Merge pull request #13208 from NixOS/mergify/bp/2.27-maintenance/pr-13207

dev-shell: Drop bear dependency (backport #13207)
dev-shell: Drop bear dependency
2025-05-15 21:58:20 +00:00 · 2025-05-15 21:49:07 +00:00 · 2025-04-14 15:57:09 +02:00 · 2025-04-14 13:47:54 +00:00 · 2025-04-09 16:53:03 +00:00 · 2025-04-09 16:33:40 +00:00
1048 changed files with 37673 additions and 49517 deletions
--- a/.clang-format
+++ b/.clang-format
@@ -8,7 +8,7 @@ BraceWrapping:
  AfterUnion: true
  SplitEmptyRecord: false
 PointerAlignment: Middle
-FixNamespaceComments: true
+FixNamespaceComments: false
 SortIncludes: Never
 #IndentPPDirectives: BeforeHash
 SpaceAfterCStyleCast: true
@@ -32,4 +32,3 @@ IndentPPDirectives: AfterHash
 PPIndentWidth: 2
 BinPackArguments: false
 BreakBeforeTernaryOperators: true
-SeparateDefinitionBlocks: Always
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -1,4 +0,0 @@
-# bulk initial re-formatting with clang-format
-e4f62e46088919428a68bd8014201dc8e379fed7 # !autorebase ./maintainers/format.sh --until-stable
-# meson re-formatting
-385e2c3542c707d95e3784f7f6d623f67e77ab61 # !autorebase ./maintainers/format.sh --until-stable
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -11,7 +11,16 @@
 .github/CODEOWNERS @edolstra

 # Documentation of built-in functions
-src/libexpr/primops.cc @roberth
+src/libexpr/primops.cc @roberth @fricklerhandwerk
+
+# Documentation of settings
+src/libexpr/eval-settings.hh @fricklerhandwerk
+src/libstore/globals.hh @fricklerhandwerk
+
+# Documentation
+doc/manual @fricklerhandwerk
+maintainers/*.md @fricklerhandwerk
+src/**/*.md @fricklerhandwerk

 # Libstore layer
 /src/libstore @ericson2314
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -45,7 +45,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open bug issues and pull requests] for possible duplicates

-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open bug issues and pull requests]: https://github.com/NixOS/nix/labels/bug

--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -30,7 +30,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open feature issues and pull requests] for possible duplicates

-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open feature issues and pull requests]: https://github.com/NixOS/nix/labels/feature

--- a/.github/ISSUE_TEMPLATE/installer.md
+++ b/.github/ISSUE_TEMPLATE/installer.md
@@ -38,7 +38,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open installer issues and pull requests] for possible duplicates

-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open installer issues and pull requests]: https://github.com/NixOS/nix/labels/installer

--- a/.github/ISSUE_TEMPLATE/missing_documentation.md
+++ b/.github/ISSUE_TEMPLATE/missing_documentation.md
@@ -22,7 +22,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open documentation issues and pull requests] for possible duplicates

-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open documentation issues and pull requests]: https://github.com/NixOS/nix/labels/documentation

--- a/.github/STALE-BOT.md
+++ b/.github/STALE-BOT.md
@@ -3,7 +3,7 @@
 - Thanks for your contribution!
 - To remove the stale label, just leave a new comment.
 - _How to find the right people to ping?_ &rarr; [`git blame`](https://git-scm.com/docs/git-blame) to the rescue! (or GitHub's history and blame buttons.)
- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on [Matrix - #users:nixos.org](https://matrix.to/#/#users:nixos.org).
+- You can always ask for help on [our Discourse Forum](https://discourse.nixos.org/) or on [Matrix - #nix:nixos.org](https://matrix.to/#/#nix:nixos.org).

 ## Suggestions for PRs

--- a/.github/actions/install-nix-action/action.yaml
+++ b/.github/actions/install-nix-action/action.yaml
@@ -1,50 +0,0 @@
-name: "Install Nix"
-description: "Helper action for installing Nix with support for dogfooding from master"
-inputs:
-  dogfood:
-    description: "Whether to use Nix installed from the latest artifact from master branch"
-    required: true # Be explicit about the fact that we are using unreleased artifacts
-  extra_nix_config:
-    description: "Gets appended to `/etc/nix/nix.conf` if passed."
-  install_url:
-    description: "URL of the Nix installer"
-    required: false
-    default: "https://releases.nixos.org/nix/nix-2.30.1/install"
-  github_token:
-    description: "Github token"
-    required: true
-runs:
-  using: "composite"
-  steps:
-    - name: "Download nix install artifact from master"
-      shell: bash
-      id: download-nix-installer
-      if: inputs.dogfood == 'true'
-      run: |
-        RUN_ID=$(gh run list --repo "$DOGFOOD_REPO" --workflow ci.yml --branch master --status success --json databaseId --jq ".[0].databaseId")
-
-        if [ "$RUNNER_OS" == "Linux" ]; then
-          INSTALLER_ARTIFACT="installer-linux"
-        elif [ "$RUNNER_OS" == "macOS" ]; then
-          INSTALLER_ARTIFACT="installer-darwin"
-        else
-          echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS"
-          exit 1
-        fi
-
-        INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$INSTALLER_ARTIFACT"
-        mkdir -p "$INSTALLER_DOWNLOAD_DIR"
-
-        gh run download "$RUN_ID" --repo "$DOGFOOD_REPO" -n "$INSTALLER_ARTIFACT" -D "$INSTALLER_DOWNLOAD_DIR"
-        echo "installer-path=file://$INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-
-        echo "::notice ::Dogfooding Nix installer from master (https://github.com/$DOGFOOD_REPO/actions/runs/$RUN_ID)"
-      env:
-        GH_TOKEN: ${{ inputs.github_token }}
-        DOGFOOD_REPO: "NixOS/nix"
-    - uses: cachix/install-nix-action@c134e4c9e34bac6cab09cf239815f9339aaaf84e # v31.5.1
-      with:
-        # Ternary operator in GHA: https://www.github.com/actions/runner/issues/409#issuecomment-752775072
-        install_url: ${{ inputs.dogfood == 'true' && format('{0}/install', steps.download-nix-installer.outputs.installer-path) || inputs.install_url }}
-        install_options: ${{ inputs.dogfood == 'true' && format('--tarball-url-prefix {0}', steps.download-nix-installer.outputs.installer-path) || '' }}
-        extra_nix_config: ${{ inputs.extra_nix_config }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,13 +13,8 @@ jobs:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        dogfood: true
-        extra_nix_config:
-          experimental-features = nix-command flakes
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-    - run: nix flake show --all-systems --json
+    - uses: cachix/install-nix-action@v30
+    - run: nix --experimental-features 'nix-command flakes' flake show --all-systems --json

  tests:
    strategy:
@@ -29,21 +24,9 @@ jobs:
          - scenario: on ubuntu
            runs-on: ubuntu-24.04
            os: linux
-            instrumented: false
-            primary: true
-            stdenv: stdenv
          - scenario: on macos
            runs-on: macos-14
            os: darwin
-            instrumented: false
-            primary: true
-            stdenv: stdenv
-          - scenario: on ubuntu (with sanitizers / coverage)
-            runs-on: ubuntu-24.04
-            os: linux
-            instrumented: true
-            primary: false
-            stdenv: clangStdenv
    name: tests ${{ matrix.scenario }}
    runs-on: ${{ matrix.runs-on }}
    timeout-minutes: 60
@@ -51,10 +34,8 @@ jobs:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
+    - uses: cachix/install-nix-action@v30
      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: true
        # The sandbox would otherwise be disabled by default on Darwin
        extra_nix_config: |
          sandbox = true
@@ -64,36 +45,13 @@ jobs:
    # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
    - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
      if: matrix.os == 'linux'
-    - name: Run component tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix componentTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-    - name: Run flake checks and prepare the installer tarball
-      run: |
-        ci/gha/tests/build-checks
-        ci/gha/tests/prepare-installer-for-github-actions
-      if: ${{ matrix.primary }}
-    - name: Collect code coverage
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix codeCoverage.coverageReports -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}" \
-          --out-link coverage-reports
-        cat coverage-reports/index.txt >> $GITHUB_STEP_SUMMARY
-      if: ${{ matrix.instrumented }}
-    - name: Upload coverage reports
-      uses: actions/upload-artifact@v4
-      with:
-        name: coverage-reports
-        path: coverage-reports/
-      if: ${{ matrix.instrumented }}
+    - run: scripts/build-checks
+    - run: scripts/prepare-installer-for-github-actions
    - name: Upload installer tarball
      uses: actions/upload-artifact@v4
      with:
        name: installer-${{matrix.os}}
        path: out/*
-      if: ${{ matrix.primary }}

  installer_test:
    needs: [tests]
@@ -116,13 +74,13 @@ jobs:
      with:
        name: installer-${{matrix.os}}
        path: out
-    - name: Looking up the installer tarball URL
-      id: installer-tarball-url
-      run: echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT"
-    - uses: cachix/install-nix-action@v31
+    - name: Serving installer
+      id: serving_installer
+      run: ./scripts/serve-installer-for-github-actions
+    - uses: cachix/install-nix-action@v30
      with:
-        install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }}
-        install_options: ${{ format('--tarball-url-prefix {0}', steps.installer-tarball-url.outputs.installer-url) }}
+        install_url: 'http://localhost:8126/install'
+        install_options: "--tarball-url-prefix http://localhost:8126/"
    - run: sudo apt install fish zsh
      if: matrix.os == 'linux'
    - run: brew install fish
@@ -173,7 +131,7 @@ jobs:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0
-    - uses: cachix/install-nix-action@v31
+    - uses: cachix/install-nix-action@v30
      with:
        install_url: https://releases.nixos.org/nix/nix-2.20.3/install
    - uses: DeterminateSystems/magic-nix-cache-action@main
@@ -217,12 +175,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: true
-          extra_nix_config:
-            experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - run: |
          nix build -L \
@@ -248,34 +201,6 @@ jobs:
        with:
          repository: NixOS/flake-regressions-data
          path: flake-regressions/tests
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: true
-          extra_nix_config:
-            experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh
-
-  profile_build:
-    needs: tests
-    runs-on: ubuntu-24.04
-    timeout-minutes: 60
-    if: >-
-      github.event_name == 'push' &&
-      github.ref_name == 'master'
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: true
-        extra_nix_config: |
-          experimental-features = flakes nix-command ca-derivations impure-derivations
-          max-jobs = 1
-    - uses: DeterminateSystems/magic-nix-cache-action@main
-    - run: |
-        nix build -L --file ./ci/gha/profile-build buildTimeReport --out-link build-time-report.md
-        cat build-time-report.md >> $GITHUB_STEP_SUMMARY
--- a/.gitignore
+++ b/.gitignore
@@ -47,6 +47,3 @@ result-*
 .DS_Store

 flake-regressions
-
-# direnv
-.direnv/
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -117,47 +117,3 @@ pull_request_rules:
        labels:
          - automatic backport
          - merge-queue
-
-  - name: backport patches to 2.27
-    conditions:
-      - label=backport 2.27-maintenance
-    actions:
-      backport:
-        branches:
-          - "2.27-maintenance"
-        labels:
-          - automatic backport
-          - merge-queue
-
-  - name: backport patches to 2.28
-    conditions:
-      - label=backport 2.28-maintenance
-    actions:
-      backport:
-        branches:
-          - "2.28-maintenance"
-        labels:
-          - automatic backport
-          - merge-queue
-
-  - name: backport patches to 2.29
-    conditions:
-      - label=backport 2.29-maintenance
-    actions:
-      backport:
-        branches:
-          - "2.29-maintenance"
-        labels:
-          - automatic backport
-          - merge-queue
-
-  - name: backport patches to 2.30
-    conditions:
-      - label=backport 2.30-maintenance
-    actions:
-      backport:
-        branches:
-          - "2.30-maintenance"
-        labels:
-          - automatic backport
-          - merge-queue
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.31.0
+2.27.2
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -89,7 +89,7 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).

 ## Making changes to the Nix manual

-The Nix reference manual is hosted on https://nix.dev/manual/nix.
+The Nix reference manual is hosted on https://nixos.org/manual/nix.
 The underlying source files are located in [`doc/manual/source`](./doc/manual/source).
 For small changes you can [use GitHub to edit these files](https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files)
 For larger changes see the [Nix reference manual](https://nix.dev/manual/nix/development/development/contributing.html).
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Today, a world-wide developer community contributes to Nix and the ecosystem tha
 - [Nixpkgs](https://github.com/NixOS/nixpkgs) is [the largest, most up-to-date free software repository in the world](https://repology.org/repositories/graphs)
 - [NixOS](https://github.com/NixOS/nixpkgs/tree/master/nixos) is a Linux distribution that can be configured fully declaratively
 - [Discourse](https://discourse.nixos.org/)
- Matrix: [#users:nixos.org](https://matrix.to/#/#users:nixos.org) for user support and [#nix-dev:nixos.org](https://matrix.to/#/#nix-dev:nixos.org) for development
+- [Matrix](https://matrix.to/#/#nix:nixos.org)

 ## License

--- a/ci/gha/profile-build/default.nix
+++ b/ci/gha/profile-build/default.nix
@@ -1,101 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-}:
-
-let
-  inherit (pkgs) lib;
-
-  nixComponentsInstrumented =
-    (nixFlake.lib.makeComponents {
-      inherit pkgs;
-      getStdenv = p: p.clangStdenv;
-    }).overrideScope
-      (
-        _: _: {
-          mesonComponentOverrides = finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "buildprofile" ];
-            nativeBuildInputs = [ pkgs.clangbuildanalyzer ] ++ prevAttrs.nativeBuildInputs or [ ];
-            __impure = true;
-
-            env = {
-              CFLAGS = "-ftime-trace";
-              CXXFLAGS = "-ftime-trace";
-            };
-
-            preBuild = ''
-              ClangBuildAnalyzer --start $PWD
-            '';
-
-            postBuild = ''
-              ClangBuildAnalyzer --stop $PWD $buildprofile
-            '';
-          };
-        }
-      );
-
-  componentsToProfile = {
-    "nix-util" = { };
-    "nix-util-c" = { };
-    "nix-util-test-support" = { };
-    "nix-util-tests" = { };
-    "nix-store" = { };
-    "nix-store-c" = { };
-    "nix-store-test-support" = { };
-    "nix-store-tests" = { };
-    "nix-fetchers" = { };
-    "nix-fetchers-c" = { };
-    "nix-fetchers-tests" = { };
-    "nix-expr" = { };
-    "nix-expr-c" = { };
-    "nix-expr-test-support" = { };
-    "nix-expr-tests" = { };
-    "nix-flake" = { };
-    "nix-flake-c" = { };
-    "nix-flake-tests" = { };
-    "nix-main" = { };
-    "nix-main-c" = { };
-    "nix-cmd" = { };
-    "nix-cli" = { };
-  };
-
-  componentDerivationsToProfile = builtins.intersectAttrs componentsToProfile nixComponentsInstrumented;
-  componentBuildProfiles = lib.mapAttrs (
-    n: v: lib.getOutput "buildprofile" v
-  ) componentDerivationsToProfile;
-
-  buildTimeReport =
-    pkgs.runCommand "build-time-report"
-      {
-        __impure = true;
-        __structuredAttrs = true;
-        nativeBuildInputs = [ pkgs.clangbuildanalyzer ];
-        inherit componentBuildProfiles;
-      }
-      ''
-        {
-          echo "# Build time performance profile for components:"
-          echo
-          echo "This reports the build profile collected via \`-ftime-trace\` for each component."
-          echo
-        } >> $out
-
-        for name in "''\${!componentBuildProfiles[@]}"; do
-          {
-            echo "<details><summary><strong>$name</strong></summary>"
-            echo
-            echo '````'
-            ClangBuildAnalyzer --analyze "''\${componentBuildProfiles[$name]}"
-            echo '````'
-            echo
-            echo "</details>"
-          } >> $out
-        done
-      '';
-in
-
-{
-  inherit buildTimeReport;
-  inherit componentDerivationsToProfile;
-}
--- a/ci/gha/tests/default.nix
+++ b/ci/gha/tests/default.nix
@@ -1,211 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  getStdenv ? p: p.stdenv,
-  componentTestsPrefix ? "",
-  withSanitizers ? false,
-  withCoverage ? false,
-  ...
-}:
-
-let
-  inherit (pkgs) lib;
-  hydraJobs = nixFlake.hydraJobs;
-  packages' = nixFlake.packages.${system};
-  stdenv = (getStdenv pkgs);
-
-  enableSanitizersLayer = finalAttrs: prevAttrs: {
-    mesonFlags =
-      (prevAttrs.mesonFlags or [ ])
-      ++ [
-        # Run all tests with UBSAN enabled. Running both with ubsan and
-        # without doesn't seem to have much immediate benefit for doubling
-        # the GHA CI workaround.
-        #
-        # TODO: Work toward enabling "address,undefined" if it seems feasible.
-        # This would maybe require dropping Boost coroutines and ignoring intentional
-        # memory leaks with detect_leaks=0.
-        (lib.mesonOption "b_sanitize" "undefined")
-      ]
-      ++ (lib.optionals stdenv.cc.isClang [
-        # https://www.github.com/mesonbuild/meson/issues/764
-        (lib.mesonBool "b_lundef" false)
-      ]);
-  };
-
-  collectCoverageLayer = finalAttrs: prevAttrs: {
-    env =
-      let
-        # https://clang.llvm.org/docs/SourceBasedCodeCoverage.html#the-code-coverage-workflow
-        coverageFlags = [
-          "-fprofile-instr-generate"
-          "-fcoverage-mapping"
-        ];
-      in
-      {
-        CFLAGS = toString coverageFlags;
-        CXXFLAGS = toString coverageFlags;
-      };
-
-    # Done in a pre-configure hook, because $NIX_BUILD_TOP needs to be substituted.
-    preConfigure =
-      prevAttrs.preConfigure or ""
-      + ''
-        mappingFlag=" -fcoverage-prefix-map=$NIX_BUILD_TOP/${finalAttrs.src.name}=${finalAttrs.src}"
-        CFLAGS+="$mappingFlag"
-        CXXFLAGS+="$mappingFlag"
-      '';
-  };
-
-  componentOverrides =
-    (lib.optional withSanitizers enableSanitizersLayer)
-    ++ (lib.optional withCoverage collectCoverageLayer);
-in
-
-rec {
-  nixComponents =
-    (nixFlake.lib.makeComponents {
-      inherit pkgs;
-      inherit getStdenv;
-    }).overrideScope
-      (
-        final: prev: {
-          nix-store-tests = prev.nix-store-tests.override { withBenchmarks = true; };
-
-          mesonComponentOverrides = lib.composeManyExtensions componentOverrides;
-        }
-      );
-
-  /**
-    Top-level tests for the flake outputs, as they would be built by hydra.
-    These tests generally can't be overridden to run with sanitizers.
-  */
-  topLevel = {
-    installerScriptForGHA = hydraJobs.installerScriptForGHA.${system};
-    installTests = hydraJobs.installTests.${system};
-    nixpkgsLibTests = hydraJobs.tests.nixpkgsLibTests.${system};
-    rl-next = pkgs.buildPackages.runCommand "test-rl-next-release-notes" { } ''
-      LANG=C.UTF-8 ${pkgs.changelog-d}/bin/changelog-d ${../../../doc/manual/rl-next} >$out
-    '';
-    repl-completion = pkgs.callPackage ../../../tests/repl-completion.nix { inherit (packages') nix; };
-
-    /**
-      Checks for our packaging expressions.
-      This shouldn't build anything significant; just check that things
-      (including derivations) are _set up_ correctly.
-    */
-    packaging-overriding =
-      let
-        nix = packages'.nix;
-      in
-      assert (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src.patches == [ pkgs.emptyFile ];
-      if pkgs.stdenv.buildPlatform.isDarwin then
-        lib.warn "packaging-overriding check currently disabled because of a permissions issue on macOS" pkgs.emptyFile
-      else
-        # If this fails, something might be wrong with how we've wired the scope,
-        # or something could be broken in Nixpkgs.
-        pkgs.testers.testEqualContents {
-          assertion = "trivial patch does not change source contents";
-          expected = "${../../..}";
-          actual =
-            # Same for all components; nix-util is an arbitrary pick
-            (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src;
-        };
-  };
-
-  componentTests =
-    (lib.concatMapAttrs (
-      pkgName: pkg:
-      lib.concatMapAttrs (testName: test: {
-        "${componentTestsPrefix}${pkgName}-${testName}" = test;
-      }) (pkg.tests or { })
-    ) nixComponents)
-    // lib.optionalAttrs (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) {
-      "${componentTestsPrefix}nix-functional-tests" = nixComponents.nix-functional-tests;
-    };
-
-  codeCoverage =
-    let
-      componentsTestsToProfile =
-        (builtins.mapAttrs (n: v: nixComponents.${n}.tests.run) {
-          "nix-util-tests" = { };
-          "nix-store-tests" = { };
-          "nix-fetchers-tests" = { };
-          "nix-expr-tests" = { };
-          "nix-flake-tests" = { };
-        })
-        // {
-          inherit (nixComponents) nix-functional-tests;
-        };
-
-      coverageProfileDrvs = lib.mapAttrs (
-        n: v:
-        v.overrideAttrs (
-          finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "profraw" ];
-            env = {
-              LLVM_PROFILE_FILE = "${placeholder "profraw"}/%m";
-            };
-          }
-        )
-      ) componentsTestsToProfile;
-
-      coverageProfiles = lib.mapAttrsToList (n: v: lib.getOutput "profraw" v) coverageProfileDrvs;
-
-      mergedProfdata =
-        pkgs.runCommand "merged-profdata"
-          {
-            __structuredAttrs = true;
-            nativeBuildInputs = [ pkgs.llvmPackages.libllvm ];
-            inherit coverageProfiles;
-          }
-          ''
-            rawProfiles=()
-            for dir in "''\${coverageProfiles[@]}"; do
-              rawProfiles+=($dir/*)
-            done
-            llvm-profdata merge -sparse -output $out "''\${rawProfiles[@]}"
-          '';
-
-      coverageReports =
-        let
-          nixComponentDrvs = lib.filter (lib.isDerivation) (lib.attrValues nixComponents);
-        in
-        pkgs.runCommand "code-coverage-report"
-          {
-            nativeBuildInputs = [
-              pkgs.llvmPackages.libllvm
-            ];
-            __structuredAttrs = true;
-            nixComponents = nixComponentDrvs;
-          }
-          ''
-            # ${toString (lib.map (v: v.src) nixComponentDrvs)}
-
-            binaryFiles=()
-            for dir in "''\${nixComponents[@]}"; do
-              readarray -t filesInDir < <(find "$dir" -type f -executable)
-              binaryFiles+=("''\${filesInDir[@]}")
-            done
-
-            arguments=$(concatStringsSep " -object " binaryFiles)
-            llvm-cov show $arguments -instr-profile ${mergedProfdata} -output-dir $out -format=html
-
-            {
-              echo "# Code coverage summary (generated via \`llvm-cov\`):"
-              echo
-              echo '```'
-              llvm-cov report $arguments -instr-profile ${mergedProfdata} -format=text -use-color=false
-              echo '```'
-              echo
-            } >> $out/index.txt
-
-          '';
-    in
-    assert withCoverage;
-    assert stdenv.cc.isClang;
-    {
-      inherit coverageProfileDrvs mergedProfdata coverageReports;
-    };
-}
--- a/ci/gha/tests/wrapper.nix
+++ b/ci/gha/tests/wrapper.nix
@@ -1,16 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  stdenv ? "stdenv",
-  componentTestsPrefix ? "",
-  withInstrumentation ? false,
-}@args:
-import ./. (
-  args
-  // {
-    getStdenv = p: p.${stdenv};
-    withSanitizers = withInstrumentation;
-    withCoverage = withInstrumentation;
-  }
-)
--- a/doc/manual/generate-deps.py
+++ b/doc/manual/generate-deps.py
@@ -14,7 +14,7 @@ import sys
 # literally. since the rules for these aren't even the same for
 # all three we will just fail when we encounter any of them (if
 # asserts are off for some reason the depfile will likely point
-# to nonexistent paths, making everything phony and thus fine.)
+# to nonexistant paths, making everything phony and thus fine.)
 for path in glob.glob(sys.argv[1] + '/**', recursive=True):
    assert '\\' not in path
    assert ' ' not in path
--- a/doc/manual/generate-store-info.nix
+++ b/doc/manual/generate-store-info.nix
@@ -33,7 +33,6 @@ let
    {
      settings,
      doc,
-      uri-schemes,
      experimentalFeature,
    }:
    let
--- a/doc/manual/meson.build
+++ b/doc/manual/meson.build
@@ -1,5 +1,4 @@
-project(
-  'nix-manual',
+project('nix-manual',
  version : files('.version'),
  meson_version : '>= 1.1',
  license : 'LGPL-2.1-or-later',
@@ -9,45 +8,43 @@ nix = find_program('nix', native : true)

 mdbook = find_program('mdbook', native : true)
 bash = find_program('bash', native : true)
-rsync = find_program('rsync', required : true, native : true)

 pymod = import('python')
 python = pymod.find_installation('python3')

 nix_env_for_docs = {
-  'HOME' : '/dummy',
-  'NIX_CONF_DIR' : '/dummy',
-  'NIX_SSL_CERT_FILE' : '/dummy/no-ca-bundle.crt',
-  'NIX_STATE_DIR' : '/dummy',
-  'NIX_CONFIG' : 'cores = 0',
+  'HOME': '/dummy',
+  'NIX_CONF_DIR': '/dummy',
+  'NIX_SSL_CERT_FILE': '/dummy/no-ca-bundle.crt',
+  'NIX_STATE_DIR': '/dummy',
+  'NIX_CONFIG': 'cores = 0',
 }

-nix_for_docs = [ nix, '--experimental-features', 'nix-command' ]
+nix_for_docs = [nix, '--experimental-features', 'nix-command']
 nix_eval_for_docs_common = nix_for_docs + [
  'eval',
-  '-I',
-  'nix=' + meson.current_source_dir(),
+  '-I', 'nix=' + meson.current_source_dir(),
  '--store', 'dummy://',
  '--impure',
 ]
 nix_eval_for_docs = nix_eval_for_docs_common + '--raw'

 conf_file_json = custom_target(
-  command : nix_for_docs + [ 'config', 'show', '--json' ],
+  command : nix_for_docs + ['config', 'show', '--json'],
  capture : true,
  output : 'conf-file.json',
  env : nix_env_for_docs,
 )

 language_json = custom_target(
-  command : [ nix, '__dump-language' ],
+  command: [nix, '__dump-language'],
  output : 'language.json',
  capture : true,
  env : nix_env_for_docs,
 )

 nix3_cli_json = custom_target(
-  command : [ nix, '__dump-cli' ],
+  command : [nix, '__dump-cli'],
  capture : true,
  output : 'nix.json',
  env : nix_env_for_docs,
@@ -70,7 +67,7 @@ subdir('source/release-notes')
 subdir('source')

