Add nix-pack utility

This transforms a set of Nix expressions into a single file. The
typical use case is to replace the top-level default.nix in Nixpkgs
with a single file that includes (almost) all Nix expressions
reachable from that file. This reduces I/O overhead, especially on
non-SSD systems.

.dir-locals.el

@@ -1,16 +0,0 @@
-((c++-mode . (
-  (c-file-style . "k&r")
-  (c-basic-offset . 4)
-  (indent-tabs-mode . nil)
-  (tab-width . 4)
-  (show-trailing-whitespace . t)
-  (indicate-empty-lines . t)
-  (eval . (c-set-offset 'innamespace 0))
-  (eval . (c-set-offset 'defun-open 0))
-  (eval . (c-set-offset 'inline-open 0))
-  (eval . (c-set-offset 'arglist-intro '+))
-  (eval . (c-set-offset 'arglist-cont 0))
-  (eval . (c-set-offset 'arglist-cont-nonempty '+))
-  (eval . (c-set-offset 'substatement-open 0))
-  (eval . (c-set-offset 'access-label '-))
-  )))

.editorconfig

@@ -1,26 +0,0 @@
-# EditorConfig configuration for nix
-# http://EditorConfig.org
-
-# Top-most EditorConfig file
-root = true
-
-# Unix-style newlines with a newline ending every file, utf-8 charset
-[*]
-end_of_line = lf
-insert_final_newline = true
-trim_trailing_whitespace = true
-charset = utf-8
-
-# Match nix files, set indent to spaces with width of two
-[*.nix]
-indent_style = space
-indent_size = 2
-
-# Match c++/shell/perl, set indent to spaces with width of four
-[*.{hpp,cc,hh,sh,pl}]
-indent_style = space
-indent_size = 4
-
-# Match diffs, avoid to trim trailing whitespace
-[*.{diff,patch}]
-trim_trailing_whitespace = false

.github/ISSUE_TEMPLATE.md

@@ -1,27 +0,0 @@
-<!--
-
-# Filing a Nix issue
-
-*WAIT* Are you sure you're filing your issue in the right repository?
-
-We appreciate you taking the time to tell us about issues you encounter, but routing the issue to the right place will get you help sooner and save everyone time.
-
-This is the Nix repository, and issues here should be about Nix the build and package management *_tool_*.
-
-If you have a problem with a specific package on NixOS or when using Nix, you probably want to file an issue with _nixpkgs_, whose issue tracker is over at https://github.com/NixOS/nixpkgs/issues.
-
-Examples of _Nix_ issues:
-
-- Nix segfaults when I run `nix-build -A blahblah`
-- The Nix language needs a new builtin: `builtins.foobar`
-- Regression in the behavior of `nix-env` in Nix 1.12
-
-Examples of _nixpkgs_ issues:
-
-- glibc is b0rked on aarch64
-- chromium in NixOS doesn't support U2F but google-chrome does!
-- The OpenJDK package on macOS is missing a key component
-
-Chances are if you're a newcomer to the Nix world, you'll probably want the [nixpkgs tracker](https://github.com/NixOS/nixpkgs/issues). It also gets a lot more eyeball traffic so you'll probably get a response a lot more quickly.
-
--->

.gitignore

@@ -1,5 +1,4 @@
 Makefile.config
-perl/Makefile.config
 
 # /
 /aclocal.m4
@@ -35,10 +34,31 @@ perl/Makefile.config
 
 # /scripts/
 /scripts/nix-profile.sh
+/scripts/nix-pull
+/scripts/nix-push
+/scripts/nix-switch
+/scripts/nix-collect-garbage
+/scripts/nix-prefetch-url
+/scripts/nix-install-package
+/scripts/nix-channel
+/scripts/nix-build
 /scripts/nix-copy-closure
+/scripts/nix-generate-patches
+/scripts/NixConfig.pm
+/scripts/NixManifest.pm
+/scripts/GeneratePatches.pm
+/scripts/download-using-manifests.pl
+/scripts/copy-from-other-stores.pl
+/scripts/download-from-binary-cache.pl
+/scripts/find-runtime-roots.pl
+/scripts/build-remote.pl
 /scripts/nix-reduce-build
 /scripts/nix-http-export.cgi
 
