.nl:12443/repos/trace/release/trunk/common/distributed/build-remote.pl'
+/>.  It should be suitable for most purposes, with maybe some minor
+adjustments.  It uses <command>ssh</command> and
+<command>rsync</command> to copy the build inputs and outputs and
+perform the remote build.  You should define a list of available build
+machines and set the environment variable
+<envar>REMOTE_SYSTEMS</envar> to point to it.  An example
+configuration is shown in <xref linkend='ex-remote-systems' />.  Each
+line in the file specifies a machine, with the following bits of
+information:
+
+<orderedlist>
+  
+  <listitem><para>The name of the remote machine, with optionally the
+  user under which the remote build should be performed.  This is
+  actually passed as an argument to <command>ssh</command>, so it can
+  be an alias defined in your
+  <filename>~/.ssh/config</filename>.</para></listitem>
+
+  <listitem><para>The Nix platform type identifier, such as
+  <literal>powerpc-darwin</literal>.</para></listitem>
+
+  <listitem><para>The SSH private key to be used to log in to the
+  remote machine.  Since builds should be non-interactive, this key
+  should not have a passphrase!</para></listitem>
+
+  <listitem><para>The maximum <quote>load</quote> of the remote
+  machine.  This is just the maximum number of jobs that
+  <filename>build-remote.pl</filename> will execute in parallel on the
+  machine.  Typically this should be equal to the number of
+  CPUs.</para></listitem>
+
+</orderedlist>
+
+You should also set up the environment variable
+<envar>CURRENT_LOAD</envar> to point at a file that
+<filename>build-remote.pl</filename> uses to remember how many jobs it
+is currently executing remotely.  It doesn't look at the actual load
+on the remote machine, so if you have multiple instances of Nix
+running, they should use the same <envar>CURRENT_LOAD</envar>
+file<footnote><para>Although there are probably some race conditions
+in the script right now.</para></footnote>.  Maybe in the future
+<filename>build-remote.pl</filename> will look at the actual remote
+load.  The load file should exist, so you should just create it as an
+empty file initially.</para>
+  
+</section>
+
+
+</chapter>

doc/manual/conf-file.xml

@@ -0,0 +1,147 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-conf-file">
+
+<title>Nix configuration file</title>
+
+
+<para>A number of persistent settings of Nix are stored in the file
+<filename><replaceable>prefix</replaceable>/etc/nix/nix.conf</filename>.
+This file is a list of <literal><replaceable>name</replaceable> =
+<replaceable>value</replaceable></literal> pairs, one per line.
+Comments start with a <literal>#</literal> character.  An example
+configuration file is shown in <xref linkend="ex-nix-conf" />.</para>
+
+<example xml:id='ex-nix-conf'><title>Nix configuration file</title>
+
+<programlisting>
+gc-keep-outputs = true       # Nice for developers
+gc-keep-derivations = true   # Idem
+env-keep-derivations = false
+</programlisting>
+</example>
+
+<para>The following variables are currently available: 
+
+<variablelist>
+
+  
+  <varlistentry xml:id="conf-gc-keep-outputs"><term><literal>gc-keep-outputs</literal></term>
+
+    <listitem><para>If <literal>true</literal>, the garbage collector
+    will keep the outputs of non-garbage derivations.  If
+    <literal>false</literal> (default), outputs will be deleted unless
+    they are GC roots themselves (or reachable from other roots).</para>
+ 
+    <para>In general, outputs must be registered as roots separately.
+    However, even if the output of a derivation is registered as a
+    root, the collector will still delete store paths that are used
+    only at build time (e.g., the C compiler, or source tarballs
+    downloaded from the network).  To prevent it from doing so, set
+    this option to <literal>true</literal>.</para></listitem>
+
+  </varlistentry>
+  
+
+  <varlistentry xml:id="conf-gc-keep-derivations"><term><literal>gc-keep-derivations</literal></term>
+
+    <listitem><para>If <literal>true</literal> (default), the garbage
+    collector will keep the derivations from which non-garbage store
+    paths were built.  If <literal>false</literal>, they will be
+    deleted unless explicitly registered as a root (or reachable from
+    other roots).</para>
+
+    <para>Keeping derivation around is useful for querying and
+    traceability (e.g., it allows you to ask with what dependencies or
+    options a store path was built), so by default this option is on.
+    Turn it off to safe a bit of disk space (or a lot if
+    <literal>gc-keep-outputs</literal> is also turned on).</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry xml:id="conf-gc-reserved-space"><term><literal>gc-reserved-space</literal></term>
+
+    <listitem><para>This option specifies how much space should be
+    reserved in normal use so that the garbage collector can run
+    succesfully.  Since the garbage collector must perform Berkeley DB
+    transactions, it needs some disk space for itself.  However, when
+    the disk is full, this space is not available, so the collector
+    would not be able to run precisely when it is most needed.</para>
+
+    <para>For this reason, when Nix is run, it allocates a file
+    <filename>/nix/var/nix/db/reserved</filename> of the size
+    specified by this option.  When the garbage collector is run, this
+    file is deleted before the Berkeley DB environment is opened.
+    This should give it enough room to proceed.</para>
+
+    <para>The default is <literal>1048576</literal> (1
+    MiB).</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry><term><literal>env-keep-derivations</literal></term>
+
+    <listitem><para>If <literal>false</literal> (default), derivations
+    are not stored in Nix user environments.  That is, the derivation
+    any build-time-only dependencies may be garbage-collected.</para>
+
+    <para>If <literal>true</literal>, when you add a Nix derivation to
+    a user environment, the path of the derivation is stored in the
+    user environment.  Thus, the derivation will not be
+    garbage-collected until the user environment generation is deleted
+    (<command>nix-env --delete-generations</command>).  To prevent
+    build-time-only dependencies from being collected, you should also
+    turn on <literal>gc-keep-outputs</literal>.</para>
+
+    <para>The difference between this option and
+    <literal>gc-keep-derivations</literal> is that this one is
+    “sticky”: it applies to any user environment created while this
+    option was enabled, while <literal>gc-keep-derivations</literal>
+    only applies at the moment the garbage collector is
+    run.</para></listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry xml:id="conf-build-max-jobs"><term><literal>build-max-jobs</literal></term>
+
+    <listitem><para>This option defines the maximum number of jobs
+    that Nix will try to build in parallel.  The default is
+    <literal>1</literal>.  You should generally set it to the number
+    of CPUs in your system (e.g., <literal>2</literal> on a Athlon 64
+    X2).  It can be overriden using the <option
+    linkend='opt-max-jobs'>--max-jobs</option> (<option>-j</option>)
+    command line switch.</para></listitem>
+
+  </varlistentry>
+
+
+  <varlistentry><term><literal>system</literal></term>
+
+    <listitem><para>This option specifies the canonical Nix system
+    name of the current installation, such as
+    <literal>i686-linux</literal> or
+    <literal>powerpc-darwin</literal>.  Nix can only build derivations
+    whose <literal>system</literal> attribute equals the value
+    specified here.  In general, it never makes sense to modify this
+    value from its default, since you can use it to ‘lie’ about the
+    platform you are building on (e.g., perform a Mac OS build on a
+    Linux machine; the result would obviously be wrong).  It only
+    makes sense if the Nix binaries can run on multiple platforms,
+    e.g., ‘universal binaries’ that run on <literal>powerpc-darwin</literal> and
+    <literal>i686-darwin</literal>.</para>
+
+    <para>It defaults to the canonical Nix system name detected by
+    <filename>configure</filename> at build time.</para></listitem>
+
+  </varlistentry>
+  
+    
+</variablelist>
+
+</para>
+
+
+</section>

doc/manual/custom.css

@@ -1,33 +0,0 @@
-:root {
-    --sidebar-width: 23em;
-}
-
-h1.menu-title::before {
-  content: "";
-  background-image: url("./favicon.svg");
-  padding: 1.25em;
-  background-position: center center;
-  background-size: 2em;
-  background-repeat: no-repeat;
-}
-
-
-.menu-bar {
-  padding: 0.5em 0em;
-}
-
-.sidebar .sidebar-scrollbox {
-  padding: 1em;
-}
-
-h1:not(:first-of-type) {
-    margin-top: 1.3em;
-}
-
-h2 {
-    margin-top: 1em;
-}
-
-.hljs-meta {
-    user-select: none;
-}

doc/manual/env-common.xml

@@ -0,0 +1,269 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-common-env">
+
+<title>Common environment variables</title>
+
+
+<para>Most Nix commands interpret the following environment variables:</para>
+
+<variablelist>
+
+  
+<varlistentry><term><envar>NIX_IGNORE_SYMLINK_STORE</envar></term>
+
+  <listitem>
+
+  <para>Normally, the Nix store directory (typically
+  <filename>/nix/store</filename>) is not allowed to contain any
+  symlink components.  This is to prevent “impure” builds.  Builders
+  sometimes “canonicalise” paths by resolving all symlink components.
+  Thus, builds on different machines (with
+  <filename>/nix/store</filename> resolving to different locations)
+  could yield different results.  This is generally not a problem,
+  except when builds are deployed to machines where
+  <filename>/nix/store</filename> resolves differently.  If you are
+  sure that you’re not going to do that, you can set
+  <envar>NIX_IGNORE_SYMLINK_STORE</envar> to <envar>1</envar>.</para>
+
+  <para>Note that if you’re symlinking the Nix store so that you can
+  put it on another file system than the root file system, on Linux
+  you’re better off using <literal>bind</literal> mount points, e.g.,
+
+  <screen>
+$ mkdir /nix   
+$ mount -o bind /mnt/otherdisk/nix /nix</screen>
+
+  Consult the <citerefentry><refentrytitle>mount</refentrytitle>
+  <manvolnum>8</manvolnum></citerefentry> manual page for details.</para>
+
+  </listitem>
+
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_STORE_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix store (default
+  <filename><replaceable>prefix</replaceable>/store</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_DATA_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix static data
+  directory (default
+  <filename><replaceable>prefix</replaceable>/share</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_LOG_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix log directory
+  (default <filename><replaceable>prefix</replaceable>/log/nix</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_STATE_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix state directory
+  (default <filename><replaceable>prefix</replaceable>/var/nix</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_DB_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix database (default
+  <filename><replaceable>$NIX_STATE_DIR</replaceable>/db</filename>, i.e.,
+  <filename><replaceable>prefix</replaceable>/var/nix/db</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_CONF_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix configuration
+  directory (default
+  <filename><replaceable>prefix</replaceable>/etc/nix</filename>).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><envar>NIX_LOG_TYPE</envar></term>
+
+  <listitem><para>Equivalent to the <link
+  linkend="opt-log-type"><option>--log-type</option>
+  option</link>.</para></listitem>
+
+</varlistentry>
+  
+
+<varlistentry><term><envar>TMPDIR</envar></term>
+
+  <listitem><para>Use the specified directory to store temporary
+  files.  In particular, this includes temporary build directories;
+  these can take up substantial amounts of disk space.  The default is
+  <filename>/tmp</filename>.</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry xml:id="envar-build-hook"><term><envar>NIX_BUILD_HOOK</envar></term>
+
+  <listitem>
+
+  <para>Specifies the location of the <emphasis>build hook</emphasis>,
+  which is a program (typically some script) that Nix will call
+  whenever it wants to build a derivation.  This is used to implement
+  distributed builds (see <xref linkend="sec-distributed-builds"
+  />).  The protocol by which the calling Nix process and the build
+  hook communicate is as follows.</para>
+
+  <para>The build hook is called with the following command-line
+  arguments:
+
+  <orderedlist>
+
+    <listitem><para>A boolean value <literal>0</literal> or
+    <literal>1</literal> specifying whether Nix can locally execute
+    more builds, as per the <link
+    linkend="opt-max-jobs"><option>--max-jobs</option> option</link>.
+    The purpose of this argument is to allow the hook to not have to
+    maintain bookkeeping for the local machine.</para></listitem>
+
+    <listitem><para>The Nix platform identifier for the local machine
+    (e.g., <literal>i686-linux</literal>).</para></listitem>
+
+    <listitem><para>The Nix platform identifier for the derivation,
+    i.e., its <link linkend="attr-system"><varname>system</varname>
+    attribute</link>.</para></listitem>
+
+    <listitem><para>The store path of the derivation.</para></listitem>
+
+  </orderedlist>
+
+  </para>
+
+  <para>On the basis of this information, and whatever persistent
+  state the build hook keeps about other machines and their current
+  load, it has to decide what to do with the build.  It should print
+  out on file descriptor 3 one of the following responses (terminated
+  by a newline, <literal>"\n"</literal>):
+
+  <variablelist>
+
+    <varlistentry><term><literal>decline</literal></term>
+
+      <listitem><para>The build hook is not willing or able to perform
+      the build; the calling Nix process should do the build itself,
+      if possible.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>postpone</literal></term>
+
+      <listitem><para>The build hook cannot perform the build now, but
+      can do so in the future (e.g., because all available build slots
+      on remote machines are in use).  The calling Nix process should
+      postpone this build until at least one currently running build
+      has terminated.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>accept</literal></term>
+
+      <listitem><para>The build hook has accepted the
+      build.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  <para>If the build hook accepts the build, it is possible that it is
+  no longer necessary to do the build because some other process has
+  performed the build in the meantime.  To prevent races, the hook
+  must read from file descriptor 4 a single line that tells it whether
+  to continue:
+
+  <variablelist>
+
+    <varlistentry><term><literal>cancel</literal></term>
+
+      <listitem><para>The build has already been done, so the hook
+      should exit.</para></listitem>
+
+    </varlistentry>
+  
+    <varlistentry><term><literal>okay</literal></term>
+
+      <listitem><para>The hook should proceed with the build.  At this
+      point, the calling Nix process has acquired locks on the output
+      path, so no other Nix process will perform the
+      build.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  <para>If the hook has been told to proceed, Nix will store in the
+  hook’s current directory a number of text files that contain
+  information about the derivation:
+
+  <variablelist>
+
+    <varlistentry><term><filename>inputs</filename></term>
+
+      <listitem><para>The set of store paths that are inputs to the
+      build process (one per line).  These have to be copied
+      <emphasis>to</emphasis> the remote machine (in addition to the
+      store derivation itself).</para></listitem>
+
+    </varlistentry>
+  
+    <varlistentry><term><filename>outputs</filename></term>
+
+      <listitem><para>The set of store paths that are outputs of the
+      derivation (one per line).  These have to be copied
+      <emphasis>from</emphasis> the remote machine if the build
+      succeeds.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><filename>references</filename></term>
+
+      <listitem><para>The reference graph of the inputs, in the format
+      accepted by the command <command>nix-store
+      --register-validity</command>.  It is necessary to run this
+      command on the remote machine after copying the inputs to inform
+      Nix on the remote machine that the inputs are valid
+      paths.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  <para>The hook should copy the inputs to the remote machine,
+  register the validity of the inputs, perform the remote build, and
+  copy the outputs back to the local machine.  An exit code other than
+  <literal>0</literal> indicates that the hook has failed.</para>
+
+  </listitem>
+
+
+</varlistentry>
+
+
+</variablelist>
+
+
+</section>

doc/manual/generate-builtins.nix

@@ -1,53 +0,0 @@
-let
-  inherit (builtins) concatStringsSep attrValues mapAttrs;
-  inherit (import <nix/utils.nix>) optionalString squash;
-in
-
-builtinsInfo:
-let
-  showBuiltin =
-    name:
-    {
-      doc,
-      type ? null,
-      args ? [ ],
-      experimental-feature ? null,
-      impure-only ? false,
-    }:
-    let
-      type' = optionalString (type != null) " (${type})";
-
-      experimentalNotice = optionalString (experimental-feature != null) ''
-        > **Note**
-        >
-        > This function is only available if the [`${experimental-feature}` experimental feature](@docroot@/development/experimental-features.md#xp-feature-${experimental-feature}) is enabled.
-        >
-        > For example, include the following in [`nix.conf`](@docroot@/command-ref/conf-file.md):
-        >
-        > ```
-        > extra-experimental-features = ${experimental-feature}
-        > ```
-      '';
-
-      impureNotice = optionalString impure-only ''
-        > **Note**
-        >
-        > Not available in [pure evaluation mode](@docroot@/command-ref/conf-file.md#conf-pure-eval).
-      '';
-    in
-    squash ''
-      <dt id="builtins-${name}">
-        <a href="#builtins-${name}"><code>${name}${listArgs args}</code></a>${type'}
-      </dt>
-      <dd>
-
-      ${experimentalNotice}
-
-      ${doc}
-
-      ${impureNotice}
-      </dd>
-    '';
-  listArgs = args: concatStringsSep "" (map (s: " <var>${s}</var>") args);
-in
-concatStringsSep "\n" (attrValues (mapAttrs showBuiltin builtinsInfo))

doc/manual/generate-deps.py

@@ -1,22 +0,0 @@
-#!/usr/bin/env python3
-
-import glob
-import sys
-
-# meson expects makefile-style dependency declarations, i.e.
-#
-#   target: dependency...
-#
-# meson seems to pass depfiles straight on to ninja even though
-# it also parses the file itself (or at least has code to do so
-# in its tree), so we must live by ninja's rules: only slashes,
-# spaces and octothorpes can be escaped, anything else is taken
-# literally. since the rules for these aren't even the same for
-# all three we will just fail when we encounter any of them (if
-# asserts are off for some reason the depfile will likely point
-# to nonexistent paths, making everything phony and thus fine.)
-for path in glob.glob(sys.argv[1] + '/**', recursive=True):
-    assert '\\' not in path
-    assert ' ' not in path
-    assert '#' not in path
-    print("ignored:", path)

doc/manual/generate-manpage.nix

@@ -1,235 +0,0 @@
-let
-  inherit (builtins)
-    attrNames
-    attrValues
-    concatMap
-    concatStringsSep
-    fromJSON
-    groupBy
-    length
-    lessThan
-    listToAttrs
-    mapAttrs
-    match
-    replaceStrings
-    sort
-    ;
-  inherit (import <nix/utils.nix>)
-    attrsToList
-    concatStrings
-    filterAttrs
-    optionalString
-    squash
-    trim
-    unique
-    ;
-  showStoreDocs = import <nix/generate-store-info.nix>;
-in
-
-inlineHTML: commandDump:
-
-let
-
-  commandInfo = fromJSON commandDump;
-
-  showCommand =
-    {
-      command,
-      details,
-      filename,
-      toplevel,
-    }:
-    let
-
-      result = ''
-        > **Warning** \
-        > This program is
-        > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-        > and its interface is subject to change.
-
-        # Name
-
-        `${command}` - ${details.description}
-
-        # Synopsis
-
-        ${showSynopsis command details.args}
-
-        ${maybeSubcommands}
-
-        ${maybeProse}
-
-        ${maybeOptions}
-      '';
-
-      showSynopsis =
-        command: args:
-        let
-          showArgument = arg: "*${arg.label}*" + optionalString (!arg ? arity) "...";
-          arguments = concatStringsSep " " (map showArgument args);
-        in
-        ''
-          `${command}` [*option*...] ${arguments}
-        '';
-
-      maybeSubcommands = optionalString (details ? commands && details.commands != { }) ''
-        where *subcommand* is one of the following:
-
-        ${subcommands}
-      '';
-
-      subcommands = if length categories > 1 then listCategories else listSubcommands details.commands;
-
-      categories = sort (x: y: x.id < y.id) (
-        unique (map (cmd: cmd.category) (attrValues details.commands))
-      );
-
-      listCategories = concatStrings (map showCategory categories);
-
-      showCategory = cat: ''
-        **${toString cat.description}:**
-
-        ${listSubcommands (filterAttrs (n: v: v.category == cat) details.commands)}
-      '';
-
-      listSubcommands = cmds: concatStrings (attrValues (mapAttrs showSubcommand cmds));
-
-      showSubcommand = name: subcmd: ''
-        * [`${command} ${name}`](./${appendName filename name}.md) - ${subcmd.description}
-      '';
-
-      maybeProse =
-        # FIXME: this is a horrible hack to keep `nix help-stores` working.
-        let
-          help-stores = ''
-            ${index}
-
-            ${allStores}
-          '';
-          index =
-            replaceStrings
-              [ "@store-types@" "./local-store.md" "./local-daemon-store.md" ]
-              [ storesOverview "#local-store" "#local-daemon-store" ]
-              details.doc;
-          storesOverview =
-            let
-              showEntry = store: "- [${store.name}](#${store.slug})";
-            in
-            concatStringsSep "\n" (map showEntry storesList) + "\n";
-          allStores = concatStringsSep "\n" (attrValues storePages);
-          storePages = listToAttrs (
-            map (s: {
-              name = s.filename;
-              value = s.page;
-            }) storesList
-          );
-          storesList = showStoreDocs {
-            storeInfo = commandInfo.stores;
-            inherit inlineHTML;
-          };
-          hasInfix =
-            infix: content:
-            builtins.stringLength content != builtins.stringLength (replaceStrings [ infix ] [ "" ] content);
-        in
-        optionalString (details ? doc) (
-          # An alternate implementation with builtins.match stack overflowed on some systems.
-          if hasInfix "@store-types@" details.doc then help-stores else details.doc
-        );
-
-      maybeOptions =
-        let
-          allVisibleOptions = filterAttrs (_: o: !o.hiddenCategory) (details.flags // toplevel.flags);
-        in
-        optionalString (allVisibleOptions != { }) ''
-          # Options
-
-          ${showOptions inlineHTML allVisibleOptions}
-
-          > **Note**
-          >
-          > See [`man nix.conf`](@docroot@/command-ref/conf-file.md#command-line-flags) for overriding configuration settings with command line flags.
-        '';
-
-      showOptions =
-        inlineHTML: allOptions:
-        let
-          showCategory = cat: opts: ''
-            ${optionalString (cat != "") "## ${cat}"}
-
-            ${concatStringsSep "\n" (attrValues (mapAttrs showOption opts))}
-          '';
-          showOption =
-            name: option:
-            let
-              result = trim ''
-                - ${item}
-
-                  ${option.description}
-              '';
-              item =
-                if inlineHTML then
-                  ''<span id="opt-${name}">[`--${name}`](#opt-${name})</span> ${shortName} ${labels}''
-                else
-                  "`--${name}` ${shortName} ${labels}";
-              shortName = optionalString (option ? shortName) ("/ `-${option.shortName}`");
-              labels = optionalString (option ? labels) (concatStringsSep " " (map (s: "*${s}*") option.labels));
-            in
-            result;
-          categories =
-            mapAttrs
-              # Convert each group from a list of key-value pairs back to an attrset
-              (_: listToAttrs)
-              (groupBy (cmd: cmd.value.category) (attrsToList allOptions));
-        in
-        concatStrings (attrValues (mapAttrs showCategory categories));
-    in
-    squash result;
-
-  appendName = filename: name: (if filename == "nix" then "nix3" else filename) + "-" + name;
-
-  processCommand =
-    {
-      command,
-      details,
-      filename,
-      toplevel,
-    }:
-    let
-      cmd = {
-        inherit command;
-        name = filename + ".md";
-        value = showCommand {
-          inherit
-            command
-            details
-            filename
-            toplevel
-            ;
-        };
-      };
-      subcommand =
-        subCmd:
-        processCommand {
-          command = command + " " + subCmd;
-          details = details.commands.${subCmd};
-          filename = appendName filename subCmd;
-          inherit toplevel;
-        };
-    in
-    [ cmd ] ++ concatMap subcommand (attrNames details.commands or { });
-
-  manpages = processCommand {
-    command = "nix";
-    details = commandInfo.args;
-    filename = "nix";
-    toplevel = commandInfo.args;
-  };
-
-  tableOfContents =
-    let
-      showEntry = page: "    - [${page.command}](command-ref/new-cli/${page.name})";
-    in
-    concatStringsSep "\n" (map showEntry manpages) + "\n";
-
-in
-(listToAttrs manpages) // { "SUMMARY.md" = tableOfContents; }