 # Hacky way to figure out if `nix` is an `ExternalProgram` or
-# `Executable`. Only the latter can occur in custom target input lists.
+# `Exectuable`. Only the latter can occur in custom target input lists.
 if nix.full_path().startswith(meson.build_root())
  nix_input = nix
 else
@@ -81,14 +78,13 @@ manual = custom_target(
  'manual',
  command : [
    bash,
-    '-euo',
-    'pipefail',
+    '-euo', 'pipefail',
    '-c',
    '''
        @0@ @INPUT0@ @CURRENT_SOURCE_DIR@ > @DEPFILE@
        @0@ @INPUT1@ summary @2@ < @CURRENT_SOURCE_DIR@/source/SUMMARY.md.in > @2@/source/SUMMARY.md
        sed -e 's|@version@|@3@|g' < @INPUT2@ > @2@/book.toml
-        @4@ -r --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
+        rsync -r --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
        (cd @2@; RUST_LOG=warn @1@ build -d @2@ 3>&2 2>&1 1>&3) | { grep -Fv "because fragment resolution isn't implemented" || :; } 3>&2 2>&1 1>&3
        rm -rf @2@/manual
        mv @2@/html @2@/manual
@@ -98,7 +94,6 @@ manual = custom_target(
      mdbook.full_path(),
      meson.current_build_dir(),
      meson.project_version(),
-      rsync.full_path(),
    ),
  ],
  input : [
@@ -123,8 +118,8 @@ manual = custom_target(
  ],
  depfile : 'manual.d',
  env : {
-    'RUST_LOG' : 'info',
-    'MDBOOK_SUBSTITUTE_SEARCH' : meson.current_build_dir() / 'source',
+    'RUST_LOG': 'info',
+    'MDBOOK_SUBSTITUTE_SEARCH': meson.current_build_dir() / 'source',
  },
 )
 manual_html = manual[0]
@@ -136,8 +131,7 @@ install_subdir(
 )

 nix_nested_manpages = [
-  [
-    'nix-env',
+  [ 'nix-env',
    [
      'delete-generations',
      'install',
@@ -152,8 +146,7 @@ nix_nested_manpages = [
      'upgrade',
    ],
  ],
-  [
-    'nix-store',
+  [ 'nix-store',
    [
      'add-fixed',
      'add',
@@ -253,11 +246,11 @@ nix3_manpages = [
  'nix3-nar',
  'nix3-path-info',
  'nix3-print-dev-env',
-  'nix3-profile',
-  'nix3-profile-add',
  'nix3-profile-diff-closures',
  'nix3-profile-history',
+  'nix3-profile-install',
  'nix3-profile-list',
+  'nix3-profile',
  'nix3-profile-remove',
  'nix3-profile-rollback',
  'nix3-profile-upgrade',
@@ -288,6 +281,7 @@ nix3_manpages = [
  'nix3-store',
  'nix3-store-optimise',
  'nix3-store-path-from-hash-part',
+  'nix3-store-ping',
  'nix3-store-prefetch-file',
  'nix3-store-repair',
  'nix3-store-sign',
--- a/doc/manual/package.nix
+++ b/doc/manual/package.nix
@@ -11,8 +11,6 @@
  python3,
  rsync,
  nix-cli,
-  changelog-d,
-  officialRelease,

  # Configuration Options

@@ -46,24 +44,16 @@ mkMesonDerivation (finalAttrs: {
  ];

  # Hack for sake of the dev shell
-  passthru.externalNativeBuildInputs =
-    [
-      meson
-      ninja
-      (lib.getBin lowdown-unsandboxed)
-      mdbook
-      mdbook-linkcheck
-      jq
-      python3
-      rsync
-      changelog-d
-    ]
-    ++ lib.optionals (!officialRelease) [
-      # When not an official release, we likely have changelog entries that have
-      # yet to be rendered.
-      # When released, these are rendered into a committed file to save a dependency.
-      changelog-d
-    ];
+  passthru.externalNativeBuildInputs = [
+    meson
+    ninja
+    (lib.getBin lowdown-unsandboxed)
+    mdbook
+    mdbook-linkcheck
+    jq
+    python3
+    rsync
+  ];

  nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [
    nix-cli
--- a/doc/manual/redirects.js
+++ b/doc/manual/redirects.js
@@ -374,7 +374,6 @@ const redirects = {
  },
  "glossary.html": {
    "gloss-local-store": "store/types/local-store.html",
-    "package-attribute-set": "#package",
    "gloss-chroot-store": "store/types/local-store.html",
    "gloss-content-addressed-derivation": "#gloss-content-addressing-derivation",
  },
--- a/doc/manual/rl-next/build-cores-auto-detect.md
+++ b/doc/manual/rl-next/build-cores-auto-detect.md
@@ -1,6 +0,0 @@
---
-synopsis: "`build-cores = 0` now auto-detects CPU cores"
-prs: [13402]
---
-
-When `build-cores` is set to `0`, nix now automatically detects the number of available CPU cores and passes this value via `NIX_BUILD_CORES`, instead of passing `0` directly. This matches the behavior when `build-cores` is unset. This prevents the builder from having to detect the number of cores.
--- a/doc/manual/rl-next/port-in-store-uris.md
+++ b/doc/manual/rl-next/port-in-store-uris.md
@@ -1,13 +0,0 @@
---
-synopsis: "Add support for user@address:port syntax in store URIs"
-prs: [3425]
-issues: [7044]
---
-
-It's now possible to specify the port used for the SSH stores directly in the store URL in accordance with [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986). Previously the only way to specify custom ports was via `ssh_config` or `NIX_SSHOPTS` environment variable, because Nix incorrectly passed the port number together with the host name to the SSH executable. This has now been fixed.
-
-This change affects [store references](@docroot@/store/types/index.md#store-url-format) passed via the `--store` and similar flags in CLI as well as in the configuration for [remote builders](@docroot@/command-ref/conf-file.md#conf-builders). For example, the following store URIs now work:
-
- `ssh://127.0.0.1:2222`
- `ssh://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`
- `ssh-ng://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`
--- a/doc/manual/rl-next/rfc4007-zone-id-in-uri-rfc6874.md
+++ b/doc/manual/rl-next/rfc4007-zone-id-in-uri-rfc6874.md
@@ -1,6 +0,0 @@
---
-synopsis: "Represent IPv6 RFC4007 ZoneId literals in conformance with RFC6874"
-prs: [13445]
---
-
-Prior versions of Nix since [#4646](https://github.com/NixOS/nix/pull/4646) accepted [IPv6 scoped addresses](https://datatracker.ietf.org/doc/html/rfc4007) in URIs like [store references](@docroot@/store/types/index.md#store-url-format) in the textual representation with a literal percent character: `[fe80::1%18]`. This was ambiguous, because the the percent literal `%` is reserved by [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986), since it's used to indicate percent encoding. Nix now requires that the percent `%` symbol is percent-encoded as `%25`. This implements [RFC6874](https://datatracker.ietf.org/doc/html/rfc6874), which defines the representation of zone identifiers in URIs. The example from above now has to be specified as `[fe80::1%2518]`.
--- a/doc/manual/source/SUMMARY.md.in
+++ b/doc/manual/source/SUMMARY.md.in
@@ -33,7 +33,6 @@
  - [Data Types](language/types.md)
    - [String context](language/string-context.md)
  - [Syntax and semantics](language/syntax.md)
-    - [Evaluation](language/evaluation.md)
    - [Variables](language/variables.md)
    - [String literals](language/string-literals.md)
    - [Identifiers](language/identifiers.md)
@@ -57,7 +56,6 @@
  - [Tuning Cores and Jobs](advanced-topics/cores-vs-jobs.md)
  - [Verifying Build Reproducibility](advanced-topics/diff-hook.md)
  - [Using the `post-build-hook`](advanced-topics/post-build-hook.md)
-  - [Evaluation profiler](advanced-topics/eval-profiler.md)
 - [Command Reference](command-ref/index.md)
  - [Common Options](command-ref/opt-common.md)
  - [Common Environment Variables](command-ref/env-common.md)
@@ -128,7 +126,6 @@
 - [Development](development/index.md)
  - [Building](development/building.md)
  - [Testing](development/testing.md)
-  - [Benchmarking](development/benchmarking.md)
  - [Debugging](development/debugging.md)
  - [Documentation](development/documentation.md)
  - [CLI guideline](development/cli-guideline.md)
@@ -138,9 +135,6 @@
  - [Contributing](development/contributing.md)
 - [Releases](release-notes/index.md)
 {{#include ./SUMMARY-rl-next.md}}
-  - [Release 2.30 (2025-07-07)](release-notes/rl-2.30.md)
-  - [Release 2.29 (2025-05-14)](release-notes/rl-2.29.md)
-  - [Release 2.28 (2025-04-02)](release-notes/rl-2.28.md)
  - [Release 2.27 (2025-03-03)](release-notes/rl-2.27.md)
  - [Release 2.26 (2025-01-22)](release-notes/rl-2.26.md)
  - [Release 2.25 (2024-11-07)](release-notes/rl-2.25.md)
--- a/doc/manual/source/advanced-topics/distributed-builds.md
+++ b/doc/manual/source/advanced-topics/distributed-builds.md
@@ -27,7 +27,7 @@ nix store info --store ssh://username@mac
 ```

 To specify an SSH identity file as part of the remote store URI add a
-query parameter, e.g.
+query paramater, e.g.

 ```console
 nix store info --store ssh://username@mac?ssh-key=/home/alice/my-key
--- a/doc/manual/source/advanced-topics/eval-profiler.md
+++ b/doc/manual/source/advanced-topics/eval-profiler.md
@@ -1,33 +0,0 @@
-# Using the `eval-profiler`
-
-Nix evaluator supports [evaluation](@docroot@/language/evaluation.md)
-[profiling](<https://en.wikipedia.org/wiki/Profiling_(computer_programming)>)
-compatible with `flamegraph.pl`. The profiler samples the nix
-function call stack at regular intervals. It can be enabled with the
-[`eval-profiler`](@docroot@/command-ref/conf-file.md#conf-eval-profiler)
-setting:
-
-```console
-$ nix-instantiate "<nixpkgs>" -A hello --eval-profiler flamegraph
-```
-
-Stack sampling frequency and the output file path can be configured with
-[`eval-profile-file`](@docroot@/command-ref/conf-file.md#conf-eval-profile-file)
-and [`eval-profiler-frequency`](@docroot@/command-ref/conf-file.md#conf-eval-profiler-frequency).
-By default the collected profile is saved to `nix.profile` file in the current working directory.
-
-The collected profile can be directly consumed by `flamegraph.pl`:
-
-```console
-$ flamegraph.pl nix.profile > flamegraph.svg
-```
-
-The line information in the profile contains the location of the [call
-site](https://en.wikipedia.org/wiki/Call_site) position and the name of the
-function being called (when available). For example:
-
-```
-/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5:primop import
-```
-
-Here `import` primop is called at `/nix/store/x9wnkly3k1gkq580m90jjn32q9f05q2v-source/pkgs/top-level/default.nix:167:5`.
--- a/doc/manual/source/architecture/architecture.md
+++ b/doc/manual/source/architecture/architecture.md
@@ -22,9 +22,9 @@ The following [concept map] shows its main components (rectangles), the objects
           |                   |
 +----------|-------------------|--------------------------------+
 | Nix      |                   V                                |
-|          |       +------------------------+                   |
-|          |       | command line interface |------.            |
-|          |       +------------------------+      |            |
+|          |      +-------------------------+                   |
+|          |      | commmand line interface |------.            |
+|          |      +-------------------------+      |            |
 |          |                   |                   |            |
 |    evaluated by            calls              manages         |
 |          |                   |                   |            |
--- a/doc/manual/source/command-ref/meson.build
+++ b/doc/manual/source/command-ref/meson.build
@@ -1,12 +1,13 @@
 xp_features_json = custom_target(
-  command : [ nix, '__dump-xp-features' ],
+  command : [nix, '__dump-xp-features'],
  capture : true,
  output : 'xp-features.json',
 )

 experimental_features_shortlist_md = custom_target(
  command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
+    '--expr',
+    'import @INPUT0@ (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
  ],
  input : [
    '../../generate-xp-features-shortlist.nix',
@@ -18,8 +19,14 @@ experimental_features_shortlist_md = custom_target(
 )

 nix3_cli_files = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', 'import @INPUT1@ true (builtins.readFile ./@INPUT2@)',
+  command : [
+    python.full_path(),
+    '@INPUT0@',
+    '@OUTPUT@',
+    '--'
+  ] + nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT1@ true (builtins.readFile ./@INPUT2@)',
  ],
  input : [
    '../../remove_before_wrapper.py',
@@ -33,7 +40,8 @@ nix3_cli_files = custom_target(
 conf_file_md_body = custom_target(
  command : [
    nix_eval_for_docs,
-    '--expr', 'import @INPUT0@ { prefix = "conf"; } (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
+    '--expr',
+    'import @INPUT0@ { prefix = "conf"; } (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
  ],
  capture : true,
  input : [
--- a/doc/manual/source/command-ref/nix-channel.md
+++ b/doc/manual/source/command-ref/nix-channel.md
@@ -53,11 +53,6 @@ This command has the following operations:
  Download the Nix expressions of subscribed channels and create a new generation.
  Update all channels if none is specified, and only those included in *names* otherwise.

-  > **Note**
-  >
-  > Downloaded channel contents are cached.
-  > Use `--tarball-ttl` or the [`tarball-ttl` configuration option](@docroot@/command-ref/conf-file.md#conf-tarball-ttl) to change the validity period of cached downloads.
-
 - `--list-generations`

  Prints a list of all the current existing generations for the
--- a/doc/manual/source/command-ref/nix-env/delete-generations.md
+++ b/doc/manual/source/command-ref/nix-env/delete-generations.md
@@ -27,7 +27,7 @@ This operation deletes the specified generations of the current profile.
  >
  > Older *and newer* generations will be deleted by this operation.
  >
-  > One might expect this to just delete older generations than the current one, but that is only true if the current generation is also the latest.
+  > One might expect this to just delete older generations than the curent one, but that is only true if the current generation is also the latest.
  > Because one can roll back to a previous generation, it is possible to have generations newer than the current one.
  > They will also be deleted.

--- a/doc/manual/source/command-ref/nix-shell.md
+++ b/doc/manual/source/command-ref/nix-shell.md
@@ -242,21 +242,16 @@ print(t)
 ```

 Similarly, the following is a Perl script that specifies that it
-requires Perl and the `HTML::TokeParser::Simple`, `LWP` and
-`LWP::Protocol::Https` packages:
+requires Perl and the `HTML::TokeParser::Simple` and `LWP` packages:

 ```perl
 #! /usr/bin/env nix-shell
-#! nix-shell -i perl 
-#! nix-shell --packages perl 
-#! nix-shell --packages perlPackages.HTMLTokeParserSimple 
-#! nix-shell --packages perlPackages.LWP
-#! nix-shell --packages perlPackages.LWPProtocolHttps
+#! nix-shell -i perl --packages perl perlPackages.HTMLTokeParserSimple perlPackages.LWP

 use HTML::TokeParser::Simple;

 # Fetch nixos.org and print all hrefs.
-my $p = HTML::TokeParser::Simple->new(url => 'https://nixos.org/');
+my $p = HTML::TokeParser::Simple->new(url => 'http://nixos.org/');

 while (my $token = $p->get_tag("a")) {
    my $href = $token->get_attr("href");
@@ -321,7 +316,7 @@ contains:
 ```nix
 with import <nixpkgs> {};

-runCommand "dummy" { buildInputs = [ python3 python3Packages.prettytable ]; } ""
+runCommand "dummy" { buildInputs = [ python pythonPackages.prettytable ]; } ""
 ```

 The script's file name is passed as the first argument to the interpreter specified by the `-i` flag.
--- a/doc/manual/source/command-ref/nix-store/query.md
+++ b/doc/manual/source/command-ref/nix-store/query.md
@@ -45,19 +45,10 @@ symlink.

  [output paths]: @docroot@/glossary.md#gloss-output-path

- `--references`
-
-  Prints the set of [references] of the store paths
-  *paths*, that is, their immediate dependencies. (For *all*
-  dependencies, use `--requisites`.)
-
-  [references]: @docroot@/glossary.md#gloss-reference
-
 - `--requisites` / `-R`

-  Prints out the set of [*requisites*][requisite] (better known as the [closure]) of the store path *paths*.
+  Prints out the [closure] of the store path *paths*.

-  [requisite]: @docroot@/glossary.md#gloss-requisite
  [closure]: @docroot@/glossary.md#gloss-closure

  This query has one option:
@@ -74,25 +65,29 @@ symlink.
  dependencies) is obtained by distributing the closure of a store
  derivation and specifying the option `--include-outputs`.

+- `--references`
+
+  Prints the set of [references] of the store paths
+  *paths*, that is, their immediate dependencies. (For *all*
+  dependencies, use `--requisites`.)
+
+  [references]: @docroot@/glossary.md#gloss-reference
+
 - `--referrers`

-  Prints the set of [*referrers*][referrer] of the store paths *paths*, that is,
+  Prints the set of *referrers* of the store paths *paths*, that is,
  the store paths currently existing in the Nix store that refer to
  one of *paths*. Note that contrary to the references, the set of
  referrers is not constant; it can change as store paths are added or
  removed.

-  [referrer]: @docroot@/glossary.md#gloss-referrer
-
 - `--referrers-closure`

  Prints the closure of the set of store paths *paths* under the
-  [referrers relation][referrer]; that is, all store paths that directly or
+  referrers relation; that is, all store paths that directly or
  indirectly refer to one of *paths*. These are all the path currently
  in the Nix store that are dependent on *paths*.

-  [referrer]: @docroot@/glossary.md#gloss-referrer
-
 - `--deriver` / `-d`

  Prints the [deriver] that was used to build the store paths *paths*. If
--- a/doc/manual/source/development/benchmarking.md
+++ b/doc/manual/source/development/benchmarking.md
@@ -1,187 +0,0 @@
-# Running Benchmarks
-
-This guide explains how to build and run performance benchmarks in the Nix codebase.
-
-## Overview
-
-Nix uses the [Google Benchmark](https://github.com/google/benchmark) framework for performance testing. Benchmarks help measure and track the performance of critical operations like derivation parsing.
-
-## Building Benchmarks
-
-Benchmarks are disabled by default and must be explicitly enabled during the build configuration. For accurate results, use a debug-optimized release build.
-
-### Development Environment Setup
-
-First, enter the development shell which includes the necessary dependencies:
-
-```bash
-nix develop .#native-ccacheStdenv
-```
-
-### Configure Build with Benchmarks
-
-From the project root, configure the build with benchmarks enabled and optimization:
-
-```bash
-cd build
-meson configure -Dbenchmarks=true -Dbuildtype=debugoptimized
-```
-
-The `debugoptimized` build type provides:
- Compiler optimizations for realistic performance measurements
- Debug symbols for profiling and analysis
- Balance between performance and debuggability
-
-### Build the Benchmarks
-
-Build the project including benchmarks:
-
-```bash
-ninja
-```
-
-This will create benchmark executables in the build directory. Currently available:
- `build/src/libstore-tests/nix-store-benchmarks` - Store-related performance benchmarks
-
-Additional benchmark executables will be created as more benchmarks are added to the codebase.
-
-## Running Benchmarks
-
-### Basic Usage
-
-Run benchmark executables directly. For example, to run store benchmarks:
-
-```bash
-./build/src/libstore-tests/nix-store-benchmarks
-```
-
-As more benchmark executables are added, run them similarly from their respective build directories.
-
-### Filtering Benchmarks
-
-Run specific benchmarks using regex patterns:
-
-```bash
-# Run only derivation parser benchmarks
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter="derivation.*"
-
-# Run only benchmarks for hello.drv
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter=".*hello.*"
-```
-
-### Output Formats
-
-Generate benchmark results in different formats:
-
-```bash
-# JSON output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > results.json
-
-# CSV output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=csv > results.csv
-```
-
-### Advanced Options
-
-```bash
-# Run benchmarks multiple times for better statistics
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_repetitions=10
-
-# Set minimum benchmark time (useful for micro-benchmarks)
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_min_time=2
-
-# Compare against baseline
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-
-# Display time in custom units
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_time_unit=ms
-```
-
-## Writing New Benchmarks
-
-To add new benchmarks:
-
-1. Create a new `.cc` file in the appropriate `*-tests` directory
-2. Include the benchmark header:
-   ```cpp
-   #include <benchmark/benchmark.h>
-   ```
-
-3. Write benchmark functions:
-   ```cpp
-   static void BM_YourBenchmark(benchmark::State & state)
-   {
-       // Setup code here
-
-       for (auto _ : state) {
-           // Code to benchmark
-       }
-   }
-   BENCHMARK(BM_YourBenchmark);
-   ```
-
-4. Add the file to the corresponding `meson.build`:
-   ```meson
-   benchmarks_sources = files(
-       'your-benchmark.cc',
-       # existing benchmarks...
-   )
-   ```
-
-## Profiling with Benchmarks
-
-For deeper performance analysis, combine benchmarks with profiling tools:
-
-```bash
-# Using Linux perf
-perf record ./build/src/libstore-tests/nix-store-benchmarks
-perf report
-```
-
-### Using Valgrind Callgrind
-
-Valgrind's callgrind tool provides detailed profiling information that can be visualized with kcachegrind:
-
-```bash
-# Profile with callgrind
-valgrind --tool=callgrind ./build/src/libstore-tests/nix-store-benchmarks
-
-# Visualize the results with kcachegrind
-kcachegrind callgrind.out.*
-```
-
-This provides:
- Function call graphs
- Instruction-level profiling
- Source code annotation
- Interactive visualization of performance bottlenecks
-
-## Continuous Performance Testing
-
-```bash
-# Save baseline results
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > baseline.json
-
-# Compare against baseline in CI
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-```
-
-## Troubleshooting
-
-### Benchmarks not building
-
-Ensure benchmarks are enabled:
-```bash
-meson configure build | grep benchmarks
-# Should show: benchmarks true
-```
-
-### Inconsistent results
-
- Ensure your system is not under heavy load
- Disable CPU frequency scaling for consistent results
- Run benchmarks multiple times with `--benchmark_repetitions`
-
-## See Also
-
- [Google Benchmark documentation](https://github.com/google/benchmark/blob/main/docs/user_guide.md)
--- a/doc/manual/source/development/building.md
+++ b/doc/manual/source/development/building.md
@@ -195,38 +195,28 @@ Nix uses a string with the following format to identify the *system type* or *pl
 <cpu>-<os>[-<abi>]
 ```

-It is set when Nix is compiled for the given system, and based on the output of Meson's [`host_machine` information](https://mesonbuild.com/Reference-manual_builtin_host_machine.html)>
+It is set when Nix is compiled for the given system, and based on the output of [`config.guess`](https://github.com/nixos/nix/blob/master/config/config.guess) ([upstream](https://git.savannah.gnu.org/cgit/config.git/tree/config.guess)):

 ```
 <cpu>-<vendor>-<os>[<version>][-<abi>]
 ```

-When cross-compiling Nix with Meson for local development, you need to specify a [cross-file](https://mesonbuild.com/Cross-compilation.html) using the `--cross-file` option. Cross-files define the target architecture and toolchain. When cross-compiling Nix with Nix, Nixpkgs takes care of this for you.
-
-In the nix flake we also have some cross-compilation targets available:
+When Nix is built such that `./configure` is passed any of the `--host`, `--build`, `--target` options, the value is based on the output of [`config.sub`](https://github.com/nixos/nix/blob/master/config/config.sub) ([upstream](https://git.savannah.gnu.org/cgit/config.git/tree/config.sub)):

 ```
-nix build .#nix-everything-riscv64-unknown-linux-gnu
-nix build .#nix-everything-armv7l-unknown-linux-gnueabihf
-nix build .#nix-everything-armv7l-unknown-linux-gnueabihf
-nix build .#nix-everything-x86_64-unknown-freebsd
-nix build .#nix-everything-x86_64-w64-mingw32
+<cpu>-<vendor>[-<kernel>]-<os>
 ```

-For historic reasons and backward-compatibility, some CPU and OS identifiers are translated as follows:
+For historic reasons and backward-compatibility, some CPU and OS identifiers are translated from the GNU Autotools naming convention in [`configure.ac`](https://github.com/nixos/nix/blob/master/configure.ac) as follows:

-| `host_machine.cpu_family()` | `host_machine.endian()` | Nix                 |
-|-----------------------------|-------------------------|---------------------|
-| `x86`                       |                         | `i686`              |
-| `arm`                       |                         | `host_machine.cpu()`|
-| `ppc`                       | `little`                | `powerpcle`         |
-| `ppc64`                     | `little`                | `powerpc64le`       |
-| `ppc`                       | `big`                   | `powerpc`           |
-| `ppc64`                     | `big`                   | `powerpc64`         |
-| `mips`                      | `little`                | `mipsel`            |
-| `mips64`                    | `little`                | `mips64el`          |
-| `mips`                      | `big`                   | `mips`              |
-| `mips64`                    | `big`                   | `mips64`            |
+| `config.guess`             | Nix                 |
+|----------------------------|---------------------|
+| `amd64`                    | `x86_64`            |
+| `i*86`                     | `i686`              |
+| `arm6`                     | `arm6l`             |
+| `arm7`                     | `arm7l`             |
+| `linux-gnu*`               | `linux`             |
+| `linux-musl*`              | `linux`             |

 ## Compilation environments

@@ -240,18 +230,18 @@ Nix can be compiled using multiple environments:
 To build with one of those environments, you can use

 ```console
-$ nix build .#nix-cli-ccacheStdenv
+$ nix build .#nix-ccacheStdenv
 ```

 for flake-enabled Nix, or

 ```console
-$ nix-build --attr nix-cli-ccacheStdenv
+$ nix-build --attr nix-ccacheStdenv
 ```

 for classic Nix.

-You can use any of the other supported environments in place of `nix-cli-ccacheStdenv`.
+You can use any of the other supported environments in place of `nix-ccacheStdenv`.

 ## Editor integration

--- a/doc/manual/source/development/cli-guideline.md
+++ b/doc/manual/source/development/cli-guideline.md
@@ -170,9 +170,9 @@ sensitive.


 ```shell
-$ nix init --template=template#python
+$ nix init --template=template#pyton
 ------------------------------------------------------------------------
-  Error! Template `template#python` not found.
+  Error! Template `template#pyton` not found.
 ------------------------------------------------------------------------
 Initializing Nix project at `/path/to/here`.
      Select a template for you new project:
--- a/doc/manual/source/development/contributing.md
+++ b/doc/manual/source/development/contributing.md
@@ -20,9 +20,8 @@ prs: 1238
 Here's one or more paragraphs that describe the change.