+# /src/bsdiff-4.3/
+/src/bsdiff-4.3/bsdiff
+/src/bsdiff-4.3/bspatch
+
 # /src/libexpr/
 /src/libexpr/lexer-tab.cc
 /src/libexpr/lexer-tab.hh
@@ -48,38 +68,28 @@ perl/Makefile.config
 /src/libexpr/nix.tbl
 
 # /src/libstore/
-/src/libstore/*.gen.hh
-
-/src/nix/nix
+/src/libstore/schema.sql.hh
 
 # /src/nix-env/
 /src/nix-env/nix-env
 
+# /src/nix-hash/
+/src/nix-hash/nix-hash
+
 # /src/nix-instantiate/
 /src/nix-instantiate/nix-instantiate
 
+# /src/nix-log2xml/
+/src/nix-log2xml/nix-log2xml
+
 # /src/nix-store/
 /src/nix-store/nix-store
 
-/src/nix-prefetch-url/nix-prefetch-url
-
 # /src/nix-daemon/
 /src/nix-daemon/nix-daemon
 
-/src/nix-collect-garbage/nix-collect-garbage
-
-# /src/nix-channel/
-/src/nix-channel/nix-channel
-
-# /src/buildenv/
-/src/buildenv/buildenv
-
-# /src/nix-build/
-/src/nix-build/nix-build
-
-/src/nix-copy-closure/nix-copy-closure
-
-/src/build-remote/build-remote
+# /src/download-via-ssh/
+/src/download-via-ssh/download-via-ssh
 
 # /tests/
 /tests/test-tmp
@@ -99,20 +109,12 @@ perl/Makefile.config
 /misc/systemd/nix-daemon.socket
 /misc/upstart/nix-daemon.conf
 
-/src/resolve-system-dependencies/resolve-system-dependencies
-
-inst/
-
 *.a
 *.o
 *.so
-*.dylib
-*.dll
-*.exe
 *.dep
 *~
 *.pc
-*.plist
 
 # GNU Global
 GPATH

.travis.yml

@@ -1,2 +0,0 @@
-os: osx
-script: ./tests/install-darwin.sh

INSTALL

@@ -0,0 +1,229 @@
+Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
+Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   These are generic installation instructions.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  (Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.)
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You only need
+`configure.ac' if you want to change it or regenerate `configure' using
+a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.  If you're
+     using `csh' on an old version of System V, you might need to type
+     `sh ./configure' instead to prevent `csh' from trying to execute
+     `configure' itself.
+
+     Running `configure' takes awhile.  While running, it prints some
+     messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   If you have to use a `make' that does not support the `VPATH'
+variable, you have to compile the package for one architecture at a
+time in the source code directory.  After you have installed the
+package for one architecture, use `make distclean' before reconfiguring
+for another architecture.
+
+Installation Names
+==================
+
+   By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc.  You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the `--target=TYPE' option to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+will cause the specified gcc to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of the options to `configure', and exit.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+

Makefile

@@ -5,30 +5,27 @@ makefiles = \
   src/libstore/local.mk \
   src/libmain/local.mk \
   src/libexpr/local.mk \
-  src/nix/local.mk \
+  src/nix-hash/local.mk \
   src/nix-store/local.mk \
   src/nix-instantiate/local.mk \
   src/nix-env/local.mk \
   src/nix-daemon/local.mk \
-  src/nix-collect-garbage/local.mk \
-  src/nix-copy-closure/local.mk \
-  src/nix-prefetch-url/local.mk \
-  src/buildenv/local.mk \
-  src/resolve-system-dependencies/local.mk \
-  src/nix-channel/local.mk \
-  src/nix-build/local.mk \
-  src/build-remote/local.mk \
+  src/download-via-ssh/local.mk \
+  src/nix-log2xml/local.mk \
+  src/nix-pack/local.mk \
+  src/bsdiff-4.3/local.mk \
+  perl/local.mk \
   scripts/local.mk \
   corepkgs/local.mk \
   misc/systemd/local.mk \
-  misc/launchd/local.mk \
   misc/upstart/local.mk \
+  misc/emacs/local.mk \
   doc/manual/local.mk \
   tests/local.mk
 