doc/manual/generate-settings.nix

@@ -1,99 +0,0 @@
-let
-  inherit (builtins)
-    attrValues
-    concatStringsSep
-    isAttrs
-    isBool
-    mapAttrs
-    ;
-  inherit (import <nix/utils.nix>)
-    concatStrings
-    indent
-    optionalString
-    squash
-    ;
-in
-
-# `inlineHTML` is a hack to accommodate inconsistent output from `lowdown`
-{
-  prefix,
-  inlineHTML ? true,
-}:
-settingsInfo:
-
-let
-
-  showSetting =
-    prefix: setting:
-    {
-      description,
-      documentDefault,
-      defaultValue,
-      aliases,
-      value,
-      experimentalFeature,
-    }:
-    let
-      result = squash ''
-        - ${item}
-
-        ${indent "  " body}
-      '';
-      item =
-        if inlineHTML then
-          ''<span id="${prefix}-${setting}">[`${setting}`](#${prefix}-${setting})</span>''
-        else
-          "`${setting}`";
-      # separate body to cleanly handle indentation
-      body = ''
-        ${experimentalFeatureNote}
-
-        ${description}
-
-        **Default:** ${showDefault documentDefault defaultValue}
-
-        ${showAliases aliases}
-      '';
-
-      experimentalFeatureNote = optionalString (experimentalFeature != null) ''
-        > **Warning**
-        >
-        > This setting is part of an
-        > [experimental feature](@docroot@/development/experimental-features.md).
-        >
-        > To change this setting, make sure the
-        > [`${experimentalFeature}` experimental feature](@docroot@/development/experimental-features.md#xp-feature-${experimentalFeature})
-        > is enabled.
-        > For example, include the following in [`nix.conf`](@docroot@/command-ref/conf-file.md):
-        >
-        > ```
-        > extra-experimental-features = ${experimentalFeature}
-        > ${setting} = ...
-        > ```
-      '';
-
-      showDefault =
-        documentDefault: defaultValue:
-        if documentDefault then
-          # a StringMap value type is specified as a string, but
-          # this shows the value type. The empty stringmap is `null` in
-          # JSON, but that converts to `{ }` here.
-          if defaultValue == "" || defaultValue == [ ] || isAttrs defaultValue then
-            "*empty*"
-          else if isBool defaultValue then
-            if defaultValue then "`true`" else "`false`"
-          else
-            "`${toString defaultValue}`"
-        else
-          "*machine-specific*";
-
-      showAliases =
-        aliases:
-        optionalString (aliases != [ ])
-          "**Deprecated alias:** ${(concatStringsSep ", " (map (s: "`${s}`") aliases))}";
-
-    in
-    result;
-
-in
-concatStrings (attrValues (mapAttrs (showSetting prefix) settingsInfo))

doc/manual/generate-store-info.nix

@@ -1,81 +0,0 @@
-let
-  inherit (builtins)
-    attrNames
-    listToAttrs
-    concatStringsSep
-    readFile
-    replaceStrings
-    ;
-  inherit (import <nix/utils.nix>)
-    optionalString
-    filterAttrs
-    trim
-    squash
-    toLower
-    unique
-    indent
-    ;
-  showSettings = import <nix/generate-settings.nix>;
-in
-
-{
-  # data structure describing all stores and their parameters
-  storeInfo,
-  # whether to add inline HTML tags
-  # `lowdown` does not eat those for one of the output modes
-  inlineHTML,
-}:
-
-let
-
-  showStore =
-    { name, slug }:
-    {
-      settings,
-      doc,
-      uri-schemes,
-      experimentalFeature,
-    }:
-    let
-      result = squash ''
-        # ${name}
-
-        ${experimentalFeatureNote}
-
-        ${doc}
-
-        ## Settings
-
-        ${showSettings {
-          prefix = "store-${slug}";
-          inherit inlineHTML;
-        } settings}
-      '';
-
-      experimentalFeatureNote = optionalString (experimentalFeature != null) ''
-        > **Warning**
-        >
-        > This store is part of an
-        > [experimental feature](@docroot@/development/experimental-features.md).
-        >
-        > To use this store, make sure the
-        > [`${experimentalFeature}` experimental feature](@docroot@/development/experimental-features.md#xp-feature-${experimentalFeature})
-        > is enabled.
-        > For example, include the following in [`nix.conf`](@docroot@/command-ref/conf-file.md):
-        >
-        > ```
-        > extra-experimental-features = ${experimentalFeature}
-        > ```
-      '';
-    in
-    result;
-
-  storesList = map (name: rec {
-    inherit name;
-    slug = replaceStrings [ " " ] [ "-" ] (toLower name);
-    filename = "${slug}.md";
-    page = showStore { inherit name slug; } storeInfo.${name};
-  }) (attrNames storeInfo);
-
-in
-storesList

doc/manual/generate-store-types.nix

@@ -1,47 +0,0 @@
-let
-  inherit (builtins)
-    attrNames
-    listToAttrs
-    concatStringsSep
-    readFile
-    replaceStrings
-    ;
-  showSettings = import <nix/generate-settings.nix>;
-  showStoreDocs = import <nix/generate-store-info.nix>;
-in
-
-storeInfo:
-
-let
-  storesList = showStoreDocs {
-    inherit storeInfo;
-    inlineHTML = true;
-  };
-
-  index =
-    let
-      showEntry = store: "- [${store.name}](./${store.filename})";
-    in
-    concatStringsSep "\n" (map showEntry storesList);
-
-  "index.md" = replaceStrings [ "@store-types@" ] [ index ] (
-    readFile ./source/store/types/index.md.in
-  );
-
-  tableOfContents =
-    let
-      showEntry = store: "    - [${store.name}](store/types/${store.filename})";
-    in
-    concatStringsSep "\n" (map showEntry storesList) + "\n";
-
-  "SUMMARY.md" = tableOfContents;
-
-  storePages = listToAttrs (
-    map (s: {
-      name = s.filename;
-      value = s.page;
-    }) storesList
-  );
-
-in
-storePages // { inherit "index.md" "SUMMARY.md"; }

doc/manual/generate-xp-features-shortlist.nix

@@ -1,9 +0,0 @@
-with builtins;
-with import <nix/utils.nix>;
-
-let
-  showExperimentalFeature = name: doc: ''
-    - [`${name}`](@docroot@/development/experimental-features.md#xp-feature-${name})
-  '';
-in
-xps: indent "  " (concatStrings (attrValues (mapAttrs showExperimentalFeature xps)))

doc/manual/generate-xp-features.nix

@@ -1,14 +0,0 @@
-with builtins;
-with import <nix/utils.nix>;
-
-let
-  showExperimentalFeature =
-    name: doc:
-    squash ''
-      ## [`${name}`]{#xp-feature-${name}}
-
-      ${doc}
-    '';
-in
-
-xps: (concatStringsSep "\n" (attrValues (mapAttrs showExperimentalFeature xps)))

doc/manual/glossary.xml

@@ -0,0 +1,167 @@
+<appendix xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink">
+
+<title>Glossary</title>
+
+
+<glosslist>
+
+
+<glossentry xml:id="gloss-derivation"><glossterm>derivation</glossterm>
+
+  <glossdef><para>A description of a build action.  The result of a
+  derivation is a store object.  Derivations are typically specified
+  in Nix expressions using the <link
+  linkend="ssec-derivation"><function>derivation</function>
+  primitive</link>.  These are translated into low-level
+  <emphasis>store derivations</emphasis> (implicitly by
+  <command>nix-env</command> and <command>nix-build</command>, or
+  explicitly by <command>nix-instantiate</command>).</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>store</glossterm>
+
+  <glossdef><para>The location in the file system where store objects
+  live.  Typically <filename>/nix/store</filename>.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>store path</glossterm>
+
+  <glossdef><para>The location in the file system of a store object,
+  i.e., an immediate child of the Nix store
+  directory.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>store object</glossterm>
+
+  <glossdef><para>A file that is an immediate child of the Nix store
+  directory.  These can be regular files, but also entire directory
+  trees.  Store objects can be sources (objects copied from outside of
+  the store), derivation outputs (objects produced by running a build
+  action), or derivations (files describing a build
+  action).</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-substitute"><glossterm>substitute</glossterm>
+
+  <glossdef><para>A substitute is a command invocation stored in the
+  Nix database that describes how to build a store object, bypassing
+  normal the build mechanism (i.e., derivations).  Typically, the
+  substitute builds the store object by downloading a pre-built
+  version of the store object from some server.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>purity</glossterm>
+
+  <glossdef><para>The assumption that equal Nix derivations when run
+  always produce the same output.  This cannot be guaranteed in
+  general (e.g., a builder can rely on external inputs such as the
+  network or the system time) but the Nix model assumes
+  it.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry><glossterm>Nix expression</glossterm>
+
+  <glossdef><para>A high-level description of software components and
+  compositions thereof.  Deploying software using Nix entails writing
+  Nix expressions for your components.  Nix expressions are translated
+  to derivations that are stored in the Nix store.  These derivations
+  can then be built.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-reference"><glossterm>reference</glossterm>
+
+  <glossdef><para>A store path <varname>P</varname> is said to have a
+  reference to a store path <varname>Q</varname> if the store object
+  at <varname>P</varname> contains the path <varname>Q</varname>
+  somewhere.  This implies than an execution involving
+  <varname>P</varname> potentially needs <varname>Q</varname> to be
+  present.  The <emphasis>references</emphasis> of a store path are
+  the set of store paths to which it has a reference.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-closure"><glossterm>closure</glossterm>
+
+  <glossdef><para>The closure of a store path is the set of store
+  paths that are directly or indirectly “reachable” from that store
+  path; that is, it’s the closure of the path under the <link
+  linkend="gloss-reference">references</link> relation.  For instance,
+  if the store object at path <varname>P</varname> contains a
+  reference to path <varname>Q</varname>, then <varname>Q</varname> is
+  in the closure of <varname>P</varname>.  For correct deployment it
+  is necessary to deploy whole closures, since otherwise at runtime
+  files could be missing.  The command <command>nix-store
+  -qR</command> prints out closures of store paths.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-output-path"><glossterm>output path</glossterm>
+
+  <glossdef><para>A store path produced by a derivation.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-deriver"><glossterm>deriver</glossterm>
+
+  <glossdef><para>The deriver of an <link
+  linkend="gloss-output-path">output path</link> is the store
+  derivation that built it.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-validity"><glossterm>validity</glossterm>
+
+  <glossdef><para>A store path is considered
+  <emphasis>valid</emphasis> if it exists in the file system, is
+  listed in the Nix database as being valid, and if all paths in its
+  closure are also valid.</para></glossdef>
+
+</glossentry>
+
+
+<glossentry xml:id="gloss-user-env"><glossterm>user environment</glossterm>
+
+  <glossdef><para>An automatically generated store object that
+  consists of a set of symlinks to “active” applications, i.e., other
+  store paths.  These are generated automatically by <link
+  linkend="sec-nix-env"><command>nix-env</command></link>.  See <xref
+  linkend="sec-profiles" />.</para>
+
+  </glossdef>
+  
+</glossentry>
+
+
+<glossentry xml:id="gloss-profile"><glossterm>profile</glossterm>
+
+  <glossdef><para>A symlink to the current <link
+  linkend="gloss-user-env">user environment</link> of a user, e.g.,
+  <filename>/nix/var/nix/profiles/default</filename>.</para></glossdef>
+
+</glossentry>
+
+
+
+</glosslist>
+
+
+</appendix>

doc/manual/installation.xml

@@ -0,0 +1,283 @@
+<?xml version="1.0" encoding="utf-8"?>
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="chap-installation">
+
+<title>Installation</title>
+
+
+<section><title>Supported platforms</title>
+
+<para>Nix is currently supported on the following platforms:
+
+<itemizedlist>
+
+  <listitem><para>Linux (particularly on x86, x86_64, and
+  PowerPC).</para></listitem>
+
+  <listitem><para>Mac OS X, both on Intel and
+  PowerPC.</para></listitem>
+
+  <listitem><para>FreeBSD (only tested on Intel).</para></listitem>
+
+  <listitem><para>Windows through <link
+  xlink:href="http://www.cygwin.com/">Cygwin</link>.</para>
+
+  <warning><para>On Cygwin, Nix <emphasis>must</emphasis> be installed
+  on an NTFS partition.  It will not work correctly on a FAT
+  partition.</para></warning>
+
+  </listitem>
+
+</itemizedlist>
+
+</para>
+
+<para>Nix is pretty portable, so it should work on most other Unix
+platforms as well.</para>
+
+</section>
+
+
+<section><title>Obtaining Nix</title>
+
+<para>The easiest way to obtain Nix is to download a <link
+xlink:href="http://www.cs.uu.nl/groups/ST/Trace/Nix">source
+distribution</link>.  RPMs for Red Hat, SuSE, and Fedora Core are also
+available.</para>
+
+<para>Alternatively, the most recent sources of Nix can be obtained
+from its <link
+xlink:href="https://svn.cs.uu.nl:12443/repos/trace/nix/trunk">Subversion
+repository</link>.  For example, the following command will check out
+the latest revision into a directory called
+<filename>nix</filename>:</para>
+
+<screen>
+$ svn checkout https://svn.cs.uu.nl:12443/repos/trace/nix/trunk nix</screen>
+
+<para>Likewise, specific releases can be obtained from the <link
+xlink:href="https://svn.cs.uu.nl:12443/repos/trace/nix/tags">tags
+directory</link> of the repository.  If you don't have Subversion, you
+can also download an automatically generated <link
+xlink:href="https://svn.cs.uu.nl:12443/dist/trace/">compressed
+tar-file</link> of the head revision of the trunk.</para>
+
+</section>
+
+
+<section><title>Prerequisites</title>
+
+<para><emphasis>The following prerequisites only apply when you build
+from source</emphasis>.  Binary releases (e.g., RPMs) have no
+prerequisites.</para>
+
+<para>A fairly recent version of GCC/G++ is required.  Version 2.95
+and higher should work.</para>
+
+<para>To build this manual and the man-pages you need the
+<command>xmllint</command> and <command>xsltproc</command> programs,
+which are part of the <literal>libxml2</literal> and
+<literal>libxslt</literal> packages, respectively.  You also need the
+<link
+xlink:href="http://docbook.sourceforge.net/projects/xsl/">DocBook XSL
+stylesheets</link> and optionally the <link
+xlink:href="http://www.docbook.org/schemas/5x"> DocBook 5.0 RELAX NG
+schemas</link>.  Note that these are only required if you modify the
+manual sources or when you are building from the Subversion
+repository.</para>
+
+<para>To build the parser, very <emphasis>recent</emphasis> versions
+of Bison and Flex are required.  (This is because Nix needs GLR
+support in Bison and reentrancy support in Flex.)  For Bison, you need
+version 2.3 or higher (1.875 does <emphasis>not</emphasis> work),
+which can be obtained from
+the <link xlink:href="ftp://alpha.gnu.org/pub/gnu/bison">GNU FTP
+server</link>.  For Flex, you need version 2.5.33, which is available
+on <link xlink:href="http://lex.sourceforge.net/">SourceForge</link>.
+Slightly older versions may also work, but ancient versions like the
+ubiquitous 2.5.4a won't.  Note that these are only required if you
+modify the parser or when you are building from the Subversion
+repository.</para>
+
+<para>Nix uses Sleepycat's Berkeley DB and CWI's ATerm library.  These
+are included in the Nix source distribution.  If you build from the
+Subversion repository, you must download them yourself and place them
+in the <filename>externals/</filename> directory.  See
+<filename>externals/Makefile.am</filename> for the precise URLs of
+these packages.  Alternatively, if you already have them installed,
+you can use <command>configure</command>'s <option>--with-bdb</option>
+and <option>--with-aterm</option> options to point to their respective
+locations.  Note that Berkeley DB <emphasis>must</emphasis> be version
+4.5; other versions may not have compatible database formats.</para>
+
+</section>
+
+
+<section><title>Building Nix from source</title>
+
+<para>After unpacking or checking out the Nix sources, issue the
+following commands:
+    </para>
+
+<screen>
+$ ./configure <replaceable>options...</replaceable>
+$ make
+$ make install</screen>
+
+<para>When building from the Subversion repository, these should be
+preceded by the command:
+    </para>
+
+<screen>
+$ ./boostrap</screen>
+
+<para>The installation path can be specified by passing the
+<option>--prefix=<replaceable>prefix</replaceable></option> to
+<command>configure</command>.  The default installation directory is
+<filename>/nix</filename>.  You can change this to any location you
+like.  You must have write permission to the
+<replaceable>prefix</replaceable> path.</para>
+
+<warning><para>It is best <emphasis>not</emphasis> to change the
+installation prefix from its default, since doing so makes it
+impossible to use pre-built binaries from the standard Nixpkgs
+channels.</para></warning>
+
+<para>If you want to rebuilt the documentation, pass the full path to
+the DocBook RELAX NG schemas and to the DocBook XSL stylesheets using
+the
+<option>--with-docbook-rng=<replaceable>path</replaceable></option>
+and
+<option>--with-docbook-xsl=<replaceable>path</replaceable></option>
+options.</para>
+
+</section>
+
+
+<section><title>Installing from RPMs</title>
+
+<para>RPM packages of Nix can be downloaded from <uri
+xlink:href="http://www.cs.uu.nl/groups/ST/Trace/Nix">http://www.cs.uu.nl/groups/ST/Trace/Nix</uri>.
+These RPMs should work for most fairly recent releases of SuSE and Red
+Hat Linux.  They have been known to work work on SuSE Linux 8.1 and
+9.0, and Red Hat 9.0.  In fact, it should work on any RPM-based Linux
+distribution based on <literal>glibc</literal> 2.3 or later.</para>
+
+<para>Once downloaded, the RPMs can be installed or upgraded using
+<command>rpm -U</command>.  For example,</para>
+
+<screen>
+$ rpm -U nix-0.5pre664-1.i386.rpm</screen>
+
+<para>The RPMs install into the directory <filename>/nix</filename>.
+Nix can be uninstalled using <command>rpm -e nix</command>.  After
+this it will be necessary to manually remove the Nix store and other
+auxiliary data:</para>
+
+<screen>
+$ rm -rf /nix/store
+$ rm -rf /nix/var</screen>
+
+</section>
+
+
+<section><title>Upgrading Nix through Nix</title>
+
+<para>You can install the latest stable version of Nix through Nix
+itself by subscribing to the channel <link
+xlink:href="http://nix.cs.uu.nl/dist/nix/channels-v3/nix-stable" />,
+or the latest unstable version by subscribing to the channel<link
+xlink:href="http://nix.cs.uu.nl/dist/nix/channels-v3/nix-unstable" />.
+You can also do a <link linkend="sec-one-click">one-click
+installation</link> by clicking on the package links at <link
+xlink:href="http://nix.cs.uu.nl/dist/nix/" />.</para>
+
+</section>
+
+
+<section><title>Security</title>
+
+<para>Nix has two basic security models.  First, it can be used in
+“single-user mode”, which is similar to what most other package
+management tools do: there is a single user (typically <systemitem
+class="username">root</systemitem>) who performs all package
+management operations.  All other users can then use the installed
+packages, but they cannot perform package management operations
+themselves.</para>
+
+<para>Alternatively, you can configure Nix in “multi-user mode”.  In
+this model, all users can perform package management operations — for
+instance, every user can install software without requiring root
+privileges.  Nix ensures that this is secure.  For instance, it’s not
+possible for one user to overwrite a package used by another user with
+a Trojan horse.</para>
+
+
+<section><title>Single-user mode</title>
+  
+<para>In single-user mode, all Nix operations that access the database
+in <filename><replaceable>prefix</replaceable>/var/nix/db</filename>
+or modify the Nix store in
+<filename><replaceable>prefix</replaceable>/store</filename> must be
+performed under the user ID that owns those directories.  This is
+typically <systemitem class="username">root</systemitem>.  (If you
+install from RPM packages, that’s in fact the default ownership.)
+However, on single-user machines, it is often convenient to
+<command>chown</command> those directories to your normal user account
+so that you don’t have to <command>su</command> to <systemitem
+class="username">root</systemitem> all the time.</para>
+
+</section>
+
+
+<section><title>Multi-user mode</title>
+
+<para></para>
+
+
+<!--
+
+warning: the nix-builders group should contain *only* the Nix
+builders, and nothing else.  If the Nix account is compromised, you
+can execute programs under the accounts in the nix-builders group, so
+it obviously shouldn’t contain any “real” user accounts.  So don’t use
+an existing group like <literal>users</literal> — just create a new
+one.
+
+-->
+
+<note><para>Multi-user mode has one important limitation: only
+<systemitem class="username">root</systemitem> can run <command
+linkend="sec-nix-pull">nix-pull</command> to register the availability
+of pre-built binaries.  However, those registrations
+<emphasis>are</emphasis> used by all users to speed up
+builds.</para></note>
+
+</section>
+
+
+</section> <!-- end of permissions section -->
+
+
+<section><title>Using Nix</title>
+
+<para>To use Nix, some environment variables should be set.  In
+particular, <envar>PATH</envar> should contain the directories
+<filename><replaceable>prefix</replaceable>/bin</filename> and
+<filename>~/.nix-profile/bin</filename>.  The first directory contains
+the Nix tools themselves, while <filename>~/.nix-profile</filename> is
+a symbolic link to the current <emphasis>user environment</emphasis>
+(an automatically generated package consisting of symlinks to
+installed packages).  The simplest way to set the required environment
+variables is to include the file
+<filename><replaceable>prefix</replaceable>/etc/profile.d/nix.sh</filename>
+in your <filename>~/.bashrc</filename> (or similar), like this:</para>
+
+<screen>
+source <replaceable>prefix</replaceable>/etc/profile.d/nix.sh</screen>
+
+</section>
+
+
+</chapter>