 - It's markdown
- Add references to the manual using [links like this](@_at_docroot@/example.md)
+- Add references to the manual using @docroot@
 ```
-<!-- for the raw markdown readers: that means using @docroot@ -->

 Significant changes should add the following header, which moves them to the top.

--- a/doc/manual/source/development/meson.build
+++ b/doc/manual/source/development/meson.build
@@ -1,6 +1,7 @@
 experimental_feature_descriptions_md = custom_target(
  command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
+    '--expr',
+    'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
  ],
  input : [
    '../../generate-xp-features.nix',
--- a/doc/manual/source/development/testing.md
+++ b/doc/manual/source/development/testing.md
@@ -30,7 +30,7 @@ The unit tests are defined using the [googletest] and [rapidcheck] frameworks.
 > src
 > ├── libexpr
 > │   ├── meson.build
-> │   ├── include/nix/expr/value/context.hh
+> │   ├── value/context.hh
 > │   ├── value/context.cc
 > │   …
 > │
@@ -46,12 +46,8 @@ The unit tests are defined using the [googletest] and [rapidcheck] frameworks.
 > │   │
 > │   ├── libexpr-test-support
 > │   │   ├── meson.build
-> │   │   ├── include/nix/expr
-> │   │   │   ├── meson.build
-> │   │   │   └── tests
-> │   │   │       ├── value/context.hh
-> │   │   │       …
 > │   │   └── tests
+> │   │       ├── value/context.hh
 > │   │       ├── value/context.cc
 > │   │       …
 > │   │
@@ -63,7 +59,7 @@ The unit tests are defined using the [googletest] and [rapidcheck] frameworks.
 > ```

 The tests for each Nix library (`libnixexpr`, `libnixstore`, etc..) live inside a directory `src/${library_name_without-nix}-test`.
-Given an interface (header) and implementation pair in the original library, say, `src/libexpr/include/nix/expr/value/context.hh` and `src/libexpr/value/context.cc`, we write tests for it in `src/libexpr-tests/value/context.cc`, and (possibly) declare/define additional interfaces for testing purposes in `src/libexpr-test-support/include/nix/expr/tests/value/context.hh` and `src/libexpr-test-support/tests/value/context.cc`.
+Given an interface (header) and implementation pair in the original library, say, `src/libexpr/value/context.{hh,cc}`, we write tests for it in `src/libexpr-tests/value/context.cc`, and (possibly) declare/define additional interfaces for testing purposes in `src/libexpr-test-support/tests/value/context.{hh,cc}`.

 Data for unit tests is stored in a `data` subdir of the directory for each unit test executable.
 For example, `libnixstore` code is in `src/libstore`, and its test data is in `src/libstore-tests/data`.
@@ -71,7 +67,7 @@ The path to the `src/${library_name_without-nix}-test/data` directory is passed
 Note that each executable only gets the data for its tests.

 The unit test libraries are in `src/${library_name_without-nix}-test-support`.
-All headers are in a `tests` subdirectory so they are included with `#include "nix/tests/"`.
+All headers are in a `tests` subdirectory so they are included with `#include "tests/"`.

 The use of all these separate directories for the unit tests might seem inconvenient, as for example the tests are not "right next to" the part of the code they are testing.
 But organizing the tests this way has one big benefit:
--- a/doc/manual/source/glossary.md
+++ b/doc/manual/source/glossary.md
@@ -31,33 +31,13 @@

  The industry term for storage and retrieval systems using [content addressing](#gloss-content-address). A Nix store also has [input addressing](#gloss-input-addressed-store-object), and metadata.

- [derivation]{#gloss-derivation}
-
-  A derivation can be thought of as a [pure function](https://en.wikipedia.org/wiki/Pure_function) that produces new [store objects][store object] from existing store objects.
-
-  Derivations are implemented as [operating system processes that run in a sandbox](@docroot@/store/building.md#builder-execution).
-  This sandbox by default only allows reading from store objects specified as inputs, and only allows writing to designated [outputs][output] to be [captured as store objects](@docroot@/store/building.md#processing-outputs).
-
-  A derivation is typically specified as a [derivation expression] in the [Nix language], and [instantiated][instantiate] to a [store derivation].
-  There are multiple ways of obtaining store objects from store derivatons, collectively called [realisation][realise].
-
-  [derivation]: #gloss-derivation
-
 - [store derivation]{#gloss-store-derivation}

-  A [derivation] represented as a [store object].
-
+  A single build task.
  See [Store Derivation](@docroot@/store/derivation/index.md#store-derivation) for details.

  [store derivation]: #gloss-store-derivation

- [directed acyclic graph]{#gloss-directed-acyclic-graph}
-
-  A [directed acyclic graph](https://en.wikipedia.org/wiki/Directed_acyclic_graph) (DAG) is graph whose edges are given a direction ("a to b" is not the same edge as "b to a"), and for which no possible path (created by joining together edges) forms a cycle.
-
-  DAGs are very important to Nix.
-  In particular, the non-self-[references][reference] of [store object][store object] form a cycle.
-
 - [derivation path]{#gloss-derivation-path}

  A [store path] which uniquely identifies a [store derivation].
@@ -70,7 +50,10 @@

 - [derivation expression]{#gloss-derivation-expression}

-  A description of a [store derivation] using the [`derivation` primitive](./language/derivations.md) in the [Nix language].
+  A description of a [store derivation] in the Nix language.
+  The output(s) of a derivation are store objects.
+  Derivations are typically specified in Nix expressions using the [`derivation` primitive](./language/derivations.md).
+  These are translated into store layer *derivations* (implicitly by `nix-env` and `nix-build`, or explicitly by `nix-instantiate`).

  [derivation expression]: #gloss-derivation-expression

@@ -88,8 +71,9 @@

  This can be achieved by:
  - Fetching a pre-built [store object] from a [substituter]
-  - [Building](@docroot@/store/building.md) the corresponding [store derivation]
+  - Running the [`builder`](@docroot@/language/derivations.md#attr-builder) executable as specified in the corresponding [store derivation]
  - Delegating to a [remote machine](@docroot@/command-ref/conf-file.md#conf-builders) and retrieving the outputs
+  <!-- TODO: link [running] to build process page, #8888 -->

  See [`nix-store --realise`](@docroot@/command-ref/nix-store/realise.md) for a detailed description of the algorithm.

@@ -172,8 +156,6 @@
  non-[fixed-output](#gloss-fixed-output-derivation)
  derivation.

-  See [input-addressing derivation outputs](store/derivation/outputs/input-address.md) for details.
-
 - [content-addressed store object]{#gloss-content-addressed-store-object}

  A [store object] which is [content-addressed](#gloss-content-address),
@@ -233,25 +215,23 @@

  > **Example**
  >
-  > Building and deploying software using Nix entails writing Nix expressions to describe [packages][package] and compositions thereof.
+  > Building and deploying software using Nix entails writing Nix expressions as a high-level description of packages and compositions thereof.

 - [reference]{#gloss-reference}

-  An edge from one [store object] to another.
+  A [store object] `O` is said to have a *reference* to a store object `P` if a [store path] to `P` appears in the contents of `O`.

-  See [References](@docroot@/store/store-object.md#references) for details.
+  Store objects can refer to both other store objects and themselves.
+  References from a store object to itself are called *self-references*.
+  References other than a self-reference must not form a cycle.

  [reference]: #gloss-reference

-  See [References](@docroot@/store/store-object.md#references) for details.
-
 - [reachable]{#gloss-reachable}

  A store path `Q` is reachable from another store path `P` if `Q`
  is in the *closure* of the *references* relation.

-  See [References](@docroot@/store/store-object.md#references) for details.
-
 - [closure]{#gloss-closure}

  The closure of a store path is the set of store paths that are
@@ -268,21 +248,8 @@
  to a store object at path `Q`, then `Q` is in the closure of `P`. Further, if `Q`
  references `R` then `R` is also in the closure of `P`.

-  See [References](@docroot@/store/store-object.md#references) for details.
-
  [closure]: #gloss-closure

- [requisite]{#gloss-requisite}
-
-  A store object [reachable] by a path (chain of references) from a given [store object].
-  The [closure] is the set of requisites.
-
-  See [References](@docroot@/store/store-object.md#references) for details.
-
- [referrer]{#gloss-reference}
-
-  A reversed edge from one [store object] to another.
-
 - [output]{#gloss-output}

  A [store object] produced by a [store derivation].
@@ -353,7 +320,7 @@

  See [Nix Archive](store/file-system-object/content-address.html#serial-nix-archive) for details.

- [`∅`]{#gloss-empty-set}
+- [`∅`]{#gloss-emtpy-set}

  The empty set symbol. In the context of profile history, this denotes a package is not present in a particular version of the profile.

@@ -363,17 +330,18 @@

 - [package]{#package}

-  A software package; files that belong together for a particular purpose, and metadata.
+  1. A software package; a collection of files and other data.

-  Nix represents files as [file system objects][file system object], and how they belong together is encoded as [references][reference] between [store objects][store object] that contain these file system objects.
+  2. A [package attribute set].

-  The [Nix language] allows denoting packages in terms of [attribute sets](@docroot@/language/types.md#attribute-set) containing:
-  - attributes that refer to the files of a package, typically in the form of [derivation outputs](#output),
-  - attributes with metadata, such as information about how the package is supposed to be used.
+- [package attribute set]{#package-attribute-set}

-  The exact shape of these attribute sets is up to convention.
+  An [attribute set](@docroot@/language/types.md#attribute-set) containing the attribute `type = "derivation";` (derivation for historical reasons), as well as other attributes, such as
+  - attributes that refer to the files of a [package], typically in the form of [derivation outputs](#output),
+  - attributes that declare something about how the package is supposed to be installed or used,
+  - other metadata or arbitrary attributes.

-  [package]: #package
+  [package attribute set]: #package-attribute-set

 - [string interpolation]{#gloss-string-interpolation}

--- a/doc/manual/source/installation/index.md
+++ b/doc/manual/source/installation/index.md
@@ -30,8 +30,6 @@ $ curl -L https://nixos.org/nix/install | sh -s -- --daemon

 > Single-user is not supported on Mac.

-> `warning: installing Nix as root is not supported by this script!`
-
 This installation has less requirements than the multi-user install, however it
 cannot offer equivalent sharing, isolation, or security.

--- a/doc/manual/source/installation/installing-binary.md
+++ b/doc/manual/source/installation/installing-binary.md
@@ -25,7 +25,7 @@ This performs the default type of installation for your platform:

 We recommend the multi-user installation if it supports your platform and you can authenticate with `sudo`.

-The installer can be configured with various command line arguments and environment variables.
+The installer can configured with various command line arguments and environment variables.
 To show available command line flags:

 ```console
--- a/doc/manual/source/introduction.md
+++ b/doc/manual/source/introduction.md
@@ -1,8 +1,8 @@
 # Introduction

 Nix is a _purely functional package manager_.  This means that it
-treats packages like values in a purely functional programming language
-— packages are built by functions that don’t have
+treats packages like values in purely functional programming languages
+such as Haskell — they are built by functions that don’t have
 side-effects, and they never change after they have been built.  Nix
 stores packages in the _Nix store_, usually the directory
 `/nix/store`, where each package has its own unique subdirectory such
--- a/doc/manual/source/language/advanced-attributes.md
+++ b/doc/manual/source/language/advanced-attributes.md
@@ -2,75 +2,6 @@

 Derivations can declare some infrequently used optional attributes.

-## Inputs
-
-  - [`exportReferencesGraph`]{#adv-attr-exportReferencesGraph}\
-    This attribute allows builders access to the references graph of
-    their inputs. The attribute is a list of inputs in the Nix store
-    whose references graph the builder needs to know. The value of
-    this attribute should be a list of pairs `[ name1 path1 name2
-    path2 ...  ]`. The references graph of each *pathN* will be stored
-    in a text file *nameN* in the temporary build directory. The text
-    files have the format used by `nix-store --register-validity`
-    (with the deriver fields left empty). For example, when the
-    following derivation is built:
-
-    ```nix
-    derivation {
-      ...
-      exportReferencesGraph = [ "libfoo-graph" libfoo ];
-    };
-    ```
-
-    the references graph of `libfoo` is placed in the file
-    `libfoo-graph` in the temporary build directory.
-
-    `exportReferencesGraph` is useful for builders that want to do
-    something with the closure of a store path. Examples include the
-    builders in NixOS that generate the initial ramdisk for booting
-    Linux (a `cpio` archive containing the closure of the boot script)
-    and the ISO-9660 image for the installation CD (which is populated
-    with a Nix store containing the closure of a bootable NixOS
-    configuration).
-
-  - [`passAsFile`]{#adv-attr-passAsFile}\
-    A list of names of attributes that should be passed via files rather
-    than environment variables. For example, if you have
-
-    ```nix
-    passAsFile = ["big"];
-    big = "a very long string";
-    ```
-
-    then when the builder runs, the environment variable `bigPath`
-    will contain the absolute path to a temporary file containing `a
-    very long string`. That is, for any attribute *x* listed in
-    `passAsFile`, Nix will pass an environment variable `xPath`
-    holding the path of the file containing the value of attribute
-    *x*. This is useful when you need to pass large strings to a
-    builder, since most operating systems impose a limit on the size
-    of the environment (typically, a few hundred kilobyte).
-
-  - [`__structuredAttrs`]{#adv-attr-structuredAttrs}\
-    If the special attribute `__structuredAttrs` is set to `true`, the other derivation
-    attributes are serialised into a file in JSON format.
-
-    This obviates the need for [`passAsFile`](#adv-attr-passAsFile) since JSON files have no size restrictions, unlike process environments.
-    It also makes it possible to tweak derivation settings in a structured way;
-    see [`outputChecks`](#adv-attr-outputChecks) for example.
-
-    See the [corresponding section in the derivation page](@docroot@/store/derivation/index.md#structured-attrs) for further details.
-
-    > **Warning**
-    >
-    > If set to `true`, other advanced attributes such as [`allowedReferences`](#adv-attr-allowedReferences), [`allowedRequisites`](#adv-attr-allowedRequisites),
-    [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites), maxSize, and maxClosureSize.
-    will have no effect.
-
-## Output checks
-
-See the [corresponding section in the derivation output page](@docroot@/store/derivation/outputs/index.md).
-
  - [`allowedReferences`]{#adv-attr-allowedReferences}\
    The optional attribute `allowedReferences` specifies a list of legal
    references (dependencies) of the output of the builder. For example,
@@ -124,87 +55,34 @@ See the [corresponding section in the derivation output page](@docroot@/store/de
    dependency on `foobar` or any other derivation depending recursively
    on `foobar`.

-  - [`outputChecks`]{#adv-attr-outputChecks}\
-    When using [structured attributes](#adv-attr-structuredAttrs), the `outputChecks`
-    attribute allows defining checks per-output.
-
-    In addition to
-    [`allowedReferences`](#adv-attr-allowedReferences), [`allowedRequisites`](#adv-attr-allowedRequisites),
-    [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites),
-    the following attributes are available:
-
-    - `maxSize` defines the maximum size of the resulting [store object](@docroot@/store/store-object.md).
-    - `maxClosureSize` defines the maximum size of the output's closure.
-    - `ignoreSelfRefs` controls whether self-references should be considered when
-      checking for allowed references/requisites.
-
-    Example:
+  - [`exportReferencesGraph`]{#adv-attr-exportReferencesGraph}\
+    This attribute allows builders access to the references graph of
+    their inputs. The attribute is a list of inputs in the Nix store
+    whose references graph the builder needs to know. The value of
+    this attribute should be a list of pairs `[ name1 path1 name2
+    path2 ...  ]`. The references graph of each *pathN* will be stored
+    in a text file *nameN* in the temporary build directory. The text
+    files have the format used by `nix-store --register-validity`
+    (with the deriver fields left empty). For example, when the
+    following derivation is built:

    ```nix
-    __structuredAttrs = true;
-
-    outputChecks.out = {
-      # The closure of 'out' must not be larger than 256 MiB.
-      maxClosureSize = 256 * 1024 * 1024;
-
-      # It must not refer to the C compiler or to the 'dev' output.
-      disallowedRequisites = [ stdenv.cc "dev" ];
-    };
-
-    outputChecks.dev = {
-      # The 'dev' output must not be larger than 128 KiB.
-      maxSize = 128 * 1024;
+    derivation {
+      ...
+      exportReferencesGraph = [ "libfoo-graph" libfoo ];
    };
    ```

-## Other output modifications
+    the references graph of `libfoo` is placed in the file
+    `libfoo-graph` in the temporary build directory.

-  - [`unsafeDiscardReferences`]{#adv-attr-unsafeDiscardReferences}\
-    When using [structured attributes](#adv-attr-structuredAttrs), the
-    attribute `unsafeDiscardReferences` is an attribute set with a boolean value for each output name.
-    If set to `true`, it disables scanning the output for runtime dependencies.
-
-    Example:
-
-    ```nix
-    __structuredAttrs = true;
-    unsafeDiscardReferences.out = true;
-    ```
-
-    This is useful, for example, when generating self-contained filesystem images with
-    their own embedded Nix store: hashes found inside such an image refer
-    to the embedded store and not to the host's Nix store.
-
-## Build scheduling
-
-  - [`preferLocalBuild`]{#adv-attr-preferLocalBuild}\
-    If this attribute is set to `true` and [distributed building is enabled](@docroot@/command-ref/conf-file.md#conf-builders), then, if possible, the derivation will be built locally instead of being forwarded to a remote machine.
-    This is useful for derivations that are cheapest to build locally.
-
-  - [`allowSubstitutes`]{#adv-attr-allowSubstitutes}\
-    If this attribute is set to `false`, then Nix will always build this derivation (locally or remotely); it will not try to substitute its outputs.
-    This is useful for derivations that are cheaper to build than to substitute.
-
-    This attribute can be ignored by setting [`always-allow-substitutes`](@docroot@/command-ref/conf-file.md#conf-always-allow-substitutes) to `true`.
-
-    > **Note**
-    >
-    > If set to `false`, the [`builder`] should be able to run on the system type specified in the [`system` attribute](./derivations.md#attr-system), since the derivation cannot be substituted.
-
-    [`builder`]: ./derivations.md#attr-builder
-
- [`requiredSystemFeatures`]{#adv-attr-requiredSystemFeatures}\
-  If a derivation has the `requiredSystemFeatures` attribute, then Nix will only build it on a machine that has the corresponding features set in its [`system-features` configuration](@docroot@/command-ref/conf-file.md#conf-system-features).
-
-  For example, setting
-
-  ```nix
-  requiredSystemFeatures = [ "kvm" ];
-  ```
-
-  ensures that the derivation can only be built on a machine with the `kvm` feature.
-
-# Impure builder configuration
+    `exportReferencesGraph` is useful for builders that want to do
+    something with the closure of a store path. Examples include the
+    builders in NixOS that generate the initial ramdisk for booting
+    Linux (a `cpio` archive containing the closure of the boot script)
+    and the ISO-9660 image for the installation CD (which is populated
+    with a Nix store containing the closure of a bootable NixOS
+    configuration).

  - [`impureEnvVars`]{#adv-attr-impureEnvVars}\
    This attribute allows you to specify a list of environment variables
@@ -241,6 +119,128 @@ See the [corresponding section in the derivation output page](@docroot@/store/de
    [`impure-env`](@docroot@/command-ref/conf-file.md#conf-impure-env)
    configuration setting.

+  - [`passAsFile`]{#adv-attr-passAsFile}\
+    A list of names of attributes that should be passed via files rather
+    than environment variables. For example, if you have
+
+    ```nix
+    passAsFile = ["big"];
+    big = "a very long string";
+    ```
+
+    then when the builder runs, the environment variable `bigPath`
+    will contain the absolute path to a temporary file containing `a
+    very long string`. That is, for any attribute *x* listed in
+    `passAsFile`, Nix will pass an environment variable `xPath`
+    holding the path of the file containing the value of attribute
+    *x*. This is useful when you need to pass large strings to a
+    builder, since most operating systems impose a limit on the size
+    of the environment (typically, a few hundred kilobyte).
+
+  - [`preferLocalBuild`]{#adv-attr-preferLocalBuild}\
+    If this attribute is set to `true` and [distributed building is enabled](@docroot@/command-ref/conf-file.md#conf-builders), then, if possible, the derivation will be built locally instead of being forwarded to a remote machine.
+    This is useful for derivations that are cheapest to build locally.
+
+  - [`allowSubstitutes`]{#adv-attr-allowSubstitutes}\
+    If this attribute is set to `false`, then Nix will always build this derivation (locally or remotely); it will not try to substitute its outputs.
+    This is useful for derivations that are cheaper to build than to substitute.
+
+    This attribute can be ignored by setting [`always-allow-substitutes`](@docroot@/command-ref/conf-file.md#conf-always-allow-substitutes) to `true`.
+
+    > **Note**
+    >
+    > If set to `false`, the [`builder`] should be able to run on the system type specified in the [`system` attribute](./derivations.md#attr-system), since the derivation cannot be substituted.
+
+    [`builder`]: ./derivations.md#attr-builder
+
+  - [`__structuredAttrs`]{#adv-attr-structuredAttrs}\
+    If the special attribute `__structuredAttrs` is set to `true`, the other derivation
+    attributes are serialised into a file in JSON format. The environment variable
+    `NIX_ATTRS_JSON_FILE` points to the exact location of that file both in a build
+    and a [`nix-shell`](../command-ref/nix-shell.md). This obviates the need for
+    [`passAsFile`](#adv-attr-passAsFile) since JSON files have no size restrictions,
+    unlike process environments.
+
+    It also makes it possible to tweak derivation settings in a structured way; see
+    [`outputChecks`](#adv-attr-outputChecks) for example.
+
+    As a convenience to Bash builders,
+    Nix writes a script that initialises shell variables
+    corresponding to all attributes that are representable in Bash. The
+    environment variable `NIX_ATTRS_SH_FILE` points to the exact
+    location of the script, both in a build and a
+    [`nix-shell`](../command-ref/nix-shell.md). This includes non-nested
+    (associative) arrays. For example, the attribute `hardening.format = true`
+    ends up as the Bash associative array element `${hardening[format]}`.
+
+    > **Warning**
+    >
+    > If set to `true`, other advanced attributes such as [`allowedReferences`](#adv-attr-allowedReferences), [`allowedReferences`](#adv-attr-allowedReferences), [`allowedRequisites`](#adv-attr-allowedRequisites),
+    [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites), maxSize, and maxClosureSize.
+    will have no effect.
+
+  - [`outputChecks`]{#adv-attr-outputChecks}\
+    When using [structured attributes](#adv-attr-structuredAttrs), the `outputChecks`
+    attribute allows defining checks per-output.
+
+    In addition to
+    [`allowedReferences`](#adv-attr-allowedReferences), [`allowedRequisites`](#adv-attr-allowedRequisites),
+    [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites),
+    the following attributes are available:
+
+    - `maxSize` defines the maximum size of the resulting [store object](@docroot@/store/store-object.md).
+    - `maxClosureSize` defines the maximum size of the output's closure.
+    - `ignoreSelfRefs` controls whether self-references should be considered when
+      checking for allowed references/requisites.
+
+    Example:
+
+    ```nix
+    __structuredAttrs = true;
+
+    outputChecks.out = {
+      # The closure of 'out' must not be larger than 256 MiB.
+      maxClosureSize = 256 * 1024 * 1024;
+
+      # It must not refer to the C compiler or to the 'dev' output.
+      disallowedRequisites = [ stdenv.cc "dev" ];
+    };
+
+    outputChecks.dev = {
+      # The 'dev' output must not be larger than 128 KiB.
+      maxSize = 128 * 1024;
+    };
+    ```
+
+  - [`unsafeDiscardReferences`]{#adv-attr-unsafeDiscardReferences}\
+
+    When using [structured attributes](#adv-attr-structuredAttrs), the
+    attribute `unsafeDiscardReferences` is an attribute set with a boolean value for each output name.
+    If set to `true`, it disables scanning the output for runtime dependencies.
+
+    Example:
+
+    ```nix
+    __structuredAttrs = true;
+    unsafeDiscardReferences.out = true;
+    ```
+
+    This is useful, for example, when generating self-contained filesystem images with
+    their own embedded Nix store: hashes found inside such an image refer
+    to the embedded store and not to the host's Nix store.
+
+- [`requiredSystemFeatures`]{#adv-attr-requiredSystemFeatures}\
+
+  If a derivation has the `requiredSystemFeatures` attribute, then Nix will only build it on a machine that has the corresponding features set in its [`system-features` configuration](@docroot@/command-ref/conf-file.md#conf-system-features).
+
+  For example, setting
+
+  ```nix
+  requiredSystemFeatures = [ "kvm" ];
+  ```
+
+  ensures that the derivation can only be built on a machine with the `kvm` feature.
+
 ## Setting the derivation type

 As discussed in [Derivation Outputs and Types of Derivations](@docroot@/store/derivation/outputs/index.md), there are multiples kinds of derivations / kinds of derivation outputs.
@@ -270,7 +270,7 @@ All other combinations are invalid.

  <!--

-  `__contentAddressed` is ignored, because fixed-output derivations always content-address their outputs, by definition.
+  `__contentAddressed` is ignored, becaused fixed-output derivations always content-address their outputs, by definition.

  **TODO CHECK**

@@ -323,17 +323,17 @@ Here is more information on the `output*` attributes, and what values they may b

  - [`outputHashAlgo`]{#adv-attr-outputHashAlgo}

-    This specifies the hash algorithm used to digest the [file system object] data of a content-addressing derivation output.
+    This specifies the hash alorithm used to digest the [file system object] data of a content-addressing derivation output.

    This works in conjunction with [`outputHashMode`](#adv-attr-outputHashAlgo).
-    Specifying one without the other is an error (unless `outputHash` is also specified and includes its own hash algorithm as described below).
+    Specifying one without the other is an error (unless [`outputHash` is also specified and includes its own hash algorithm as described below).

    The `outputHashAlgo` attribute specifies the hash algorithm used to compute the hash.
-    It can currently be `"blake3"`, `"sha1"`, `"sha256"`, `"sha512"`, or `null`.
+    It can currently be `"blake3"`, "sha1"`, `"sha256"`, `"sha512"`, or `null`.

    `outputHashAlgo` can only be `null` when `outputHash` follows the SRI format, because in that case the choice of hash algorithm is determined by `outputHash`.

-  - [`outputHash`]{#adv-attr-outputHashAlgo}; [`outputHash`]{#adv-attr-outputHashMode}
+  - [`outputHash`]{#adv-attr-outputHashAlgo}; [`outputHash`]{#adv-attr-outputHashMode}\

    This will specify the output hash of the single output of a [fixed-output derivation].