-GLOBAL_CXXFLAGS += -std=c++14 -g -Wall -include config.h
+GLOBAL_CXXFLAGS += -std=c++11 -g -Wall
 
--include Makefile.config
+include Makefile.config
 
 OPTIMIZE = 1
 

Makefile.config.in

@@ -3,24 +3,19 @@ CC = @CC@
 CFLAGS = @CFLAGS@
 CXX = @CXX@
 CXXFLAGS = @CXXFLAGS@
-ENABLE_S3 = @ENABLE_S3@
-HAVE_SODIUM = @HAVE_SODIUM@
-HAVE_READLINE = @HAVE_READLINE@
-HAVE_BROTLI = @HAVE_BROTLI@
-LIBCURL_LIBS = @LIBCURL_LIBS@
+HAVE_OPENSSL = @HAVE_OPENSSL@
 OPENSSL_LIBS = @OPENSSL_LIBS@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
-SODIUM_LIBS = @SODIUM_LIBS@
-LIBLZMA_LIBS = @LIBLZMA_LIBS@
-SQLITE3_LIBS = @SQLITE3_LIBS@
-LIBBROTLI_LIBS = @LIBBROTLI_LIBS@
 bash = @bash@
 bindir = @bindir@
-brotli = @brotli@
-lsof = @lsof@
+bsddiff_compat_include = @bsddiff_compat_include@
+curl = @curl@
 datadir = @datadir@
 datarootdir = @datarootdir@
+dblatex = @dblatex@
+docbookrng = @docbookrng@
+docbookxsl = @docbookxsl@
 docdir = @docdir@
 exec_prefix = @exec_prefix@
 includedir = @includedir@
@@ -28,11 +23,12 @@ libdir = @libdir@
 libexecdir = @libexecdir@
 localstatedir = @localstatedir@
 mandir = @mandir@
+perl = @perl@
+perlbindings = @perlbindings@
+perllibdir = @perllibdir@
 pkglibdir = $(libdir)/$(PACKAGE_NAME)
 prefix = @prefix@
-sandbox_shell = @sandbox_shell@
 storedir = @storedir@
 sysconfdir = @sysconfdir@
-doc_generate = @doc_generate@
 xmllint = @xmllint@
 xsltproc = @xsltproc@

README

@@ -0,0 +1,10 @@
+Nix is a purely functional package manager.  For installation and
+usage instructions, please read the manual, which can be found in
+`docs/manual/manual.html', and additionally at the Nix website at
+<http://nixos.org/>.
+
+
+Acknowledgments
+
+This product includes software developed by the OpenSSL Project for
+use in the OpenSSL Toolkit (http://www.OpenSSL.org/).

README.md

@@ -1,22 +0,0 @@
-Nix, the purely functional package manager
-------------------------------------------
-
-Nix is a new take on package management that is fairly unique. Because of its
-purity aspects, a lot of issues found in traditional package managers don't
-appear with Nix.
-
-To find out more about the tool, usage and installation instructions, please
-read the manual, which is available on the Nix website at
-<http://nixos.org/nix/manual>.
-
-## Contributing
-
-Take a look at the [Hacking Section](http://nixos.org/nix/manual/#chap-hacking)
-of the manual. It helps you to get started with building Nix from source.
-
-## License
-
-Nix is released under the LGPL v2.1
-
-This product includes software developed by the OpenSSL Project for
-use in the [OpenSSL Toolkit](http://www.OpenSSL.org/).

configure.ac

@@ -1,5 +1,5 @@
 AC_INIT(nix, m4_esyscmd([bash -c "echo -n $(cat ./version)$VERSION_SUFFIX"]))
-AC_CONFIG_SRCDIR(README.md)
+AC_CONFIG_SRCDIR(README)
 AC_CONFIG_AUX_DIR(config)
 