doc/manual/introduction.xml

@@ -0,0 +1,150 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink">
+
+<title>Introduction</title>
+
+<para>Nix is a system for the deployment of software.  Software
+deployment is concerned with the creation, distribution, and
+management of software components (<quote>packages</quote>).  Its main
+features are:
+
+<itemizedlist>
+
+<listitem><para>It helps you make sure that dependency specifications
+are complete.  In general in a deployment system you have to specify
+for each component what its dependencies are, but there are no
+guarantees that this specification is complete.  If you forget a
+dependency, then the component will build and work correctly on
+<emphasis>your</emphasis> machine if you have the dependency
+installed, but not on the end user's machine if it's not
+there.</para></listitem>
+
+<listitem><para>It is possible to have <emphasis>multiple versions or
+variants</emphasis> of a component installed at the same time.  In
+contrast, in systems such as RPM different versions of the same
+package tend to install to the same location in the file system, so
+installing one version will remove the other.  This is especially
+important if you want to use applications that have conflicting
+requirements on different versions of a component (e.g., application A
+requires version 1.0 of library X, while application B requires a
+non-backwards compatible version 1.1).</para></listitem>
+
+<listitem><para>Users can have different <quote>views</quote>
+(<quote>profiles</quote> in Nix parlance) on the set of installed
+applications in a system.  For instance, one user can have version 1.0
+of some package visible, while another is using version 1.1, and a
+third doesn't use it at all.</para></listitem>
+
+<listitem><para>It is possible to atomically
+<emphasis>upgrade</emphasis> software.  I.e., there is no time window
+during an upgrade in which part of the old version and part of the new
+version are simultaneously visible (which might well cause the
+component to fail).</para></listitem>
+
+<listitem><para>Likewise, it is possible to atomically roll back after
+an install, upgrade, or uninstall action.  That is, in a fast (O(1))
+operation the previous configuration of the system can be restored.
+This is because upgrade or uninstall actions don't actually remove
+components from the system.</para></listitem>
+
+<listitem><para>Unused components can be
+<emphasis>garbage-collected</emphasis> automatically and safely: when
+you remove an application from a profile, its dependencies will be
+deleted by the garbage collector only if there are no other active
+applications using them.</para></listitem>
+
+<listitem><para>Nix supports both source-based deployment models
+(where you distribute <emphasis>Nix expressions</emphasis> that tell
+Nix how to build software from source) and binary-based deployment
+models.  The latter is more-or-less transparent: installation of
+components is always based on Nix expressions, but if the expressions
+have been built before and Nix knows that the resulting binaries are
+available somewhere, it will use those instead.</para></listitem>
+
+<listitem><para>Nix is flexible in the deployment policies that it
+supports.  There is a clear separation between the tools that
+implement basic Nix <emphasis>mechanisms</emphasis> (e.g., building
+Nix expressions), and the tools that implement various deployment
+<emphasis>policies</emphasis>.  For instance, there is a concept of
+<quote>Nix channels</quote> that can be used to keep software
+installations up-to-date automatically from a network source.  This is
+a policy that is implemented by a fairly short Perl script, which can
+be adapted easily to achieve similar policies.</para></listitem>
+
+<listitem><para>Nix component builds aim to be <quote>pure</quote>;
+that is, unaffected by anything other than the declared dependencies.
+This means that if a component was built successfully once, it can be
+rebuilt again on another machine and the result will be the same.  We
+cannot <emphasis>guarantee</emphasis> this (e.g., if the build depends
+on the time-of-day), but Nix (and the tools in the Nix Packages
+collection) takes special care to help achieve this.</para></listitem>
+
+<listitem><para>Nix expressions (the things that tell Nix how to build
+components) are self-contained: they describe not just components but
+complete compositions.  In other words, Nix expressions also describe
+how to build all the dependencies.  This is in contrast to component
+specification languages like RPM spec files, which might say that a
+component X depends on some other component Y, but since it does not
+describe <emphasis>exactly</emphasis> what Y is, the result of
+building or running X might be different on different machines.
+Combined with purity, self-containedness ensures that a component that
+<quote>works</quote> on one machine also works on another, when
+deployed using Nix.</para></listitem>
+
+<listitem><para>The Nix expression language makes it easy to describe
+variability in components (e.g., optional features or
+dependencies).</para></listitem>
+
+<listitem><para>Nix is ideal for building build farms that do
+continuous builds of software from a version management system, since
+it can take care of building all the dependencies as well.  Also, Nix
+only rebuilds components that have changed, so there are no
+unnecessary builds.  In addition, Nix can transparently distribute
+build jobs over different machines, including different
+platforms.</para></listitem>
+
+<listitem><para>Nix can be used not only for software deployment, but
+also for <emphasis>service deployment</emphasis>, such as the
+deployment of a complete web server with all its configuration files,
+static pages, software dependencies, and so on.  Nix's advantages for
+software deployment also apply here: for instance, the ability
+trivially to have multiple configurations at the same time, or the
+ability to do rollbacks.</para></listitem>
+
+<listitem><para>Nix can efficiently upgrade between different versions
+of a component through <emphasis>binary patching</emphasis>.  If
+patches are available on a server, and you try to install a new
+version of some component, Nix will automatically apply a patch (or
+sequence of patches), if available, to transform the installed
+component into the new version.</para></listitem> 
+
+</itemizedlist>
+
+</para>
+
+<para>This manual tells you how to install and use Nix and how to
+write Nix expressions for software not already in the Nix Packages
+collection.  It also discusses some advanced topics, such as setting
+up a Nix-based build farm, and doing service deployment using
+Nix.</para>
+
+<note><para>Some background information on Nix can be found in a
+number of papers.  The ICSE 2004 paper <citetitle
+xlink:href='http://www.cs.uu.nl/~eelco/pubs/immdsd-icse2004-final.pdf'>Imposing
+a Memory Management Discipline on Software Deployment</citetitle>
+discusses the hashing mechanism used to ensure reliable dependency
+identification and non-interference between different versions and
+variants of packages.  The LISA 2004 paper <citetitle
+xlink:href='http://www.cs.uu.nl/~eelco/pubs/nspfssd-lisa2004-final.pdf'>Nix:
+A Safe and Policy-Free System for Software Deployment</citetitle>
+gives a more general discussion of Nix from a system-administration
+perspective.  The CBSE 2005 paper <citetitle
+xlink:href='http://www.cs.uu.nl/~eelco/pubs/eupfcdm-cbse2005-final.pdf'>Efficient
+Upgrading in a Purely Functional Component Deployment Model
+</citetitle> is about transparent patch deployment in Nix.  Finally,
+the SCM-12 paper <citetitle
+xlink:href='http://www.cs.uu.nl/~eelco/pubs/servicecm-scm12-final.pdf'>
+Service Configuration Management</citetitle> shows how services (e.g.,
+web servers) can be deployed and managed through Nix.</para></note>
+
+</chapter>

doc/manual/manual.xml

@@ -0,0 +1,125 @@
+<book xmlns="http://docbook.org/ns/docbook"
+      xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <info>
+
+    <title>Nix User's Guide</title>
+
+    <subtitle>Draft (Version <xi:include href="version.txt"
+    parse="text" />)</subtitle>
+
+    <author>
+      <personname>
+        <firstname>Eelco</firstname>
+        <surname>Dolstra</surname>
+      </personname>
+      <affiliation>
+        <orgname>Utrecht University</orgname>
+        <orgdiv>Faculty of Science, Department of Information and Computing Sciences</orgdiv>
+      </affiliation>
+    </author>
+
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2006</year>
+      <year>2007</year>
+      <holder>Eelco Dolstra</holder>
+    </copyright>
+
+    <date>September 2007</date>
+    
+  </info>
+
+  
+  <xi:include href="introduction.xml" />
+  <xi:include href="quick-start.xml" />
+  <xi:include href="installation.xml" />
+  <xi:include href="package-management.xml" />
+  <xi:include href="writing-nix-expressions.xml" />
+  <xi:include href="build-farm.xml" />
+
+
+  <appendix>
+    <title>Command Reference</title>
+    <xi:include href="opt-common.xml" />
+    <xi:include href="env-common.xml" />
+    <xi:include href="conf-file.xml" />
+    
+    <section>
+      <title>Main commands</title>
+      <section xml:id="sec-nix-env">
+        <title>nix-env</title>
+        <xi:include href="nix-env.xml" />
+      </section>
+      <section xml:id="sec-nix-instantiate">
+        <title>nix-instantiate</title>
+        <xi:include href="nix-instantiate.xml" />
+      </section>
+      <section xml:id="sec-nix-store">
+        <title>nix-store</title>
+        <xi:include href="nix-store.xml" />
+      </section>
+    </section>
+    
+    <section>
+      <title>Utilities</title>
+      <section xml:id="sec-nix-build">
+        <title>nix-build</title>
+        <xi:include href="nix-build.xml" />
+      </section>
+      <section xml:id="sec-nix-channel">
+        <title>nix-channel</title>
+        <xi:include href="nix-channel.xml" />
+      </section>
+      <section xml:id="sec-nix-collect-garbage">
+        <title>nix-collect-garbage</title>
+        <xi:include href="nix-collect-garbage.xml" />
+      </section>
+      <section xml:id="sec-nix-copy-closure">
+        <title>nix-copy-closure</title>
+        <xi:include href="nix-copy-closure.xml" />
+      </section>
+      <section xml:id="sec-nix-hash">
+        <title>nix-hash</title>
+        <xi:include href="nix-hash.xml" />
+      </section>
+      <section xml:id="sec-nix-install-package">
+        <title>nix-install-package</title>
+        <xi:include href="nix-install-package.xml" />
+      </section>
+      <section xml:id="sec-nix-pack-closure">
+        <title>nix-pack-closure</title>
+        <xi:include href="nix-pack-closure.xml" />
+      </section>
+      <section xml:id="sec-nix-prefetch-url">
+        <title>nix-prefetch-url</title>
+        <xi:include href="nix-prefetch-url.xml" />
+      </section>
+      <section xml:id="sec-nix-pull">
+        <title>nix-pull</title>
+        <xi:include href="nix-pull.xml" />
+      </section>
+      <section xml:id="sec-nix-push">
+        <title>nix-push</title>
+        <xi:include href="nix-push.xml" />
+      </section>
+      <section xml:id="sec-nix-unpack-closure">
+        <title>nix-unpack-closure</title>
+        <xi:include href="nix-unpack-closure.xml" />
+      </section>
+    </section>
+    
+  </appendix>
+
+  <xi:include href="troubleshooting.xml" />
+  <xi:include href="bugs.xml" />
+  <xi:include href="glossary.xml" />
+
+  <appendix>
+    <title>Nix Release Notes</title>
+    <xi:include href="release-notes.xml"
+                xpointer="xmlns(x=http://docbook.org/ns/docbook)xpointer(x:article/x:section)" />
+  </appendix>
+    
+</book>

doc/manual/meson.build

@@ -1,368 +0,0 @@
-project(
-  'nix-manual',
-  version : files('.version'),
-  meson_version : '>= 1.1',
-  license : 'LGPL-2.1-or-later',
-)
-
-nix = find_program('nix', native : true)
-
-mdbook = find_program('mdbook', native : true)
-bash = find_program('bash', native : true)
-rsync = find_program('rsync', required : true, native : true)
-
-pymod = import('python')
-python = pymod.find_installation('python3')
-
-nix_env_for_docs = {
-  'HOME' : '/dummy',
-  'NIX_CONF_DIR' : '/dummy',
-  'NIX_SSL_CERT_FILE' : '/dummy/no-ca-bundle.crt',
-  'NIX_STATE_DIR' : '/dummy',
-  'NIX_CONFIG' : 'cores = 0',
-}
-
-nix_for_docs = [ nix, '--experimental-features', 'nix-command' ]
-nix_eval_for_docs_common = nix_for_docs + [
-  'eval',
-  '-I',
-  'nix=' + meson.current_source_dir(),
-  '--store', 'dummy://',
-  '--impure',
-]
-nix_eval_for_docs = nix_eval_for_docs_common + '--raw'
-
-conf_file_json = custom_target(
-  command : nix_for_docs + [ 'config', 'show', '--json' ],
-  capture : true,
-  output : 'conf-file.json',
-  env : nix_env_for_docs,
-)
-
-language_json = custom_target(
-  command : [ nix, '__dump-language' ],
-  output : 'language.json',
-  capture : true,
-  env : nix_env_for_docs,
-)
-
-nix3_cli_json = custom_target(
-  command : [ nix, '__dump-cli' ],
-  capture : true,
-  output : 'nix.json',
-  env : nix_env_for_docs,
-)
-
-generate_manual_deps = files(
-  'generate-deps.py',
-)
-
-# Generates types
-subdir('source/store')
-# Generates builtins.md and builtin-constants.md.
-subdir('source/language')
-# Generates new-cli pages, experimental-features-shortlist.md, and conf-file.md.
-subdir('source/command-ref')
-# Generates experimental-feature-descriptions.md.
-subdir('source/development')
-# Generates rl-next-generated.md.
-subdir('source/release-notes')
-subdir('source')
-
-# Hacky way to figure out if `nix` is an `ExternalProgram` or
-# `Executable`. Only the latter can occur in custom target input lists.
-if nix.full_path().startswith(meson.build_root())
-  nix_input = nix
-else
-  nix_input = []
-endif
-
-manual = custom_target(
-  'manual',
-  command : [
-    bash,
-    '-euo',
-    'pipefail',
-    '-c',
-    '''
-        @0@ @INPUT0@ @CURRENT_SOURCE_DIR@ > @DEPFILE@
-        @0@ @INPUT1@ summary @2@ < @CURRENT_SOURCE_DIR@/source/SUMMARY.md.in > @2@/source/SUMMARY.md
-        sed -e 's|@version@|@3@|g' < @INPUT2@ > @2@/book.toml
-        @4@ -r -L --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
-        (cd @2@; RUST_LOG=warn @1@ build -d @2@ 3>&2 2>&1 1>&3) | { grep -Fv "because fragment resolution isn't implemented" || :; } 3>&2 2>&1 1>&3
-        rm -rf @2@/manual
-        mv @2@/html @2@/manual
-        # Remove Mathjax 2.7, because we will actually use MathJax 3.x
-        find @2@/manual | grep .html | xargs sed -i -e '/2.7.1.MathJax.js/d'
-        find @2@/manual -iname meson.build -delete
-    '''.format(
-      python.full_path(),
-      mdbook.full_path(),
-      meson.current_build_dir(),
-      meson.project_version(),
-      rsync.full_path(),
-    ),
-  ],
-  input : [
-    generate_manual_deps,
-    'substitute.py',
-    'book.toml.in',
-    'anchors.jq',
-    'custom.css',
-    nix3_cli_files,
-    experimental_features_shortlist_md,
-    experimental_feature_descriptions_md,
-    types_dir,
-    conf_file_md,
-    builtins_md,
-    rl_next_generated,
-    summary_rl_next,
-    json_schema_generated_files,
-    nix_input,
-  ],
-  output : [
-    'manual',
-    'markdown',
-  ],
-  depfile : 'manual.d',
-  env : {
-    'RUST_LOG' : 'info',
-    'MDBOOK_SUBSTITUTE_SEARCH' : meson.current_build_dir() / 'source',
-  },
-)
-manual_html = manual[0]
-manual_md = manual[1]
-
-install_subdir(
-  manual_html.full_path(),
-  install_dir : get_option('datadir') / 'doc/nix',
-)
-
-nix_nested_manpages = [
-  [
-    'nix-env',
-    [
-      'delete-generations',
-      'install',
-      'list-generations',
-      'query',
-      'rollback',
-      'set-flag',
-      'set',
-      'switch-generation',
-      'switch-profile',
-      'uninstall',
-      'upgrade',
-    ],
-  ],
-  [
-    'nix-store',
-    [
-      'add-fixed',
-      'add',
-      'delete',
-      'dump-db',
-      'dump',
-      'export',
-      'gc',
-      'generate-binary-cache-key',
-      'import',
-      'load-db',
-      'optimise',
-      'print-env',
-      'query',
-      'read-log',
-      'realise',
-      'repair-path',
-      'restore',
-      'serve',
-      'verify',
-      'verify-path',
-    ],
-  ],
-]
-
-foreach command : nix_nested_manpages
-  foreach page : command[1]
-    title = command[0] + ' --' + page
-    section = '1'
-    custom_target(
-      command : [
-        bash,
-        files('./render-manpage.sh'),
-        '--out-no-smarty',
-        title,
-        section,
-        '@INPUT0@/command-ref' / command[0] / (page + '.md'),
-        '@OUTPUT0@',
-      ],
-      input : [
-        manual_md,
-        nix_input,
-      ],
-      output : command[0] + '-' + page + '.1',
-      install : true,
-      install_dir : get_option('mandir') / 'man1',
-    )
-  endforeach
-endforeach
-
-nix3_manpages = [
-  'nix3-build',
-  'nix3-bundle',
-  'nix3-config',
-  'nix3-config-check',
-  'nix3-config-show',
-  'nix3-copy',
-  'nix3-daemon',
-  'nix3-derivation-add',
-  'nix3-derivation',
-  'nix3-derivation-show',
-  'nix3-develop',
-  'nix3-edit',
-  'nix3-env-shell',
-  'nix3-eval',
-  'nix3-flake-archive',
-  'nix3-flake-check',
-  'nix3-flake-clone',
-  'nix3-flake-info',
-  'nix3-flake-init',
-  'nix3-flake-lock',
-  'nix3-flake',
-  'nix3-flake-metadata',
-  'nix3-flake-new',
-  'nix3-flake-prefetch',
-  'nix3-flake-show',
-  'nix3-flake-update',
-  'nix3-fmt',
-  'nix3-hash-file',
-  'nix3-hash',
-  'nix3-hash-convert',
-  'nix3-hash-path',
-  'nix3-hash-to-base16',
-  'nix3-hash-to-base32',
-  'nix3-hash-to-base64',
-  'nix3-hash-to-sri',
-  'nix3-help',
-  'nix3-help-stores',
-  'nix3-key-convert-secret-to-public',
-  'nix3-key-generate-secret',
-  'nix3-key',
-  'nix3-log',
-  'nix3-nar-cat',
-  'nix3-nar-dump-path',
-  'nix3-nar-ls',
-  'nix3-nar-pack',
-  'nix3-nar',
-  'nix3-path-info',
-  'nix3-print-dev-env',
-  'nix3-profile',
-  'nix3-profile-add',
-  'nix3-profile-diff-closures',
-  'nix3-profile-history',
-  'nix3-profile-list',
-  'nix3-profile-remove',
-  'nix3-profile-rollback',
-  'nix3-profile-upgrade',
-  'nix3-profile-wipe-history',
-  'nix3-realisation-info',
-  'nix3-realisation',
-  'nix3-registry-add',
-  'nix3-registry-list',
-  'nix3-registry',
-  'nix3-registry-pin',
-  'nix3-registry-remove',
-  'nix3-repl',
-  'nix3-run',
-  'nix3-search',
-  'nix3-store-add',
-  'nix3-store-add-file',
-  'nix3-store-add-path',
-  'nix3-store-cat',
-  'nix3-store-copy-log',
-  'nix3-store-copy-sigs',
-  'nix3-store-delete',
-  'nix3-store-diff-closures',
-  'nix3-store-dump-path',
-  'nix3-store-gc',
-  'nix3-store-info',
-  'nix3-store-ls',
-  'nix3-store-make-content-addressed',
-  'nix3-store',
-  'nix3-store-optimise',
-  'nix3-store-path-from-hash-part',
-  'nix3-store-prefetch-file',
-  'nix3-store-repair',
-  'nix3-store-sign',
-  'nix3-store-verify',
-  'nix3-upgrade-nix',
-  'nix3-why-depends',
-  'nix',
-]
-
-foreach page : nix3_manpages
-  section = '1'
-  custom_target(
-    command : [
-      bash,
-      '@INPUT0@',
-      page,
-      section,
-      '@INPUT1@/command-ref/new-cli/@0@.md'.format(page),
-      '@OUTPUT@',
-    ],
-    input : [
-      files('./render-manpage.sh'),
-      manual_md,
-      nix_input,
-    ],
-    output : page + '.1',
-    install : true,
-    install_dir : get_option('mandir') / 'man1',
-  )
-endforeach
-
-nix_manpages = [
-  [ 'nix-env', 1 ],
-  [ 'nix-store', 1 ],
-  [ 'nix-build', 1 ],
-  [ 'nix-shell', 1 ],
-  [ 'nix-instantiate', 1 ],
-  [ 'nix-collect-garbage', 1 ],
-  [ 'nix-prefetch-url', 1 ],
-  [ 'nix-channel', 1 ],
-  [ 'nix-hash', 1 ],
-  [ 'nix-copy-closure', 1 ],
-  [ 'nix.conf', 5, conf_file_md.full_path() ],
-  [ 'nix-daemon', 8 ],
-  [ 'nix-profiles', 5, 'files/profiles.md' ],
-]
-
-foreach entry : nix_manpages
-  title = entry[0]
-  # nix.conf.5 and nix-profiles.5 are based off of conf-file.md and files/profiles.md,
-  # rather than a stem identical to its mdbook source.
-  # Therefore we use an optional third element of this array to override the name pattern
-  md_file = entry.get(2, title + '.md')
-  section = entry[1].to_string()
-  md_file_resolved = join_paths('@INPUT1@/command-ref/', md_file)
-  custom_target(
-    command : [
-      bash,
-      '@INPUT0@',
-      title,
-      section,
-      md_file_resolved,
-      '@OUTPUT@',
-    ],
-    input : [
-      files('./render-manpage.sh'),
-      manual_md,
-      entry.get(3, []),
-      nix_input,
-    ],
-    output : '@0@.@1@'.format(entry[0], entry[1]),
-    install : true,
-    install_dir : get_option('mandir') / 'man@0@'.format(entry[1]),
-  )
-endforeach