--- a/doc/manual/source/language/evaluation.md
+++ b/doc/manual/source/language/evaluation.md
@@ -1,77 +0,0 @@
-# Evaluation
-
-Evaluation is the process of turning a Nix expression into a [Nix value](types.md).
-
-This happens by a number of rules, such as:
- Constructing values from literals. 
-  For example the number literal `1` is turned into the number value `1`.
- Applying operators
-  For example the addition operator `+` is applied to two number values to produce a new number value.
- Applying built-in functions
-  For example the expression `builtins.isInt 1` is evaluated to `true`.
- Applying user-defined functions
-  For example the expression `(x: x + 1) 10` can[*](#laziness) be thought of rewriting `x` in the function body to the argument, `10 + 1`, which is then evaluated to `11`.
-
-These rules are applied as needed, driven by the specific use of the expression. For example, this can occur in the Nix command line interface or interactively with the [repl (read-eval-print loop)](@docroot@/command-ref/new-cli/nix3-repl.md), which is a useful tool when learning about evaluation.
-
-# Details
-
-## Values {#values}
-
-Nix values can be thought of as a subset of Nix expressions.
-For example, the expression `1 + 2` is not a value, because it can be reduced to `3`. The expression `3` is a value, because it cannot be reduced any further.
-
-Evaluation normally happens by applying rules to the "head" of the expression, which is the outermost part of the expression. The head of an expression like `[ 1 2 ]` is the list literal (`[ a1 a2 ]`), for `1 + 2` it is the addition operator (`+`), and for `f 1` it is the function application "operator" (` `).
-
-After applying all possible rules to the head until no rules can be applied, the expression is in "weak head normal form" (WHNF). This means that the outermost constructor of the expression is evaluated, but the inner values may or may not be. "Weak" only signifies that the expression may be a function. This is an historical or academic artifact, and Nix has no use for the non-weak "head normal form".
-
-## Laziness and thunks {#laziness}
-
-The Nix language implements _call by need_ (as opposed to _call by value_ or _call by reference_). <!-- No wikipedia link, which would be a huge distraction. --> Call by need is commonly known as laziness in functional programming, as it is a specific implementation of the concept where evaluation is deferred until the result is required, aiming to only evaluate the parts of an expression that are needed to produce the final result.
-
-Furthermore, the result of evaluation is preserved, in values, in `let` bindings, in function _parameters_, which behave a lot like `let` bindings, but with the notable exception of function _calls_. Results of function calls rely on being put into `let` bindings, etc to be reused. <!-- which would be prohibitively expensive and too strict, or we wouldn't have a cache key for the argument -->
-
-When discussing the process of evaluation in lower level terms, we may define values not as a subset of expressions, but separately, where each "value" is either a data constructor, a function or a _thunk_. A thunk is a delayed computation, represented by an expression reference and a "closure" &ndash; the values for the lexical scope around the delayed expression.
-
-As a user of the language, you generally don't have to think about thunks, as they are not part of the language semantics, but you may encounter them in the repl, in the [C API] or in discussions.
-
-## Strictness
-
-Instead of thinking about thunks, it is often more productive to think in terms of _strictness_.
-This term is used in functional programming to refer to the opposite of laziness, i.e. not just for something like error propagation. It refers to the need to evaluate certain expressions before evaluation can produce any result.
-
-Statements about strictness usually implicitly refer to weak head normal form.
-For example, we can say that the following function is strict in its argument:
-
-```nix
-x: isAttrs x || isFunction x
-```
-
-The above function must be strict in its argument `x` because determining its type requires evaluating `x` to at least some degree.
-
-The following function is not strict in its argument:
-
-```nix
-x: { isOk = isAttrs x || isFunction x; }
-```
-
-It is not strict, because it can return the attribute set before evaluating `x`.
-The attribute value for `isOk` _is_ strict in `x`.
-
-A function with a _set pattern_ is always strict in its argument, as a consequence of checking the argument's type and/or attribute names:
-
-```nix
-let f = { ... }: "ok";
-in f (throw "kablam")
-=> error: kablam
-```
-
-However, a set pattern does not add any strictness beyond WHNF of the attribute set argument.
-
-```nix
-let f = orig@{ x, ... }: "ok";
-in f { x = throw "error"; y = throw "error"; }
-=> "ok"
-```
-
-[C API]: @docroot@/c-api.md
--- a/doc/manual/source/language/index.md
+++ b/doc/manual/source/language/index.md
@@ -1,6 +1,6 @@
 # Nix Language

-The Nix language is designed for conveniently creating and composing [derivations](@docroot@/glossary.md#gloss-derivation) – precise descriptions of how contents of existing files are used to derive new files.
+The Nix language is designed for conveniently creating and composing *derivations* – precise descriptions of how contents of existing files are used to derive new files.

 > **Tip**
 >
@@ -11,14 +11,7 @@ The language is:

 - *domain-specific*

-  The Nix language is purpose-built for working with text files.
-  Its most characteristic features are:
-
-  - [File system path primitives](@docroot@/language/types.md#type-path), for accessing source files
-  - [Indented strings](@docroot@/language/string-literals.md) and [string interpolation](@docroot@/language/string-interpolation.md), for creating file contents
-  - [Strings with contexts](@docroot@/language/string-context.md), for transparently linking files
-
-  It comes with [built-in functions](@docroot@/language/builtins.md) to integrate with the [Nix store](@docroot@/store/index.md), which manages files and enables [realising](@docroot@/glossary.md#gloss-realise) derivations declared in the Nix language.
+  It comes with [built-in functions](@docroot@/language/builtins.md) to integrate with the Nix store, which manages files and performs the derivations declared in the Nix language.

 - *declarative*

--- a/doc/manual/source/language/meson.build
+++ b/doc/manual/source/language/meson.build
@@ -1,13 +1,19 @@
 builtins_md = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', '(builtins.readFile @INPUT3@) + import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)) + (builtins.readFile @INPUT4@)',
+  command : [
+    python.full_path(),
+    '@INPUT0@',
+    '@OUTPUT@',
+    '--'
+  ] + nix_eval_for_docs + [
+    '--expr',
+    '(builtins.readFile @INPUT3@) + import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)) + (builtins.readFile @INPUT4@)',
  ],
  input : [
    '../../remove_before_wrapper.py',
    '../../generate-builtins.nix',
    language_json,
    'builtins-prefix.md',
-    'builtins-suffix.md',
+    'builtins-suffix.md'
  ],
  output : 'builtins.md',
  env : nix_env_for_docs,
--- a/doc/manual/source/language/operators.md
+++ b/doc/manual/source/language/operators.md
@@ -196,7 +196,7 @@ All comparison operators are implemented in terms of `<`, and the following equi

 ## Logical implication

-Equivalent to `!`*b1* `||` *b2*  (or `if` *b1* `then` *b2* `else true`)
+Equivalent to `!`*b1* `||` *b2*.

 [Logical implication]: #logical-implication

--- a/doc/manual/source/language/string-context.md
+++ b/doc/manual/source/language/string-context.md
@@ -13,8 +13,8 @@ The purpose of string contexts is to collect non-string values attached to strin
 [string concatenation](./operators.md#string-concatenation),
 [string interpolation](./string-interpolation.md),
 and similar operations.
-The idea is that a user can reference other files when creating text files through Nix expressions, without manually keeping track of the exact paths.
-Nix will ensure that the all referenced files are accessible – that all [store paths](@docroot@/glossary.md#gloss-store-path) are [valid](@docroot@/glossary.md#gloss-validity).
+The idea is that a user can combine together values to create a build instructions for derivations without manually keeping track of where they come from.
+Then the Nix language implicitly does that bookkeeping to efficiently obtain the closure of derivation inputs.

 > **Note**
 >
@@ -115,7 +115,7 @@ It creates an [attribute set] representing the string context, which can be insp

 ## Clearing string contexts

-[`builtins.unsafeDiscardStringContext`](./builtins.md#builtins-unsafeDiscardStringContext) will make a copy of a string, but with an empty string context.
+[`buitins.unsafeDiscardStringContext`](./builtins.md#builtins-unsafeDiscardStringContext) will make a copy of a string, but with an empty string context.
 The returned string can be used in more ways, e.g. by operators that require the string context to be empty.
 The requirement to explicitly discard the string context in such use cases helps ensure that string context elements are not lost by mistake.
 The "unsafe" marker is only there to remind that Nix normally guarantees that dependencies are tracked, whereas the returned string has lost them.
--- a/doc/manual/source/language/syntax.md
+++ b/doc/manual/source/language/syntax.md
@@ -225,8 +225,8 @@ passed in first , e.g.,

 ```nix
 let add = { __functor = self: x: x + self.x; };
-    inc = add // { x = 1; }; # inc is { x = 1; __functor = (...) }
-in inc 1 # equivalent of `add.__functor add 1` i.e. `1 + self.x`
+    inc = add // { x = 1; };
+in inc 1
 ```

 evaluates to `2`. This can be used to attach metadata to a function
@@ -443,7 +443,7 @@ three kinds of patterns:
    This works on any set that contains at least the three named
    attributes.

-  - It is possible to provide *default values* for attributes, in
+    It is possible to provide *default values* for attributes, in
    which case they are allowed to be missing. A default value is
    specified by writing `name ?  e`, where *e* is an arbitrary
    expression. For example,
@@ -503,45 +503,6 @@ three kinds of patterns:
    > [ 23 {} ]
    > ```

-  - All bindings introduced by the function are in scope in the entire function expression; not just in the body.
-    It can therefore be used in default values.
-
-    > **Example**
-    >
-    > A parameter (`x`), is used in the default value for another parameter (`y`):
-    >
-    > ```nix
-    > let
-    >   f = { x, y ? [x] }: { inherit y; };
-    > in
-    >   f { x = 3; }
-    > ```
-    >
-    > This evaluates to:
-    >
-    > ```nix
-    > {
-    >   y = [ 3 ];
-    > }
-    > ```
-
-    > **Example**
-    >
-    > The binding of an `@` pattern, `args`, is used in the default value for a parameter, `x`:
-    >
-    > ```nix
-    > let
-    >   f = args@{ x ? args.a, ... }: x;
-    > in
-    >   f { a = 1; }
-    > ```
-    >
-    > This evaluates to:
-    >
-    > ```nix
-    > 1
-    > ```
-
 Note that functions do not have names. If you want to give them a name,
 you can bind them to an attribute, e.g.,

--- a/doc/manual/source/meson.build
+++ b/doc/manual/source/meson.build
@@ -1,8 +1,7 @@
 summary_rl_next = custom_target(
  command : [
    bash,
-    '-euo',
-    'pipefail',
+    '-euo', 'pipefail',
    '-c',
    '''
      if [ -e "@INPUT@" ]; then
@@ -13,6 +12,6 @@ summary_rl_next = custom_target(
  input : [
    rl_next_generated,
  ],
-  capture : true,
+  capture: true,
  output : 'SUMMARY-rl-next.md',
 )
--- a/doc/manual/source/package-management/garbage-collector-roots.md
+++ b/doc/manual/source/package-management/garbage-collector-roots.md
@@ -12,7 +12,7 @@ $ ln -s /nix/store/d718ef...-foo /nix/var/nix/gcroots/bar
 That is, after this command, the garbage collector will not remove
 `/nix/store/d718ef...-foo` or any of its dependencies.

-Subdirectories of `prefix/nix/var/nix/gcroots` are searched
-recursively. Symlinks to store paths count as roots. Symlinks to
-non-store paths are ignored, unless the non-store path is itself a
-symlink to a store path.
+Subdirectories of `prefix/nix/var/nix/gcroots` are also searched for
+symlinks. Symlinks to non-store paths are followed and searched for
+roots, but symlinks to non-store paths *inside* the paths reached in
+that way are not followed to prevent infinite recursion.
--- a/doc/manual/source/protocols/json/derivation.md
+++ b/doc/manual/source/protocols/json/derivation.md
@@ -24,7 +24,7 @@ is a JSON object with the following fields:


  * `method`:
-    For an output which will be [content addressed], a string representing the [method](@docroot@/store/store-object/content-address.md) of content addressing that is chosen.
+    For an output which will be [content addresed], a string representing the [method](@docroot@/store/store-object/content-address.md) of content addressing that is chosen.
    Valid method strings are:

    - [`flat`](@docroot@/store/store-object/content-address.md#method-flat)
@@ -35,7 +35,7 @@ is a JSON object with the following fields:
    Otherwise, `null`.

  * `hashAlgo`:
-    For an output which will be [content addressed], the name of the hash algorithm used.
+    For an output which will be [content addresed], the name of the hash algorithm used.
    Valid algorithm strings are:

    - `blake3`
@@ -91,7 +91,3 @@ is a JSON object with the following fields:

 * `env`:
  The environment passed to the `builder`.
-
-* `structuredAttrs`:
-  [Strucutured Attributes](@docroot@/store/derivation/index.md#structured-attrs), only defined if the derivation contains them.
-  Structured attributes are JSON, and thus embedded as-is.
--- a/doc/manual/source/protocols/nix-archive.md
+++ b/doc/manual/source/protocols/nix-archive.md
@@ -24,7 +24,7 @@ nar-obj-inner
  | str("type"), str("directory") directory
  ;

-regular = [ str("executable") ], str("contents"), str(contents);
+regular = [ str("executable"), str("") ], str("contents"), str(contents);

 symlink = str("target"), str(target);

--- a/doc/manual/source/protocols/store-path.md
+++ b/doc/manual/source/protocols/store-path.md
@@ -7,7 +7,7 @@ The format of this specification is close to [Extended Backus–Naur form](https
 Regular users do *not* need to know this information --- store paths can be treated as black boxes computed from the properties of the store objects they refer to.
 But for those interested in exactly how Nix works, e.g. if they are reimplementing it, this information can be useful.

-[store path]: @docroot@/store/store-path.md
+[store path](@docroot@/store/store-path.md)

 ## Store path proper

@@ -20,17 +20,14 @@ where

 - `store-dir` = the [store directory](@docroot@/store/store-path.md#store-directory)

- `digest` = base-32 representation of the compressed to 160 bits [SHA-256] hash of `fingerprint`
+- `digest` = base-32 representation of the first 160 bits of a [SHA-256] hash of `fingerprint`

-For the definition of the hash compression algorithm, please refer to the section 5.1 of
-the [Nix thesis](https://edolstra.github.io/pubs/phd-thesis.pdf), which also defines the
-specifics of base-32 encoding. Note that base-32 encoding processes the hash bytestring from
-the end, while base-16 processes in from the beginning.
+  This the hash part of the store name

 ## Fingerprint

 - ```ebnf
-  fingerprint = type ":sha256:" inner-digest ":" store ":" name
+  fingerprint = type ":" sha256 ":" inner-digest ":" store ":" name
  ```

  Note that it includes the location of the store as well as the name to make sure that changes to either of those are reflected in the hash
@@ -73,8 +70,7 @@ the end, while base-16 processes in from the beginning.
    `id` is the name of the output (usually, "out").
    For content-addressed store objects, `id`, is always "out".

- `inner-digest` = base-16 representation of a SHA-256 hash of `inner-fingerprint`.
-  The base-16 encoding uses lower-cased hex digits.
+- `inner-digest` = base-16 representation of a SHA-256 hash of `inner-fingerprint`

 ## Inner fingerprint

@@ -86,7 +82,7 @@ the end, while base-16 processes in from the beginning.

  - if `type` = `"source:" ...`:

-    the [Nix Archive (NAR)] serialization of the [file system object](@docroot@/store/file-system-object.md) of the store object.
+    the hash of the [Nix Archive (NAR)] serialization of the [file system object](@docroot@/store/file-system-object.md) of the store object.

  - if `type` = `"output:" id`:

--- a/doc/manual/source/protocols/tarball-fetcher.md
+++ b/doc/manual/source/protocols/tarball-fetcher.md
@@ -46,7 +46,7 @@ defined as the timestamp of the newest file inside the tarball.
 This protocol is supported by Gitea since v1.22.1 and by Forgejo since v7.0.4/v8.0.0 and can be used with the following flake URL schema:

 ```
-https://<domain name>/<owner>/<repo>/archive/<reference or revision>.tar.gz
+https://<domain name>/<owner>/<repo>/archive/<reference or revison>.tar.gz
 ```

 > **Example**
--- a/doc/manual/source/release-notes/rl-2.19.md
+++ b/doc/manual/source/release-notes/rl-2.19.md
@@ -31,7 +31,7 @@
    - To operate on a flake outside the current directory, you must now pass `--flake path/to/flake`.

  - The flake-specific flags `--recreate-lock-file` and `--update-input` have been removed from all commands operating on installables.
-    They are superseded by `nix flake update`.
+    They are superceded by `nix flake update`.

 - Commit signature verification for the [`builtins.fetchGit`](@docroot@/language/builtins.md#builtins-fetchGit) is added as the new [`verified-fetches` experimental feature](@docroot@/development/experimental-features.md#xp-feature-verified-fetches).

--- a/doc/manual/source/release-notes/rl-2.23.md
+++ b/doc/manual/source/release-notes/rl-2.23.md
@@ -15,7 +15,7 @@
 - Modify `nix derivation {add,show}` JSON format [#9866](https://github.com/NixOS/nix/issues/9866) [#10722](https://github.com/NixOS/nix/pull/10722)

  The JSON format for derivations has been slightly revised to better conform to our [JSON guidelines](@docroot@/development/cli-guideline.md#returning-future-proof-json).
-  In particular, the hash algorithm and content addressing method of content-addressed derivation outputs are now separated into two fields `hashAlgo` and `method`,
+  In particular, the hash algorithm and content addressing method of content-addresed derivation outputs are now separated into two fields `hashAlgo` and `method`,
  rather than one field with an arcane `:`-separated format.

  This JSON format is only used by the experimental `nix derivation` family of commands, at this time.
--- a/doc/manual/source/release-notes/rl-2.24.md
+++ b/doc/manual/source/release-notes/rl-2.24.md
@@ -173,7 +173,7 @@
  **Deprecation**: Use `nix32` instead of `base32` as `toHashFormat`

  For the builtin `convertHash`, the `toHashFormat` parameter now accepts the same hash formats as the `--to`/`--from`
-  parameters of the `nix hash convert` command: `"base16"`, `"nix32"`, `"base64"`, and `"sri"`. The former `"base32"` value
+  parameters of the `nix hash conert` command: `"base16"`, `"nix32"`, `"base64"`, and `"sri"`. The former `"base32"` value
  remains as a deprecated alias for `"nix32"`. Please convert your code from:

  ```nix
@@ -269,7 +269,7 @@
  e.g. `--warn-large-path-threshold 100M`.


-## Contributors
+# Contributors

 This release was made possible by the following 43 contributors:

--- a/doc/manual/source/release-notes/rl-2.25.md
+++ b/doc/manual/source/release-notes/rl-2.25.md
@@ -77,7 +77,7 @@
  `<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It's not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue.


-## Contributors
+# Contributors

 This release was made possible by the following 58 contributors:

--- a/doc/manual/source/release-notes/rl-2.26.md
+++ b/doc/manual/source/release-notes/rl-2.26.md
@@ -76,7 +76,7 @@

 - Evaluation caching now works for dirty Git workdirs [#11992](https://github.com/NixOS/nix/pull/11992)

-## Contributors
+# Contributors

 This release was made possible by the following 45 contributors:

--- a/doc/manual/source/release-notes/rl-2.27.md
+++ b/doc/manual/source/release-notes/rl-2.27.md
@@ -47,7 +47,7 @@
  blake3-34P4p+iZXcbbyB1i4uoF7eWCGcZHjmaRn6Y7QdynLwU=
  ```

-## Contributors
+# Contributors

 This release was made possible by the following 21 contributors:

--- a/doc/manual/source/release-notes/rl-2.28.md
+++ b/doc/manual/source/release-notes/rl-2.28.md
@@ -1,105 +0,0 @@
-# Release 2.28.0 (2025-04-02)
-
-This is an atypical release, and for almost all intents and purposes, it is just a continuation of 2.27; not a feature release.
-
-We had originally set the goal of making 2.27 the Nixpkgs default for NixOS 25.05, but dependents that link to Nix need certain _interface breaking_ changes in the C++ headers. This is not something we should do in a patch release, so this is why we branched 2.28 right off 2.27 instead of `master`.
-
-This completes the infrastructure overhaul for the [RFC 132](https://github.com/NixOS/rfcs/blob/master/rfcs/0132-meson-builds-nix.md) switchover to meson as our build system.
-
-## Major changes
-
- Unstable C++ API reworked
-  [#12836](https://github.com/NixOS/nix/pull/12836)
-  [#12798](https://github.com/NixOS/nix/pull/12798)
-  [#12773](https://github.com/NixOS/nix/pull/12773)
-
-  Now the C++ interface confirms to common conventions much better than before:
-
-  - All headers are expected to be included with the initial `nix/`, e.g. as `#include "nix/....hh"` (what Nix's headers now do) or `#include <nix/....hh>` (what downstream projects may choose to do).
-    Likewise, the pkg-config files have `-I${includedir}` not `-I${includedir}/nix` or similar.
-
-    Including without the `nix/` like before sometimes worked because of how for `#include` C pre-process checks the directory containing the current file, not just the lookup path, but this was not reliable.
-
-  - All configuration headers are included explicitly by the (regular) headers that need them.
-    There is no more need to pass `-include` to force additional files to be included.
-
-  - The public, installed configuration headers no longer contain implementation-specific details that are not relevant to the API.
-    The vast majority of definitions that were previously in there are now moved to new headers that are not installed, but used during Nix's own compilation only.
-    The remaining macro definitions are renamed to have `NIX_` as a prefix.
-
-  - The name of the Nix component the header comes from
-    (e.g. `util`, `store`, `expr`, `flake`, etc.)
-    is now part of the path to the header, coming after `nix` and before the header name
-    (or rest of the header path, if it is already in a directory).
-
-  Here is a contrived diff showing a few of these changes at once:
-
-  ```diff
-  @@ @@
-  -#include "derived-path.hh"
-  +#include "nix/store/derived-path.hh"
-  @@ @@
-  +// Would include for the variables used before. But when other headers
-  +// need these variables. those will include these config themselves.
-  +#include "nix/store/config.hh"
-  +#include "nix/expr/config.hh"
-  @@ @@
-  -#include "config.hh"
-  +// Additionally renamed to distinguish from components' config headers.
-  +#include "nix/util/configuration.hh"
-  @@ @@
-  -#if HAVE_ACL_SUPPORT
-  +#if NIX_SUPPORT_ACL
-  @@ @@
-  -#if HAVE_BOEHMGC
-  +#if NIX_USE_BOEHMGC
-  @@ @@
-   #endif
-   #endif
-  @@ @@
-  -const char *s = "hi from " SYSTEM;
-  +const char *s = "hi from " NIX_LOCAL_SYSTEM;
-  ```
-
- C API `nix_flake_init_global` removed [#5638](https://github.com/NixOS/nix/issues/5638) [#12759](https://github.com/NixOS/nix/pull/12759)
-
-  In order to improve the modularity of the code base, we are removing a use of global state, and therefore the `nix_flake_init_global` function.
-
-  Instead, use `nix_flake_settings_add_to_eval_state_builder`.
-  For example:
-
-  ```diff
-  -    nix_flake_init_global(ctx, settings);
-  -    HANDLE_ERROR(ctx);
-  -
-       nix_eval_state_builder * builder = nix_eval_state_builder_new(ctx, store);
-       HANDLE_ERROR(ctx);
-
-  +    nix_flake_settings_add_to_eval_state_builder(ctx, settings, builder);
-  +    HANDLE_ERROR(ctx);
-  ```
-
-  Although this change is not as critical, we figured it would be good to do this API change at the same time, also.
-  Also note that we try to keep the C API compatible, but we decided to break this function because it was young and likely not in widespread use yet. This frees up time to make important progress on the rest of the C API.
-
-## Contributors
-
-This earlier-than-usual release was made possible by the following 16 contributors:
-
- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria)
- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92)
- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra)
- Graham Christensen [**(@grahamc)**](https://github.com/grahamc)
- Thomas Miedema [**(@thomie)**](https://github.com/thomie)
- Brian McKenna [**(@puffnfresh)**](https://github.com/puffnfresh)
- Sergei Trofimovich [**(@trofi)**](https://github.com/trofi)
- Dmitry Bogatov [**(@KAction)**](https://github.com/KAction)
- Erik Nygren [**(@Kirens)**](https://github.com/Kirens)
- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
- Sergei Zimmerman [**(@xokdvium)**](https://github.com/xokdvium)
- Ruby Rose [**(@oldshensheep)**](https://github.com/oldshensheep)
- Robert Hensing [**(@roberth)**](https://github.com/roberth)
- jade [**(@lf-)**](https://github.com/lf-)
- Félix [**(@picnoir)**](https://github.com/picnoir)
- Valentin Gagarin [**(@fricklerhandwerk)**](https://github.com/fricklerhandwerk)
- Dmitry Bogatov
--- a/doc/manual/source/release-notes/rl-2.29.md
+++ b/doc/manual/source/release-notes/rl-2.29.md
@@ -1,160 +0,0 @@
-# Release 2.29.0 (2025-05-14)
-
-After the special backport-based release of Nix 2.28 (timed to coincide with Nixpkgs 25.05), the release process is back to normal with 2.29.
-As such, we have slightly more weeks of work from `master` (since 2.28 was branched from 2.27) than usual.
-This fact is counterbalanced by the fact that most of those changes are bug fixes rather than larger new features.
-
- Prettified JSON output on the terminal [#12555](https://github.com/NixOS/nix/issues/12555) [#12652](https://github.com/NixOS/nix/pull/12652)
-
-  This makes the output easier to read.
-
-  Scripts are mostly unaffected because for those, stdout will be a file or a pipe, not a terminal, and for those, the old single-line behavior applies.
-
-  `--json --pretty` can be passed to enable it even if the output is not a terminal.
-  If your script creates a pseudoterminal for Nix's stdout, you can pass `--no-pretty` to disable the new behavior.
-
- Repl: improve continuation prompt for incomplete expressions [#12846](https://github.com/NixOS/nix/pull/12846)
-
-  Improved REPL user experience by updating the continuation prompt from invisible blank spaces to a visible `" > "`, enhancing clarity when entering multi-line expressions.
-
- REPL `:load-flake` and `:reload` now work together [#8753](https://github.com/NixOS/nix/issues/8753) [#13180](https://github.com/NixOS/nix/pull/13180)
-
-  Previously, `:reload` only reloaded the files specified with `:load` (or on the command line).
-  Now, it also works with the flakes specified with `:load-flake` (or on the command line).
-  This makes it correctly reload everything that was previously loaded, regardless of what sort of thing (plain file or flake) each item is.
-
- Increase retry delays on HTTP 429 Too Many Requests [#13052](https://github.com/NixOS/nix/pull/13052)
-
-  When downloading Nix, the retry delay was previously set to 0.25 seconds. It has now been increased to 1 minute to better handle transient CI errors, particularly on GitHub.
-
- S3: opt-in the STSProfileCredentialsProvider [#12646](https://github.com/NixOS/nix/pull/12646)
-
-  Added support for STS-based authentication for S3-based binary caches, i.e. enabling seamless integration with `aws sso login`.
-
- Reduce connect timeout for http substituter [#12876](https://github.com/NixOS/nix/pull/12876)
-
-  Previously, the Nix setting `connect-timeout` had no limit. It is now set to `5s`, offering a more practical default for users self-hosting binary caches, which may occasionally become unavailable, such as during updates.
-
-
- C API: functions for locking and loading a flake [#10435](https://github.com/NixOS/nix/issues/10435) [#12877](https://github.com/NixOS/nix/pull/12877) [#13098](https://github.com/NixOS/nix/pull/13098)
-
-  This release adds functions to the C API for handling the loading of flakes. Previously, this had to be worked around by using `builtins.getFlake`.
-  C API consumers and language bindings now have access to basic locking functionality.
-
-  It does not expose the full locking API, so that the implementation can evolve more freely.
-  Locking is controlled with the functions, which cover the common use cases for consuming a flake:
-  - `nix_flake_lock_flags_set_mode_check`
-  - `nix_flake_lock_flags_set_mode_virtual`
-  - `nix_flake_lock_flags_set_mode_write_as_needed`
-  - `nix_flake_lock_flags_add_input_override`, which also enables `virtual`
-
-  This change also introduces the new `nix-fetchers-c` library, whose single purpose for now is to manage the (`nix.conf`) settings for the built-in fetchers.
-
-  More details can be found in the [C API documentation](@docroot@/c-api.md).
-
- No longer copy flakes that are in the nix store [#10435](https://github.com/NixOS/nix/issues/10435) [#12877](https://github.com/NixOS/nix/pull/12877) [#13098](https://github.com/NixOS/nix/pull/13098)
-
-  Previously, we would duplicate entries like `path:/nix/store/*` back into the Nix store.
-  This was prominently visible for pinned system flake registry entries in NixOS, e.g., when running `nix run nixpkgs#hello`.
-
- Consistently preserve error messages from cached evaluation [#12762](https://github.com/NixOS/nix/issues/12762) [#12809](https://github.com/NixOS/nix/pull/12809)
-
-  In one code path, we are not returning the errors cached from prior evaluation, but instead throwing generic errors stemming from the lack of value (due to the error).
-  These generic error messages were far less informative.
-  Now we consistently return the original error message.
-
- Faster blake3 hashing [#12676](https://github.com/NixOS/nix/pull/12676)
-
-  The implementation for blake3 hashing is now multi-threaded and used memory-mapped IO.
-  Benchmark results can be found the [pull request](https://github.com/NixOS/nix/pull/12676).
-
- Fix progress bar for S3 binary caches and make file transfers interruptible [#12877](https://github.com/NixOS/nix/issues/12877) [#13098](https://github.com/NixOS/nix/issues/13098) [#12538](https://github.com/NixOS/nix/pull/12538)
-
-  The progress bar now correctly display upload/download progress for S3 up/downloads. S3 uploads are now interruptible.
-
- Add host attribute of github/gitlab flakerefs to URL serialization [#12580](https://github.com/NixOS/nix/pull/12580)
-
-  Resolved an issue where `github:` or `gitlab:` URLs lost their `host` attribute when written to a lockfile, resulting in invalid URLs.
-
- Multiple signatures support in store urls [#12976](https://github.com/NixOS/nix/pull/12976)
-
-  Added support for a `secretKeyFiles` URI parameter in Nix store URIs, allowing multiple signing key files to be specified as a comma-separated list.
-  This enables signing paths with multiple keys. This helps with [RFC #149](https://github.com/NixOS/rfcs/pull/149) to enable binary cache key rotation in the NixOS infra.
-
-  Example usage:
-
-  ```bash
-  nix copy --to "file:///tmp/store?secret-keys=/tmp/key1,/tmp/key2" \
-    "$(nix build --print-out-paths nixpkgs#hello)"
-  ```
-
- nix flake show now skips over import-from-derivation [#4265](https://github.com/NixOS/nix/issues/4265) [#12583](https://github.com/NixOS/nix/pull/12583)
-
-  Previously, if a flake contained outputs relying on [import from derivation](@docroot@/language/import-from-derivation.md) during evaluation, `nix flake show` would fail to display the rest of the flake. The updated behavior skips such outputs, allowing the rest of the flake to be shown.
-
- Add `nix formatter build` and `nix formatter run` commands [#13063](https://github.com/NixOS/nix/pull/13063)
-
-  `nix formatter run` is an alias for `nix fmt`. Nothing new there.
-
-  `nix formatter build` is sort of like `nix build`: it builds, links, and prints a path to the formatter program:
-
-  ```
-  $ nix formatter build
-  /nix/store/cb9w44vkhk2x4adfxwgdkkf5gjmm856j-treefmt/bin/treefmt
-  ```
-
-  Note that unlike `nix build`, this prints the full path to the program, not just the store path (in the example above that would be `/nix/store/cb9w44vkhk2x4adfxwgdkkf5gjmm856j-treefmt`).
-
- Amend OSC 8 escape stripping for xterm-style separator [#13109](https://github.com/NixOS/nix/pull/13109)
-
-  Improve terminal escape code filtering to understand a second type of hyperlink escape codes.
-  This in particular prevents parts of GCC 14's diagnostics from being improperly filtered away.
-
-
-## Contributors
-
-
-This release was made possible by the following 40 contributors:
-
- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria)
- The Tumultuous Unicorn Of Darkness [**(@TheTumultuousUnicornOfDarkness)**](https://github.com/TheTumultuousUnicornOfDarkness)
- Robert Hensing [**(@roberth)**](https://github.com/roberth)
- Félix [**(@picnoir)**](https://github.com/picnoir)
- Valentin Gagarin [**(@fricklerhandwerk)**](https://github.com/fricklerhandwerk)
- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra)
- Vincent Breitmoser [**(@Valodim)**](https://github.com/Valodim)
- Brian McKenna [**(@puffnfresh)**](https://github.com/puffnfresh)
- ulucs [**(@ulucs)**](https://github.com/ulucs)
- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
- Andrey Butirsky [**(@bam80)**](https://github.com/bam80)
- Dean De Leo [**(@whatsthecraic)**](https://github.com/whatsthecraic)
- Las Safin [**(@L-as)**](https://github.com/L-as)
- Sergei Zimmerman [**(@xokdvium)**](https://github.com/xokdvium)
- Shahar "Dawn" Or [**(@mightyiam)**](https://github.com/mightyiam)
- Ryan Hendrickson [**(@rhendric)**](https://github.com/rhendric)
- Rodney Lorrimar [**(@rvl)**](https://github.com/rvl)
- Erik Nygren [**(@Kirens)**](https://github.com/Kirens)
- Cole Helbling [**(@cole-h)**](https://github.com/cole-h)
- Martin Fischer [**(@not-my-profile)**](https://github.com/not-my-profile)
- Graham Christensen [**(@grahamc)**](https://github.com/grahamc)
- Vit Gottwald [**(@VitGottwald)**](https://github.com/VitGottwald)
- silvanshade [**(@silvanshade)**](https://github.com/silvanshade)
- Illia Bobyr [**(@ilya-bobyr)**](https://github.com/ilya-bobyr)
- Jeremy Fleischman [**(@jfly)**](https://github.com/jfly)
- Ruby Rose [**(@oldshensheep)**](https://github.com/oldshensheep)
- Sergei Trofimovich [**(@trofi)**](https://github.com/trofi)
- Tim [**(@Jaculabilis)**](https://github.com/Jaculabilis)
- Anthony Wang [**(@anthowan)**](https://github.com/anthowan)
- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92)
- Sandro [**(@SuperSandro2000)**](https://github.com/SuperSandro2000)
- tomberek [**(@tomberek)**](https://github.com/tomberek)
- Dmitry Bogatov [**(@KAction)**](https://github.com/KAction)
- Sizhe Zhao [**(@Prince213)**](https://github.com/Prince213)
- jade [**(@lf-)**](https://github.com/lf-)
- Pierre-Etienne Meunier [**(@P-E-Meunier)**](https://github.com/P-E-Meunier)
- Alexander Romanov [**(@ajlekcahdp4)**](https://github.com/ajlekcahdp4)
- Domagoj Mišković [**(@allrealmsoflife)**](https://github.com/allrealmsoflife)
- Thomas Miedema [**(@thomie)**](https://github.com/thomie)
- Yannik Sander [**(@ysndr)**](https://github.com/ysndr)
- Philipp Otterbein
- Dmitry Bogatov
--- a/doc/manual/source/release-notes/rl-2.30.md
+++ b/doc/manual/source/release-notes/rl-2.30.md
@@ -1,153 +0,0 @@
-# Release 2.30.0 (2025-07-07)
-
-## Backward-incompatible changes and deprecations
-
- [`build-dir`] no longer defaults to `$TMPDIR`
-
-  The directory in which temporary build directories are created no longer defaults
-  to `TMPDIR` or `/tmp`, to avoid builders making their directories
-  world-accessible. This behavior allowed escaping the build sandbox and can
-  cause build impurities even when not used maliciously. We now default to `builds`
-  in `NIX_STATE_DIR` (which is `/nix/var/nix/builds` in the default configuration).
-
- Deprecate manually making structured attrs using the `__json` attribute [#13220](https://github.com/NixOS/nix/pull/13220)
-
-  The proper way to create a derivation using [structured attrs] in the Nix language is by using `__structuredAttrs = true` with [`builtins.derivation`].
-  However, by exploiting how structured attrs are implementated, it has also been possible to create them by setting the `__json` environment variable to a serialized JSON string.
-  This sneaky alternative method is now deprecated, and may be disallowed in future versions of Nix.
-
-  [structured attrs]: @docroot@/language/advanced-attributes.md#adv-attr-structuredAttrs
-  [`builtins.derivation`]: @docroot@/language/builtins.html#builtins-derivation
-
- Rename `nix profile install` to [`nix profile add`] [#13224](https://github.com/NixOS/nix/pull/13224)
-
-  The command `nix profile install` has been renamed to [`nix profile add`] (though the former is still available as an alias). This is because the verb "add" is a better antonym for the verb "remove" (i.e. `nix profile remove`). Nix also does not have install hooks or general behavior often associated with "installing".
-
-## Performance improvements
-
-This release has a number performance improvements, in particular:
-
- Reduce the size of value from 24 to 16 bytes [#13407](https://github.com/NixOS/nix/pull/13407)
-
-  This shaves off a very significant amount of memory used for evaluation (~20% percent reduction in maximum heap size and ~17% in total bytes).
-
-## Features
-
- Add [stack sampling evaluation profiler] [#13220](https://github.com/NixOS/nix/pull/13220)
-
-  The Nix evaluator now supports [stack sampling evaluation profiling](@docroot@/advanced-topics/eval-profiler.md) via the [`--eval-profiler flamegraph`] setting.
-  It outputs collapsed call stack information to the file specified by
-  [`--eval-profile-file`] (`nix.profile` by default) in a format directly consumable
-  by `flamegraph.pl` and compatible tools like [speedscope](https://speedscope.app/).
-  Sampling frequency can be configured via [`--eval-profiler-frequency`] (99 Hz by default).
-
-  Unlike the existing [`--trace-function-calls`], this profiler includes the name of the function
-  being called when it's available.
-
- [`nix repl`] prints which variables were loaded [#11406](https://github.com/NixOS/nix/pull/11406)
-
-  Instead of `Added <n> variables` it now prints the first 10 variables that were added to the global scope.
-
- `nix flake archive`: Add [`--no-check-sigs`] option [#13277](https://github.com/NixOS/nix/pull/13277)
-
-  This is useful when using [`nix flake archive`] with the destination set to a remote store.
-
- Emit warnings for IFDs with [`trace-import-from-derivation`] option [#13279](https://github.com/NixOS/nix/pull/13279)
-
-  While we have the setting [`allow-import-from-derivation`] to deny import-from-derivation (IFD), sometimes users would like to observe IFDs during CI processes to gradually phase out the idiom. The new setting `trace-import-from-derivation`, when set, logs a simple warning to the console.
-
- `json-log-path` setting [#13003](https://github.com/NixOS/nix/pull/13003)
-
-  New setting [`json-log-path`] that sends a copy of all Nix log messages (in JSON format) to a file or Unix domain socket.
-
- Non-flake inputs now contain a `sourceInfo` attribute [#13164](https://github.com/NixOS/nix/issues/13164) [#13170](https://github.com/NixOS/nix/pull/13170)
-
-  Flakes have always had a `sourceInfo` attribute which describes the source of the flake.
-  The `sourceInfo.outPath` is often identical to the flake's `outPath`. However, it can differ when the flake is located in a subdirectory of its source.
-
-  Non-flake inputs (i.e. inputs with [`flake = false`]) can also be located at some path _within_ a wider source.
-  This usually happens when defining a relative path input within the same source as the parent flake, e.g. `inputs.foo.url = ./some-file.nix`.
-  Such relative inputs will now inherit their parent's `sourceInfo`.
-
-  This also means it is now possible to use `?dir=subdir` on non-flake inputs.
-
-  This iterates on the work done in 2.26 to improve relative path support ([#10089](https://github.com/NixOS/nix/pull/10089)),
-  and resolves a regression introduced in 2.28 relating to nested relative path inputs ([#13164](https://github.com/NixOS/nix/issues/13164)).
-
-## Miscellaneous changes
-
- [`builtins.sort`] uses PeekSort [#12623](https://github.com/NixOS/nix/pull/12623)
-
-  Previously it used libstdc++'s `std::stable_sort()`. However, that implementation is not reliable if the user-supplied comparison function is not a strict weak ordering.
-
- Revert incomplete closure mixed download and build feature [#77](https://github.com/NixOS/nix/issues/77) [#12628](https://github.com/NixOS/nix/issues/12628) [#13176](https://github.com/NixOS/nix/pull/13176)
-
-  Since Nix 1.3 ([commit `299141e`] in 2013) Nix has attempted to mix together upstream fresh builds and downstream substitutions when remote substuters contain an "incomplete closure" (have some store objects, but not the store objects they reference).
-  This feature is now removed.
-
-  In the worst case, removing this feature could cause more building downstream, but it should not cause outright failures, since this is not happening for opaque store objects that we don't know how to build if we decide not to substitute.
-  In practice, however, we doubt even more building is very likely to happen.
-  Remote stores that are missing dependencies in arbitrary ways (e.g. corruption) don't seem to be very common.
-
-  On the contrary, when remote stores fail to implement the [closure property](@docroot@/store/store-object.md#closure-property), it is usually an *intentional* choice on the part of the remote store, because it wishes to serve as an "overlay" store over another store, such as `https://cache.nixos.org`.
-  If an "incomplete closure" is encountered in that situation, the right fix is not to do some sort of "franken-building" as this feature implemented, but instead to make sure both substituters are enabled in the settings.
-
-  (In the future, we should make it easier for remote stores to indicate this to clients, to catch settings that won't work in general before a missing dependency is actually encountered.)
-
-## Contributors
-
-This release was made possible by the following 32 contributors:
-
- Cole Helbling [**(@cole-h)**](https://github.com/cole-h)
- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra)
- Egor Konovalov [**(@egorkonovalov)**](https://github.com/egorkonovalov)
- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria)
- Graham Christensen [**(@grahamc)**](https://github.com/grahamc)
- gustavderdrache [**(@gustavderdrache)**](https://github.com/gustavderdrache)
- Gwenn Le Bihan [**(@gwennlbh)**](https://github.com/gwennlbh)
- h0nIg [**(@h0nIg)**](https://github.com/h0nIg)
- Jade Masker [**(@donottellmetonottellyou)**](https://github.com/donottellmetonottellyou)
- jayeshv [**(@jayeshv)**](https://github.com/jayeshv)
- Jeremy Fleischman [**(@jfly)**](https://github.com/jfly)
- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
- Jonas Chevalier [**(@zimbatm)**](https://github.com/zimbatm)
- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92)
- kstrafe [**(@kstrafe)**](https://github.com/kstrafe)
- Luc Perkins [**(@lucperkins)**](https://github.com/lucperkins)
- Matt Sturgeon [**(@MattSturgeon)**](https://github.com/MattSturgeon)
- Nikita Krasnov [**(@synalice)**](https://github.com/synalice)
- Peder Bergebakken Sundt [**(@pbsds)**](https://github.com/pbsds)
- pennae [**(@pennae)**](https://github.com/pennae)
- Philipp Otterbein
- Pol Dellaiera [**(@drupol)**](https://github.com/drupol)
- PopeRigby [**(@poperigby)**](https://github.com/poperigby)
- Raito Bezarius
- Robert Hensing [**(@roberth)**](https://github.com/roberth)
- Samuli Thomasson [**(@SimSaladin)**](https://github.com/SimSaladin)
- Sergei Zimmerman [**(@xokdvium)**](https://github.com/xokdvium)
- Seth Flynn [**(@getchoo)**](https://github.com/getchoo)
- Stefan Boca [**(@stefanboca)**](https://github.com/stefanboca)
- tomberek [**(@tomberek)**](https://github.com/tomberek)
- Tristan Ross [**(@RossComputerGuy)**](https://github.com/RossComputerGuy)
- Valentin Gagarin [**(@fricklerhandwerk)**](https://github.com/fricklerhandwerk)
- Vladimír Čunát [**(@vcunat)**](https://github.com/vcunat)
- Wolfgang Walther [**(@wolfgangwalther)**](https://github.com/wolfgangwalther)
-
-<!-- markdown links -->
-[stack sampling evaluation profiler]: @docroot@/advanced-topics/eval-profiler.md
-[`--eval-profiler`]: @docroot@/command-ref/conf-file.md#conf-eval-profiler
-[`--eval-profiler flamegraph`]: @docroot@/command-ref/conf-file.md#conf-eval-profiler
-[`--trace-function-calls`]: @docroot@/command-ref/conf-file.md#conf-trace-function-calls
-[`--eval-profile-file`]: @docroot@/command-ref/conf-file.md#conf-eval-profile-file
-[`--eval-profiler-frequency`]: @docroot@/command-ref/conf-file.md#conf-eval-profiler-frequency
-[`build-dir`]: @docroot@/command-ref/conf-file.md#conf-build-dir
-[`nix profile add`]: @docroot@/command-ref/new-cli/nix3-profile-add.md
-[`nix repl`]: @docroot@/command-ref/new-cli/nix3-repl.md
-[`nix flake archive`]: @docroot@/command-ref/new-cli/nix3-flake-archive.md
-[`json-log-path`]: @docroot@/command-ref/conf-file.md#conf-json-log-path
-[`trace-import-from-derivation`]: @docroot@/command-ref/conf-file.md#conf-trace-import-from-derivation
-[`allow-import-from-derivation`]: @docroot@/command-ref/conf-file.md#conf-allow-import-from-derivation
-[`builtins.sort`]: @docroot@/language/builtins.md#builtins-sort
-[`flake = false`]: @docroot@/command-ref/new-cli/nix3-flake.md?highlight=false#flake-inputs
-[`--no-check-sigs`]: @docroot@/command-ref/new-cli/nix3-flake-archive.md#opt-no-check-sigs
-[commit `299141e`]: https://github.com/NixOS/nix/commit/299141ecbd08bae17013226dbeae71e842b4fdd7
--- a/doc/manual/source/release-notes/rl-2.6.md
+++ b/doc/manual/source/release-notes/rl-2.6.md
@@ -13,7 +13,7 @@
 * New command `nix store copy-log` to copy build logs from one store
  to another.
 * The `commit-lockfile-summary` option can be set to a non-empty
-  string to override the commit summary used when committing an updated
+  string to override the commit summary used when commiting an updated
  lockfile.  This may be used in conjunction with the `nixConfig`
  attribute in `flake.nix` to better conform to repository
  conventions.
--- a/doc/manual/source/release-notes/rl-2.8.md
+++ b/doc/manual/source/release-notes/rl-2.8.md
@@ -48,6 +48,6 @@

 * `nix run` is now stricter in what it accepts: members of the `apps`
  flake output are now required to be apps (as defined in [the
-  manual](https://nix.dev/manual/nix/stable/command-ref/new-cli/nix3-run.html#apps)),
+  manual](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-run.html#apps)),
  and members of `packages` or `legacyPackages` must be derivations
  (not apps).
--- a/doc/manual/source/store/derivation/index.md
+++ b/doc/manual/source/store/derivation/index.md
@@ -138,17 +138,6 @@ See [Wikipedia](https://en.wikipedia.org/wiki/Argv) for details.

 Environment variables which will be passed to the [builder](#builder) executable.

-#### Structured Attributes {#structured-attrs}
-
-Nix also has special support for embedding JSON in the derivations.
-
-The environment variable `NIX_ATTRS_JSON_FILE` points to the exact location of that file both in a build and a [`nix-shell`](@docroot@/command-ref/nix-shell.md).
-
-As a convenience to Bash builders, Nix writes a script that initialises shell variables corresponding to all attributes that are representable in Bash.
-The environment variable `NIX_ATTRS_SH_FILE` points to the exact location of the script, both in a build and a [`nix-shell`](@docroot@/command-ref/nix-shell.md).
-This includes non-nested (associative) arrays.
-For example, the attribute `hardening.format = true` ends up as the Bash associative array element `${hardening[format]}`.
-
 ### Placeholders

 Placeholders are opaque values used within the [process creation fields] to [store objects] for which we don't yet know [store path]s.
@@ -173,7 +162,7 @@ There are two types of placeholder, corresponding to the two cases where this pr

 > **Explanation**
 >
-> In general, we need to [realise] a [store object] in order to be sure to have a store object for it.
+> In general, we need to realise [realise] a [store object] in order to be sure to have a store object for it.
 > But for these two cases this is either impossible or impractical:
 >
 > - In the output case this is impossible:
@@ -200,7 +189,7 @@ This ensures that there is a canonical [store path] used to refer to the derivat
 > **Note**
 >
 > Currently, the canonical encoding for every derivation is the "ATerm" format,
-> but this is subject to change for the types of derivations which are not yet stable.
+> but this is subject to change for types derivations which are not yet stable.

 Regardless of the format used, when serializing a derivation to a store object, that store object will be content-addressed.

@@ -293,7 +282,7 @@ type DerivingPath = ConstantPath | OutputPath;

 Under this extended model, `DerivingPath`s are thus inductively built up from a root `ConstantPath`, wrapped with zero or more outer `OutputPath`s.

-### Encoding {#deriving-path-encoding-higher-order}
+### Encoding {#deriving-path-encoding}

 The encoding is adjusted in the natural way, encoding the `drv` field recursively using the same deriving path encoding.
 The result of this is that it is possible to have a chain of `^<output-name>` at the end of the final string, as opposed to just a single one.
--- a/doc/manual/source/store/derivation/outputs/content-address.md
+++ b/doc/manual/source/store/derivation/outputs/content-address.md
@@ -23,7 +23,7 @@ The output spec for an output with a fixed content addresses additionally contai
 > **Design note**
 >
 > In principle, the output spec could also specify the references the store object should have, since the references and file system objects are equally parts of a content-addressed store object proper that contribute to its content-addressed.
-> However, at this time, the references are not done because all fixed content-addressed outputs are required to have no references (including no self-reference).
+> However, at this time, the references are not not done because all fixed content-addressed outputs are required to have no references (including no self-reference).
 >
 > Also in principle, rather than specifying the references and file system object data with separate hashes, a single hash that constraints both could be used.
 > This could be done with the final store path's digest, or better yet, the hash that will become the store path's digest before it is truncated.
@@ -110,18 +110,18 @@ Because the derivation output is not fixed (just like with [input addressing]),
 >
 > Strictly speaking, the extent to which sandboxing and deprivilaging is possible varies with the environment Nix is running in.
 > Nix's configuration settings indicate what level of sandboxing is required or enabled.
-> Builds of derivations will fail if they request an absence of sandboxing which is not allowed.
-> Builds of derivations will also fail if the level of sandboxing specified in the configure exceeds what is possible in the given environment.
+> Builds of derivations will fail if they request an absense of sandboxing which is not allowed.
+> Builds of derivations will also fail if the level of sandboxing specified in the configure exceeds what is possible in teh given environment.
 >
-> (The "environment", in this case, consists of attributes such as the Operating System Nix runs atop, along with the operating-system-specific privileges that Nix has been granted.
-> Because of how conventional operating systems like macos, Linux, etc. work, granting builders *fewer* privileges may ironically require that Nix be run with *more* privileges.)
+> (The "environment", in this case, consists of attributes such as the Operating System Nix runs atop, along with the operating-system-specific privilages that Nix has been granted.
+> Because of how conventional operating systems like macos, Linux, etc. work, granting builders *fewer* privilages may ironically require that Nix be run with *more* privilages.)

-That said, derivations producing floating content-addressed outputs may declare their builders as impure (like the builders of derivations producing fixed outputs).
+That said, derivations producing floating content-addressed outputs may declare their builders as impure (like the builders of derivations producing producing fixed outputs).
 This is provisionally supported as part of the [`impure-derivations`][xp-feature-impure-derivations] experimental feature.

 ### Compatibility negotiation

-Any derivation producing a floating content-addressed output implicitly requires the `ca-derivations` [system feature](@docroot@/command-ref/conf-file.md#conf-system-features).
+Any derivation producing a floating content-addresssed output implicitly requires the `ca-derivations` [system feature](@docroot@/command-ref/conf-file.md#conf-system-features).
 This prevents scheduling the building of the derivation on a machine without the experimental feature enabled.
 Even once the experimental feature is stabilized, this is still useful in order to be allow using remote builder running odler versions of Nix, or alternative implementations that do not support floating content addressing.

@@ -132,7 +132,7 @@ For store objects produced by manually inserting into the store to create a stor
 But for store objects produced by derivation, the "method is quite formal" --- the whole point of derivations is to be a formal notion of building, after all.
 In this case, we can elevate this informal property to a formal one.

-A *deterministic* content-addressing derivation should produce outputs with the same content addresses:
+A *determinstic* content-addressing derivation should produce outputs with the same content addresses:

 1. Every time the builder is run

@@ -144,7 +144,7 @@ A *deterministic* content-addressing derivation should produce outputs with the
  The choice of provisional store path can be thought of as an impurity, since it is an arbitrary choice.

  If provisional outputs paths are deterministically chosen, we are in the first branch of part (1).
-  The builder the data it produces based on it in arbitrary ways, but this gets us closer to [input addressing].
+  The builder the data it produces based on it in arbitrary ways, but this gets us closer to to [input addressing].
  Deterministically choosing the provisional path may be considered "complete sandboxing" by removing an impurity, but this is unsatisfactory

  <!--
--- a/doc/manual/source/store/derivation/outputs/index.md
+++ b/doc/manual/source/store/derivation/outputs/index.md
@@ -1,15 +1,15 @@
 # Derivation Outputs and Types of Derivations

 As stated on the [main pages on derivations](../index.md#store-derivation),
-a derivation produces [store objects](@docroot@/store/store-object.md), which are known as the *outputs* of the derivation.
-Indeed, the entire point of derivations is to produce these outputs, and to reliably and reproducibly produce these derivations each time the derivation is run.
+a derivation produces [store objects], which are known as the *outputs* of the derivation.
+Indeed, the entire point of derivations is to produce these outputs, and to reliably and reproducably produce these derivations each time the derivation is run.

 One of the parts of a derivation is its *outputs specification*, which specifies certain information about the outputs the derivation produces when run.
 The outputs specification is a map, from names to specifications for individual outputs.

 ## Output Names {#outputs}

-Output names can be any string which is also a valid [store path](@docroot@/store/store-path.md) name.
+Output names can be any string which is also a valid [store path] name.
 The name mapped to each output specification is not actually the name of the output.
 In the general case, the output store object has name `derivationName + "-" + outputSpecName`, not any other metadata about it.
 However, an output spec named "out" describes and output store object whose name is just the derivation name.
@@ -24,11 +24,11 @@ However, an output spec named "out" describes and output store object whose name
 >
 > - The store path of `dev` will be: `/nix/store/<hash>-hello-dev`.