 AC_PROG_SED
@@ -16,14 +16,12 @@ AC_ARG_WITH(system, AC_HELP_STRING([--with-system=SYSTEM],
         machine_name="i686";;
      amd64)
         machine_name="x86_64";;
-     armv6|armv7)
-        machine_name="${host_cpu}l";;
      *)
         machine_name="$host_cpu";;
    esac
 
    case "$host_os" in
-     linux-gnu*|linux-musl*)
+     linux-gnu*)
         # For backward compatibility, strip the `-gnu' part.
         system="$machine_name-linux";;
      *)
@@ -50,7 +48,6 @@ test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var
 
 
 # Solaris-specific stuff.
-AC_STRUCT_DIRENT_D_TYPE
 if test "$sys_name" = sunos; then
     # Solaris requires -lsocket -lnsl for network functions
     LIBS="-lsocket -lnsl $LIBS"
@@ -61,7 +58,6 @@ CFLAGS=
 CXXFLAGS=
 AC_PROG_CC
 AC_PROG_CXX
-AX_CXX_COMPILE_STDCXX_11
 
 
 # Use 64-bit file system calls so that we can support files > 2 GiB.
@@ -80,7 +76,17 @@ static char buf[1024];]],
 AC_LANG_POP(C++)
 
 
-AC_CHECK_FUNCS([statvfs pipe2])
+# Check for chroot support (requires chroot() and bind mounts).
+AC_CHECK_FUNCS([chroot])
+AC_CHECK_FUNCS([unshare])
+AC_CHECK_FUNCS([statvfs])
+AC_CHECK_HEADERS([sched.h])
+AC_CHECK_HEADERS([sys/param.h])
+AC_CHECK_HEADERS([sys/mount.h], [], [],
+[#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+# endif
+])
 
 
 # Check for lutimes, optionally used for changing the mtime of
@@ -88,6 +94,10 @@ AC_CHECK_FUNCS([statvfs pipe2])
 AC_CHECK_FUNCS([lutimes])
 
 
+# Check for sched_setaffinity.
+AC_CHECK_FUNCS([sched_setaffinity])
+
+
 # Check whether the store optimiser can optimise symlinks.
 AC_MSG_CHECKING([whether it is possible to create a link to a symlink])
 ln -s bla tmp_link
@@ -106,6 +116,15 @@ AC_CHECK_HEADERS([locale])
 AC_LANG_POP(C++)
 
 
+# Check for <err.h>.
+AC_CHECK_HEADER([err.h], [], [bsddiff_compat_include="-Icompat-include"])
+AC_SUBST([bsddiff_compat_include])
+
+
+# Check for <linux/fs.h> (for immutable file support).
+AC_CHECK_HEADERS([linux/fs.h])
+
+
 AC_DEFUN([NEED_PROG],
 [
 AC_PATH_PROG($1, $2)
@@ -114,21 +133,39 @@ if test -z "$$1"; then
 fi
 ])
 
+NEED_PROG(curl, curl)
 NEED_PROG(bash, bash)
 NEED_PROG(patch, patch)
 AC_PATH_PROG(xmllint, xmllint, false)
 AC_PATH_PROG(xsltproc, xsltproc, false)
 AC_PATH_PROG(flex, flex, false)
 AC_PATH_PROG(bison, bison, false)
+NEED_PROG(perl, perl)
 NEED_PROG(sed, sed)
 NEED_PROG(tar, tar)
 NEED_PROG(bzip2, bzip2)
 NEED_PROG(gzip, gzip)
 NEED_PROG(xz, xz)
 AC_PATH_PROG(dot, dot)
+AC_PATH_PROG(dblatex, dblatex)
 AC_PATH_PROG(pv, pv, pv)
-AC_PATH_PROGS(brotli, brotli bro, bro)
-AC_PATH_PROG(lsof, lsof, lsof)
+
+
+# Test that Perl has the open/fork feature (Perl 5.8.0 and beyond).
+AC_MSG_CHECKING([whether Perl is recent enough])
+if ! $perl -e 'open(FOO, "-|", "true"); while (<FOO>) { print; }; close FOO or die;'; then
+    AC_MSG_RESULT(no)
+    AC_MSG_ERROR([Your Perl version is too old.  Nix requires Perl 5.8.0 or newer.])
+fi
+AC_MSG_RESULT(yes)
+
+
+# Figure out where to install Perl modules.
+AC_MSG_CHECKING([for the Perl installation prefix])
+perlversion=$($perl -e 'use Config; print $Config{version};')
+perlarchname=$($perl -e 'use Config; print $Config{archname};')
+AC_SUBST(perllibdir, [${libdir}/perl5/site_perl/$perlversion/$perlarchname])
+AC_MSG_RESULT($perllibdir)
 