doc/manual/nix-build.xml

@@ -0,0 +1,144 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-build</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-build</refname>
+  <refpurpose>build a Nix expression</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-build</command>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="opt-common-syn.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(/db:nop/*)" />
+    <arg><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--attr</option></arg>
+        <arg choice='plain'><option>-A</option></arg>
+      </group>
+      <replaceable>attrPath</replaceable>
+    </arg>
+    <arg><option>--add-drv-link</option></arg>
+    <arg><option>--drv-link </option><replaceable>drvlink</replaceable></arg>
+    <arg><option>--no-out-link</option></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--out-link</option></arg>
+        <arg choice='plain'><option>-o</option></arg>
+      </group>
+      <replaceable>outlink</replaceable>
+    </arg>
+    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsection><title>Description</title>
+
+<para>The <command>nix-build</command> command builds the derivations
+described by the Nix expressions in <replaceable>paths</replaceable>.
+If the build succeeds, it places a symlink to the result in the
+current directory.  The symlink is called <filename>result</filename>.
+If there are multiple Nix expressions, or the Nix expressions evaluate
+to multiple derivations, multiple sequentially numbered symlinks are
+created (<filename>result</filename>, <filename>result-2</filename>,
+and so on).</para>
+
+<para>If no <replaceable>paths</replaceable> are specified, then
+<command>nix-build</command> will use <filename>default.nix</filename>
+in the current directory, if it exists.</para>
+
+<para><command>nix-build</command> is essentially a wrapper around
+<link
+linkend="sec-nix-instantiate"><command>nix-instantiate</command></link>
+(to translate a high-level Nix expression to a low-level store
+derivation) and <link
+linkend="rsec-nix-store-realise"><command>nix-store
+--realise</command></link> (to build the store derivation).</para>
+
+<warning><para>The result of the build is automatically registered as
+a root of the Nix garbage collector.  This root disappears
+automatically when the <filename>result</filename> symlink is deleted
+or renamed.  So don’t rename the symlink.</para></warning>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<para>See also <xref linkend="sec-common-options" />.  All options not
+listed here are passed to <command>nix-store --realise</command>,
+except for <option>--arg</option> and <option>--attr</option> /
+<option>-A</option> which are passed to
+<command>nix-instantiate</command>.</para>
+
+<variablelist>
+
+  <varlistentry><term><option>--add-drv-link</option></term>
+  
+    <listitem><para>Add a symlink in the current directory to the
+    store derivation produced by <command>nix-instantiate</command>.
+    The symlink is called <filename>derivation</filename> (which is
+    numbered in the case of multiple derivations).  The derivation is
+    a root of the garbage collector until the symlink is deleted or
+    renamed.</para></listitem>
+    
+  </varlistentry>
+
+  <varlistentry><term><option>--drv-link</option> <replaceable>drvlink</replaceable></term>
+  
+    <listitem><para>Change the name of the symlink to the derivation
+    created when <option>--add-drv-link</option> is used from
+    <filename>derivation</filename> to
+    <replaceable>drvlink</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--no-out-link</option></term>
+  
+    <listitem><para>Do not create a symlink to the output path.  Note
+    that as a result the output does not become a root of the garbage
+    collector, and so might be deleted by <command>nix-store
+    --gc</command>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry xml:id='opt-out-link'><term><option>--out-link</option> /
+  <option>-o</option> <replaceable>outlink</replaceable></term>
+  
+    <listitem><para>Change the name of the symlink to the output path
+    created unless <option>--no-out-link</option> is used from
+    <filename>result</filename> to
+    <replaceable>outlink</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<screen>
+$ nix-build pkgs/top-level/all-packages.nix -A firefox
+store derivation is /nix/store/qybprl8sz2lc...-firefox-1.5.0.7.drv
+/nix/store/d18hyl92g30l...-firefox-1.5.0.7
+
+$ ls -l result
+lrwxrwxrwx  <replaceable>...</replaceable>  result -> /nix/store/d18hyl92g30l...-firefox-1.5.0.7
+
+$ ls ./result/bin/
+firefox  firefox-config</screen>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-channel.xml

@@ -0,0 +1,92 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-channel</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-channel</refname>
+  <refpurpose>manage Nix channels</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-channel</command>
+    <group choice='req'>
+      <arg choice='plain'><option>--add</option> <replaceable>url</replaceable></arg>
+      <arg choice='plain'><option>--remove</option> <replaceable>url</replaceable></arg>
+      <arg choice='plain'><option>--list</option></arg>
+      <arg choice='plain'><option>--update</option></arg>
+    </group>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsection><title>Description</title>
+
+<para>A Nix channel is mechanism that allows you to automatically stay
+up-to-date with a set of pre-built Nix expressions.  A Nix channel is
+just a URL that points to a place that contains a set of Nix
+expressions, as well as a <command>nix-push</command> manifest.  See
+also <xref linkend="sec-channels" />.</para>
+
+<para>This command has the following operations:
+
+<variablelist>
+
+  <varlistentry><term><option>--add</option> <replaceable>url</replaceable></term>
+
+    <listitem><para>Adds <replaceable>url</replaceable> to the list of
+    subscribed channels.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--remove</option> <replaceable>url</replaceable></term>
+
+    <listitem><para>Removes <replaceable>url</replaceable> from the
+    list of subscribed channels.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--list</option></term>
+
+    <listitem><para>Prints the URLs of all subscribed channels on
+    standard output.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--update</option></term>
+
+    <listitem><para>Downloads the Nix expressions of all subscribed
+    channels, makes the conjunction of these the default for
+    <command>nix-env</command> operations (by calling <command>nix-env
+    -I</command>), and performs a <command>nix-pull</command> on the
+    manifests of all channels to make pre-built binaries
+    available.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+<para>Note that <option>--add</option> and <option>--remove</option>
+do not automatically perform an update.</para>
+
+<para>The list of subscribed channels is stored in
+<filename>~/.nix-channels</filename>.</para>
+
+<para>A channel consists of two elements: a bzipped Tar archive
+containing the Nix expressions, and a manifest created by
+<command>nix-push</command>.  These must be stored under
+<literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal> and
+<literal><replaceable>url</replaceable>/MANIFEST</literal>,
+respectively.</para>
+
+</refsection>
+
+</refentry>

doc/manual/nix-collect-garbage.xml

@@ -0,0 +1,58 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-collect-garbage</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-collect-garbage</refname>
+  <refpurpose>delete unreachable store paths</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-collect-garbage</command>
+    <arg><option>--delete-old</option></arg>
+    <arg><option>-d</option></arg>
+    <group choice='opt'>
+      <arg choice='plain'><option>--print-roots</option></arg>
+      <arg choice='plain'><option>--print-live</option></arg>
+      <arg choice='plain'><option>--print-dead</option></arg>
+      <arg choice='plain'><option>--delete</option></arg>
+    </group>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-collect-garbage</command> is mostly an
+alias of <link linkend="rsec-nix-store-gc"><command>nix-store
+--gc</command></link>, that is, it deletes all unreachable paths in
+the Nix store to clean up your system.  However, it provides an
+additional option <option>-d</option> (<option>--delete-old</option>)
+that deletes all old generations of all profiles in
+<filename>/nix/var/nix/profiles</filename> by invoking
+<literal>nix-env --delete-generations old</literal> on all profiles.
+Of course, this makes rollbacks to previous configurations
+impossible.</para>
+
+</refsection>
+
+<refsection><title>Example</title>
+
+<para>To delete from the Nix store everything that is not used by the
+current generations of each profile, do
+
+<screen>
+$ nix-collect-garbage -d</screen>
+
+</para>
+
+</refsection>
+
+</refentry>

doc/manual/nix-copy-closure.xml

@@ -0,0 +1,151 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-copy-closure</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-copy-closure</refname>
+  <refpurpose>copy a closure to or from a remote machine via SSH</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-copy-closure</command>
+    <group>
+      <arg choice='plain'><option>--to</option></arg>
+      <arg choice='plain'><option>--from</option></arg>
+    </group>
+    <arg><option>--sign</option></arg>
+    <arg><option>--gzip</option></arg>
+    <arg choice='plain'>
+      <arg><replaceable>user@</replaceable></arg><replaceable>machine</replaceable>
+    </arg>
+    <arg choice='plain'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para><command>nix-copy-closure</command> gives you an easy and
+efficient way to exchange software between machines.  Given one or
+more Nix store paths <replaceable>paths</replaceable> on the local
+machine, <command>nix-copy-closure</command> computes the closure of
+those paths (i.e. all their dependencies in the Nix store), and copies
+all paths in the closure to the remote machine via the
+<command>ssh</command> (Secure Shell) command.  With the
+<option>--from</option>, the direction is reversed:
+the closure of <replaceable>paths</replaceable> on a remote machine is
+copied to the Nix store on the local machine.</para>
+
+<para>This command is efficient because it only sends the store paths
+that are missing on the target machine.</para>
+
+<para>Since <command>nix-copy-closure</command> calls
+<command>ssh</command>, you may be asked to type in the appropriate
+password or passphrase.  In fact, you may be asked
+<emphasis>twice</emphasis> because <command>nix-copy-closure</command>
+currently connects twice to the remote machine, first to get the set
+of paths missing on the target machine, and second to send the dump of
+those paths.  If this bothers you, use
+<command>ssh-agent</command>.</para>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+  
+  <varlistentry><term><option>--to</option></term>
+
+    <listitem><para>Copy the closure of
+    <replaceable>paths</replaceable> from the local Nix store to the
+    Nix store on <replaceable>machine</replaceable>.  This is the
+    default.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--from</option></term>
+
+    <listitem><para>Copy the closure of
+    <replaceable>paths</replaceable> from the Nix store on
+    <replaceable>machine</replaceable> to the local Nix
+    store.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--sign</option></term>
+
+    <listitem><para>Let the sending machine cryptographically sign the
+    dump of each path with the key in
+    <filename>/nix/etc/nix/signing-key.sec</filename>.  If the user on
+    the target machine does not have direct access to the Nix store
+    (i.e., if the target machine has a multi-user Nix installation),
+    then the target machine will check the dump against
+    <filename>/nix/etc/nix/signing-key.pub</filename> before unpacking
+    it in its Nix store.  This allows secure sharing of store paths
+    between untrusted users on two machines, provided that there is a
+    trust relation between the Nix installations on both machines
+    (namely, they have matching public/secret keys).</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--gzip</option></term>
+
+    <listitem><para>Compress the dump of each path with
+    <command>gzip</command> before sending it.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Environment variables</title>
+
+<variablelist>
+
+  <varlistentry><term><envar>NIX_SSHOPTS</envar></term>
+
+    <listitem><para>Additional options to be passed to
+    <command>ssh</command> on the command line.</para></listitem>
+
+  </varlistentry>
+  
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>Copy Firefox with all its dependencies to a remote machine:
+
+<screen>
+$ nix-copy-closure alice@itchy.labs $(type -tP firefox)</screen>
+
+</para>
+
+<para>Copy Subversion from a remote machine and then install it into a
+user environment:
+
+<screen>
+$ nix-copy-closure --from alice@itchy.labs \
+    /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
+$ nix-env -i /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
+</screen>
+
+</para>
+
+</refsection>
+
+
+</refsection>
+
+</refentry>

doc/manual/nix-hash.xml

@@ -0,0 +1,162 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-hash</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-hash</refname>
+  <refpurpose>compute the cryptographic hash of a path</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-hash</command>
+    <arg><option>--flat</option></arg>
+    <arg><option>--base32</option></arg>
+    <arg><option>--truncate</option></arg>
+    <arg><option>--type</option> <replaceable>hashAlgo</replaceable></arg>
+    <arg choice='plain' rep='repeat'><replaceable>path</replaceable></arg>
+  </cmdsynopsis>
+  <cmdsynopsis>
+    <command>nix-hash</command>
+    <arg choice='plain'><option>--to-base16</option></arg>
+    <arg choice='plain' rep='repeat'><replaceable>hash</replaceable></arg>
+  </cmdsynopsis>
+  <cmdsynopsis>
+    <command>nix-hash</command>
+    <arg choice='plain'><option>--to-base32</option></arg>
+    <arg choice='plain' rep='repeat'><replaceable>hash</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-hash</command> computes the
+cryptographic hash of the contents of each
+<replaceable>path</replaceable> and prints it on standard output.  By
+default, it computes an MD5 hash, but other hash algorithms are
+available as well.  The hash is printed in hexadecimal.</para>
+
+<para>The hash is computed over a <emphasis>serialisation</emphasis>
+of each path: a dump of the file system tree rooted at the path.  This
+allows directories and symlinks to be hashed as well as regular files.
+The dump is in the <emphasis>NAR format</emphasis> produced by <link
+linkend="refsec-nix-store-dump"><command>nix-store</command>
+<option>--dump</option></link>.  Thus, <literal>nix-hash
+<replaceable>path</replaceable></literal> yields the same
+cryptographic hash as <literal>nix-store --dump
+<replaceable>path</replaceable> | md5sum</literal>.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+  
+  <varlistentry><term><option>--flat</option></term>
+
+    <listitem><para>Print the cryptographic hash of the contents of
+    each regular file <replaceable>path</replaceable>.  That is, do
+    not compute the hash over the dump of
+    <replaceable>path</replaceable>.  The result is identical to that
+    produced by the GNU commands <command>md5sum</command> and
+    <command>sha1sum</command>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--base32</option></term>
+
+    <listitem><para>Print the hash in a base-32 representation rather
+    than hexadecimal.  This base-32 representation is more compact and
+    can be used in Nix expressions (such as in calls to
+    <function>fetchurl</function>).</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--truncate</option></term>
+
+    <listitem><para>Truncate hashes longer than 160 bits (such as
+    SHA-256) to 160 bits.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--type</option> <replaceable>hashAlgo</replaceable></term>
+
+    <listitem><para>Specify a cryptographic hash, which can be one of
+    <literal>md5</literal>, <literal>sha1</literal>, and
+    <literal>sha256</literal>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--to-base16</option></term>
+
+    <listitem><para>Don’t hash anything, but convert the base-32 hash
+    representation <replaceable>hash</replaceable> to
+    hexadecimal.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--to-base32</option></term>
+
+    <listitem><para>Don’t hash anything, but convert the hexadecimal
+    hash representation <replaceable>hash</replaceable> to
+    base-32.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>Computing hashes:
+
+<screen>
+$ mkdir test
+$ echo "hello" > test/world
+
+$ nix-hash test/ <lineannotation>(MD5 hash; default)</lineannotation>
+8179d3caeff1869b5ba1744e5a245c04
+
+$ nix-store --dump test/ | md5sum <lineannotation>(for comparison)</lineannotation>
+8179d3caeff1869b5ba1744e5a245c04  -
+
+$ nix-hash --type sha1 test/
+e4fd8ba5f7bbeaea5ace89fe10255536cd60dab6
+
+$ nix-hash --type sha1 --base32 test/
+nvd61k9nalji1zl9rrdfmsmvyyjqpzg4
+
+$ nix-hash --type sha256 --flat test/
+error: reading file `test/': Is a directory
+
+$ nix-hash --type sha256 --flat test/world
+5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03</screen>
+
+</para>
+
+<para>Converting between hexadecimal and base-32:
+
+<screen>
+$ nix-hash --type sha1 --to-base32 e4fd8ba5f7bbeaea5ace89fe10255536cd60dab6
+nvd61k9nalji1zl9rrdfmsmvyyjqpzg4
+
+$ nix-hash --type sha1 --to-base16 nvd61k9nalji1zl9rrdfmsmvyyjqpzg4
+e4fd8ba5f7bbeaea5ace89fe10255536cd60dab6</screen>
+
+</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-install-package.xml