-The outputs are the derivations are the [store objects](@docroot@/store/store-object.md) it is obligated to produce.
+The outputs are the derivations are the [store objects][store object] it is obligated to produce.

 > **Note**
 >
-> The formal terminology here is somewhat at odds with everyday communication in the Nix community today.
+> The formal terminology here is somewhat at adds with everyday communication in the Nix community today.
 > "output" in casual usage tends to refer to either to the actual output store object, or the notional output spec, depending on context.
 >
 > For example "hello's `dev` output" means the store object referred to by the store path `/nix/store/<hash>-hello-dev`.
@@ -64,7 +64,7 @@ The rules for this are fairly concise:

    (This is an arbitrary restriction that could be lifted.)

- The output is either *fixed* or *floating*, indicating whether the store path is known prior to building it.
+- The output is either *fixed* or *floating*, indicating whether the its store path is known prior to building it.

  - With fixed content-addressing it is fixed.

@@ -83,11 +83,11 @@ The rules for this are fairly concise:

  - A content-addressing derivation may be pure or impure

-   - If it is impure, it may be fixed (typical), or it may be floating if the additional [`impure-derivations`][xp-feature-impure-derivations] experimental feature is enabled.
+   - If it is impure, it may be be fixed (typical), or it may be floating if the additional [`impure-derivations`][xp-feature-impure-derivations] experimental feature is enabled.

   - If it is pure, it must be floating.

-   - Pure, fixed content-addressing derivations are not supported
+   - Pure, fixed content-addressing derivations are not suppported

     > There is no use for this forth combination.
     > The sole purpose of an output's store path being fixed is to support the derivation being impure.
--- a/doc/manual/source/store/file-system-object/content-address.md
+++ b/doc/manual/source/store/file-system-object/content-address.md
@@ -46,7 +46,7 @@ be many different serialisations.
 For these reasons, Nix has its very own archive format—the Nix Archive (NAR) format,
 which is carefully designed to avoid the problems described above.

-The exact specification of the Nix Archive format is in [specified here](../../protocols/nix-archive.md).
+The exact specification of the Nix Archive format is in `protocols/nix-archive.md`

 ## Content addressing File System Objects beyond a single serialisation pass

@@ -80,7 +80,6 @@ Thus, Git can encode some, but not all of Nix's "File System Objects", and this

 In the future, we may support a Git-like hash for such file system objects, or we may adopt another Merkle DAG format which is capable of representing all Nix file system objects.

-
 [file system object]: ../file-system-object.md
 [store object]: ../store-object.md
 [xp-feature-git-hashing]: @docroot@/development/experimental-features.md#xp-feature-git-hashing
--- a/doc/manual/source/store/meson.build
+++ b/doc/manual/source/store/meson.build
@@ -1,6 +1,12 @@
 types_dir = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', 'import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)).stores',
+  command : [
+    python.full_path(),
+    '@INPUT0@',
+    '@OUTPUT@',
+    '--'
+  ] + nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)).stores',
  ],
  input : [
    '../../remove_before_wrapper.py',
--- a/doc/manual/source/store/store-object.md
+++ b/doc/manual/source/store/store-object.md
@@ -4,64 +4,7 @@ A Nix store is a collection of *store objects* with *references* between them.
 A store object consists of

  - A [file system object](./file-system-object.md) as data
-
-  - A set of [store paths](./store-path.md) as references to store objects
-
-### References
-
-Store objects can refer to both other store objects and themselves.
-References from a store object to itself are called *self-references*.
-
-Store objects and their references form a directed graph, where the store objects are the vertices, and the references are the edges.
-In particular, the edge corresponding to a reference is from the store object that contains the reference, and to the store object that the store path (which is the reference) refers to.
-
-References other than a self-reference must not form a cycle.
-The graph of references excluding self-references thus forms a [directed acyclic graph].
-
-[directed acyclic graph]: @docroot@/glossary.md#gloss-directed-acyclic-graph
-
-We can take the [transitive closure] of the references graph, which any pair of store objects have an edge not if there is a single reference from the first to the second, but a path of one or more references from the first to the second.
-The *requisites* of a store object are all store objects reachable by paths of references which start with given store object's references.
-
-[transitive closure]: https://en.wikipedia.org/wiki/Transitive_closure
-
-We can also take the [transpose graph] of the references graph, where we reverse the orientation of all edges.
-The *referrers* of a store object are the store objects that reference it.
-
-[transpose graph]: https://en.wikipedia.org/wiki/Transpose_graph
-
-One can also combine both concepts: taking the transitive closure of the transposed references graph.
-The *referrers closure* of a store object are the store objects that can reach the given store object via paths of references.
-
-> **Note**
->
-> Care must be taken to distinguish between the intrinsic and extrinsic properties of store objects.
-> We can create graphs from the store objects in a store, but the contents of the store is not, in general fixed, and may instead change over time.
->
-> - The references of a store object --- the set of store paths called the references --- is a field of a store object, and thus intrinsic by definition.
-    Regardless of what store contains the store object in question, and what else that store may or may not contain, the references are the same.
->
-> - The requisites of a store object are almost intrinsic --- some store paths due not precisely refer to a unique single store object.
-> Exactly what store object is being referenced, and what in turn *its* references are, depends on the store in question.
->   Different stores that disagree.
->
-> - The referrers of a store object are completely extrinsic, and depends solely on the store which contains that store object, not the store object itself.
->   Other store objects which refer to the store object in question may be added or removed from the store.
-
-### Immutability
+  - A set of [store paths](./store-path.md) as references to other store objects

 Store objects are [immutable](https://en.wikipedia.org/wiki/Immutable_object):
-Once created, they do not change nor can any store object they reference be changed.
-
-> **Note**
->
-> Stores which support atomically deleting multiple store objects allow more flexibility while still upholding this property.
-
-### Closure property
-
-A store can only contain a store object if it also contains all the store objects it refers to.
-
-> **Note**
->
-> The "closure property" isn't meant to prohibit, for example, [lazy loading](https://en.wikipedia.org/wiki/Lazy_loading) of store objects.
-> However, the "closure property" and immutability in conjunction imply that any such lazy loading ought to be deterministic.
+Once created, they do not change until they are deleted.
--- a/doc/manual/source/store/store-object/content-address.md
+++ b/doc/manual/source/store/store-object/content-address.md
@@ -45,12 +45,12 @@ Self-references however cannot be referred to by their path, because we are in t
 > As far as we know, this is equivalent to finding a hash collision.

 Instead we have a "has self-reference" boolean, which ends up affecting the digest:
-In all currently-supported store object content-addressing methods, when hashing the file system object data, any occurrence of store object's own store path in the digested data is replaced with a [sentinel value](https://en.wikipedia.org/wiki/Sentinel_value).
+In all currently-supported store object content-addressing methods, when hashing the file system object data, any occurence of store object's own store path in the digested data is replaced with a [sentinel value](https://en.wikipedia.org/wiki/Sentinel_value).
 The hashes of these modified input streams are used instead.

 When validating the content address of a store object after the fact, the above process works as written.
 However, when first creating the store object we don't know the store object's store path, as explained just above.
-We therefore, strictly speaking, do not know what value we will be replacing with the sentinel value in the inputs to hash functions.
+We therefore, strictly speaking, do not know what value we will be replacing with the sentinental value in the inputs to hash functions.
 What instead happens is that the provisional store object --- the data from which we wish to create a store object --- is paired with a provisional "scratch" store path (that presumably was chosen when the data was created).
 That provisional store path is instead what is replaced with the sentinel value, rather than the final store object which we do not yet know.

--- a/doc/manual/substitute.py
+++ b/doc/manual/substitute.py
@@ -57,9 +57,6 @@ def recursive_replace(data: dict[str, t.Any], book_root: Path, search_path: Path
                    ).replace(
                        '@docroot@',
                        ("../" * len(path_to_chapter.parent.parts) or "./")[:-1]
-                    ).replace(
-                        '@_at_',
-                        '@'
                    ),
                    sub_items = [
                        recursive_replace(sub_item, book_root, search_path)
--- a/docker.nix
+++ b/docker.nix
@@ -1,78 +1,49 @@
 {
-  # Core dependencies
  pkgs ? import <nixpkgs> { },
  lib ? pkgs.lib,
-  dockerTools ? pkgs.dockerTools,
-  runCommand ? pkgs.runCommand,
-  buildPackages ? pkgs.buildPackages,
-  # Image configuration
  name ? "nix",
  tag ? "latest",
  bundleNixpkgs ? true,
  channelName ? "nixpkgs",
  channelURL ? "https://nixos.org/channels/nixpkgs-unstable",
  extraPkgs ? [ ],
-  maxLayers ? 70,
+  maxLayers ? 100,
  nixConf ? { },
  flake-registry ? null,
  uid ? 0,
  gid ? 0,
  uname ? "root",
  gname ? "root",
-  Labels ? {
-    "org.opencontainers.image.title" = "Nix";
-    "org.opencontainers.image.source" = "https://github.com/NixOS/nix";
-    "org.opencontainers.image.vendor" = "Nix project";
-    "org.opencontainers.image.version" = nix.version;
-    "org.opencontainers.image.description" = "Nix container image";
-  },
-  Cmd ? [ (lib.getExe bashInteractive) ],
-  # Default Packages
-  nix ? pkgs.nix,
-  bashInteractive ? pkgs.bashInteractive,
-  coreutils-full ? pkgs.coreutils-full,
-  gnutar ? pkgs.gnutar,
-  gzip ? pkgs.gzip,
-  gnugrep ? pkgs.gnugrep,
-  which ? pkgs.which,
-  curl ? pkgs.curl,
-  less ? pkgs.less,
-  wget ? pkgs.wget,
-  man ? pkgs.man,
-  cacert ? pkgs.cacert,
-  findutils ? pkgs.findutils,
-  iana-etc ? pkgs.iana-etc,
-  gitMinimal ? pkgs.gitMinimal,
-  openssh ? pkgs.openssh,
-  # Other dependencies
-  shadow ? pkgs.shadow,
 }:
 let
-  defaultPkgs = [
-    nix
-    bashInteractive
-    coreutils-full
-    gnutar
-    gzip
-    gnugrep
-    which
-    curl
-    less
-    wget
-    man
-    cacert.out
-    findutils
-    iana-etc
-    gitMinimal
-    openssh
-  ] ++ extraPkgs;
+  defaultPkgs =
+    with pkgs;
+    [
+      nix
+      bashInteractive
+      coreutils-full
+      gnutar
+      gzip
+      gnugrep
+      which
+      curl
+      less
+      wget
+      man
+      cacert.out
+      findutils
+      iana-etc
+      git
+      openssh
+    ]
+    ++ extraPkgs;

  users =
    {

      root = {
        uid = 0;
-        shell = lib.getExe bashInteractive;
+        shell = "${pkgs.bashInteractive}/bin/bash";
        home = "/root";
        gid = 0;
        groups = [ "root" ];
@@ -81,7 +52,7 @@ let

      nobody = {
        uid = 65534;
-        shell = lib.getExe' shadow "nologin";
+        shell = "${pkgs.shadow}/bin/nologin";
        home = "/var/empty";
        gid = 65534;
        groups = [ "nobody" ];
@@ -92,7 +63,7 @@ let
    // lib.optionalAttrs (uid != 0) {
      "${uname}" = {
        uid = uid;
-        shell = lib.getExe bashInteractive;
+        shell = "${pkgs.bashInteractive}/bin/bash";
        home = "/home/${uname}";
        gid = gid;
        groups = [ "${gname}" ];
@@ -176,42 +147,41 @@ let
    "${k}:x:${toString gid}:${lib.concatStringsSep "," members}";
  groupContents = (lib.concatStringsSep "\n" (lib.attrValues (lib.mapAttrs groupToGroup groups)));

-  toConf =
-    with pkgs.lib.generators;
-    toKeyValue {
-      mkKeyValue = mkKeyValueDefault {
-        mkValueString = v: if lib.isList v then lib.concatStringsSep " " v else mkValueStringDefault { } v;
-      } " = ";
-    };
+  defaultNixConf = {
+    sandbox = "false";
+    build-users-group = "nixbld";
+    trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
+  };

-  nixConfContents = toConf (
-    {
-      sandbox = false;
-      build-users-group = "nixbld";
-      trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
-    }
-    // nixConf
-  );
+  nixConfContents =
+    (lib.concatStringsSep "\n" (
+      lib.mapAttrsFlatten (
+        n: v:
+        let
+          vStr = if builtins.isList v then lib.concatStringsSep " " v else v;
+        in
+        "${n} = ${vStr}"
+      ) (defaultNixConf // nixConf)
+    ))
+    + "\n";

  userHome = if uid == 0 then "/root" else "/home/${uname}";

  baseSystem =
    let
      nixpkgs = pkgs.path;
-      channel = runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
+      channel = pkgs.runCommand "channel-nixos" { inherit bundleNixpkgs; } ''
        mkdir $out
        if [ "$bundleNixpkgs" ]; then
-          ln -s ${
-            builtins.path {
-              path = nixpkgs;
-              name = "source";
-            }
-          } $out/nixpkgs
+          ln -s ${nixpkgs} $out/nixpkgs
          echo "[]" > $out/manifest.nix
        fi
      '';
-      # doc/manual/source/command-ref/files/manifest.nix.md
-      manifest = buildPackages.runCommand "manifest.nix" { } ''
+      rootEnv = pkgs.buildPackages.buildEnv {
+        name = "root-profile-env";
+        paths = defaultPkgs;
+      };
+      manifest = pkgs.buildPackages.runCommand "manifest.nix" { } ''
        cat > $out <<EOF
        [
        ${lib.concatStringsSep "\n" (
@@ -240,15 +210,11 @@ let
        ]
        EOF
      '';
-      profile = buildPackages.buildEnv {
-        name = "root-profile-env";
-        paths = defaultPkgs;
-
-        postBuild = ''
-          mv $out/manifest $out/manifest.nix
-        '';
-        inherit manifest;
-      };
+      profile = pkgs.buildPackages.runCommand "user-environment" { } ''
+        mkdir $out
+        cp -a ${rootEnv}/* $out/
+        ln -s ${manifest} $out/manifest.nix
+      '';
      flake-registry-path =
        if (flake-registry == null) then
          null
@@ -257,7 +223,7 @@ let
        else
          flake-registry;
    in
-    runCommand "base-system"
+    pkgs.runCommand "base-system"
      {
        inherit
          passwdContents
@@ -280,7 +246,6 @@ let
          set -x
          mkdir -p $out/etc

-          # may get replaced by pkgs.dockerTools.caCertificates
          mkdir -p $out/etc/ssl/certs
          ln -s /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs

@@ -308,24 +273,20 @@ let
          mkdir -p $out${userHome}
          mkdir -p $out/nix/var/nix/profiles/per-user/${uname}

-          # see doc/manual/source/command-ref/files/profiles.md
          ln -s ${profile} $out/nix/var/nix/profiles/default-1-link
          ln -s /nix/var/nix/profiles/default-1-link $out/nix/var/nix/profiles/default
          ln -s /nix/var/nix/profiles/default $out${userHome}/.nix-profile

-          # see doc/manual/source/command-ref/files/channels.md
          ln -s ${channel} $out/nix/var/nix/profiles/per-user/${uname}/channels-1-link
          ln -s /nix/var/nix/profiles/per-user/${uname}/channels-1-link $out/nix/var/nix/profiles/per-user/${uname}/channels

-          # see doc/manual/source/command-ref/files/default-nix-expression.md
          mkdir -p $out${userHome}/.nix-defexpr
          ln -s /nix/var/nix/profiles/per-user/${uname}/channels $out${userHome}/.nix-defexpr/channels
          echo "${channelURL} ${channelName}" > $out${userHome}/.nix-channels

-          # may get replaced by pkgs.dockerTools.binSh & pkgs.dockerTools.usrBinEnv
          mkdir -p $out/bin $out/usr/bin
-          ln -s ${lib.getExe' coreutils-full "env"} $out/usr/bin/env
-          ln -s ${lib.getExe bashInteractive} $out/bin/sh
+          ln -s ${pkgs.coreutils}/bin/env $out/usr/bin/env
+          ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/sh

        ''
        + (lib.optionalString (flake-registry-path != null) ''
@@ -334,13 +295,13 @@ let
          globalFlakeRegistryPath="$nixCacheDir/flake-registry.json"
          ln -s ${flake-registry-path} $out$globalFlakeRegistryPath
          mkdir -p $out/nix/var/nix/gcroots/auto
-          rootName=$(${lib.getExe' nix "nix"} --extra-experimental-features nix-command hash file --type sha1 --base32 <(echo -n $globalFlakeRegistryPath))
+          rootName=$(${pkgs.nix}/bin/nix --extra-experimental-features nix-command hash file --type sha1 --base32 <(echo -n $globalFlakeRegistryPath))
          ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName
        '')
      );

 in
-dockerTools.buildLayeredImageWithNixDb {
+pkgs.dockerTools.buildLayeredImageWithNixDb {

  inherit
    name
@@ -366,7 +327,7 @@ dockerTools.buildLayeredImageWithNixDb {
  '';

  config = {
-    inherit Cmd Labels;
+    Cmd = [ "${userHome}/.nix-profile/bin/bash" ];
    User = "${toString uid}:${toString gid}";
    Env = [
      "USER=${uname}"
--- a/flake.lock
+++ b/flake.lock
@@ -63,11 +63,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1747179050,
-        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
+        "lastModified": 1743315132,
+        "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
+        "rev": "52faf482a3889b7619003c0daec593a1912fddc1",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -32,7 +32,7 @@
    let
      inherit (nixpkgs) lib;

-      officialRelease = false;
+      officialRelease = true;

      linux32BitSystems = [ "i686-linux" ];
      linux64BitSystems = [
@@ -131,90 +131,13 @@
        }
      );

-      /**
-        Produce the `nixComponents` and `nixDependencies` package sets (scopes) for
-        a given `pkgs` and `getStdenv`.
-      */
-      packageSetsFor =
+      overlayFor =
+        getStdenv: final: prev:
        let
-          /**
-            Removes a prefix from the attribute names of a set of splices.
-            This is a completely uninteresting and exists for compatibility only.
-
-            Example:
-            ```nix
-            renameSplicesFrom "pkgs" { pkgsBuildBuild = ...; ... }
-            => { buildBuild = ...; ... }
-            ```
-          */
-          renameSplicesFrom = prefix: x: {
-            buildBuild = x."${prefix}BuildBuild";
-            buildHost = x."${prefix}BuildHost";
-            buildTarget = x."${prefix}BuildTarget";
-            hostHost = x."${prefix}HostHost";
-            hostTarget = x."${prefix}HostTarget";
-            targetTarget = x."${prefix}TargetTarget";
-          };
-
-          /**
-            Adds a prefix to the attribute names of a set of splices.
-            This is a completely uninteresting and exists for compatibility only.
-
-            Example:
-            ```nix
-            renameSplicesTo "self" { buildBuild = ...; ... }
-            => { selfBuildBuild = ...; ... }
-            ```
-          */
-          renameSplicesTo = prefix: x: {
-            "${prefix}BuildBuild" = x.buildBuild;
-            "${prefix}BuildHost" = x.buildHost;
-            "${prefix}BuildTarget" = x.buildTarget;
-            "${prefix}HostHost" = x.hostHost;
-            "${prefix}HostTarget" = x.hostTarget;
-            "${prefix}TargetTarget" = x.targetTarget;
-          };
-
-          /**
-            Takes a function `f` and returns a function that applies `f` pointwise to each splice.
-
-            Example:
-            ```nix
-            mapSplices (x: x * 10) { buildBuild = 1; buildHost = 2; ... }
-            => { buildBuild = 10; buildHost = 20; ... }
-            ```
-          */
-          mapSplices =
-            f:
-            {
-              buildBuild,
-              buildHost,
-              buildTarget,
-              hostHost,
-              hostTarget,
-              targetTarget,
-            }:
-            {
-              buildBuild = f buildBuild;
-              buildHost = f buildHost;
-              buildTarget = f buildTarget;
-              hostHost = f hostHost;
-              hostTarget = f hostTarget;
-              targetTarget = f targetTarget;
-            };
-
+          stdenv = getStdenv final;
        in
-        args@{
-          pkgs,
-          getStdenv ? pkgs: pkgs.stdenv,
-        }:
-        let
-          nixComponentsSplices = mapSplices (
-            pkgs': (packageSetsFor (args // { pkgs = pkgs'; })).nixComponents
-          ) (renameSplicesFrom "pkgs" pkgs);
-          nixDependenciesSplices = mapSplices (
-            pkgs': (packageSetsFor (args // { pkgs = pkgs'; })).nixDependencies
-          ) (renameSplicesFrom "pkgs" pkgs);
+        {
+          nixStable = prev.nix;

          # A new scope, so that we can use `callPackage` to inject our own interdependencies
          # without "polluting" the top level "`pkgs`" attrset.
@@ -223,87 +146,63 @@
          nixComponents =
            lib.makeScopeWithSplicing'
              {
-                inherit (pkgs) splicePackages;
-                inherit (nixDependencies) newScope;
+                inherit (final) splicePackages;
+                inherit (final.nixDependencies) newScope;
              }
              {
-                otherSplices = renameSplicesTo "self" nixComponentsSplices;
+                otherSplices = final.generateSplicesForMkScope "nixComponents";
                f = import ./packaging/components.nix {
-                  inherit (pkgs) lib;
+                  inherit (final) lib;
                  inherit officialRelease;
-                  inherit pkgs;
+                  pkgs = final;
                  src = self;
-                  maintainers = [ ];
+                  maintainers = with lib.maintainers; [
+                    edolstra
+                    Ericson2314
+                    Mic92
+                    roberth
+                    tomberek
+                  ];
                };
              };

          # The dependencies are in their own scope, so that they don't have to be
-          # in Nixpkgs top level `pkgs` or `nixComponents2`.
+          # in Nixpkgs top level `pkgs` or `nixComponents`.
          nixDependencies =
            lib.makeScopeWithSplicing'
              {
-                inherit (pkgs) splicePackages;
-                inherit (pkgs) newScope; # layered directly on pkgs, unlike nixComponents2 above
+                inherit (final) splicePackages;
+                inherit (final) newScope; # layered directly on pkgs, unlike nixComponents above
              }
              {
-                otherSplices = renameSplicesTo "self" nixDependenciesSplices;
+                otherSplices = final.generateSplicesForMkScope "nixDependencies";
                f = import ./packaging/dependencies.nix {
-                  inherit inputs pkgs;
-                  stdenv = getStdenv pkgs;
+                  inherit inputs stdenv;
+                  pkgs = final;
                };
              };

-          # If the package set is largely empty, we should(?) return empty sets
-          # This is what most package sets in Nixpkgs do. Otherwise, we get
-          # an error message that indicates that some stdenv attribute is missing,
-          # and indeed it will be missing, as seemingly `pkgsTargetTarget` is
-          # very incomplete.
-          fixup = lib.mapAttrs (k: v: if !(pkgs ? nix) then { } else v);
-        in
-        fixup {
-          inherit nixDependencies;
-          inherit nixComponents;
-        };
+          nix = final.nixComponents.nix-cli;

-      overlayFor =
-        getStdenv: final: prev:
-        let
-          packageSets = packageSetsFor {
-            inherit getStdenv;
-            pkgs = final;
-          };
-        in
-        {
-          nixStable = prev.nix;
-
-          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
-          nixComponents2 = packageSets.nixComponents;
-
-          # The dependencies are in their own scope, so that they don't have to be
-          # in Nixpkgs top level `pkgs` or `nixComponents2`.
-          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
-          nixDependencies2 = packageSets.nixDependencies;
-
-          nix = final.nixComponents2.nix-cli;
+          # See https://github.com/NixOS/nixpkgs/pull/214409
+          # Remove when fixed in this flake's nixpkgs
+          pre-commit =
+            if prev.stdenv.hostPlatform.system == "i686-linux" then
+              (prev.pre-commit.override (o: {
+                dotnet-sdk = "";
+              })).overridePythonAttrs
+                (o: {
+                  doCheck = false;
+                })
+            else
+              prev.pre-commit;
        };

    in
    {
-      overlays.internal = overlayFor (p: p.stdenv);
-
-      /**
-        A Nixpkgs overlay that sets `nix` to something like `packages.<system>.nix-everything`,
-        except dependencies aren't taken from (flake) `nix.inputs.nixpkgs`, but from the Nixpkgs packages
-        where the overlay is used.
-      */
-      overlays.default =
-        final: prev:
-        let
-          packageSets = packageSetsFor { pkgs = final; };
-        in
-        {
-          nix = packageSets.nixComponents.nix-everything;
-        };
+      # A Nixpkgs overlay that overrides the 'nix' and
+      # 'nix-perl-bindings' packages.
+      overlays.default = overlayFor (p: p.stdenv);

      hydraJobs = import ./packaging/hydra.nix {
        inherit
@@ -320,11 +219,47 @@

      checks = forAllSystems (
        system:
-        (import ./ci/gha/tests {
-          inherit system;
-          pkgs = nixpkgsFor.${system}.native;
-          nixFlake = self;
-        }).topLevel
+        {
+          installerScriptForGHA = self.hydraJobs.installerScriptForGHA.${system};
+          installTests = self.hydraJobs.installTests.${system};
+          nixpkgsLibTests = self.hydraJobs.tests.nixpkgsLibTests.${system};
+          rl-next =
+            let
+              pkgs = nixpkgsFor.${system}.native;
+            in
+            pkgs.buildPackages.runCommand "test-rl-next-release-notes" { } ''
+              LANG=C.UTF-8 ${pkgs.changelog-d}/bin/changelog-d ${./doc/manual/rl-next} >$out
+            '';
+          repl-completion = nixpkgsFor.${system}.native.callPackage ./tests/repl-completion.nix { };
+
+          /**
+            Checks for our packaging expressions.
+            This shouldn't build anything significant; just check that things
+            (including derivations) are _set up_ correctly.
+          */
+          # Disabled due to a bug in `testEqualContents` (see
+          # https://github.com/NixOS/nix/issues/12690).
+          /*
+            packaging-overriding =
+              let
+                pkgs = nixpkgsFor.${system}.native;
+                nix = self.packages.${system}.nix;
+              in
+              assert (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src.patches == [ pkgs.emptyFile ];
+              if pkgs.stdenv.buildPlatform.isDarwin then
+                lib.warn "packaging-overriding check currently disabled because of a permissions issue on macOS" pkgs.emptyFile
+              else
+                # If this fails, something might be wrong with how we've wired the scope,
+                # or something could be broken in Nixpkgs.
+                pkgs.testers.testEqualContents {
+                  assertion = "trivial patch does not change source contents";
+                  expected = "${./.}";
+                  actual =
+                    # Same for all components; nix-util is an arbitrary pick
+                    (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src;
+                };
+          */
+        }
        // (lib.optionalAttrs (builtins.elem system linux64BitSystems)) {
          dockerImage = self.hydraJobs.dockerImage.${system};
        }
@@ -337,20 +272,30 @@
        # Add "passthru" tests
        //
          flatMapAttrs
-            {
-              "" = {
-                pkgs = nixpkgsFor.${system}.native;
-              };
-            }
            (
-              nixpkgsPrefix: args:
-              (import ./ci/gha/tests (
-                args
-                // {
-                  nixFlake = self;
-                  componentTestsPrefix = nixpkgsPrefix;
-                }
-              )).componentTests
+              {
+                "" = nixpkgsFor.${system}.native;
+              }
+              // lib.optionalAttrs (!nixpkgsFor.${system}.native.stdenv.hostPlatform.isDarwin) {
+                # TODO: enable static builds for darwin, blocked on:
+                #       https://github.com/NixOS/nixpkgs/issues/320448
+                # TODO: disabled to speed up GHA CI.
+                #"static-" = nixpkgsFor.${system}.native.pkgsStatic;
+              }
+            )
+            (
+              nixpkgsPrefix: nixpkgs:
+              flatMapAttrs nixpkgs.nixComponents (
+                pkgName: pkg:
+                flatMapAttrs pkg.tests or { } (
+                  testName: test: {
+                    "${nixpkgsPrefix}${pkgName}-${testName}" = test;
+                  }
+                )
+              )
+              // lib.optionalAttrs (nixpkgs.stdenv.hostPlatform == nixpkgs.stdenv.buildPlatform) {
+                "${nixpkgsPrefix}nix-functional-tests" = nixpkgs.nixComponents.nix-functional-tests;
+              }
            )
        // devFlake.checks.${system} or { }
      );
@@ -368,9 +313,9 @@
          binaryTarball = self.hydraJobs.binaryTarball.${system};
          # TODO probably should be `nix-cli`
          nix = self.packages.${system}.nix-everything;
-          nix-manual = nixpkgsFor.${system}.native.nixComponents2.nix-manual;
-          nix-internal-api-docs = nixpkgsFor.${system}.native.nixComponents2.nix-internal-api-docs;
-          nix-external-api-docs = nixpkgsFor.${system}.native.nixComponents2.nix-external-api-docs;
+          nix-manual = nixpkgsFor.${system}.native.nixComponents.nix-manual;
+          nix-internal-api-docs = nixpkgsFor.${system}.native.nixComponents.nix-internal-api-docs;
+          nix-external-api-docs = nixpkgsFor.${system}.native.nixComponents.nix-external-api-docs;
        }
        # We need to flatten recursive attribute sets of derivations to pass `flake check`.
        //
@@ -388,7 +333,6 @@
              "nix-store-tests" = { };