 
 NEED_PROG(cat, cat)
@@ -139,14 +176,33 @@ AC_ARG_WITH(coreutils-bin, AC_HELP_STRING([--with-coreutils-bin=PATH],
 AC_SUBST(coreutils)
 
 
+AC_ARG_WITH(docbook-rng, AC_HELP_STRING([--with-docbook-rng=PATH],
+  [path of the DocBook RelaxNG schema]),
+  docbookrng=$withval, docbookrng=/docbook-rng-missing)
+AC_SUBST(docbookrng)
+
+AC_ARG_WITH(docbook-xsl, AC_HELP_STRING([--with-docbook-xsl=PATH],
+  [path of the DocBook XSL stylesheets]),
+  docbookxsl=$withval, docbookxsl=/docbook-xsl-missing)
+AC_SUBST(docbookxsl)
+
+
 AC_ARG_WITH(store-dir, AC_HELP_STRING([--with-store-dir=PATH],
   [path of the Nix store (defaults to /nix/store)]),
   storedir=$withval, storedir='/nix/store')
 AC_SUBST(storedir)
 
 
-# Look for OpenSSL, a required dependency.
-PKG_CHECK_MODULES([OPENSSL], [libcrypto], [CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"])
+# Look for OpenSSL, an optional dependency.
+AC_PATH_PROG(openssl, openssl, openssl) # if not found, call openssl in $PATH
+AC_SUBST(openssl)
+AC_DEFINE_UNQUOTED(OPENSSL_PATH, ["$openssl"], [Path of the OpenSSL binary])
+
+PKG_CHECK_MODULES([OPENSSL], [libcrypto],
+  [AC_DEFINE([HAVE_OPENSSL], [1], [Whether to use OpenSSL.])
+   CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"
+   have_openssl=1], [have_openssl=])
+AC_SUBST(HAVE_OPENSSL, [$have_openssl])
 
 
 # Look for libbz2, a required dependency.
@@ -160,51 +216,6 @@ AC_CHECK_HEADERS([bzlib.h], [true],
 PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"])
 
 
-# Look for libcurl, a required dependency.
-PKG_CHECK_MODULES([LIBCURL], [libcurl], [CXXFLAGS="$LIBCURL_CFLAGS $CXXFLAGS"])
-
-
-# Look for libsodium, an optional dependency.
-PKG_CHECK_MODULES([SODIUM], [libsodium],
-  [AC_DEFINE([HAVE_SODIUM], [1], [Whether to use libsodium for cryptography.])
-   CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"
-   have_sodium=1], [have_sodium=])
-AC_SUBST(HAVE_SODIUM, [$have_sodium])
-
-
-# Look for liblzma, a required dependency.
-PKG_CHECK_MODULES([LIBLZMA], [liblzma], [CXXFLAGS="$LIBLZMA_CFLAGS $CXXFLAGS"])
-
-
-# Look for libbrotli{enc,dec}, optional dependencies
-PKG_CHECK_MODULES([LIBBROTLI], [libbrotlienc libbrotlidec],
-  [AC_DEFINE([HAVE_BROTLI], [1], [Whether to use libbrotli.])
-   CXXFLAGS="$LIBBROTLI_CFLAGS $CXXFLAGS"]
-   have_brotli=1], [have_brotli=])
-AC_SUBST(HAVE_BROTLI, [$have_brotli])
-
-# Look for libseccomp, required for Linux sandboxing.
-if test "$sys_name" = linux; then
-  PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
-                    [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
-fi
-
-
-# Look for aws-cpp-sdk-s3.
-AC_LANG_PUSH(C++)
-AC_CHECK_HEADERS([aws/s3/S3Client.h],
-  [AC_DEFINE([ENABLE_S3], [1], [Whether to enable S3 support via aws-sdk-cpp.])
-  enable_s3=1], [enable_s3=])
-AC_SUBST(ENABLE_S3, [$enable_s3])
-AC_LANG_POP(C++)
-
-if test -n "$enable_s3"; then
-  declare -a aws_version_tokens=($(printf '#include <aws/core/VersionConfig.h>\nAWS_SDK_VERSION_STRING' | cpp -E | grep -v '^#.*' | sed 's/"//g' | tr '.' ' '))
-  AC_DEFINE_UNQUOTED([AWS_VERSION_MAJOR], ${aws_version_tokens@<:@0@:>@}, [Major version of aws-sdk-cpp.])
-  AC_DEFINE_UNQUOTED([AWS_VERSION_MINOR], ${aws_version_tokens@<:@1@:>@}, [Minor version of aws-sdk-cpp.])
-fi
-
-
 # Whether to use the Boehm garbage collector.
 AC_ARG_ENABLE(gc, AC_HELP_STRING([--enable-gc],
   [enable garbage collection in the Nix expression evaluator (requires Boehm GC) [default=no]]),
@@ -216,25 +227,63 @@ if test "$gc" = yes; then
 fi
 