@@ -0,0 +1,197 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-install-package</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-install-package</refname>
+  <refpurpose>install a Nix Package file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-install-package</command>
+    <arg><option>--non-interactive</option></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--profile</option></arg>
+        <arg choice='plain'><option>-p</option></arg>
+      </group>
+      <replaceable>path</replaceable>
+    </arg>
+    <sbr />
+    <group choice='req'>
+      <arg choice='req'>
+        <option>--url</option>
+        <arg choice='plain'><replaceable>url</replaceable></arg>
+      </arg>
+      <arg choice='req'>
+        <arg choice='plain'><replaceable>file</replaceable></arg>
+      </arg>
+    </group>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-install-package</command> interactively
+installs a Nix Package file (<filename>*.nixpkg</filename>), which is
+a small file that contains a store path to be installed along with the
+URL of a <link linkend="sec-nix-push"><command>nix-push</command>
+manifest</link>.  The Nix Package file is either
+<replaceable>file</replaceable>, or automatically downloaded from
+<replaceable>url</replaceable> if the <option>--url</option> switch is
+used.</para>
+
+<para><command>nix-install-package</command> is used in <link
+linkend="sec-one-click">one-click installs</link> to download and
+install pre-built binary packages with all necessary dependencies.
+<command>nix-install-package</command> is intended to be associated
+with the MIME type <literal>application/nix-package</literal> in a web
+browser so that it is invoked automatically when you click on
+<filename>*.nixpkg</filename> files.  When invoked, it restarts itself
+in a terminal window (since otherwise it would be invisible when run
+from a browser), asks the user to confirm whether to install the
+package, and if so downloads and installs the package into the user’s
+current profile.</para>
+
+<para>To obtain a window, <command>nix-install-package</command> tries
+to restart itself with <command>xterm</command>,
+<command>konsole</command> and
+<command>gnome-terminal</command>.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+  
+  <varlistentry><term><option>--non-interactive</option></term>
+
+    <listitem><para>Do not open a new terminal window and do not ask
+    for confirmation.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--profile</option></term>
+    <term><option>-p</option></term>
+
+    <listitem><para>Install the package into the specified profile
+    rather than the user’s current profile.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To install <filename>subversion-1.4.0.nixpkg</filename> into the
+user’s current profile, without any prompting:
+
+<screen>
+$ nix-install-package --non-interactive subversion-1.4.0.nixpkg</screen>
+
+</para>
+
+<para>To install the same package from some URL into a different
+profile:
+
+<screen>
+$ nix-install-package --non-interactive -p /nix/var/nix/profiles/eelco \
+    --url http://nix.cs.uu.nl/dist/nix/nixpkgs-0.10pre6622/pkgs/subversion-1.4.0-i686-linux.nixpkg</screen>
+
+</para>
+
+</refsection>
+
+
+<refsection><title>Format of <literal>nixpkg</literal> files</title>
+
+<para>A Nix Package file consists of a single line with the following
+format:
+
+<screen>
+NIXPKG1 <replaceable>manifestURL</replaceable> <replaceable>name</replaceable> <replaceable>system</replaceable> <replaceable>drvPath</replaceable> <replaceable>outPath</replaceable></screen>
+
+The elemens are as follows:
+
+<variablelist>
+
+  <varlistentry><term><literal>NIXPKG1</literal></term>
+  
+    <listitem><para>The version of the Nix Package
+    file.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>manifestURL</replaceable></term>
+  
+    <listitem><para>The manifest to be pulled by
+    <command>nix-pull</command>.  The manifest must contain
+    <replaceable>outPath</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>name</replaceable></term>
+  
+    <listitem><para>The symbolic name and version of the
+    package.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>system</replaceable></term>
+  
+    <listitem><para>The platform identifier of the platform for which
+    this binary package is intended.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>drvPath</replaceable></term>
+  
+    <listitem><para>The path in the Nix store of the derivation from
+    which <replaceable>outPath</replaceable> was built.  Not currently
+    used.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>outPath</replaceable></term>
+  
+    <listitem><para>The path in the Nix store of the package.  After
+    <command>nix-install-package</command> has obtained the manifest
+    from <replaceable>manifestURL</replaceable>, it performs a
+    <literal>nix-env -i</literal> <replaceable>outPath</replaceable>
+    to install the binary package.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+  
+</para>
+
+<para>An example follows:
+
+<screen>
+NIXPKG1 http://.../nixpkgs-0.10pre6622/MANIFEST subversion-1.4.0 i686-darwin \
+  /nix/store/4kh60jkp...-subversion-1.4.0.drv \
+  /nix/store/nkw7wpgb...-subversion-1.4.0</screen>
+
+(The line breaks (<literal>\</literal>) are for presentation purposes
+and not part of the actual file.)
+
+</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-instantiate.xml

@@ -0,0 +1,200 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-instantiate</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-instantiate</refname>
+  <refpurpose>instantiate store derivations from Nix expressions</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-instantiate</command>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="opt-common-syn.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(/db:nop/*)" />
+    <arg><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--attr</option></arg>
+        <arg choice='plain'><option>-A</option></arg>
+      </group>
+      <replaceable>attrPath</replaceable>
+    </arg>
+    <arg><option>--add-root</option> <replaceable>path</replaceable></arg>
+    <arg><option>--indirect</option></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--parse-only</option></arg>
+        <arg choice='plain'>
+          <option>--eval-only</option>
+          <arg><option>--strict</option></arg>
+        </arg>
+      </group>
+      <arg><option>--xml</option></arg>
+    </arg>
+    <arg choice='plain' rep='repeat'><replaceable>files</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-instantiate</command> generates <link
+linkend="gloss-derivation">store derivations</link> from (high-level)
+Nix expressions.  It loads and evaluates the Nix expressions in each
+of <replaceable>files</replaceable>.  Each top-level expression should
+evaluate to a derivation, a list of derivations, or a set of
+derivations.  The paths of the resulting store derivations are printed
+on standard output.</para>
+
+<para>If <replaceable>files</replaceable> is the character
+<literal>-</literal>, then a Nix expression will be read from standard
+input.</para>
+
+<para>Most users and developers don’t need to use this command
+(<command>nix-env</command> and <command>nix-build</command> perform
+store derivation instantiation from Nix expressions automatically).
+It is most commonly used for implementing new deployment
+policies.</para>
+
+<para>See also <xref linkend="sec-common-options" /> for a list of
+common options.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+
+  <varlistentry>
+    <term><option>--add-root</option> <replaceable>path</replaceable></term>
+    <term><option>--indirect</option></term>
+
+    <listitem><para>See the <link linkend="opt-add-root">corresponding
+    options</link> in <command>nix-store</command>.</para></listitem>
+
+  </varlistentry>
+
+    
+  <varlistentry><term><option>--parse-only</option></term>
+  
+    <listitem><para>Just parse the input files, and print their
+    abstract syntax trees on standard output in ATerm
+    format.</para></listitem>
+    
+  </varlistentry>
+      
+  <varlistentry><term><option>--eval-only</option></term>
+  
+    <listitem><para>Just parse and evaluate the input files, and print
+    the resulting values on standard output.  No instantiation of
+    store derivations takes place.</para></listitem>
+    
+  </varlistentry>
+
+  <varlistentry><term><option>--xml</option></term>
+
+    <listitem><para>When used with <option>--parse-only</option> and
+    <option>--eval-only</option>, print the resulting expression as an
+    XML representation of the abstract syntax tree rather than as an
+    ATerm.  The schema is the same as that used by the <link
+    linkend="builtin-toXML"><function>toXML</function>
+    built-in</link>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--strict</option></term>
+
+    <listitem><para>When used with <option>--eval-only</option>,
+    recursively evaluate list elements and attributes.  Normally, such
+    sub-expressions are left unevaluated (since the Nix expression
+    language is lazy).</para>
+
+    <warning><para>This option can cause non-termination, because lazy
+    data structures can be infinitely large.</para></warning>
+
+    </listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>Instantiating store derivations from a Nix expression, and
+building them using <command>nix-store</command>:
+
+<screen>
+$ nix-instantiate test.nix <lineannotation>(instantiate)</lineannotation>
+/nix/store/cigxbmvy6dzix98dxxh9b6shg7ar5bvs-perl-BerkeleyDB-0.26.drv
+
+$ nix-store -r $(nix-instantiate test.nix) <lineannotation>(build)</lineannotation>
+<replaceable>...</replaceable>
+/nix/store/qhqk4n8ci095g3sdp93x7rgwyh9rdvgk-perl-BerkeleyDB-0.26 <lineannotation>(output path)</lineannotation>
+
+$ ls -l /nix/store/qhqk4n8ci095g3sdp93x7rgwyh9rdvgk-perl-BerkeleyDB-0.26
+dr-xr-xr-x    2 eelco    users        4096 1970-01-01 01:00 lib
+...</screen>
+
+</para>
+
+<para>Parsing and evaluating Nix expressions:
+
+<screen>
+$ echo '"foo" + "bar"' | nix-instantiate --parse-only -
+OpPlus(Str("foo"),Str("bar"))
+
+$ echo '"foo" + "bar"' | nix-instantiate --eval-only -
+Str("foobar")
+
+$ echo '"foo" + "bar"' | nix-instantiate --eval-only --xml -
+<![CDATA[<?xml version='1.0' encoding='utf-8'?>
+<expr>
+  <string value="foobar" />
+</expr>]]></screen>
+
+</para>
+
+<para>The difference between non-strict and strict evaluation:
+
+<screen>
+$ echo 'rec { x = "foo"; y = x; }' | nix-instantiate --eval-only --xml -
+<replaceable>...</replaceable><![CDATA[
+    <attr name="x">
+      <string value="foo" />
+    </attr>
+    <attr name="y">
+      <unevaluated />
+    </attr>]]>
+<replaceable>...</replaceable></screen>
+
+Note that <varname>y</varname> is left unevaluated (the XML
+representation doesn’t attempt to show non-normal forms).
+
+<screen>
+$ echo 'rec { x = "foo"; y = x; }' | nix-instantiate --eval-only --xml --strict -
+<replaceable>...</replaceable><![CDATA[
+    <attr name="x">
+      <string value="foo" />
+    </attr>
+    <attr name="y">
+      <string value="foo" />
+    </attr>]]>
+<replaceable>...</replaceable></screen>
+
+</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-lang-ref.xml

@@ -0,0 +1,277 @@
+<appendix>
+  <title>Nix Language Reference</title>
+
+  <sect1>
+    <title>Grammar</title>
+
+    <productionset>
+      <title>Expressions</title>
+      
+      <production id="nix.expr">
+        <lhs>Expr</lhs>
+        <rhs>
+          <nonterminal def="#nix.expr_function" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_function">
+        <lhs>ExprFunction</lhs>
+        <rhs>
+          '{' <nonterminal def="#nix.formals" /> '}' ':' <nonterminal def="#nix.expr_function" />
+          <sbr />|
+          <nonterminal def="#nix.expr_assert" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_assert">
+        <lhs>ExprAssert</lhs>
+        <rhs>
+          'assert' <nonterminal def="#nix.expr" /> ';' <nonterminal def="#nix.expr_assert" />
+          <sbr />|
+          <nonterminal def="#nix.expr_if" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_if">
+        <lhs>ExprIf</lhs>
+        <rhs>
+          'if' <nonterminal def="#nix.expr" /> 'then' <nonterminal def="#nix.expr" />
+          'else' <nonterminal def="#nix.expr" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_op">
+        <lhs>ExprOp</lhs>
+        <rhs>
+          '!' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '==' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '!=' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '&amp;&amp;' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '||' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '->' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '//' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '~' <nonterminal def="#nix.expr_op" />
+          <sbr />|
+          <nonterminal def="#nix.expr_op" /> '?' <nonterminal def="#nix.id" />
+          <sbr />|
+          <nonterminal def="#nix.expr_app" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_app">
+        <lhs>ExprApp</lhs>
+        <rhs>
+          <nonterminal def="#nix.expr_app" /> '.' <nonterminal def="#nix.expr_select" />
+          <sbr />|
+          <nonterminal def="#nix.expr_select" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_select">
+        <lhs>ExprSelect</lhs>
+        <rhs>
+          <nonterminal def="#nix.expr_select" /> <nonterminal def="#nix.id" />
+          <sbr />|
+          <nonterminal def="#nix.expr_simple" />
+        </rhs>
+      </production>
+      
+      <production id="nix.expr_simple">
+        <lhs>ExprSimple</lhs>
+        <rhs>
+          <nonterminal def="#nix.id" /> |
+          <nonterminal def="#nix.int" /> |
+          <nonterminal def="#nix.str" /> |
+          <nonterminal def="#nix.path" /> |
+          <nonterminal def="#nix.uri" />
+          <sbr />|
+          'true' | 'false' | 'null'
+          <sbr />|
+          '(' <nonterminal def="#nix.expr" /> ')'
+          <sbr />|
+          '{' <nonterminal def="#nix.bind" />* '}'
+          <sbr />|
+          'let' '{' <nonterminal def="#nix.bind" />* '}'
+          <sbr />|
+          'rec' '{' <nonterminal def="#nix.bind" />* '}'
+          <sbr />|
+          '[' <nonterminal def="#nix.expr_select" />* ']'
+        </rhs>
+      </production>
+
+      <production id="nix.bind">
+        <lhs>Bind</lhs>
+        <rhs>
+          <nonterminal def="#nix.id" /> '=' <nonterminal def="#nix.expr" /> ';'
+          <sbr />|
+          'inherit' ('(' <nonterminal def="#nix.expr" /> ')')? <nonterminal def="#nix.id" />* ';'
+        </rhs>
+      </production>
+
+      <production id="nix.formals">
+        <lhs>Formals</lhs>
+        <rhs>
+          <nonterminal def="#nix.formal" /> ',' <nonterminal def="#nix.formals" />
+          | <nonterminal def="#nix.formal" />
+        </rhs>
+      </production>
+          
+      <production id="nix.formal">
+        <lhs>Formal</lhs>
+        <rhs>
+          <nonterminal def="#nix.id" />
+          <sbr />|
+          <nonterminal def="#nix.id" /> '?' <nonterminal def="#nix.expr" />
+        </rhs>
+      </production>
+          
+    </productionset>
+
+    <productionset>
+      <title>Terminals</title>
+
+      <production id="nix.id">
+        <lhs>Id</lhs>
+        <rhs>[a-zA-Z\_][a-zA-Z0-9\_\']*</rhs>
+      </production>
+    
+      <production id="nix.int">
+        <lhs>Int</lhs>
+        <rhs>[0-9]+</rhs>
+      </production>
+    
+      <production id="nix.str">
+        <lhs>Str</lhs>
+        <rhs>\"[^\n\"]*\"</rhs>
+      </production>
+
+      <production id="nix.path">
+        <lhs>Path</lhs>
+        <rhs>[a-zA-Z0-9\.\_\-\+]*(\/[a-zA-Z0-9\.\_\-\+]+)+</rhs>
+      </production>
+    
+      <production id="nix.uri">
+        <lhs>Uri</lhs>
+        <rhs>[a-zA-Z][a-zA-Z0-9\+\-\.]*\:[a-zA-Z0-9\%\/\?\:\@\&amp;\=\+\$\,\-\_\.\!\~\*\']+</rhs>
+      </production>
+
+      <production id="nix.ws">
+        <lhs>Whitespace</lhs>
+        <rhs>
+          [ \t\n]+
+          <sbr />|
+          \#[^\n]*
+          <sbr />|
+          \/\*(.|\n)*\*\/
+        </rhs>
+      </production>
+
+    </productionset>
+    
+  </sect1>
+  
+
+
+  <sect1>
+    <title>Semantics</title>
+
+
+    
+    <sect2>
+      <title>Built-in functions</title>
+
+      <para>
+        The Nix language provides the following built-in function
+        (<quote>primops</quote>):
+      </para>
+
+      <variablelist>
+
+        <varlistentry>
+          <term><function>import</function>
+          <replaceable>e</replaceable></term>
+          <listitem>
+            <para>
+              Evaluates the expression <replaceable>e</replaceable>,
+              which must yield a path value.  The Nix expression
+              stored at this path in the file system is then read,
+              parsed, and evaluated.  Returns the result of the
+              evaluation of the Nix expression just read.
+            </para>
+
+            <para>
+              Example: <literal>import ./foo.nix</literal> evaluates
+              the expression stored in <filename>foo.nix</filename>
+              (in the directory containing the expression in which the
+              <function>import</function> occurs).
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><function>derivation</function>
+          <replaceable>e</replaceable></term>
+          <listitem>
+            <para>
+              Evaluates the expression <replaceable>e</replaceable>,
+              which must yield an attribute set.  [...]
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><function>baseNameOf</function>
+          <replaceable>e</replaceable></term>
+          <listitem>
+            <para>
+              Evaluates the expression <replaceable>e</replaceable>,
+              which must yield a string value, and returns a string
+              representing its <emphasis>base name</emphasis>.  This
+              is the substring following the last path separator
+              (<literal>/</literal>).
+            </para>
+
+            <para>
+              Example: <literal>baseNameOf "/foo/bar"</literal>
+              returns <literal>"bar"</literal>, and
+              <literal>baseNameOf "/foo/bar/"</literal> returns
+              <literal>""</literal>.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><function>toString</function>
+          <replaceable>e</replaceable></term>
+          <listitem>
+            <para>
+              Evaluates the expression <replaceable>e</replaceable>
+              and coerces it into a string, if possible.  Only
+              strings, paths, and URIs can be so coerced.
+            </para>
+
+            <para>
+              Example: <literal>toString
+              http://www.cs.uu.nl/</literal> returns
+              <literal>"http://www.cs.uu.nl/"</literal>.
+            </para>
+          </listitem>
+        </varlistentry>
+            
+      </variablelist>
+
+    </sect2>
+
+  </sect1>
+  
+
+</appendix>

doc/manual/nix-pack-closure.xml

@@ -0,0 +1,82 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-pack-closure</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-pack-closure</refname>
+  <refpurpose>pack the closure of a store path into a single file that
+  can be unpacked with
+  <command>nix-unpack-closure</command></refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-pack-closure</command>
+    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-pack-closure</command> packs the
+contents of the store paths <replaceable>paths</replaceable> and
+<emphasis>all their dependencies</emphasis> into a single file, which
+is written to standard output.  (That is, it
+<emphasis>serialises</emphasis> <replaceable>paths</replaceable>.)
+The output can then be unpacked into the Nix store of another machine
+using <command>nix-unpack-closure</command>.</para>
+
+<para>Together, <command>nix-pack-closure</command> and
+<command>nix-unpack-closure</command> provide a quick and easy way to
+deploy a package to a different machine.  However, as the output of
+<command>nix-pack-closure</command> tends to be rather large (since it
+contains all dependencies), it’s not very efficient.
+<command>nix-push</command> and <command>nix-pull</command> are more
+efficient, but are also a bit more cumbersome to use.</para>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To copy some instance of Subversion with all its dependencies to
+another machine:
+
+<screen>
+$ nix-pack-closure /nix/store/hj232g1r...-subversion-1.3.0 > svn.closure
+
+<lineannotation>Copy <!-- !!! <filename> -->svn.closure to the remote machine, then on the remote machine do:</lineannotation>
+$ nix-unpack-closure &lt; svn.closure</screen>
+
+</para>
+
+<para>Copy the program <command>azureus</command> with all its
+dependencies to the machine <literal>scratchy</literal>:
+
+<screen>
+$ nix-pack-closure $(which azureus) | ssh scratchy nix-unpack-closure</screen>
+    
+</para>
+
+<para>As a variation on the previous example, copy
+<command>azureus</command>, and also install it in the user’s profile
+on the target machine:
+
+<screen>
+$ nix-pack-closure $(which azureus) | ssh scratchy 'nix-env -i $(nix-unpack-closure)'</screen>
+
+</para>
+ 
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-prefetch-url.xml

@@ -0,0 +1,78 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle>nix-prefetch-url</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-prefetch-url</refname>
+  <refpurpose>copy a file from a URL into the store and print its MD5 hash</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-prefetch-url</command>
+    <arg choice='plain'><replaceable>url</replaceable></arg>
+    <arg><replaceable>hash</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-prefetch-url</command> downloads the
+file referenced by the URL <replaceable>url</replaceable>, prints its
+cryptographic hash, and copies it into the Nix store.  The file name
+in the store is
+<filename><replaceable>hash</replaceable>-<replaceable>baseName</replaceable></filename>,
+where <replaceable>baseName</replaceable> is everything following the
+final slash in <replaceable>url</replaceable>.</para>
+
+<para>This command is just a convenience for Nix expression writers.
+Often a Nix expression fetches some source distribution from the
+network using the <literal>fetchurl</literal> expression contained in
+Nixpkgs.  However, <literal>fetchurl</literal> requires a
+cryptographic hash.  If you don't know the hash, you would have to
+download the file first, and then <literal>fetchurl</literal> would
+download it again when you build your Nix expression.  Since
+<literal>fetchurl</literal> uses the same name for the downloaded file
+as <command>nix-prefetch-url</command>, the redundant download can be
+avoided.</para>
+
+<para>The environment variable <envar>NIX_HASH_ALGO</envar> specifies
+which hash algorithm to use.  It can be either <literal>md5</literal>,
+<literal>sha1</literal>, or <literal>sha256</literal>.  The default is
+<literal>sha256</literal>.</para>
+
+<para>If <replaceable>hash</replaceable> is specified, then a download
+is not performed if the Nix store already contains a file with the
+same hash and base name.  Otherwise, the file is downloaded, and an
+error if signaled if the actual hash of the file does not match the
+specified hash.</para>
+
+<para>This command prints the hash on standard output.  Additionally,
+if the environment variable <envar>PRINT_PATH</envar> is set, the path
+of the downloaded file in the Nix store is also printed.</para>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<screen>
+$ nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
+0bbd1df101bc0294d440471e50feca71
+
+$ PRINT_PATH=1 nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
+0bbd1df101bc0294d440471e50feca71
+/nix/store/wvyz8ifdn7wyz1p3pqyn0ra45ka2l492-make-3.80.tar.bz2</screen>
+
+</refsection>
+
+    
+</refentry>

doc/manual/nix-pull.xml

@@ -0,0 +1,49 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-pull</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-pull</refname>
+  <refpurpose>pull substitutes from a network cache</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-pull</command>
+    <arg choice='plain'><replaceable>url</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-pull</command> obtains a list of
+pre-built store paths from the URL <replaceable>url</replaceable>, and
+for each of these store paths, registers a substitute derivation that
+downloads and unpacks it into the Nix store.  This is used to speed up
+installations: if you attempt to install something that has already
+been built and stored into the network cache, Nix can transparently
+re-use the pre-built store paths.</para>
+
+<para>The file at <replaceable>url</replaceable> must be compatible
+with the files created by <replaceable>nix-push</replaceable>.</para>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<screen>
+$ nix-pull http://nix.cs.uu.nl/dist/nix/nixpkgs-0.5pre753/MANIFEST</screen>
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-push.xml