              "nix-fetchers" = { };
-              "nix-fetchers-c" = { };
              "nix-fetchers-tests" = { };

              "nix-expr" = { };
@@ -397,7 +341,6 @@
              "nix-expr-tests" = { };

              "nix-flake" = { };
-              "nix-flake-c" = { };
              "nix-flake-tests" = { };

              "nix-main" = { };
@@ -424,9 +367,9 @@
              }:
              {
                # These attributes go right into `packages.<system>`.
-                "${pkgName}" = nixpkgsFor.${system}.native.nixComponents2.${pkgName};
-                "${pkgName}-static" = nixpkgsFor.${system}.native.pkgsStatic.nixComponents2.${pkgName};
-                "${pkgName}-llvm" = nixpkgsFor.${system}.native.pkgsLLVM.nixComponents2.${pkgName};
+                "${pkgName}" = nixpkgsFor.${system}.native.nixComponents.${pkgName};
+                "${pkgName}-static" = nixpkgsFor.${system}.native.pkgsStatic.nixComponents.${pkgName};
+                "${pkgName}-llvm" = nixpkgsFor.${system}.native.pkgsLLVM.nixComponents.${pkgName};
              }
              // lib.optionalAttrs supportsCross (
                flatMapAttrs (lib.genAttrs crossSystems (_: { })) (
@@ -434,7 +377,7 @@
                  { }:
                  {
                    # These attributes go right into `packages.<system>`.
-                    "${pkgName}-${crossSystem}" = nixpkgsFor.${system}.cross.${crossSystem}.nixComponents2.${pkgName};
+                    "${pkgName}-${crossSystem}" = nixpkgsFor.${system}.cross.${crossSystem}.nixComponents.${pkgName};
                  }
                )
              )
@@ -444,7 +387,7 @@
                {
                  # These attributes go right into `packages.<system>`.
                  "${pkgName}-${stdenvName}" =
-                    nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.nixComponents2.${pkgName};
+                    nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.nixComponents.${pkgName};
                }
              )
            )
@@ -452,7 +395,8 @@
          dockerImage =
            let
              pkgs = nixpkgsFor.${system}.native;
-              image = pkgs.callPackage ./docker.nix {
+              image = import ./docker.nix {
+                inherit pkgs;
                tag = pkgs.nix.version;
              };
            in
@@ -513,53 +457,5 @@
            default = self.devShells.${system}.native;
          }
        );
-
-      lib = {
-        /**
-          Creates a package set for a given Nixpkgs instance and stdenv.
-
-          # Inputs
-
-          - `pkgs`: The Nixpkgs instance to use.
-
-          - `getStdenv`: _Optional_ A function that takes a package set and returns the stdenv to use.
-            This needs to be a function in order to support cross compilation - the `pkgs` passed to `getStdenv` can be `pkgsBuildHost` or any other variation needed.
-
-          # Outputs
-
-          The return value is a fresh Nixpkgs scope containing all the packages that are defined in the Nix repository,
-          as well as some internals and parameters, which may be subject to change.
-
-          # Example
-
-          ```console
-          nix repl> :lf NixOS/nix
-          nix-repl> ps = lib.makeComponents { pkgs = import inputs.nixpkgs { crossSystem = "riscv64-linux"; }; }
-          nix-repl> ps
-          {
-            appendPatches = «lambda appendPatches @ ...»;
-            callPackage = «lambda callPackageWith @ ...»;
-            overrideAllMesonComponents = «lambda overrideSource @ ...»;
-            overrideSource = «lambda overrideSource @ ...»;
-            # ...
-            nix-everything
-            # ...
-            nix-store
-            nix-store-c
-            # ...
-          }
-          ```
-        */
-        makeComponents =
-          {
-            pkgs,
-            getStdenv ? pkgs: pkgs.stdenv,
-          }:
-
-          let
-            packageSets = packageSetsFor { inherit getStdenv pkgs; };
-          in
-          packageSets.nixComponents;
-      };
    };
 }
--- a/maintainers/README.md
+++ b/maintainers/README.md
@@ -37,7 +37,7 @@ The team is on Github as [@NixOS/nix-team](https://github.com/orgs/NixOS/teams/n

 The team meets twice a week (times are denoted in the [Europe/Amsterdam](https://en.m.wikipedia.org/wiki/Time_in_the_Netherlands) time zone):

- Discussion meeting: Wednesday 21:00-22:00 Europe/Amsterdam see [calendar](https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com).
+- Discussion meeting: [Wednesday 21:00-22:00 Europe/Amsterdam](https://www.google.com/calendar/event?eid=ZG5rZzNyajRjajducGV2NGY5aGkzYWIwdnJfMjAyNDA1MDhUMTkwMDAwWiBiOW81MmZvYnFqYWs4b3E4bGZraGczdDBxZ0Bn)

  1. Triage issues and pull requests from the [No Status](#no-status) column (30 min)
  2. Discuss issues and pull requests from the [To discuss](#to-discuss) column (30 min).
@@ -46,7 +46,7 @@ The team meets twice a week (times are denoted in the [Europe/Amsterdam](https:/
       - mark it as draft if it is blocked on the contributor
       - escalate it back to the team by moving it to To discuss, and leaving a comment as to why the issue needs to be discussed again.

- Work meeting: Mondays 14:00-16:00 Europe/Amsterdam see [calendar](https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com).
+- Work meeting: [Mondays 14:00-16:00 Europe/Amsterdam](https://www.google.com/calendar/event?eid=Ym52NDdzYnRic2NzcDcybjZiNDhpNzhpa3NfMjAyNDA1MTNUMTIwMDAwWiBiOW81MmZvYnFqYWs4b3E4bGZraGczdDBxZ0Bn)

  1. Code review on pull requests from [In review](#in-review).
  2. Other chores and tasks.
--- a/maintainers/data/release-credits-email-to-handle.json
+++ b/maintainers/data/release-credits-email-to-handle.json
@@ -145,45 +145,5 @@
    "thebenmachine+git@gmail.com": "bmillwood",
    "leandro@kip93.net": "kip93",
    "hello@briancamacho.me": "b-camacho",
-    "bcamacho@anduril.com": "bcamacho2",
-    "oldshensheep@gmail.com": "oldshensheep",
-    "thomasmiedema@gmail.com": "thomie",
-    "xokdvium@proton.me": "xokdvium",
-    "kaction@disroot.org": "KAction",
-    "serenity@kaction.cc": null,
-    "dev@erik.work": "Kirens",
-    "felix@alternativebit.fr": "picnoir",
-    "butirsky@gmail.com": "bam80",
-    "look@my.amazin.horse": "Valodim",
-    "jeremyfleischman@gmail.com": "jfly",
-    "vit.gottwald@gmail.com": "VitGottwald",
-    "a@unnamed.website": "anthowan",
-    "hello@whatsthecraic.net": "whatsthecraic",
-    "alex.rom23@mail.ru": "ajlekcahdp4",
-    "domagoj@tuta.com": "allrealmsoflife",
-    "uluc.sengil@gmail.com": "ulucs",
-    "prc.zhao@outlook.com": "Prince213",
-    "the-tumultuous-unicorn-of-darkness@gmx.com": "TheTumultuousUnicornOfDarkness",
-    "dev@rodney.id.au": "rvl",
-    "pe@pijul.org": "P-E-Meunier",
-    "yannik@floxdev.com": "ysndr",
-    "73017521+egorkonovalov@users.noreply.github.com": "egorkonovalov",
-    "raito@lix.systems": null,
-    "nikita.nikita.krasnov@gmail.com": "synalice",
-    "lucperkins@gmail.com": "lucperkins",
-    "vladimir.cunat@nic.cz": "vcunat",
-    "walther@technowledgy.de": "wolfgangwalther",
-    "jayesh.mail@gmail.com": "jayeshv",
-    "samuli.thomasson@pm.me": "SimSaladin",
-    "kevin@stravers.net": "kstrafe",
-    "poperigby@mailbox.org": "poperigby",
-    "cole.helbling@determinate.systems": "cole-h",
-    "donottellmetonottellyou@gmail.com": "donottellmetonottellyou",
-    "getchoo@tuta.io": "getchoo",
-    "alex.ford@determinate.systems": "gustavderdrache",
-    "stefan.r.boca@gmail.com": "stefanboca",
-    "gwenn.lebihan7@gmail.com": "gwennlbh",
-    "hey@ewen.works": "gwennlbh",
-    "matt@sturgeon.me.uk": "MattSturgeon",
-    "pbsds@hotmail.com": "pbsds"
+    "bcamacho@anduril.com": "bcamacho2"
 }
--- a/maintainers/data/release-credits-handle-to-name.json
+++ b/maintainers/data/release-credits-handle-to-name.json
@@ -129,38 +129,5 @@
    "SomeoneSerge": "Someone",
    "b-camacho": "Brian Camacho",
    "MaxHearnden": null,
-    "kip93": "Leandro Emmanuel Reina Kiperman",
-    "oldshensheep": "Ruby Rose",
-    "KAction": "Dmitry Bogatov",
-    "thomie": "Thomas Miedema",
-    "Kirens": "Erik Nygren",
-    "Prince213": "Sizhe Zhao",
-    "anthowan": "Anthony Wang",
-    "jfly": "Jeremy Fleischman",
-    "VitGottwald": "Vit Gottwald",
-    "bam80": "Andrey Butirsky",
-    "ulucs": null,
-    "P-E-Meunier": "Pierre-Etienne Meunier",
-    "ysndr": "Yannik Sander",
-    "TheTumultuousUnicornOfDarkness": "The Tumultuous Unicorn Of Darkness",
-    "ajlekcahdp4": "Alexander Romanov",
-    "Valodim": "Vincent Breitmoser",
-    "rvl": "Rodney Lorrimar",
-    "whatsthecraic": "Dean De Leo",
-    "gwennlbh": "Gwenn Le Bihan",
-    "donottellmetonottellyou": "Jade Masker",
-    "kstrafe": null,
-    "synalice": "Nikita Krasnov",
-    "poperigby": "PopeRigby",
-    "MattSturgeon": "Matt Sturgeon",
-    "lucperkins": "Luc Perkins",
-    "gustavderdrache": null,
-    "SimSaladin": "Samuli Thomasson",
-    "getchoo": "Seth Flynn",
-    "stefanboca": "Stefan Boca",
-    "wolfgangwalther": "Wolfgang Walther",
-    "pbsds": "Peder Bergebakken Sundt",
-    "egorkonovalov": "Egor Konovalov",
-    "jayeshv": "jayeshv",
-    "vcunat": "Vladim\u00edr \u010cun\u00e1t"
+    "kip93": "Leandro Emmanuel Reina Kiperman"
 }
--- a/maintainers/flake-module.nix
+++ b/maintainers/flake-module.nix
@@ -37,29 +37,6 @@
              fi
            ''}";
          };
-          meson-format =
-            let
-              meson = pkgs.meson.overrideAttrs {
-                doCheck = false;
-                doInstallCheck = false;
-                patches = [
-                  (pkgs.fetchpatch {
-                    url = "https://github.com/mesonbuild/meson/commit/38d29b4dd19698d5cad7b599add2a69b243fd88a.patch";
-                    hash = "sha256-PgPBvGtCISKn1qQQhzBW5XfknUe91i5XGGBcaUK4yeE=";
-                  })
-                ];
-              };
-            in
-            {
-              enable = true;
-              files = "(meson.build|meson.options)$";
-              entry = "${pkgs.writeScript "format-meson" ''
-                #!${pkgs.runtimeShell}
-                for file in "$@"; do
-                  ${lib.getExe meson} format -ic ${../meson.format} "$file"
-                done
-              ''}";
-            };
          nixfmt-rfc-style = {
            enable = true;
            excludes = [
@@ -100,6 +77,468 @@
              # Don't format vendored code
              ''^doc/manual/redirects\.js$''
              ''^doc/manual/theme/highlight\.js$''
+
+              # We haven't applied formatting to these files yet
+              ''^doc/manual/redirects\.js$''
+              ''^doc/manual/theme/highlight\.js$''
+              ''^precompiled-headers\.h$''
+              ''^src/build-remote/build-remote\.cc$''
+              ''^src/libcmd/built-path\.cc$''
+              ''^src/libcmd/built-path\.hh$''
+              ''^src/libcmd/common-eval-args\.cc$''
+              ''^src/libcmd/common-eval-args\.hh$''
+              ''^src/libcmd/editor-for\.cc$''
+              ''^src/libcmd/installable-attr-path\.cc$''
+              ''^src/libcmd/installable-attr-path\.hh$''
+              ''^src/libcmd/installable-derived-path\.cc$''
+              ''^src/libcmd/installable-derived-path\.hh$''
+              ''^src/libcmd/installable-flake\.cc$''
+              ''^src/libcmd/installable-flake\.hh$''
+              ''^src/libcmd/installable-value\.cc$''
+              ''^src/libcmd/installable-value\.hh$''
+              ''^src/libcmd/installables\.cc$''
+              ''^src/libcmd/installables\.hh$''
+              ''^src/libcmd/legacy\.hh$''
+              ''^src/libcmd/markdown\.cc$''
+              ''^src/libcmd/misc-store-flags\.cc$''
+              ''^src/libcmd/repl-interacter\.cc$''
+              ''^src/libcmd/repl-interacter\.hh$''
+              ''^src/libcmd/repl\.cc$''
+              ''^src/libcmd/repl\.hh$''
+              ''^src/libexpr-c/nix_api_expr\.cc$''
+              ''^src/libexpr-c/nix_api_external\.cc$''
+              ''^src/libexpr/attr-path\.cc$''
+              ''^src/libexpr/attr-path\.hh$''
+              ''^src/libexpr/attr-set\.cc$''
+              ''^src/libexpr/attr-set\.hh$''
+              ''^src/libexpr/eval-cache\.cc$''
+              ''^src/libexpr/eval-cache\.hh$''
+              ''^src/libexpr/eval-error\.cc$''
+              ''^src/libexpr/eval-inline\.hh$''
+              ''^src/libexpr/eval-settings\.cc$''
+              ''^src/libexpr/eval-settings\.hh$''
+              ''^src/libexpr/eval\.cc$''
+              ''^src/libexpr/eval\.hh$''
+              ''^src/libexpr/function-trace\.cc$''
+              ''^src/libexpr/gc-small-vector\.hh$''
+              ''^src/libexpr/get-drvs\.cc$''
+              ''^src/libexpr/get-drvs\.hh$''
+              ''^src/libexpr/json-to-value\.cc$''
+              ''^src/libexpr/nixexpr\.cc$''
+              ''^src/libexpr/nixexpr\.hh$''
+              ''^src/libexpr/parser-state\.hh$''
+              ''^src/libexpr/primops\.cc$''
+              ''^src/libexpr/primops\.hh$''
+              ''^src/libexpr/primops/context\.cc$''
+              ''^src/libexpr/primops/fetchClosure\.cc$''
+              ''^src/libexpr/primops/fetchMercurial\.cc$''
+              ''^src/libexpr/primops/fetchTree\.cc$''
+              ''^src/libexpr/primops/fromTOML\.cc$''
+              ''^src/libexpr/print-ambiguous\.cc$''
+              ''^src/libexpr/print-ambiguous\.hh$''
+              ''^src/libexpr/print-options\.hh$''
+              ''^src/libexpr/print\.cc$''
+              ''^src/libexpr/print\.hh$''
+              ''^src/libexpr/search-path\.cc$''
+              ''^src/libexpr/symbol-table\.hh$''
+              ''^src/libexpr/value-to-json\.cc$''
+              ''^src/libexpr/value-to-json\.hh$''
+              ''^src/libexpr/value-to-xml\.cc$''
+              ''^src/libexpr/value-to-xml\.hh$''
+              ''^src/libexpr/value\.hh$''
+              ''^src/libexpr/value/context\.cc$''
+              ''^src/libexpr/value/context\.hh$''
+              ''^src/libfetchers/attrs\.cc$''
+              ''^src/libfetchers/cache\.cc$''
+              ''^src/libfetchers/cache\.hh$''
+              ''^src/libfetchers/fetch-settings\.cc$''
+              ''^src/libfetchers/fetch-settings\.hh$''
+              ''^src/libfetchers/fetch-to-store\.cc$''
+              ''^src/libfetchers/fetchers\.cc$''
+              ''^src/libfetchers/fetchers\.hh$''
+              ''^src/libfetchers/filtering-source-accessor\.cc$''
+              ''^src/libfetchers/filtering-source-accessor\.hh$''
+              ''^src/libfetchers/fs-source-accessor\.cc$''
+              ''^src/libfetchers/fs-source-accessor\.hh$''
+              ''^src/libfetchers/git-utils\.cc$''
+              ''^src/libfetchers/git-utils\.hh$''
+              ''^src/libfetchers/github\.cc$''
+              ''^src/libfetchers/indirect\.cc$''
+              ''^src/libfetchers/memory-source-accessor\.cc$''
+              ''^src/libfetchers/path\.cc$''
+              ''^src/libfetchers/registry\.cc$''
+              ''^src/libfetchers/registry\.hh$''
+              ''^src/libfetchers/tarball\.cc$''
+              ''^src/libfetchers/tarball\.hh$''
+              ''^src/libfetchers/git\.cc$''
+              ''^src/libfetchers/mercurial\.cc$''
+              ''^src/libflake/flake/config\.cc$''
+              ''^src/libflake/flake/flake\.cc$''
+              ''^src/libflake/flake/flake\.hh$''
+              ''^src/libflake/flake/flakeref\.cc$''
+              ''^src/libflake/flake/flakeref\.hh$''
+              ''^src/libflake/flake/lockfile\.cc$''
+              ''^src/libflake/flake/lockfile\.hh$''
+              ''^src/libflake/flake/url-name\.cc$''
+              ''^src/libmain/common-args\.cc$''
+              ''^src/libmain/common-args\.hh$''
+              ''^src/libmain/loggers\.cc$''
+              ''^src/libmain/loggers\.hh$''
+              ''^src/libmain/progress-bar\.cc$''
+              ''^src/libmain/shared\.cc$''
+              ''^src/libmain/shared\.hh$''
+              ''^src/libmain/unix/stack\.cc$''
+              ''^src/libstore/binary-cache-store\.cc$''
+              ''^src/libstore/binary-cache-store\.hh$''
+              ''^src/libstore/build-result\.hh$''
+              ''^src/libstore/builtins\.hh$''
+              ''^src/libstore/builtins/buildenv\.cc$''
+              ''^src/libstore/builtins/buildenv\.hh$''
+              ''^src/libstore/common-protocol-impl\.hh$''
+              ''^src/libstore/common-protocol\.cc$''
+              ''^src/libstore/common-protocol\.hh$''
+              ''^src/libstore/common-ssh-store-config\.hh$''
+              ''^src/libstore/content-address\.cc$''
+              ''^src/libstore/content-address\.hh$''
+              ''^src/libstore/daemon\.cc$''
+              ''^src/libstore/daemon\.hh$''
+              ''^src/libstore/derivations\.cc$''
+              ''^src/libstore/derivations\.hh$''
+              ''^src/libstore/derived-path-map\.cc$''
+              ''^src/libstore/derived-path-map\.hh$''
+              ''^src/libstore/derived-path\.cc$''
+              ''^src/libstore/derived-path\.hh$''
+              ''^src/libstore/downstream-placeholder\.cc$''
+              ''^src/libstore/downstream-placeholder\.hh$''
+              ''^src/libstore/dummy-store\.cc$''
+              ''^src/libstore/export-import\.cc$''
+              ''^src/libstore/filetransfer\.cc$''
+              ''^src/libstore/filetransfer\.hh$''
+              ''^src/libstore/gc-store\.hh$''
+              ''^src/libstore/globals\.cc$''
+              ''^src/libstore/globals\.hh$''
+              ''^src/libstore/http-binary-cache-store\.cc$''
+              ''^src/libstore/legacy-ssh-store\.cc$''
+              ''^src/libstore/legacy-ssh-store\.hh$''
+              ''^src/libstore/length-prefixed-protocol-helper\.hh$''
+              ''^src/libstore/linux/personality\.cc$''
+              ''^src/libstore/linux/personality\.hh$''
+              ''^src/libstore/local-binary-cache-store\.cc$''
+              ''^src/libstore/local-fs-store\.cc$''
+              ''^src/libstore/local-fs-store\.hh$''
+              ''^src/libstore/log-store\.cc$''
+              ''^src/libstore/log-store\.hh$''
+              ''^src/libstore/machines\.cc$''
+              ''^src/libstore/machines\.hh$''
+              ''^src/libstore/make-content-addressed\.cc$''
+              ''^src/libstore/make-content-addressed\.hh$''
+              ''^src/libstore/misc\.cc$''
+              ''^src/libstore/names\.cc$''
+              ''^src/libstore/names\.hh$''
+              ''^src/libstore/nar-accessor\.cc$''
+              ''^src/libstore/nar-accessor\.hh$''
+              ''^src/libstore/nar-info-disk-cache\.cc$''
+              ''^src/libstore/nar-info-disk-cache\.hh$''
+              ''^src/libstore/nar-info\.cc$''
+              ''^src/libstore/nar-info\.hh$''
+              ''^src/libstore/outputs-spec\.cc$''
+              ''^src/libstore/outputs-spec\.hh$''
+              ''^src/libstore/parsed-derivations\.cc$''
+              ''^src/libstore/path-info\.cc$''
+              ''^src/libstore/path-info\.hh$''
+              ''^src/libstore/path-references\.cc$''
+              ''^src/libstore/path-regex\.hh$''
+              ''^src/libstore/path-with-outputs\.cc$''
+              ''^src/libstore/path\.cc$''
+              ''^src/libstore/path\.hh$''
+              ''^src/libstore/pathlocks\.cc$''
+              ''^src/libstore/pathlocks\.hh$''
+              ''^src/libstore/profiles\.cc$''
+              ''^src/libstore/profiles\.hh$''
+              ''^src/libstore/realisation\.cc$''
+              ''^src/libstore/realisation\.hh$''
+              ''^src/libstore/remote-fs-accessor\.cc$''
+              ''^src/libstore/remote-fs-accessor\.hh$''
+              ''^src/libstore/remote-store-connection\.hh$''
+              ''^src/libstore/remote-store\.cc$''
+              ''^src/libstore/remote-store\.hh$''
+              ''^src/libstore/s3-binary-cache-store\.cc$''
+              ''^src/libstore/s3\.hh$''
+              ''^src/libstore/serve-protocol-impl\.cc$''
+              ''^src/libstore/serve-protocol-impl\.hh$''
+              ''^src/libstore/serve-protocol\.cc$''
+              ''^src/libstore/serve-protocol\.hh$''
+              ''^src/libstore/sqlite\.cc$''
+              ''^src/libstore/sqlite\.hh$''
+              ''^src/libstore/ssh-store\.cc$''
+              ''^src/libstore/ssh\.cc$''
+              ''^src/libstore/ssh\.hh$''
+              ''^src/libstore/store-api\.cc$''
+              ''^src/libstore/store-api\.hh$''
+              ''^src/libstore/store-dir-config\.hh$''
+              ''^src/libstore/build/derivation-goal\.cc$''
+              ''^src/libstore/build/derivation-goal\.hh$''
+              ''^src/libstore/build/drv-output-substitution-goal\.cc$''
+              ''^src/libstore/build/drv-output-substitution-goal\.hh$''
+              ''^src/libstore/build/entry-points\.cc$''
+              ''^src/libstore/build/goal\.cc$''
+              ''^src/libstore/build/goal\.hh$''
+              ''^src/libstore/unix/build/hook-instance\.cc$''
+              ''^src/libstore/unix/build/local-derivation-goal\.cc$''
+              ''^src/libstore/unix/build/local-derivation-goal\.hh$''
+              ''^src/libstore/build/substitution-goal\.cc$''
+              ''^src/libstore/build/substitution-goal\.hh$''
+              ''^src/libstore/build/worker\.cc$''
+              ''^src/libstore/build/worker\.hh$''
+              ''^src/libstore/builtins/fetchurl\.cc$''
+              ''^src/libstore/builtins/unpack-channel\.cc$''
+              ''^src/libstore/gc\.cc$''
+              ''^src/libstore/local-overlay-store\.cc$''
+              ''^src/libstore/local-overlay-store\.hh$''
+              ''^src/libstore/local-store\.cc$''
+              ''^src/libstore/local-store\.hh$''
+              ''^src/libstore/unix/user-lock\.cc$''
+              ''^src/libstore/unix/user-lock\.hh$''
+              ''^src/libstore/optimise-store\.cc$''
+              ''^src/libstore/unix/pathlocks\.cc$''
+              ''^src/libstore/posix-fs-canonicalise\.cc$''
+              ''^src/libstore/posix-fs-canonicalise\.hh$''
+              ''^src/libstore/uds-remote-store\.cc$''
+              ''^src/libstore/uds-remote-store\.hh$''
+              ''^src/libstore/windows/build\.cc$''
+              ''^src/libstore/worker-protocol-impl\.hh$''
+              ''^src/libstore/worker-protocol\.cc$''
+              ''^src/libstore/worker-protocol\.hh$''
+              ''^src/libutil-c/nix_api_util_internal\.h$''
+              ''^src/libutil/archive\.cc$''
+              ''^src/libutil/archive\.hh$''
+              ''^src/libutil/args\.cc$''
+              ''^src/libutil/args\.hh$''
+              ''^src/libutil/args/root\.hh$''
+              ''^src/libutil/callback\.hh$''
+              ''^src/libutil/canon-path\.cc$''
+              ''^src/libutil/canon-path\.hh$''
+              ''^src/libutil/chunked-vector\.hh$''
+              ''^src/libutil/closure\.hh$''
+              ''^src/libutil/comparator\.hh$''
+              ''^src/libutil/compute-levels\.cc$''
+              ''^src/libutil/config-impl\.hh$''
+              ''^src/libutil/config\.cc$''
+              ''^src/libutil/config\.hh$''
+              ''^src/libutil/current-process\.cc$''
+              ''^src/libutil/current-process\.hh$''
+              ''^src/libutil/english\.cc$''
+              ''^src/libutil/english\.hh$''
+              ''^src/libutil/error\.cc$''
+              ''^src/libutil/error\.hh$''
+              ''^src/libutil/exit\.hh$''
+              ''^src/libutil/experimental-features\.cc$''
+              ''^src/libutil/experimental-features\.hh$''
+              ''^src/libutil/file-content-address\.cc$''
+              ''^src/libutil/file-content-address\.hh$''
+              ''^src/libutil/file-descriptor\.cc$''
+              ''^src/libutil/file-descriptor\.hh$''
+              ''^src/libutil/file-path-impl\.hh$''
+              ''^src/libutil/file-path\.hh$''
+              ''^src/libutil/file-system\.cc$''
+              ''^src/libutil/file-system\.hh$''
+              ''^src/libutil/finally\.hh$''
+              ''^src/libutil/fmt\.hh$''
+              ''^src/libutil/fs-sink\.cc$''
+              ''^src/libutil/fs-sink\.hh$''
+              ''^src/libutil/git\.cc$''
+              ''^src/libutil/git\.hh$''
+              ''^src/libutil/hash\.cc$''
+              ''^src/libutil/hash\.hh$''
+              ''^src/libutil/hilite\.cc$''
+              ''^src/libutil/hilite\.hh$''
+              ''^src/libutil/source-accessor\.hh$''
+              ''^src/libutil/json-impls\.hh$''
+              ''^src/libutil/json-utils\.cc$''
+              ''^src/libutil/json-utils\.hh$''
+              ''^src/libutil/linux/cgroup\.cc$''
+              ''^src/libutil/linux/namespaces\.cc$''
+              ''^src/libutil/logging\.cc$''
+              ''^src/libutil/logging\.hh$''
+              ''^src/libutil/lru-cache\.hh$''
+              ''^src/libutil/memory-source-accessor\.cc$''
+              ''^src/libutil/memory-source-accessor\.hh$''
+              ''^src/libutil/pool\.hh$''
+              ''^src/libutil/position\.cc$''
+              ''^src/libutil/position\.hh$''
+              ''^src/libutil/posix-source-accessor\.cc$''
+              ''^src/libutil/posix-source-accessor\.hh$''
+              ''^src/libutil/processes\.hh$''
+              ''^src/libutil/ref\.hh$''
+              ''^src/libutil/references\.cc$''
+              ''^src/libutil/references\.hh$''
+              ''^src/libutil/regex-combinators\.hh$''
+              ''^src/libutil/serialise\.cc$''
+              ''^src/libutil/serialise\.hh$''
+              ''^src/libutil/signals\.hh$''
+              ''^src/libutil/signature/local-keys\.cc$''
+              ''^src/libutil/signature/local-keys\.hh$''
+              ''^src/libutil/signature/signer\.cc$''
+              ''^src/libutil/signature/signer\.hh$''
+              ''^src/libutil/source-accessor\.cc$''
+              ''^src/libutil/source-accessor\.hh$''
+              ''^src/libutil/source-path\.cc$''
+              ''^src/libutil/source-path\.hh$''
+              ''^src/libutil/split\.hh$''
+              ''^src/libutil/suggestions\.cc$''
+              ''^src/libutil/suggestions\.hh$''
+              ''^src/libutil/sync\.hh$''
+              ''^src/libutil/terminal\.cc$''
+              ''^src/libutil/terminal\.hh$''
+              ''^src/libutil/thread-pool\.cc$''
+              ''^src/libutil/thread-pool\.hh$''
+              ''^src/libutil/topo-sort\.hh$''
+              ''^src/libutil/types\.hh$''
+              ''^src/libutil/unix/file-descriptor\.cc$''
+              ''^src/libutil/unix/file-path\.cc$''
+              ''^src/libutil/unix/processes\.cc$''
+              ''^src/libutil/unix/signals-impl\.hh$''
+              ''^src/libutil/unix/signals\.cc$''
+              ''^src/libutil/unix-domain-socket\.cc$''
+              ''^src/libutil/unix/users\.cc$''
+              ''^src/libutil/url-parts\.hh$''
+              ''^src/libutil/url\.cc$''
+              ''^src/libutil/url\.hh$''
+              ''^src/libutil/users\.cc$''
+              ''^src/libutil/users\.hh$''
+              ''^src/libutil/util\.cc$''
+              ''^src/libutil/util\.hh$''
+              ''^src/libutil/variant-wrapper\.hh$''
+              ''^src/libutil/widecharwidth/widechar_width\.h$'' # vendored source
+              ''^src/libutil/windows/file-descriptor\.cc$''
+              ''^src/libutil/windows/file-path\.cc$''
+              ''^src/libutil/windows/processes\.cc$''
+              ''^src/libutil/windows/users\.cc$''
+              ''^src/libutil/windows/windows-error\.cc$''
+              ''^src/libutil/windows/windows-error\.hh$''
+              ''^src/libutil/xml-writer\.cc$''
+              ''^src/libutil/xml-writer\.hh$''
+              ''^src/nix-build/nix-build\.cc$''
+              ''^src/nix-channel/nix-channel\.cc$''
+              ''^src/nix-collect-garbage/nix-collect-garbage\.cc$''
+              ''^src/nix-env/buildenv.nix$''
+              ''^src/nix-env/nix-env\.cc$''
+              ''^src/nix-env/user-env\.cc$''
+              ''^src/nix-env/user-env\.hh$''
+              ''^src/nix-instantiate/nix-instantiate\.cc$''
+              ''^src/nix-store/dotgraph\.cc$''
+              ''^src/nix-store/graphml\.cc$''
+              ''^src/nix-store/nix-store\.cc$''
+              ''^src/nix/add-to-store\.cc$''
+              ''^src/nix/app\.cc$''
+              ''^src/nix/build\.cc$''
+              ''^src/nix/bundle\.cc$''
+              ''^src/nix/cat\.cc$''
+              ''^src/nix/config-check\.cc$''
+              ''^src/nix/config\.cc$''
+              ''^src/nix/copy\.cc$''
+              ''^src/nix/derivation-add\.cc$''
+              ''^src/nix/derivation-show\.cc$''
+              ''^src/nix/derivation\.cc$''
+              ''^src/nix/develop\.cc$''
+              ''^src/nix/diff-closures\.cc$''
+              ''^src/nix/dump-path\.cc$''
+              ''^src/nix/edit\.cc$''
+              ''^src/nix/eval\.cc$''
+              ''^src/nix/flake\.cc$''
+              ''^src/nix/fmt\.cc$''
+              ''^src/nix/hash\.cc$''
+              ''^src/nix/log\.cc$''
+              ''^src/nix/ls\.cc$''
+              ''^src/nix/main\.cc$''
+              ''^src/nix/make-content-addressed\.cc$''
+              ''^src/nix/nar\.cc$''
+              ''^src/nix/optimise-store\.cc$''
+              ''^src/nix/path-from-hash-part\.cc$''
+              ''^src/nix/path-info\.cc$''
+              ''^src/nix/prefetch\.cc$''
+              ''^src/nix/profile\.cc$''
+              ''^src/nix/realisation\.cc$''
+              ''^src/nix/registry\.cc$''
+              ''^src/nix/repl\.cc$''
+              ''^src/nix/run\.cc$''
+              ''^src/nix/run\.hh$''
+              ''^src/nix/search\.cc$''
+              ''^src/nix/sigs\.cc$''
+              ''^src/nix/store-copy-log\.cc$''
+              ''^src/nix/store-delete\.cc$''
+              ''^src/nix/store-gc\.cc$''
+              ''^src/nix/store-info\.cc$''
+              ''^src/nix/store-repair\.cc$''
+              ''^src/nix/store\.cc$''
+              ''^src/nix/unix/daemon\.cc$''
+              ''^src/nix/upgrade-nix\.cc$''
+              ''^src/nix/verify\.cc$''
+              ''^src/nix/why-depends\.cc$''
+
+              ''^tests/functional/plugins/plugintest\.cc''
+              ''^tests/functional/test-libstoreconsumer/main\.cc''
+              ''^tests/nixos/ca-fd-leak/sender\.c''
+              ''^tests/nixos/ca-fd-leak/smuggler\.c''
+              ''^tests/nixos/user-sandboxing/attacker\.c''
+              ''^src/libexpr-test-support/tests/libexpr\.hh''
+              ''^src/libexpr-test-support/tests/value/context\.cc''
+              ''^src/libexpr-test-support/tests/value/context\.hh''
+              ''^src/libexpr-tests/derived-path\.cc''
+              ''^src/libexpr-tests/error_traces\.cc''
+              ''^src/libexpr-tests/eval\.cc''
+              ''^src/libexpr-tests/json\.cc''
+              ''^src/libexpr-tests/main\.cc''
+              ''^src/libexpr-tests/primops\.cc''
+              ''^src/libexpr-tests/search-path\.cc''
+              ''^src/libexpr-tests/trivial\.cc''
+              ''^src/libexpr-tests/value/context\.cc''
+              ''^src/libexpr-tests/value/print\.cc''
+              ''^src/libfetchers-tests/public-key\.cc''
+              ''^src/libflake-tests/flakeref\.cc''
+              ''^src/libflake-tests/url-name\.cc''
+              ''^src/libstore-test-support/tests/derived-path\.cc''
+              ''^src/libstore-test-support/tests/derived-path\.hh''
+              ''^src/libstore-test-support/tests/nix_api_store\.hh''
+              ''^src/libstore-test-support/tests/outputs-spec\.cc''
+              ''^src/libstore-test-support/tests/outputs-spec\.hh''
+              ''^src/libstore-test-support/tests/path\.cc''
+              ''^src/libstore-test-support/tests/path\.hh''
+              ''^src/libstore-test-support/tests/protocol\.hh''
+              ''^src/libstore-tests/common-protocol\.cc''
+              ''^src/libstore-tests/content-address\.cc''
+              ''^src/libstore-tests/derivation\.cc''
+              ''^src/libstore-tests/derived-path\.cc''
+              ''^src/libstore-tests/downstream-placeholder\.cc''
+              ''^src/libstore-tests/machines\.cc''
+              ''^src/libstore-tests/nar-info-disk-cache\.cc''
+              ''^src/libstore-tests/nar-info\.cc''
+              ''^src/libstore-tests/outputs-spec\.cc''
+              ''^src/libstore-tests/path-info\.cc''
+              ''^src/libstore-tests/path\.cc''
+              ''^src/libstore-tests/serve-protocol\.cc''
+              ''^src/libstore-tests/worker-protocol\.cc''
+              ''^src/libutil-test-support/tests/characterization\.hh''
+              ''^src/libutil-test-support/tests/hash\.cc''
+              ''^src/libutil-test-support/tests/hash\.hh''
+              ''^src/libutil-tests/args\.cc''
+              ''^src/libutil-tests/canon-path\.cc''
+              ''^src/libutil-tests/chunked-vector\.cc''
+              ''^src/libutil-tests/closure\.cc''
+              ''^src/libutil-tests/compression\.cc''
+              ''^src/libutil-tests/config\.cc''
+              ''^src/libutil-tests/file-content-address\.cc''
+              ''^src/libutil-tests/git\.cc''
+              ''^src/libutil-tests/hash\.cc''
+              ''^src/libutil-tests/hilite\.cc''
+              ''^src/libutil-tests/json-utils\.cc''
+              ''^src/libutil-tests/logging\.cc''
+              ''^src/libutil-tests/lru-cache\.cc''
+              ''^src/libutil-tests/pool\.cc''
+              ''^src/libutil-tests/references\.cc''
+              ''^src/libutil-tests/suggestions\.cc''
+              ''^src/libutil-tests/url\.cc''
+              ''^src/libutil-tests/xml-writer\.cc''
            ];
          };
          shellcheck = {
@@ -166,13 +605,15 @@
              ''^tests/functional/flakes/prefetch\.sh$''
              ''^tests/functional/flakes/run\.sh$''
              ''^tests/functional/flakes/show\.sh$''
-              ''^tests/functional/formatter\.sh$''
-              ''^tests/functional/formatter\.simple\.sh$''
+              ''^tests/functional/fmt\.sh$''
+              ''^tests/functional/fmt\.simple\.sh$''
              ''^tests/functional/gc-auto\.sh$''
              ''^tests/functional/gc-concurrent\.builder\.sh$''
              ''^tests/functional/gc-concurrent\.sh$''
              ''^tests/functional/gc-concurrent2\.builder\.sh$''
              ''^tests/functional/gc-non-blocking\.sh$''
+              ''^tests/functional/git-hashing/common\.sh$''
+              ''^tests/functional/git-hashing/simple\.sh$''
              ''^tests/functional/hash-convert\.sh$''
              ''^tests/functional/impure-derivations\.sh$''
              ''^tests/functional/impure-eval\.sh$''
@@ -248,6 +689,7 @@
              ''^tests/functional/user-envs\.builder\.sh$''
              ''^tests/functional/user-envs\.sh$''
              ''^tests/functional/why-depends\.sh$''
+              ''^src/libutil-tests/data/git/check-data\.sh$''
            ];
          };
        };
--- a/maintainers/format.sh
+++ b/maintainers/format.sh
@@ -1,16 +1,11 @@
 #!/usr/bin/env bash