 
+# Check for the required Perl dependencies (DBI, DBD::SQLite and WWW::Curl).
+perlFlags="-I$perllibdir"
+
+AC_ARG_WITH(dbi, AC_HELP_STRING([--with-dbi=PATH],
+  [prefix of the Perl DBI library]),
+  perlFlags="$perlFlags -I$withval")
+
+AC_ARG_WITH(dbd-sqlite, AC_HELP_STRING([--with-dbd-sqlite=PATH],
+  [prefix of the Perl DBD::SQLite library]),
+  perlFlags="$perlFlags -I$withval")
+
+AC_ARG_WITH(www-curl, AC_HELP_STRING([--with-www-curl=PATH],
+  [prefix of the Perl WWW::Curl library]),
+  perlFlags="$perlFlags -I$withval")
+
+AC_MSG_CHECKING([whether DBD::SQLite works])
+if ! $perl $perlFlags -e 'use DBI; use DBD::SQLite;' 2>&5; then
+    AC_MSG_RESULT(no)
+    AC_MSG_FAILURE([The Perl modules DBI and/or DBD::SQLite are missing.])
+fi
+AC_MSG_RESULT(yes)
+
+AC_MSG_CHECKING([whether WWW::Curl works])
+if ! $perl $perlFlags -e 'use WWW::Curl;' 2>&5; then
+    AC_MSG_RESULT(no)
+    AC_MSG_FAILURE([The Perl module WWW::Curl is missing.])
+fi
+AC_MSG_RESULT(yes)
+
+AC_SUBST(perlFlags)
+
+
+# Whether to build the Perl bindings
+AC_MSG_CHECKING([whether to build the Perl bindings])
+AC_ARG_ENABLE(perl-bindings, AC_HELP_STRING([--enable-perl-bindings],
+  [whether to build the Perl bindings (recommended) [default=yes]]),
+  perlbindings=$enableval, perlbindings=yes)
+if test "$enable_shared" = no; then
+   # Perl bindings require shared libraries.
+   perlbindings=no
+fi
+AC_SUBST(perlbindings)
+AC_MSG_RESULT($perlbindings)
+
+
 AC_ARG_ENABLE(init-state, AC_HELP_STRING([--disable-init-state],
   [do not initialise DB etc. in `make install']),
   init_state=$enableval, init_state=yes)
 #AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes")
 
 
-# documentation generation switch
-AC_ARG_ENABLE(doc-gen, AC_HELP_STRING([--disable-doc-gen],
-  [disable documentation generation]),
-  doc_generate=$enableval, doc_generate=yes)
-AC_SUBST(doc_generate)
-
-
 # Setuid installations.
 AC_CHECK_FUNCS([setresuid setreuid lchown])
 
 
 # Nice to have, but not essential.
-AC_CHECK_FUNCS([strsignal posix_fallocate sysconf])
+AC_CHECK_FUNCS([strsignal posix_fallocate nanosleep sysconf])
 