@@ -0,0 +1,128 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-push</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-push</refname>
+  <refpurpose>push store paths onto a network cache</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-push</command>
+    <group choice='req'>
+      <arg choice='req'>
+        <arg choice='plain'><replaceable>archivesPutURL</replaceable></arg>
+        <arg choice='plain'><replaceable>archivesGetURL</replaceable></arg>
+        <arg choice='plain'><replaceable>manifestPutURL</replaceable></arg>
+      </arg>
+      <arg choice='req'>
+        <arg choice='plain'><option>--copy</option></arg>
+        <arg choice='plain'><replaceable>archivesDir</replaceable></arg>
+        <arg choice='plain'><replaceable>manifestFile</replaceable></arg>
+      </arg>
+    </group>
+    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-push</command> builds a set of store
+paths (if necessary), and then packages and uploads all store paths in
+the resulting closures to a server.  A network cache thus populated
+can subsequently be used to speed up software deployment on other
+machines using the <command>nix-pull</command> command.</para>
+
+<para><command>nix-push</command> performs the following actions.
+      
+<orderedlist>
+
+  <listitem><para>Each path in <replaceable>paths</replaceable> is
+  realised (using <link
+  linkend='rsec-nix-store-realise'><literal>nix-store
+  --realise</literal></link>).</para></listitem>
+
+  <listitem><para>All paths in the closure of the store expressions
+  stored in <replaceable>paths</replaceable> are determined (using
+  <literal>nix-store --query --requisites
+  --include-outputs</literal>).  It should be noted that since the
+  <option>--include-outputs</option> flag is used, you get a combined
+  source/binary distribution.</para></listitem>
+
+  <listitem><para>All store paths determined in the previous step are
+  packaged and compressed into a <command>bzip</command>ped NAR
+  archive (extension <filename>.nar.bz2</filename>).</para></listitem>
+
+  <listitem><para>A <emphasis>manifest</emphasis> is created that
+  contains information on the store paths, their eventual URLs in the
+  cache, and cryptographic hashes of the contents of the NAR
+  archives.</para></listitem>
+
+  <listitem><para>Each store path is uploaded to the remote directory
+  specified by <replaceable>archivesPutURL</replaceable>.  HTTP PUT
+  requests are used to do this.  However, before a file
+  <varname>x</varname> is uploaded to
+  <literal><replaceable>archivesPutURL</replaceable>/</literal><varname>x</varname>,
+  <command>nix-push</command> first determines whether this upload is
+  unnecessary by issuing a HTTP HEAD request on
+  <literal><replaceable>archivesGetURL</replaceable>/</literal><varname>x</varname>.
+  This allows a cache to be shared between many partially overlapping
+  <command>nix-push</command> invocations.  (We use two URLs because
+  the upload URL typically refers to a CGI script, while the download
+  URL just refers to a file system directory on the
+  server.)</para></listitem>
+
+  <listitem><para>The manifest is uploaded using an HTTP PUT request
+  to <replaceable>manifestPutURL</replaceable>.  The corresponding
+  URL to download the manifest can then be used by
+  <command>nix-pull</command>.</para></listitem>
+        
+</orderedlist>
+
+</para>
+
+<!--
+<para>TODO:  <option>- -copy</option></para>
+-->
+            
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To upload files there typically is some CGI script on the server
+side.  This script should be be protected with a password.  The
+following example uploads the store paths resulting from building the
+Nix expressions in <filename>foo.nix</filename>, passing appropriate
+authentication information:
+    
+<screen>
+$ nix-push \
+    http://foo@bar:server.domain/cgi-bin/upload.pl/cache \
+    http://server.domain/cache \
+    http://foo@bar:server.domain/cgi-bin/upload.pl/MANIFEST \
+    $(nix-instantiate foo.nix)</screen>
+
+This will push both sources and binaries (and any build-time
+dependencies used in the build, such as compilers).</para>
+
+<para>If we just want to push binaries, not sources and build-time
+dependencies, we can do:
+      
+<screen>
+$ nix-push <replaceable>urls</replaceable> $(nix-instantiate $(nix-store -r foo.nix))</screen>
+    
+</para>
+
+</refsection>
+    
+</refentry>

doc/manual/nix-store.xml

@@ -0,0 +1,782 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-store</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-store</refname>
+  <refpurpose>manipulate or query the Nix store</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-store</command>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="opt-common-syn.xml#xmlns(db=http://docbook.org/ns/docbook)xpointer(/db:nop/*)" />
+    <arg><option>--add-root</option> <replaceable>path</replaceable></arg>
+    <arg><option>--indirect</option></arg>
+    <arg choice='plain'><replaceable>operation</replaceable></arg>
+    <arg rep='repeat'><replaceable>options</replaceable></arg>
+    <arg rep='repeat'><replaceable>arguments</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-store</command> performs primitive
+operations on the Nix store.  You generally do not need to run this
+command manually.</para>
+
+<para><command>nix-store</command> takes exactly one
+<emphasis>operation</emphasis> flag which indicates the subcommand to
+be performed.  These are documented below.</para>
+
+</refsection>
+
+
+
+<!--######################################################################-->
+
+<refsection><title>Common options</title>
+
+<para>This section lists the options that are common to all
+operations.  These options are allowed for every subcommand, though
+they may not always have an effect.  See also <xref
+linkend="sec-common-options" /> for a list of common options.</para>
+
+<variablelist>
+
+  <varlistentry xml:id="opt-add-root"><term><option>--add-root</option> <replaceable>path</replaceable></term>
+
+    <listitem><para>Causes the result of a realisation
+    (<option>--realise</option> and <option>--force-realise</option>)
+    to be registered as a root of the garbage collector (see <xref
+    linkend="ssec-gc-roots" />).  The root is stored in
+    <replaceable>path</replaceable>, which must be inside a directory
+    that is scanned for roots by the garbage collector (i.e.,
+    typically in a subdirectory of
+    <filename>/nix/var/nix/gcroots/</filename>)
+    <emphasis>unless</emphasis> the <option>--indirect</option> flag
+    is used.</para>
+
+    <para>If there are multiple results, then multiple symlinks will
+    be created by sequentially numbering symlinks beyond the first one
+    (e.g., <filename>foo</filename>, <filename>foo-2</filename>,
+    <filename>foo-3</filename>, and so on).</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--indirect</option></term>
+
+    <listitem>
+
+    <para>In conjunction with <option>--add-root</option>, this option
+    allows roots to be stored <emphasis>outside</emphasis> of the GC
+    roots directory.  This is useful for commands such as
+    <command>nix-build</command> that place a symlink to the build
+    result in the current directory; such a build result should not be
+    garbage-collected unless the symlink is removed.</para>
+
+    <para>The <option>--indirect</option> flag causes a uniquely named
+    symlink to <replaceable>path</replaceable> to be stored in
+    <filename>/nix/var/nix/gcroots/auto/</filename>.  For instance,
+
+    <screen>
+$ nix-store --add-root /home/eelco/bla/result --indirect -r <replaceable>...</replaceable>
+
+$ ls -l /nix/var/nix/gcroots/auto
+lrwxrwxrwx    1 ... 2005-03-13 21:10 dn54lcypm8f8... -> /home/eelco/bla/result
+
+$ ls -l /home/eelco/bla/result
+lrwxrwxrwx    1 ... 2005-03-13 21:10 /home/eelco/bla/result -> /nix/store/1r11343n6qd4...-f-spot-0.0.10</screen>
+
+    Thus, when <filename>/home/eelco/bla/result</filename> is removed,
+    the GC root in the <filename>auto</filename> directory becomes a
+    dangling symlink and will be ignored by the collector.</para>
+
+    <warning><para>Note that it is not possible to move or rename
+    indirect GC roots, since the symlink in the
+    <filename>auto</filename> directory will still point to the old
+    location.</para></warning>
+
+    </listitem>
+
+  </varlistentry>
+    
+</variablelist>
+
+</refsection>
+
+  
+
+<!--######################################################################-->
+
+<refsection xml:id='rsec-nix-store-realise'><title>Operation <option>--realise</option></title>
+
+<refsection><title>Synopsis</title>
+
+<cmdsynopsis>
+  <command>nix-store</command>
+  <group choice='req'>
+    <arg choice='plain'><option>--realise</option></arg>
+    <arg choice='plain'><option>-r</option></arg>
+  </group>
+  <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+</cmdsynopsis>
+
+</refsection>
+
+<refsection><title>Description</title>
+            
+<para>The operation <option>--realise</option> essentially “builds”
+the specified store paths.  Realisation is a somewhat overloaded term:
+
+<itemizedlist>
+
+  <listitem><para>If the store path is a
+  <emphasis>derivation</emphasis>, realisation ensures that the output
+  paths of the derivation are <link
+  linkend="gloss-validity">valid</link> (i.e., the output path and its
+  closure exist in the file system).  This can be done in several
+  ways.  First, it is possible that the outputs are already valid, in
+  which case we are done immediately.  Otherwise, there may be <link
+  linkend="gloss-substitute">substitutes</link> that produce the
+  outputs (e.g., by downloading them).  Finally, the outputs can be
+  produced by performing the build action described by the
+  derivation.</para></listitem>
+
+  <listitem><para>If the store path is not a derivation, realisation
+  ensures that the specified path is valid (i.e., it and its closure
+  exist in the file system).  If the path is already valid, we are
+  done immediately.  Otherwise, the path and any missing paths in its
+  closure may be produced through substitutes.  If there are no
+  (succesful) subsitutes, realisation fails.</para></listitem>
+
+</itemizedlist>
+
+</para>
+
+<para>The output path of each derivation is printed on standard
+output.  (For non-derivations argument, the argument itself is
+printed.)</para>
+
+</refsection>
+            
+
+<refsection><title>Examples</title>
+
+<para>This operation is typically used to build store derivations
+produced by <link
+linkend="sec-nix-instantiate"><command>nix-instantiate</command></link>:
+    
+<screen>
+$ nix-store -r $(nix-instantiate ./test.nix)
+/nix/store/31axcgrlbfsxzmfff1gyj1bf62hvkby2-aterm-2.3.1</screen>
+
+This is essentially what <link
+linkend="sec-nix-build"><command>nix-build</command></link> does.</para>
+
+</refsection>
+
+
+</refsection>
+
+  
+
+<!--######################################################################-->
+
+<refsection xml:id='rsec-nix-store-gc'><title>Operation <option>--gc</option></title>
+
+<refsection><title>Synopsis</title>
+
+<cmdsynopsis>
+  <command>nix-store</command>
+  <arg choice='plain'><option>--gc</option></arg>
+  <group>
+    <arg choice='plain'><option>--print-roots</option></arg>
+    <arg choice='plain'><option>--print-live</option></arg>
+    <arg choice='plain'><option>--print-dead</option></arg>
+    <arg choice='plain'><option>--delete</option></arg>
+  </group>
+</cmdsynopsis>
+
+</refsection>
+
+<refsection><title>Description</title>
+            
+<para>Without additional flags, the operation <option>--gc</option>
+performs a garbage collection on the Nix store.  That is, all paths in
+the Nix store not reachable via file system references from a set of
+“roots”, are deleted.</para>
+
+<para>The following suboperations may be specified:</para>
+
+<variablelist>
+
+  <varlistentry><term><option>--print-roots</option></term>
+  
+    <listitem><para>This operation prints on standard output the set
+    of roots used by the garbage collector.  What constitutes a root
+    is described in <xref linkend="ssec-gc-roots"
+    />.</para></listitem>
+    
+  </varlistentry>
+
+  <varlistentry><term><option>--print-live</option></term>
+  
+    <listitem><para>This operation prints on standard output the set
+    of “live” store paths, which are all the store paths reachable
+    from the roots.  Live paths should never be deleted, since that
+    would break consistency — it would become possible that
+    applications are installed that reference things that are no
+    longer present in the store.</para></listitem>
+    
+  </varlistentry>
+
+  <varlistentry><term><option>--print-dead</option></term>
+  
+    <listitem><para>This operation prints out on standard output the
+    set of “dead” store paths, which is just the opposite of the set
+    of live paths: any path in the store that is not live (with
+    respect to the roots) is dead.</para></listitem>
+    
+  </varlistentry>
+
+  <varlistentry><term><option>--delete</option></term>
+  
+    <listitem><para>This operation performs an actual garbage
+    collection.  All dead paths are removed from the
+    store.  This is the default.</para></listitem>
+    
+  </varlistentry>
+
+</variablelist>
+
+<para>The behaviour of the collector is influenced by the <link
+linkend="conf-gc-keep-outputs"><literal>gc-keep-outputs</literal></link>
+and <link
+linkend="conf-gc-keep-derivations"><literal>gc-keep-derivations</literal></link>
+variables in the Nix configuration file.</para>
+
+<para>With <option>--delete</option>, the collector prints the total
+number of freed bytes when it finishes (or when it is interrupted).
+With <option>--print-dead</option>, it prints the number of bytes that
+would be freed.</para>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To delete all unreachable paths, just do:
+    
+<screen>
+$ nix-store --gc
+deleting `/nix/store/kq82idx6g0nyzsp2s14gfsc38npai7lf-cairo-1.0.4.tar.gz.drv'
+<replaceable>...</replaceable>
+8825586 bytes freed (8.42 MiB)</screen>
+
+</para>
+
+</refsection>
+
+
+</refsection>
+
+
+  
+<!--######################################################################-->
+
+<refsection><title>Operation <option>--delete</option></title>
+
+<refsection><title>Synopsis</title>
+
+<cmdsynopsis>
+  <command>nix-store</command>
+  <arg choice='plain'><option>--gc</option></arg>
+  <arg><option>--ignore-liveness</option></arg>
+  <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+</cmdsynopsis>
+
+</refsection>
+
+<refsection><title>Description</title>
+
+<para>The operation <option>--delete</option> deletes the store paths
+<replaceable>paths</replaceable> from the Nix store, but only if it is
+safe to do so; that is, when the path is not reachable from a root of
+the garbage collector.  This means that you can only delete paths that
+would also be deleted by <literal>nix-store --gc</literal>.  Thus,
+<literal>--delete</literal> is a more targeted version of
+<literal>--gc</literal>.</para>
+
+<para>With the option <option>--ignore-liveness</option>, reachability
+from the roots is ignored.  However, the path still won’t be deleted
+if there are other paths in the store that refer to it (i.e., depend
+on it).</para>
+
+</refsection>
+
+<refsection><title>Example</title>
+
+<screen>
+$ nix-store --delete /nix/store/zq0h41l75vlb4z45kzgjjmsjxvcv1qk7-mesa-6.4
+0 bytes freed (0.00 MiB)
+error: cannot delete path `/nix/store/zq0h41l75vlb4z45kzgjjmsjxvcv1qk7-mesa-6.4' since it is still alive</screen>
+
+</refsection>
+
+</refsection>
+
+
+
+<!--######################################################################-->
+
+<refsection xml:id='refsec-nix-store-query'><title>Operation <option>--query</option></title>
+
+<refsection><title>Synopsis</title>
+
+<cmdsynopsis>
+  <command>nix-store</command>
+  <group choice='req'>
+    <arg choice='plain'><option>--query</option></arg>
+    <arg choice='plain'><option>-q</option></arg>
+  </group>
+  <group choice='req'>
+    <arg choice='plain'><option>--outputs</option></arg>
+    <arg choice='plain'><option>--requisites</option></arg>
+    <arg choice='plain'><option>-R</option></arg>
+    <arg choice='plain'><option>--references</option></arg>
+    <arg choice='plain'><option>--referrers</option></arg>
+    <arg choice='plain'><option>--referrers-closure</option></arg>
+    <arg choice='plain'><option>--deriver</option></arg>
+    <arg choice='plain'><option>--deriver</option></arg>
+    <arg choice='plain'><option>--graph</option></arg>
+    <arg choice='plain'><option>--tree</option></arg>
+    <arg choice='plain'><option>--binding</option> <replaceable>name</replaceable></arg>
+    <arg choice='plain'><option>--hash</option></arg>
+  </group>
+  <arg><option>--use-output</option></arg>
+  <arg><option>-u</option></arg>
+  <arg><option>--force-realise</option></arg>
+  <arg><option>-f</option></arg>
+  <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+</cmdsynopsis>
+
+</refsection>
+
+
+<refsection><title>Description</title>
+            
+<para>The operation <option>--query</option> displays various bits of
+information about the store paths .  The queries are described below.  At
+most one query can be specified.  The default query is
+<option>--outputs</option>.</para>
+
+<para>The paths <replaceable>paths</replaceable> may also be symlinks
+from outside of the Nix store, to the Nix store.  In that case, the
+query is applied to the target of the symlink.</para>
+
+
+</refsection>
+
+
+<refsection><title>Common query options</title>
+
+<variablelist>
+
+  <varlistentry><term><option>--use-output</option></term>
+    <term><option>-u</option></term>
+  
+    <listitem><para>For each argument to the query that is a store
+    derivation, apply the query to the output path of the derivation
+    instead.</para></listitem>
+    
+  </varlistentry>
+
+  <varlistentry><term><option>--force-realise</option></term>
+    <term><option>-f</option></term>
+  
+    <listitem><para>Realise each argument to the query first (see
+    <link linkend="rsec-nix-store-realise"><command>nix-store
+    --realise</command></link>).</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+        
+</refsection>
+    
+
+<refsection xml:id='nixref-queries'><title>Queries</title>
+            
+<variablelist>
+
+  <varlistentry><term><option>--outputs</option></term>
+
+    <listitem><para>Prints out the <link
+    linkend="gloss-output-path">output paths</link> of the store
+    derivations <replaceable>paths</replaceable>.  These are the paths
+    that will be produced when the derivation is
+    built.</para></listitem>
+    
+  </varlistentry>
+
+  <varlistentry><term><option>--requisites</option></term>
+    <term><option>-R</option></term>
+
+    <listitem><para>Prints out the <link
+    linkend="gloss-closure">closure</link> of the store path
+    <replaceable>paths</replaceable>.</para>
+
+    <para>This query has one option:</para>
+
+    <variablelist>
+
+      <varlistentry><term><option>--include-outputs</option></term>
+      
+        <listitem><para>Also include the output path of store
+        derivations, and their closures.</para></listitem>
+        
+      </varlistentry>
+
+    </variablelist>
+
+    <para>This query can be used to implement various kinds of
+    deployment.  A <emphasis>source deployment</emphasis> is obtained
+    by distributing the closure of a store derivation.  A
+    <emphasis>binary deployment</emphasis> is obtained by distributing
+    the closure of an output path.  A <emphasis>cache
+    deployment</emphasis> (combined source/binary deployment,
+    including binaries of build-time-only dependencies) is obtained by
+    distributing the closure of a store derivation and specifying the
+    option <option>--include-outputs</option>.</para>
+    
+    </listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--references</option></term>
+  
+    <listitem><para>Prints the set of <link
+    linkend="gloss-reference">references</link> of the store paths
+    <replaceable>paths</replaceable>, that is, their immediate
+    dependencies.  (For <emphasis>all</emphasis> dependencies, use
+    <option>--requisites</option>.)</para></listitem>
+
+  </varlistentry>
+  
+  <varlistentry><term><option>--referrers</option></term>
+  
+    <listitem><para>Prints the set of <emphasis>referrers</emphasis> of
+    the store paths <replaceable>paths</replaceable>, that is, the
+    store paths currently existing in the Nix store that refer to one
+    of <replaceable>paths</replaceable>.  Note that contrary to the
+    references, the set of referrers is not constant; it can change as
+    store paths are added or removed.</para></listitem>
+
+  </varlistentry>
+  
+  <varlistentry><term><option>--referrers-closure</option></term>
+  
+    <listitem><para>Prints the closure of the set of store paths
+    <replaceable>paths</replaceable> under the referrers relation; that
+    is, all store paths that directly or indirectly refer to one of
+    <replaceable>paths</replaceable>.  These are all the path currently
+    in the Nix store that are dependent on
+    <replaceable>paths</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--deriver</option></term>
+  
+    <listitem><para>Prints the <link
+    linkend="gloss-deriver">deriver</link> of the store paths
+    <replaceable>paths</replaceable>.  If the path has no deriver
+    (e.g., if it is a source file), or if the deriver is not known
+    (e.g., in the case of a binary-only deployment), the string
+    <literal>unknown-deriver</literal> is printed.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--graph</option></term>
+  
+    <listitem><para>Prints the references graph of the store paths
+    <replaceable>paths</replaceable> in the format of the
+    <command>dot</command> tool of AT&amp;T's <link
+    xlink:href="http://www.graphviz.org/">Graphviz package</link>.
+    This can be used to visualise dependency graphs.  To obtain a
+    build-time dependency graph, apply this to a store derivation.  To
+    obtain a runtime dependency graph, apply it to an output
+    path.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--tree</option></term>
+  
+    <listitem><para>Prints the references graph of the store paths
+    <replaceable>paths</replaceable> as a nested ASCII tree.
+    References are ordered by descending closure size; this tends to
+    flatten the tree, making it more readable.  The query only
+    recurses into a store path when it is first encountered; this
+    prevents a blowup of the tree representation of the
+    graph.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--binding</option> <replaceable>name</replaceable></term>
+  
+    <listitem><para>Prints the value of the attribute
+    <replaceable>name</replaceable> (i.e., environment variable) of
+    the store derivations <replaceable>paths</replaceable>.  It is an
+    error for a derivation to not have the specified
+    attribute.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--hash</option></term>
+  
+    <listitem><para>Prints the SHA-256 hash of the contents of the
+    store path <replaceable>paths</replaceable>.  Since the hash is
+    stored in the Nix database, this is a fast
+    operation.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>Print the closure (runtime dependencies) of the
+<command>svn</command> program in the current user environment:
+    
+<screen>
+$ nix-store -qR $(which svn)
+/nix/store/5mbglq5ldqld8sj57273aljwkfvj22mc-subversion-1.1.4
+/nix/store/9lz9yc6zgmc0vlqmn2ipcpkjlmbi51vv-glibc-2.3.4
+<replaceable>...</replaceable></screen>
+
+</para>
+
+<para>Print the build-time dependencies of <command>svn</command>:
+
+<screen>
+$ nix-store -qR $(nix-store -qd $(which svn))
+/nix/store/02iizgn86m42q905rddvg4ja975bk2i4-grep-2.5.1.tar.bz2.drv
+/nix/store/07a2bzxmzwz5hp58nf03pahrv2ygwgs3-gcc-wrapper.sh
+/nix/store/0ma7c9wsbaxahwwl04gbw3fcd806ski4-glibc-2.3.4.drv
+<replaceable>... lots of other paths ...</replaceable></screen>
+
+The difference with the previous example is that we ask the closure of
+the derivation (<option>-qd</option>), not the closure of the output
+path that contains <command>svn</command>.</para>
+
+<para>Show the build-time dependencies as a tree:
+
+<screen>
+$ nix-store -q --tree $(nix-store -qd $(which svn))
+/nix/store/7i5082kfb6yjbqdbiwdhhza0am2xvh6c-subversion-1.1.4.drv
++---/nix/store/d8afh10z72n8l1cr5w42366abiblgn54-builder.sh
++---/nix/store/fmzxmpjx2lh849ph0l36snfj9zdibw67-bash-3.0.drv
+|   +---/nix/store/570hmhmx3v57605cqg9yfvvyh0nnb8k8-bash
+|   +---/nix/store/p3srsbd8dx44v2pg6nbnszab5mcwx03v-builder.sh
+<replaceable>...</replaceable></screen>
+
+</para>
+
+<para>Show all paths that depend on the same OpenSSL library as
+<command>svn</command>:
+
+<screen>
+$ nix-store -q --referrers $(nix-store -q --binding openssl $(nix-store -qd $(which svn)))
+/nix/store/23ny9l9wixx21632y2wi4p585qhva1q8-sylpheed-1.0.0
+/nix/store/5mbglq5ldqld8sj57273aljwkfvj22mc-subversion-1.1.4
+/nix/store/dpmvp969yhdqs7lm2r1a3gng7pyq6vy4-subversion-1.1.3
+/nix/store/l51240xqsgg8a7yrbqdx1rfzyv6l26fx-lynx-2.8.5</screen>
+
+</para>
+
+<para>Show all paths that directly or indirectly depend on the Glibc
+(C library) used by <command>svn</command>:
+
+<screen>
+$ nix-store -q --referrers-closure $(ldd $(which svn) | grep /libc.so | awk '{print $3}')
+/nix/store/034a6h4vpz9kds5r6kzb9lhh81mscw43-libgnomeprintui-2.8.2
+/nix/store/15l3yi0d45prm7a82pcrknxdh6nzmxza-gawk-3.1.4
+<replaceable>...</replaceable></screen>
+
+Note that <command>ldd</command> is a command that prints out the
+dynamic libraries used by an ELF executable.</para>
+
+<para>Make a picture of the runtime dependency graph of the current
+user environment:
+
+<screen>
+$ nix-store -q --graph ~/.nix-profile | dot -Tps > graph.ps
+$ gv graph.ps</screen>
+
+</para>
+
+</refsection>
+
+
+</refsection>
+
+  
+
+<!--######################################################################-->
+
+<!--
+<refsection xml:id="rsec-nix-store-reg-val"><title>Operation <option>-XXX-register-validity</option></title>
+
+<refsection><title>Synopsis</title>
+
+<cmdsynopsis>
+  <command>nix-store</command>
+  <arg choice='plain'><option>-XXX-register-validity</option></arg>
+</cmdsynopsis>
+</refsection>
+
+<refsection><title>Description</title>
+            
+<para>TODO</para>
+
+</refsection>
+            
+</refsection>
+-->
+
+
+
+<!--######################################################################-->
+
+<refsection xml:id='refsec-nix-store-verify'><title>Operation <option>--verify</option></title>
+
+<refsection>
+  <title>Synopsis</title>
+  <cmdsynopsis>
+    <command>nix-store</command>
+    <arg choice='plain'><option>--verify</option></arg>
+    <arg><option>--check-contents</option></arg>
+  </cmdsynopsis>
+</refsection>
+
+<refsection><title>Description</title>
+            
+<para>The operation <option>--verify</option> verifies the internal
+consistency of the Nix database, and the consistency between the Nix
+database and the Nix store.  Any inconsistencies encountered are
+automatically repaired.  Inconsistencies are generally the result of
+the Nix store or database being modified by non-Nix tools, or of bugs
+in Nix itself.</para>
+
+<para>There is one option:
+
+<variablelist>
+
+  <varlistentry><term><option>--check-contents</option></term>
+  
+    <listitem><para>Checks that the contents of every valid store path
+    has not been altered by computing a SHA-256 hash of the contents
+    and comparing it with the hash stored in the Nix database at build
+    time.  Paths that have been modified are printed out.  For large
+    stores, <option>--check-contents</option> is obviously quite
+    slow.</para></listitem>
+    
+  </varlistentry>
+  
+</variablelist>
+
+</para>
+
+</refsection>
+            
+
+</refsection>
+
+
+<!--######################################################################-->
+
+<refsection xml:id='refsec-nix-store-dump'><title>Operation <option>--dump</option></title>
+
+<refsection>
+  <title>Synopsis</title>
+  <cmdsynopsis>
+    <command>nix-store</command>
+    <arg choice='plain'><option>--dump</option></arg>
+    <arg choice='plain'><replaceable>path</replaceable></arg>
+  </cmdsynopsis>
+</refsection>
+
+<refsection><title>Description</title>
+            
+<para>The operation <option>--dump</option> produces a NAR (Nix
+ARchive) file containing the contents of the file system tree rooted
+at <replaceable>path</replaceable>.  The archive is written to
+standard output.</para>
+
+<para>A NAR archive is like a TAR or Zip archive, but it contains only
+the information that Nix considers important.  For instance,
+timestamps are elided because all files in the Nix store have their
+timestamp set to 0 anyway.  Likewise, all permissions are left out
+except for the execute bit, because all files in the Nix store have
+644 or 755 permission.</para>
+
+<para>Also, a NAR archive is <emphasis>canonical</emphasis>, meaning
+that “equal” paths always produce the same NAR archive.  For instance,
+directory entries are always sorted so that the actual on-disk order
+doesn’t influence the result.  This means that the cryptographic hash
+of a NAR dump of a path is usable as a fingerprint of the contents of
+the path.  Indeed, the hashes of store paths stored in Nix’s database
+(see <link linkend="refsec-nix-store-query"><literal>nix-store -q
+--hash</literal></link>) are SHA-256 hashes of the NAR dump of each
+store path.</para>
+
+<para>NAR archives support filenames of unlimited length and 64-bit
+file sizes.  They can contain regular files, directories, and symbolic
+links, but not other types of files (such as device nodes).</para>
+
+<para>A Nix archive can be unpacked using <literal>nix-store
+--restore</literal>.</para>
+
+</refsection>
+            
+
+</refsection>
+
+
+<!--######################################################################-->
+
+<refsection><title>Operation <option>--restore</option></title>
+
+<refsection>
+  <title>Synopsis</title>
+  <cmdsynopsis>
+    <command>nix-store</command>
+    <arg choice='plain'><option>--restore</option></arg>
+    <arg choice='plain'><replaceable>path</replaceable></arg>
+  </cmdsynopsis>
+</refsection>
+
+<refsection><title>Description</title>
+            
+<para>The operation <option>--restore</option> unpacks a NAR archive
+to <replaceable>path</replaceable>, which must not already exist.  The
+archive is read from standard input.</para>
+
+</refsection>
+            
+
+</refsection>
+
+
+</refentry>