 if ! type -p pre-commit &>/dev/null; then
-  echo "format.sh: pre-commit not found. Please use \`nix develop -c ./maintainers/format.sh\`.";
+  echo "format.sh: pre-commit not found. Please use \`nix develop\`.";
  exit 1;
 fi;
 if test -z "$_NIX_PRE_COMMIT_HOOKS_CONFIG"; then
-  echo "format.sh: _NIX_PRE_COMMIT_HOOKS_CONFIG not set. Please use \`nix develop -c ./maintainers/format.sh\`.";
+  echo "format.sh: _NIX_PRE_COMMIT_HOOKS_CONFIG not set. Please use \`nix develop\`.";
  exit 1;
 fi;
-
-while ! pre-commit run --config "$_NIX_PRE_COMMIT_HOOKS_CONFIG" --all-files; do
-    if [ "${1:-}" != "--until-stable" ]; then
-        exit 1
-    fi
-done
+pre-commit run --config "$_NIX_PRE_COMMIT_HOOKS_CONFIG" --all-files
--- a/maintainers/release-credits
+++ b/maintainers/release-credits
@@ -109,15 +109,15 @@ for sample in samples:
    s = samples[sample]
    email = s["email"]
    if not email in email_to_handle_cache.values:
-        print(f"Querying GitHub API for {s['hash']}, to get handle for {s['email']}", file=sys.stderr)
+        print(f"Querying GitHub API for {s['hash']}, to get handle for {s['email']}")
        ghc = get_github_commit(samples[sample])
        gha = ghc["author"]
        if gha and gha["login"]:
            handle = gha["login"]
-            print(f"Handle: {handle}", file=sys.stderr)
+            print(f"Handle: {handle}")
            email_to_handle_cache.values[email] = handle
        else:
-            print(f"Found no handle for {s['email']}", file=sys.stderr)
+            print(f"Found no handle for {s['email']}")
            email_to_handle_cache.values[email] = None
    handle = email_to_handle_cache.values[email]
    if handle is not None:
--- a/maintainers/release-notes
+++ b/maintainers/release-notes
@@ -157,7 +157,7 @@ section_title="Release $version_full ($DATE)"

  if ! $IS_PATCH; then
    echo
-    echo "## Contributors"
+    echo "# Contributors"
    echo
    VERSION=$version_full ./maintainers/release-credits
  fi
--- a/maintainers/release-process.md
+++ b/maintainers/release-process.md
@@ -39,6 +39,10 @@ release:
 * Proof-read / edit / rearrange the release notes if needed. Breaking changes
  and highlights should go to the top.

+* Run `maintainers/release-credits` to make sure the credits script works
+  and produces a sensible output. Some emails might not automatically map to
+  a GitHub handle.
+
 * Push.

  ```console
--- a/meson.build
+++ b/meson.build
@@ -1,15 +1,12 @@
 # This is just a stub project to include all the others as subprojects
 # for development shell purposes

-project(
-  'nix-dev-shell',
-  'cpp',
+project('nix-dev-shell', 'cpp',
  version : files('.version'),
  subproject_dir : 'src',
  default_options : [
    'localstatedir=/nix/var',
-  ],
-  meson_version : '>= 1.1',
+  ]
 )

 # Internal Libraries
@@ -28,7 +25,7 @@ subproject('nix')
 if get_option('doc-gen')
  subproject('internal-api-docs')
  subproject('external-api-docs')
-  if meson.can_run_host_binaries()
+  if not meson.is_cross_build()
    subproject('nix-manual')
  endif
 endif
@@ -36,7 +33,6 @@ endif
 # External C wrapper libraries
 subproject('libutil-c')
 subproject('libstore-c')
-subproject('libfetchers-c')
 subproject('libexpr-c')
 subproject('libflake-c')
 subproject('libmain-c')
--- a/meson.format
+++ b/meson.format
@@ -1,7 +0,0 @@
-indent_by = '  '
-space_array = true
-kwargs_force_multiline = false
-wide_colon = true
-group_arg_value = true
-indent_before_comments = ' '
-use_editor_config = true
--- a/meson.options
+++ b/meson.options
@@ -1,29 +1,13 @@
 # vim: filetype=meson

-option(
-  'doc-gen',
-  type : 'boolean',
-  value : false,
+option('doc-gen', type : 'boolean', value : false,
  description : 'Generate documentation',
 )

-option(
-  'unit-tests',
-  type : 'boolean',
-  value : true,
+option('unit-tests', type : 'boolean', value : true,
  description : 'Build unit tests',
 )

-option(
-  'bindings',
-  type : 'boolean',
-  value : true,
+option('bindings', type : 'boolean', value : true,
  description : 'Build language bindings (e.g. Perl)',
 )
-
-option(
-  'benchmarks',
-  type : 'boolean',
-  value : false,
-  description : 'Build benchmarks (requires gbenchmark)',
-)
--- a/misc/launchd/meson.build
+++ b/misc/launchd/meson.build
@@ -9,5 +9,5 @@ configure_file(
    # 'storedir' : store_dir,
    # 'localstatedir' : localstatedir,
    # 'bindir' : bindir,
-},
+  },
 )
--- a/misc/systemd/nix-daemon.conf.in
+++ b/misc/systemd/nix-daemon.conf.in
@@ -1,2 +1 @@
-d @localstatedir@/nix/daemon-socket 0755 root root -  -
-d @localstatedir@/nix/builds        0755 root root 7d -
+d @localstatedir@/nix/daemon-socket 0755 root root - -
--- a/nix-meson-build-support/big-objs/meson.build
+++ b/nix-meson-build-support/big-objs/meson.build
@@ -2,5 +2,5 @@ if host_machine.system() == 'windows'
  # libexpr's primops creates a large object
  # Without the following flag, we'll get errors when cross-compiling to mingw32:
  # Fatal error: can't write 66 bytes to section .text of src/libexpr/libnixexpr.dll.p/primops.cc.obj: 'file too big'
-  add_project_arguments([ '-Wa,-mbig-obj' ], language : 'cpp')
+  add_project_arguments([ '-Wa,-mbig-obj' ], language: 'cpp')
 endif
--- a/nix-meson-build-support/common/meson.build
+++ b/nix-meson-build-support/common/meson.build
@@ -10,33 +10,9 @@ add_project_arguments(
  '-Werror=suggest-override',
  '-Werror=switch',
  '-Werror=switch-enum',
-  '-Werror=undef',
  '-Werror=unused-result',
-  '-Werror=sign-compare',
  '-Wignored-qualifiers',
  '-Wimplicit-fallthrough',
  '-Wno-deprecated-declarations',
  language : 'cpp',
 )
-
-# GCC doesn't benefit much from precompiled headers.
-do_pch = cxx.get_id() == 'clang'
-
-# This is a clang-only option for improving build times.
-# It forces the instantiation of templates in the PCH itself and
-# not every translation unit it's included in.
-# It's available starting from clang 11, which is old enough to not
-# bother checking the version.
-# This feature helps in particular with the expensive nlohmann::json template
-# instantiations in libutil and libstore.
-if cxx.get_id() == 'clang'
-  add_project_arguments('-fpch-instantiate-templates', language : 'cpp')
-endif
-
-# Clang gets grumpy about missing libasan symbols if -shared-libasan is not
-# passed when building shared libs, at least on Linux
-if cxx.get_id() == 'clang' and ('address' in get_option('b_sanitize') or 'undefined' in get_option(
-  'b_sanitize',
-))
-  add_project_link_arguments('-shared-libasan', language : 'cpp')
-endif
--- a/nix-meson-build-support/default-system-cpu/meson.build
+++ b/nix-meson-build-support/default-system-cpu/meson.build
@@ -1,19 +0,0 @@
-# This attempts to translate meson cpu_family and cpu_name specified via
-# --cross-file [1] into a nix *system double*. Nixpkgs mostly respects ([2]) the
-# conventions outlined in [1].
-#
-# [1]: https://mesonbuild.com/Reference-tables.html#cpu-families
-# [2]: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/lib/meson.nix
-
-nix_system_cpu = {'ppc64' : 'powerpc64', 'ppc' : 'powerpc', 'x86' : 'i686'}.get(
-  host_machine.cpu_family(),
-  host_machine.cpu_family(),
-)
-
-if (host_machine.cpu_family() in [ 'ppc64', 'ppc' ]) and host_machine.endian() == 'little'
-  nix_system_cpu += 'le'
-elif host_machine.cpu_family() in [ 'mips64', 'mips' ] and host_machine.endian() == 'little'
-  nix_system_cpu += 'el'
-elif host_machine.cpu_family() == 'arm'
-  nix_system_cpu = host_machine.cpu()
-endif
--- a/nix-meson-build-support/deps-lists/meson.build
+++ b/nix-meson-build-support/deps-lists/meson.build
@@ -6,7 +6,7 @@
 # *interface*.
 #
 # See `man pkg-config` for some details.
-deps_private = []
+deps_private = [ ]

 # These are public dependencies with pkg-config files. Public is the
 # opposite of private: these dependencies are used in installed header
@@ -23,14 +23,14 @@ deps_private = []
 # N.B. For distributions that care about "ABI" stability and not just
 # "API" stability, the private dependencies also matter as they can
 # potentially affect the public ABI.
-deps_public = []
+deps_public = [ ]

 # These are subproject deps (type == "internal"). They are other
 # packages in `/src` in this repo. The private vs public distinction is
 # the same as above.
-deps_private_subproject = []
-deps_public_subproject = []
+deps_private_subproject = [ ]
+deps_public_subproject = [ ]

 # These are dependencencies without pkg-config files. Ideally they are
 # just private, but they may also be public (e.g. boost).
-deps_other = []
+deps_other = [ ]
--- a/nix-meson-build-support/export-all-symbols/meson.build
+++ b/nix-meson-build-support/export-all-symbols/meson.build
@@ -5,7 +5,7 @@ if host_machine.system() == 'cygwin' or host_machine.system() == 'windows'
  # and not detail with this yet.
  #
  # TODO do not do this, and instead do fine-grained export annotations.
-  linker_export_flags = [ '-Wl,--export-all-symbols' ]
+  linker_export_flags = ['-Wl,--export-all-symbols']
 else
  linker_export_flags = []
 endif
--- a/nix-meson-build-support/export/meson.build
+++ b/nix-meson-build-support/export/meson.build
@@ -1,41 +1,33 @@
 requires_private = []
 foreach dep : deps_private_subproject
-  requires_private += dep.name()
+  requires_private  += dep.name()
 endforeach
 requires_private += deps_private

-requires_public = []
+requires_public  = []
 foreach dep : deps_public_subproject
-  requires_public += dep.name()
+  requires_public  += dep.name()
 endforeach
 requires_public += deps_public

 extra_pkg_config_variables = get_variable('extra_pkg_config_variables', {})
-
-extra_cflags = []
-if not meson.project_name().endswith('-c')
-  extra_cflags += [ '-std=c++2a' ]
-endif
-
 import('pkgconfig').generate(
  this_library,
  filebase : meson.project_name(),
  name : 'Nix',
  description : 'Nix Package Manager',
-  extra_cflags : extra_cflags,
+  subdirs : ['nix'],
+  extra_cflags : ['-std=c++2a'],
  requires : requires_public,
  requires_private : requires_private,
  libraries_private : libraries_private,
  variables : extra_pkg_config_variables,
 )

-meson.override_dependency(
-  meson.project_name(),
-  declare_dependency(
-    include_directories : include_dirs,
-    link_with : this_library,
-    compile_args : [ '-std=c++2a' ],
-    dependencies : deps_public_subproject + deps_public,
-    variables : extra_pkg_config_variables,
-  ),
-)
+meson.override_dependency(meson.project_name(), declare_dependency(
+  include_directories : include_dirs,
+  link_with : this_library,
+  compile_args : ['-std=c++2a'],
+  dependencies : deps_public_subproject + deps_public,
+  variables : extra_pkg_config_variables,
+))
--- a/nix-meson-build-support/generate-header/meson.build
+++ b/nix-meson-build-support/generate-header/meson.build
@@ -1,12 +1,7 @@
-bash = find_program('bash', native : true)
+bash = find_program('bash', native: true)

 gen_header = generator(
  bash,
-  arguments : [
-    '-c',
-    '{ echo \'R"__NIX_STR(\' && cat @INPUT@ && echo \')__NIX_STR"\'; } > "$1"',
-    '_ignored_argv0',
-    '@OUTPUT@',
-  ],
+  arguments : [ '-c', '{ echo \'R"__NIX_STR(\' && cat @INPUT@ && echo \')__NIX_STR"\'; } > "$1"', '_ignored_argv0', '@OUTPUT@' ],
  output : '@PLAINNAME@.gen.hh',
 )
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .31.0
 .27.2