 
 # This is needed if bzip2 is a static library, and the Nix libraries
@@ -260,12 +309,6 @@ fi
 AC_SUBST(tarFlags)
 
 
-AC_ARG_WITH(sandbox-shell, AC_HELP_STRING([--with-sandbox-shell=PATH],
-  [path of a statically-linked shell to use as /bin/sh in sandboxes]),
-  sandbox_shell=$withval)
-AC_SUBST(sandbox_shell)
-
-
 # Expand all variables in config.status.
 test "$prefix" = NONE && prefix=$ac_default_prefix
 test "$exec_prefix" = NONE && exec_prefix='${prefix}'

corepkgs/buildenv.nix

@@ -5,9 +5,10 @@ with import <nix/config.nix>;
 derivation {
   name = "user-environment";
   system = builtins.currentSystem;
-  builder = nixLibexecDir + "/nix/buildenv";
+  builder = perl;
+  args = [ "-w" ./buildenv.pl ];
 
-  inherit manifest;
+  manifest = manifest;
 
   # !!! grmbl, need structured data for passing this in a clean way.
   derivations =
@@ -22,23 +23,6 @@ derivation {
   # network traffic, so don't do that.
   preferLocalBuild = true;
 
-  # Also don't bother substituting.
-  allowSubstitutes = false;
-
-  __sandboxProfile = ''
-    (allow sysctl-read)
-    (allow file-read*
-           (literal "/usr/lib/libSystem.dylib")
-           (literal "/usr/lib/libSystem.B.dylib")
-           (literal "/usr/lib/libobjc.A.dylib")
-           (literal "/usr/lib/libobjc.dylib")
-           (literal "/usr/lib/libauto.dylib")
-           (literal "/usr/lib/libc++abi.dylib")
-           (literal "/usr/lib/libc++.1.dylib")
-           (literal "/usr/lib/libDiagnosticMessagesClient.dylib")
-           (subpath "/usr/lib/system")
-           (subpath "/dev"))
-  '';
-
-  inherit chrootDeps;
+  # Don't build in a chroot because Nix's dependencies may not be there.
+  __noChroot = true;
 }