doc/manual/nix-unpack-closure.xml

@@ -0,0 +1,42 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle>nix-unpack-closure</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-unpack-closure</refname>
+  <refpurpose>unpack the closure of a store path created by <command>nix-pack-closure</command> into the Nix store</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-unpack-closure</command>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-unpack-closure</command> unpacks the
+closure of a set of store paths created by
+<command>nix-pack-closure</command> into the local Nix store.  The
+closure is a single file read from standard input.  See the
+description of <command>nix-pack-closure</command> for details and
+examples.</para>
+
+<para>The top-level paths in the closure (i.e., the paths passed to
+the original <command>nix-pack-closure</command> call that created the
+closure) are printed on standard output.  These paths can be passed,
+for instance, to <literal>nix-env -i</literal> to install them into a
+user environment on the target machine.</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/opt-common-syn.xml

@@ -0,0 +1,25 @@
+<nop xmlns="http://docbook.org/ns/docbook">
+  
+<arg><option>--help</option></arg>
+<arg><option>--version</option></arg>
+<arg rep='repeat'><option>--verbose</option></arg>
+<arg rep='repeat'><option>-v</option></arg>
+<arg><option>--no-build-output</option></arg>
+<arg><option>-Q</option></arg>
+<arg>
+  <group choice='req'>
+    <arg choice='plain'><option>--max-jobs</option></arg>
+    <arg choice='plain'><option>-j</option></arg>
+  </group>
+  <replaceable>number</replaceable>
+</arg>
+<arg><option>--keep-going</option></arg>
+<arg><option>-k</option></arg>
+<arg><option>--keep-failed</option></arg>
+<arg><option>-K</option></arg>
+<arg><option>--fallback</option></arg>
+<arg><option>--readonly-mode</option></arg>
+<arg><option>--log-type</option> <replaceable>type</replaceable></arg>
+<sbr />
+
+</nop>

doc/manual/opt-common.xml

@@ -0,0 +1,289 @@
+<section xmlns="http://docbook.org/ns/docbook" xml:id="sec-common-options">
+
+<title>Common options</title>
+
+
+<para>Most Nix commands accept the following command-line options:</para>
+
+<variablelist>
+
+<varlistentry><term><option>--help</option></term>
+  
+  <listitem><para>Prints out a summary of the command syntax and
+  exits.</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--version</option></term>
+  
+  <listitem><para>Prints out the Nix version number on standard output
+  and exits.</para></listitem>
+</varlistentry>
+
+
+<varlistentry><term><option>--verbose</option></term>
+  <term><option>-v</option></term>
+
+  <listitem>
+    
+  <para>Increases the level of verbosity of diagnostic messages
+  printed on standard error.  For each Nix operation, the information
+  printed on standard output is well-defined; any diagnostic
+  information is printed on standard error, never on standard
+  output.</para>
+
+  <para>This option may be specified repeatedly.  Currently, the
+  following verbosity levels exist:</para>
+
+  <variablelist>
+    
+    <varlistentry><term>0</term>
+    <listitem><para>“Errors only”: only print messages
+    explaining why the Nix invocation failed.</para></listitem>
+    </varlistentry>
+      
+    <varlistentry><term>1</term>
+    <listitem><para>“Informational”: print
+    <emphasis>useful</emphasis> messages about what Nix is doing.
+    This is the default.</para></listitem>
+    </varlistentry>
+      
+    <varlistentry><term>2</term>
+    <listitem><para>“Talkative”: print more informational
+    messages.</para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>3</term>
+    <listitem><para>“Chatty”: print even more
+    informational messages.</para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>4</term>
+    <listitem><para>“Debug”: print debug
+    information.</para></listitem>
+    </varlistentry>
+
+    <varlistentry><term>5</term>
+    <listitem><para>“Vomit”: print vast amounts of debug
+    information.</para></listitem>
+    </varlistentry>
+    
+  </variablelist>
+
+  </listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--no-build-output</option></term>
+  <term><option>-Q</option></term>
+
+  <listitem><para>By default, output written by builders to standard
+  output and standard error is echoed to the Nix command's standard
+  error.  This option suppresses this behaviour.  Note that the
+  builder's standard output and error are always written to a log file
+  in
+  <filename><replaceable>prefix</replaceable>/nix/var/log/nix</filename>.</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry xml:id="opt-max-jobs"><term><option>--max-jobs</option></term>
+  <term><option>-j</option></term>
+
+  <listitem><para>Sets the maximum number of build jobs that Nix will
+  perform in parallel to the specified number.  The default is
+  specified by the <link
+  linkend='conf-build-max-jobs'><literal>build-max-jobs</literal></link>
+  configuration setting, which itself defaults to
+  <literal>1</literal>.  A higher value is useful on SMP systems or to
+  exploit I/O latency.  </para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--keep-going</option></term>
+  <term><option>-k</option></term>
+
+  <listitem><para>Keep going in case of failed builds, to the
+  greatest extent possible.  That is, if building an input of some
+  derivation fails, Nix will still build the other inputs, but not the
+  derivation itself.  Without this option, Nix stops if any build
+  fails (except for builds of substitutes), possibly killing builds in
+  progress (in case of parallel or distributed builds).</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--keep-failed</option></term>
+  <term><option>-K</option></term>
+
+  <listitem><para>Specifies that in case of a build failure, the
+  temporary directory (usually in <filename>/tmp</filename>) in which
+  the build takes place should not be deleted.  The path of the build
+  directory is printed as an informational message.
+    </para>
+  </listitem>
+</varlistentry>
+
+
+<varlistentry><term><option>--fallback</option></term>
+
+  <listitem>
+
+  <para>Whenever Nix attempts to build a derivation for which
+  substitutes are known for each output path, but realising the output
+  paths through the substitutes fails, fall back on building the
+  derivation.</para>
+
+  <para>The most common scenario in which this is useful is when we
+  have registered substitutes in order to perform binary distribution
+  from, say, a network repository.  If the repository is down, the
+  realisation of the derivation will fail.  When this option is
+  specified, Nix will build the derivation instead.  Thus,
+  installation from binaries falls back on nstallation from source.
+  This option is not the default since it is generally not desirable
+  for a transient failure in obtaining the substitutes to lead to a
+  full build from source (with the related consumption of
+  resources).</para>
+
+  </listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--readonly-mode</option></term>
+
+  <listitem><para>When this option is used, no attempt is made to open
+  the Nix database.  Most Nix operations do need database access, so
+  those operations will fail.</para></listitem>
+  
+</varlistentry>
+
+
+<varlistentry xml:id="opt-log-type"><term><option>--log-type</option>
+<replaceable>type</replaceable></term>
+
+  <listitem>
+
+  <para>This option determines how the output written to standard
+  error is formatted.  Nix’s diagnostic messages are typically
+  <emphasis>nested</emphasis>.  For instance, when tracing Nix
+  expression evaluation (<command>nix-env -vvvvv</command>, messages
+  from subexpressions are nested inside their parent expressions.  Nix
+  builder output is also often nested.  For instance, the Nix Packages
+  generic builder nests the various build tasks (unpack, configure,
+  compile, etc.), and the GNU Make in <literal>stdenv-linux</literal>
+  has been patched to provide nesting for recursive Make
+  invocations.</para>
+
+  <para><replaceable>type</replaceable> can be one of the
+  following:
+
+  <variablelist>
+
+    <varlistentry><term><literal>pretty</literal></term>
+
+      <listitem><para>Pretty-print the output, indicating different
+      nesting levels using spaces.  This is the
+      default.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>escapes</literal></term>
+
+      <listitem><para>Indicate nesting using escape codes that can be
+      interpreted by the <command>nix-log2xml</command> tool in the
+      Nix source distribution.  The resulting XML file can be fed into
+      the <command>log2html.xsl</command> stylesheet to create an HTML
+      file that can be browsed interactively, using Javascript to
+      expand and collapse parts of the output.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>flat</literal></term>
+
+      <listitem><para>Remove all nesting.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>    
+  
+  </para>
+
+  </listitem>
+  
+</varlistentry>
+
+
+<varlistentry><term><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></term>
+
+  <listitem><para>This option is accepted by
+  <command>nix-env</command>, <command>nix-instantiate</command> and
+  <command>nix-build</command>.  When evaluating Nix expressions, the
+  expression evaluator will automatically try to call functions that
+  it encounters.  It can automatically call functions for which every
+  argument has a <link linkend='ss-functions'>default value</link>
+  (e.g., <literal>{<replaceable>argName</replaceable> ?
+  <replaceable>defaultValue</replaceable>}:
+  <replaceable>...</replaceable></literal>).  With
+  <option>--arg</option>, you can also call functions that have
+  arguments without a default value (or override a default value).
+  That is, if the evaluator encounters a function with an argument
+  named <replaceable>name</replaceable>, it will call it with value
+  <replaceable>value</replaceable>.</para>
+
+  <para>For instance, the file
+  <literal>pkgs/top-level/all-packages.nix</literal> in Nixpkgs is
+  actually a function:
+
+<programlisting>
+{ # The system (e.g., `i686-linux') for which to build the packages.
+  system ? __currentSystem
+  <replaceable>...</replaceable>
+}: <replaceable>...</replaceable></programlisting>
+
+  So if you call this Nix expression (e.g., when you do
+  <literal>nix-env -i <replaceable>pkgname</replaceable></literal>),
+  the function will be called automatically using the value <link
+  linkend='builtin-currentSystem'><literal>__currentSystem</literal></link>
+  for the <literal>system</literal> argument.  You can override this
+  using <option>--arg</option>, e.g., <literal>nix-env -i
+  <replaceable>pkgname</replaceable> --arg system
+  \"i686-freebsd\"</literal>.  (Note that since the argument is a Nix
+  string literal, you have to escape the quotes.)</para></listitem>
+
+</varlistentry>
+
+
+<varlistentry xml:id="opt-attr"><term><option>--attr</option> / <option>-A</option>
+<replaceable>attrPath</replaceable></term>
+
+  <listitem><para>In <command>nix-env</command>,
+  <command>nix-instantiate</command> and <command>nix-build</command>,
+  <option>--attr</option> allows you to select an attribute from the
+  top-level Nix expression being evaluated.  The <emphasis>attribute
+  path</emphasis> <replaceable>attrPath</replaceable> is a sequence of
+  attribute names separated by dots.  For instance, given a top-level
+  Nix expression <replaceable>e</replaceable>, the attribute path
+  <literal>xorg.xorgserver</literal> would cause the expression
+  <literal><replaceable>e</replaceable>.xorg.xorgserver</literal> to
+  be used.  See <link
+  linkend='refsec-nix-env-install-examples'><command>nix-env
+  --install</command></link> for some concrete examples.</para>
+
+  <para>In addition to attribute names, you can also specify array
+  indices.  For instance, the attribute path
+  <literal>foo.3.bar</literal> selects the <literal>bar</literal>
+  attribute of the fourth element of the array in the
+  <literal>foo</literal> attribute of the top-level
+  expression.</para></listitem>
+
+</varlistentry>
+
+
+</variablelist>
+
+
+</section>

doc/manual/package-management.xml

@@ -0,0 +1,532 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id='chap-package-management'>
+
+<title>Package Management</title>
+
+
+<para>This chapter discusses how to do package management with Nix,
+i.e., how to obtain, install, upgrade, and erase components.  This is
+the “user’s” perspective of the Nix system — people
+who want to <emphasis>create</emphasis> components should consult
+<xref linkend='chap-writing-nix-expressions' />.</para>
+
+
+<section><title>Basic package management</title>
+
+<para>The main command for package management is <link
+linkend="sec-nix-env"><command>nix-env</command></link>.  You can use
+it to install, upgrade, and erase components, and to query what
+components are installed or are available for installation.</para>
+
+<para>In Nix, different users can have different “views”
+on the set of installed applications.  That is, there might be lots of
+applications present on the system (possibly in many different
+versions), but users can have a specific selection of those active —
+where “active” just means that it appears in a directory
+in the user’s <envar>PATH</envar>.  Such a view on the set of
+installed applications is called a <emphasis>user
+environment</emphasis>, which is just a directory tree consisting of
+symlinks to the files of the active applications.  </para>
+
+<para>Components are installed from a set of <emphasis>Nix
+expressions</emphasis> that tell Nix how to build those components,
+including, if necessary, their dependencies.  There is a collection of
+Nix expressions called the Nix Package collection that contains
+components ranging from basic development stuff such as GCC and Glibc,
+to end-user applications like Mozilla Firefox.  (Nix is however not
+tied to the Nix Package collection; you could write your own Nix
+expressions based on it, or completely new ones.)  You can download
+the latest version from <link
+xlink:href='http://nix.cs.uu.nl/dist/nix' />.</para>
+
+<para>Assuming that you have downloaded and unpacked a release of Nix
+Packages, you can view the set of available components in the release:
+
+<screen>
+$ nix-env -qaf nixpkgs-<replaceable>version</replaceable> '*'
+ant-blackdown-1.4.2
+aterm-2.2
+bash-3.0
+binutils-2.15
+bison-1.875d
+blackdown-1.4.2
+bzip2-1.0.2
+...</screen>
+
+where <literal>nixpkgs-<replaceable>version</replaceable></literal> is
+where you’ve unpacked the release.  The flag <option>-q</option>
+specifies a query operation; <option>-a</option> means that you want
+to show the “available” (i.e., installable) packages, as opposed to
+the installed packages; and <option>-f</option>
+<filename>nixpkgs-<replaceable>version</replaceable></filename>
+specifies the source of the packages.  The argument
+<literal>'*'</literal> shows all installable packages. (The quotes are
+necessary to prevent shell expansion.)  You can also select specific
+packages by name:
+
+<screen>
+$ nix-env -qaf nixpkgs-<replaceable>version</replaceable> gcc
+gcc-3.4.6
+gcc-4.0.3
+gcc-4.1.1</screen>
+
+</para>
+
+<para>It is also possible to see the <emphasis>status</emphasis> of
+available components, i.e., whether they are installed into the user
+environment and/or present in the system:
+
+<screen>
+$ nix-env -qasf nixpkgs-<replaceable>version</replaceable> '*'
+...
+-PS bash-3.0
+--S binutils-2.15
+IPS bison-1.875d
+...</screen>
+
+The first character (<literal>I</literal>) indicates whether the
+component is installed in your current user environment.  The second
+(<literal>P</literal>) indicates whether it is present on your system
+(in which case installing it into your user environment would be a
+very quick operation).  The last one (<literal>S</literal>) indicates
+whether there is a so-called <emphasis>substitute</emphasis> for the
+component, which is Nix’s mechanism for doing binary deployment.  It
+just means that Nix knows that it can fetch a pre-built component from
+somewhere (typically a network server) instead of building it
+locally.</para>
+
+<para>So now that we have a set of Nix expressions we can build the
+components contained in them.  This is done using <literal>nix-env
+-i</literal>.  For instance,
+
+<screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -i subversion</screen>
+
+will install the component called <literal>subversion</literal> (which
+is, of course, the <link
+xlink:href='http://subversion.tigris.org/'>Subversion version
+management system</link>).</para>
+
+<para>When you do this for the first time, Nix will start building
+Subversion and all its dependencies.  This will take quite a while —
+typically an hour or two on modern machines.  Fortunately, there is a
+faster way (so do a Ctrl-C on that install operation!): you just need
+to tell Nix that pre-built binaries of all those components are
+available somewhere.  This is done using the
+<command>nix-pull</command> command, which must be supplied with a URL
+containing a <emphasis>manifest</emphasis> describing what binaries
+are available.  This URL should correspond to the Nix Packages release
+that you’re using.  For instance, if you obtained a release from <link
+xlink:href='http://nix.cs.uu.nl/dist/nix/nixpkgs-0.6pre1554/' />, then
+you should do:
+
+<screen>
+$ nix-pull http://nix.cs.uu.nl/dist/nix/nixpkgs-0.6pre1554/MANIFEST</screen>
+
+If you then issue the installation command, it should start
+downloading binaries from <systemitem
+class='fqdomainname'>nix.cs.uu.nl</systemitem>, instead of building
+them from source.  This might still take a while since all
+dependencies must be downloaded, but on a reasonably fast connection
+such as an DSL line it’s on the order of a few minutes.</para>
+
+<para>Naturally, packages can also be uninstalled:
+
+<screen>
+$ nix-env -e subversion</screen>
+
+</para>
+
+<para>Upgrading to a new version is just as easy.  If you have a new
+release of Nix Packages, you can do:
+
+<screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -u subversion</screen>
+
+This will <emphasis>only</emphasis> upgrade Subversion if there is a
+“newer” version in the new set of Nix expressions, as
+defined by some pretty arbitrary rules regarding ordering of version
+numbers (which generally do what you’d expect of them).  To just
+unconditionally replace Subversion with whatever version is in the Nix
+expressions, use <parameter>-i</parameter> instead of
+<parameter>-u</parameter>; <parameter>-i</parameter> will remove
+whatever version is already installed.</para>
+
+<para>You can also upgrade all components for which there are newer
+versions:
+
+<screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -u '*'</screen>
+
+</para>
+
+<para>Sometimes it’s useful to be able to ask what
+<command>nix-env</command> would do, without actually doing it.  For
+instance, to find out what packages would be upgraded by
+<literal>nix-env -u '*'</literal>, you can do
+
+<screen>
+$ nix-env ... -u '*' --dry-run
+(dry run; not doing anything)
+upgrading `libxslt-1.1.0' to `libxslt-1.1.10'
+upgrading `graphviz-1.10' to `graphviz-1.12'
+upgrading `coreutils-5.0' to `coreutils-5.2.1'</screen>
+
+</para>
+
+<para>If you grow bored of specifying the Nix expressions using
+<parameter>-f</parameter> all the time, you can set a default
+location:
+
+<screen>
+$ nix-env -I nixpkgs-<replaceable>version</replaceable></screen>
+
+After this you can just say, for instance, <literal>nix-env -u
+'*'</literal>.<footnote><para>Setting a default using
+<parameter>-I</parameter> currently clashes with using Nix channels,
+since <literal>nix-channel --update</literal> calls <literal>nix-env
+-I</literal> to set the default to the Nix expressions it downloaded
+from the channel, replacing whatever default you had
+set.</para></footnote></para>
+
+</section>
+
+
+<section xml:id="sec-profiles"><title>Profiles</title>
+
+<para>Profiles and user environments are Nix’s mechanism for
+implementing the ability to allow different users to have different
+configurations, and to do atomic upgrades and rollbacks.  To
+understand how they work, it’s useful to know a bit about how Nix
+works.  In Nix, components are stored in unique locations in the
+<emphasis>Nix store</emphasis> (typically,
+<filename>/nix/store</filename>).  For instance, a particular version
+of the Subversion component might be stored in a directory
+<filename>/nix/store/dpmvp969yhdqs7lm2r1a3gng7pyq6vy4-subversion-1.1.3/</filename>,
+while another version might be stored in
+<filename>/nix/store/5mq2jcn36ldlmh93yj1n8s9c95pj7c5s-subversion-1.1.2</filename>.
+The long strings prefixed to the directory names are cryptographic
+hashes<footnote><para>160-bit truncations of SHA-256 hashes encoded in
+a base-32 notation, to be precise.</para></footnote> of
+<emphasis>all</emphasis> inputs involved in building the component —
+sources, dependencies, compiler flags, and so on.  So if two
+components differ in any way, they end up in different locations in
+the file system, so they don’t interfere with each other.  <xref
+linkend='fig-user-environments' /> shows a part of a typical Nix
+store.</para>
+
+<figure xml:id='fig-user-environments'><title>User environments</title>
+  <mediaobject>
+    <imageobject>
+      <imagedata fileref='figures/user-environments.png' format='PNG' />
+    </imageobject>
+  </mediaobject>
+</figure>
+
+<para>Of course, you wouldn’t want to type
+
+<screen>
+$ /nix/store/dpmvp969yhdq...-subversion-1.1.3/bin/svn</screen>
+
+every time you want to run Subversion.  Of course we could set up the
+<envar>PATH</envar> environment variable to include the
+<filename>bin</filename> directory of every component we want to use,
+but this is not very convenient since changing <envar>PATH</envar>
+doesn’t take effect for already existing processes.  The solution Nix
+uses is to create directory trees of symlinks to
+<emphasis>activated</emphasis> components.  These are called
+<emphasis>user environments</emphasis> and they are components
+themselves (though automatically generated by
+<command>nix-env</command>), so they too reside in the Nix store.  For
+instance, in <xref linkend='fig-user-environments' /> the user
+environment <filename>/nix/store/5mq2jcn36ldl...-user-env</filename>
+contains a symlink to just Subversion 1.1.2 (arrows in the figure
+indicate symlinks).  This would be what we would obtain if we had done
+
+<screen>
+$ nix-env -i subversion</screen>
+
+on a set of Nix expressions that contained Subversion 1.1.2.</para>
+
+<para>This doesn’t in itself solve the problem, of course; you
+wouldn’t want to type
+<filename>/nix/store/0c1p5z4kda11...-user-env/bin/svn</filename>
+either.  That’s why there are symlinks outside of the store that point
+to the user environments in the store; for instance, the symlinks
+<filename>default-42-link</filename> and
+<filename>default-43-link</filename> in the example.  These are called
+<emphasis>generations</emphasis> since every time you perform a
+<command>nix-env</command> operation, a new user environment is
+generated based on the current one.  For instance, generation 43 was
+created from generation 42 when we did
+
+<screen>
+$ nix-env -i subversion mozilla</screen>
+
+on a set of Nix expressions that contained Mozilla and a new version
+of Subversion.</para>
+
+<para>Generations are grouped together into
+<emphasis>profiles</emphasis> so that different users don’t interfere
+with each other if they don’t want to.  For example:
+
+<screen>
+$ ls -l /nix/var/nix/profiles/
+...
+lrwxrwxrwx  1 eelco ... default-42-link -> /nix/store/0c1p5z4kda11...-user-env
+lrwxrwxrwx  1 eelco ... default-43-link -> /nix/store/3aw2pdyx2jfc...-user-env
+lrwxrwxrwx  1 eelco ... default -> default-43-link</screen>
+
+This shows a profile called <filename>default</filename>.  The file
+<filename>default</filename> itself is actually a symlink that points
+to the current generation.  When we do a <command>nix-env</command>
+operation, a new user environment and generation link are created
+based on the current one, and finally the <filename>default</filename>
+symlink is made to point at the new generation.  This last step is
+atomic on Unix, which explains how we can do atomic upgrades.  (Note
+that the building/installing of new components doesn’t interfere in
+any way with old components, since they are stored in different
+locations in the Nix store.)</para>
+
+<para>If you find that you want to undo a <command>nix-env</command>
+operation, you can just do
+
+<screen>
+$ nix-env --rollback</screen>
+
+which will just make the current generation link point at the previous
+link.  E.g., <filename>default</filename> would be made to point at
+<filename>default-42-link</filename>.  You can also switch to a
+specific generation:
+
+<screen>
+$ nix-env --switch-generation 43</screen>
+
+which in this example would roll forward to generation 43 again.  You
+can also see all available generations:
+
+<screen>
+$ nix-env --list-generations</screen></para>
+
+<para>Actually, there is another level of indirection not shown in the
+figure above.  You generally wouldn’t have
+<filename>/nix/var/nix/profiles/<replaceable>some-profile</replaceable>/bin</filename>
+in your <envar>PATH</envar>.  Rather, there is a symlink
+<filename>~/.nix-profile</filename> that points to your current
+profile.  This means that you should put
+<filename>~/.nix-profile/bin</filename> in your <envar>PATH</envar>
+(and indeed, that’s what the initialisation script
+<filename>/nix/etc/profile.d/nix.sh</filename> does).  This makes it
+easier to switch to a different profile.  You can do that using the
+command <command>nix-env --switch-profile</command>:
+
+<screen>
+$ nix-env --switch-profile /nix/var/nix/profiles/my-profile
+
+$ nix-env --switch-profile /nix/var/nix/profiles/default</screen>
+
+These commands switch to the <filename>my-profile</filename> and
+default profile, respectively.  If the profile doesn’t exist, it will
+be created automatically.  You should be careful about storing a
+profile in another location than the <filename>profiles</filename>
+directory, since otherwise it might not be used as a root of the
+garbage collector (see section <xref linkend='sec-garbage-collection'
+/>).</para>
+
+<para>All <command>nix-env</command> operations work on the profile
+pointed to by <command>~/.nix-profile</command>, but you can override
+this using the <option>--profile</option> option (abbreviation
+<option>-p</option>):
+
+<screen>
+$ nix-env -p /nix/var/nix/profiles/other-profile -i subversion</screen>
+
+This will <emphasis>not</emphasis> change the
+<command>~/.nix-profile</command> symlink.</para>
+
+</section>
+
+
+<section xml:id='sec-garbage-collection'><title>Garbage collection</title>
+
+<para><command>nix-env</command> operations such as upgrades
+(<option>-u</option>) and uninstall (<option>-e</option>) never
+actually delete components from the system.  All they do (as shown
+above) is to create a new user environment that no longer contains
+symlinks to the “deleted” components.</para>
+
+<para>Of course, since disk space is not infinite, unused components
+should be removed at some point.  You can do this by running the Nix
+garbage collector.  It will remove from the Nix store any component
+not used (directly or indirectly) by any generation of any
+profile.</para>
+
+<para>Note however that as long as old generations reference a
+component, it will not be deleted.  After all, we wouldn’t be able to
+do a rollback otherwise.  So in order for garbage collection to be
+effective, you should also delete (some) old generations.  Of course,
+this should only be done if you are certain that you will not need to
+roll back.</para>
+
+<para>To delete all old (non-current) generations of your current
+profile:
+
+<screen>
+$ nix-env --delete-generations old</screen>
+
+Instead of <literal>old</literal> you can also specify a list of
+generations, e.g.,
+
+<screen>
+$ nix-env --delete-generations 10 11 14</screen>
+
+</para>
+
+<para>After removing appropriate old generations you can run the
+garbage collector as follows:
+
+<screen>
+$ nix-store --gc</screen>
+
+If you are feeling uncertain, you can also first view what files would
+be deleted:
+
+<screen>
+$ nix-store --gc --print-dead</screen>
+
+Likewise, the option <option>--print-live</option> will show the paths
+that <emphasis>won’t</emphasis> be deleted.</para>
+
+<para>There is also a convenient little utility
+<command>nix-collect-garbage</command>, which when invoked with the
+<option>-d</option> (<option>--delete-old</option>) switch deletes all
+old generations of all profiles in
+<filename>/nix/var/nix/profiles</filename>.  So
+
+<screen>
+$ nix-collect-garbage -d</screen>
+
+is a quick and easy way to clean up your system.</para>
+
+
+
+
+<section xml:id="ssec-gc-roots"><title>Garbage collector roots</title>
+
+<para>The roots of the garbage collector are all store paths to which
+there are symlinks in the directory
+<filename><replaceable>prefix</replaceable>/nix/var/nix/gcroots</filename>.
+For instance, the following command makes the path
+<filename>/nix/store/d718ef...-foo</filename> a root of the collector:
+
+<screen>
+$ ln -s /nix/store/d718ef...-foo /nix/var/nix/gcroots/bar</screen>
+	
+That is, after this command, the garbage collector will not remove
+<filename>/nix/store/d718ef...-foo</filename> or any of its
+dependencies.</para>
+
+<para>Subdirectories of
+<filename><replaceable>prefix</replaceable>/nix/var/nix/gcroots</filename>
+are also searched for symlinks.  Symlinks to non-store paths are
+followed and searched for roots, but symlinks to non-store paths
+<emphasis>inside</emphasis> the paths reached in that way are not
+followed to prevent infinite recursion.</para>
+
+</section>
+
+</section>
+
+
+<section xml:id="sec-channels"><title>Channels</title>
+
+<para>If you want to stay up to date with a set of packages, it’s not
+very convenient to manually download the latest set of Nix expressions
+for those packages, use <command>nix-pull</command> to register
+pre-built binaries (if available), and upgrade using
+<command>nix-env</command>.  Fortunately, there’s a better way:
+<emphasis>Nix channels</emphasis>.</para>
+
+<para>A Nix channel is just a URL that points to a place that contains
+a set of Nix expressions and a manifest.  Using the command <link
+linkend="sec-nix-channel"><command>nix-channel</command></link> you
+can automatically stay up to date with whatever is available at that
+URL.</para>
+
+<para>You can “subscribe” to a channel using
+<command>nix-channel --add</command>, e.g.,
+
+<screen>
+$ nix-channel --add http://nix.cs.uu.nl/dist/nix/channels-v3/nixpkgs-unstable</screen>
+
+subscribes you to a channel that always contains that latest version
+of the Nix Packages collection.  (Instead of
+<literal>nixpkgs-unstable</literal> you could also subscribe to
+<literal>nixpkgs-stable</literal>, which should have a higher level of
+stability, but right now is just outdated.)  Subscribing really just
+means that the URL is added to the file
+<filename>~/.nix-channels</filename>.  Right now there is no command
+to “unsubscribe”; you should just edit that file manually
+and delete the offending URL.</para>
+
+<para>To obtain the latest Nix expressions available in a channel, do
+
+<screen>
+$ nix-channel --update</screen>
+
+This downloads the Nix expressions in every channel (downloaded from
+<literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal>)
+and registers any available pre-built binaries in every channel
+(by <command>nix-pull</command>ing
+<literal><replaceable>url</replaceable>/MANIFEST</literal>).  It also
+makes the union of each channel’s Nix expressions the default for
+<command>nix-env</command> operations.  Consequently, you can then say
+
+<screen>
+$ nix-env -u '*'</screen>
+
+to upgrade all components in your profile to the latest versions
+available in the subscribed channels.</para>
+
+</section>
+
+
+<section xml:id="sec-one-click"><title>One-click installs</title>
+
+<para>Often, when you want to install a specific package (e.g., from
+the <link
+xlink:href="http://nix.cs.uu.nl/dist/nix/nixpkgs-unstable-latest/">Nix
+Packages collection</link> or from our <link
+xlink:href='http://nix.cs.uu.nl/dist/'>release server</link>),
+subscribing to a channel is a bit cumbersome.  And channels don’t help
+you at all if you want to install an older version of a package than
+the one provided by the current contents of the channel, or a package
+that has been removed from the channel.  That’s when
+<emphasis>one-click installs</emphasis> come in handy: you can just go
+to the web page that contains the package, click on it, and it will be
+installed with all the necessary dependencies.</para>
+
+<para>For instance, you can go to <link
+xlink:href="http://nix.cs.uu.nl/dist/nix/nixpkgs-unstable-latest/" />
+— or to any older release of Nix Packages — and click on any link for
+the individual packages for your platform (say, <link
+xlink:href='http://nix.cs.uu.nl/dist/nix/nixpkgs-0.10pre6622/pkgs/subversion-1.4.0-i686-linux.nixpkg'><literal>subversion-1.4.0</literal>
+for <literal>i686-linux</literal></link>).  The first time you do
+this, your browser will ask what to do with
+<literal>application/nix-package</literal> files.  You should open
+them with <filename>/nix/bin/nix-install-package</filename>.  This
+will open a window that asks you to confirm that you want to install
+the package.  When you answer <literal>Y</literal>, the package and
+all its dependencies will be installed.  This is a binary deployment
+mechanism — you get packages pre-compiled for the selected platform
+type.</para>
+
+<para>You can also install <literal>application/nix-package</literal>
+files from the command line directly.  See <xref
+linkend='sec-nix-install-package' /> for details.</para>
+
+</section>
+
+
+</chapter>

doc/manual/package.nix

@@ -1,118 +0,0 @@
-{
-  lib,
-  mkMesonDerivation,
-
-  meson,
-  ninja,
-  lowdown-unsandboxed,
-  mdbook,
-  mdbook-linkcheck,
-  jq,
-  python3,
-  rsync,
-  nix-cli,
-  changelog-d,
-  json-schema-for-humans,
-  officialRelease,
-
-  # Configuration Options
-
-  version,
-
-  # `tests` attribute
-  testers,
-}:
-
-let
-  inherit (lib) fileset;
-in
-
-mkMesonDerivation (finalAttrs: {
-  pname = "nix-manual";
-  inherit version;
-
-  workDir = ./.;
-  fileset =
-    fileset.difference
-      (fileset.unions [
-        ../../.version
-        # For example JSON
-        ../../src/libutil-tests/data/memory-source-accessor
-        ../../src/libutil-tests/data/hash
-        ../../src/libstore-tests/data/content-address
-        ../../src/libstore-tests/data/store-path
-        ../../src/libstore-tests/data/realisation
-        ../../src/libstore-tests/data/derived-path
-        ../../src/libstore-tests/data/path-info
-        ../../src/libstore-tests/data/nar-info
-        ../../src/libstore-tests/data/build-result
-        # Too many different types of files to filter for now
-        ../../doc/manual
-        ./.
-      ])
-      # Do a blacklist instead
-      ../../doc/manual/package.nix;
-
-  # TODO the man pages should probably be separate
-  outputs = [
-    "out"
-    "man"
-  ];
-
-  nativeBuildInputs = [
-    nix-cli
-    meson
-    ninja
-    (lib.getBin lowdown-unsandboxed)
-    mdbook
-    mdbook-linkcheck
-    jq
-    python3
-    rsync
-    json-schema-for-humans
-    changelog-d
-  ]
-  ++ lib.optionals (!officialRelease) [
-    # When not an official release, we likely have changelog entries that have
-    # yet to be rendered.
-    # When released, these are rendered into a committed file to save a dependency.
-    changelog-d
-  ];
-
-  preConfigure = ''
-    chmod u+w ./.version
-    echo ${finalAttrs.version} > ./.version
-  '';
-
-  postInstall = ''
-    mkdir -p ''$out/nix-support
-    echo "doc manual ''$out/share/doc/nix/manual" >> ''$out/nix-support/hydra-build-products
-  '';
-
-  /**
-    The root of the HTML manual.
-    E.g. "${nix-manual.site}/index.html" exists.
-  */
-  passthru.site = finalAttrs.finalPackage + "/share/doc/nix/manual";
-
-  passthru.tests = {
-    # https://nixos.org/manual/nixpkgs/stable/index.html#tester-lycheeLinkCheck
-    linkcheck = testers.lycheeLinkCheck {
-      inherit (finalAttrs.finalPackage) site;
-      extraConfig = {
-        exclude = [
-          # Exclude auto-generated JSON schema documentation which has
-          # auto-generated fragment IDs that don't match the link references
-          ".*/protocols/json/.*\\.html"
-          # Exclude undocumented builtins
-          ".*/language/builtins\\.html#builtins-addErrorContext"
-          ".*/language/builtins\\.html#builtins-appendContext"
-        ];
-      };
-    };
-  };
-
-  meta = {
-    platforms = lib.platforms.all;
-  };
-})