corepkgs/buildenv.pl

@@ -0,0 +1,168 @@
+use strict;
+use Cwd;
+use IO::Handle;
+use utf8;
+
+STDOUT->autoflush(1);
+
+my $out = $ENV{"out"};
+mkdir "$out", 0755 || die "error creating $out";
+
+
+my $symlinks = 0;
+
+my %priorities;
+
+
+# For each activated package, create symlinks.
+
+sub createLinks {
+    my $srcDir = shift;
+    my $dstDir = shift;
+    my $priority = shift;
+
+    my @srcFiles = glob("$srcDir/*");
+
+    foreach my $srcFile (@srcFiles) {
+        my $baseName = $srcFile;
+        $baseName =~ s/^.*\///g; # strip directory
+        my $dstFile = "$dstDir/$baseName";
+
+        # The files below are special-cased so that they don't show up
+        # in user profiles, either because they are useless, or
+        # because they would cause pointless collisions (e.g., each
+        # Python package brings its own
+        # `$out/lib/pythonX.Y/site-packages/easy-install.pth'.)
+        # Urgh, hacky...
+        if ($srcFile =~ /\/propagated-build-inputs$/ ||
+            $srcFile =~ /\/nix-support$/ ||
+            $srcFile =~ /\/perllocal.pod$/ ||
+            $srcFile =~ /\/info\/dir$/ ||
+            $srcFile =~ /\/log$/)
+        {
+            # Do nothing.
+        }
+
+        elsif (-d $srcFile) {
+
+            lstat $dstFile;
+
+            if (-d _) {
+                createLinks($srcFile, $dstFile, $priority);
+            }
+
+            elsif (-l _) {
+                my $target = readlink $dstFile or die;
+                if (!-d $target) {
+                    die "collision between directory ‘$srcFile’ and non-directory ‘$target’";
+                }
+                unlink $dstFile or die "error unlinking ‘$dstFile’: $!";
+                mkdir $dstFile, 0755 ||
+                    die "error creating directory ‘$dstFile’: $!";
+                createLinks($target, $dstFile, $priorities{$dstFile});
+                createLinks($srcFile, $dstFile, $priority);
+            }
+
+            else {
+                symlink($srcFile, $dstFile) ||
+                    die "error creating link ‘$dstFile’: $!";
+                $priorities{$dstFile} = $priority;
+                $symlinks++;
+            }
+        }
+
+        else {
+
+            if (-l $dstFile) {
+                my $target = readlink $dstFile;
+                my $prevPriority = $priorities{$dstFile};
+                die("collision between ‘$srcFile’ and ‘$target’; " .
+                    "use ‘nix-env --set-flag priority NUMBER PKGNAME’ " .
+                    "to change the priority of one of the conflicting packages\n")
+                    if $prevPriority == $priority;
+                next if $prevPriority < $priority;
+                unlink $dstFile or die;
+            }
+
+            symlink($srcFile, $dstFile) ||
+                die "error creating link ‘$dstFile’: $!";
+            $priorities{$dstFile} = $priority;
+            $symlinks++;
+        }
+    }
+}
+
+
+my %done;
+my %postponed;
+
+sub addPkg;
+sub addPkg {
+    my $pkgDir = shift;
+    my $priority = shift;
+
+    return if (defined $done{$pkgDir});
+    $done{$pkgDir} = 1;
+
+#    print "symlinking $pkgDir\n";
+    createLinks("$pkgDir", "$out", $priority);
+
+    my $propagatedFN = "$pkgDir/nix-support/propagated-user-env-packages";
+    if (-e $propagatedFN) {
+        open PROP, "<$propagatedFN" or die;
+        my $propagated = <PROP>;
+        close PROP;
+        my @propagated = split ' ', $propagated;
+        foreach my $p (@propagated) {
+            $postponed{$p} = 1 unless defined $done{$p};
+        }
+    }
+}
+
+
+# Convert the stuff we get from the environment back into a coherent
+# data type.
+my @pkgs;
+my @derivations = split ' ', $ENV{"derivations"};
+while (scalar @derivations) {
+    my $active = shift @derivations;
+    my $priority = shift @derivations;
+    my $outputs = shift @derivations;
+    for (my $n = 0; $n < $outputs; $n++) {
+        my $path = shift @derivations;
+        push @pkgs,
+            { path => $path
+            , active => $active ne "false"
+            , priority => int($priority) };
+    }
+}
+
+
+# Symlink to the packages that have been installed explicitly by the
+# user.  Process in priority order to reduce unnecessary
+# symlink/unlink steps.
+@pkgs = sort { $a->{priority} <=> $b->{priority} || $a->{path} cmp $b->{path} } @pkgs;
+foreach my $pkg (@pkgs) {
+    #print $pkg, " ", $pkgs{$pkg}->{priority}, "\n";
+    addPkg($pkg->{path}, $pkg->{priority}) if $pkg->{active};
+}
+
+
+# Symlink to the packages that have been "propagated" by packages
+# installed by the user (i.e., package X declares that it want Y
+# installed as well).  We do these later because they have a lower
+# priority in case of collisions.
+my $priorityCounter = 1000; # don't care about collisions
+while (scalar(keys %postponed) > 0) {
+    my @pkgDirs = keys %postponed;
+    %postponed = ();
+    foreach my $pkgDir (sort @pkgDirs) {
+        addPkg($pkgDir, $priorityCounter++);
+    }
+}
+
+
+print STDERR "created $symlinks symlinks in user environment\n";
+
+
+symlink($ENV{"manifest"}, "$out/manifest.nix") or die "cannot create manifest";

corepkgs/config.nix.in

@@ -2,7 +2,8 @@ let
   fromEnv = var: def:
     let val = builtins.getEnv var; in
     if val != "" then val else def;
-in rec {
+in {
+  perl = "@perl@";
   shell = "@bash@";
   coreutils = "@coreutils@";
   bzip2 = "@bzip2@";
@@ -11,19 +12,6 @@ in rec {
   tar = "@tar@";
   tarFlags = "@tarFlags@";
   tr = "@tr@";
+  curl = "@curl@";
   nixBinDir = fromEnv "NIX_BIN_DIR" "@bindir@";
-  nixPrefix = "@prefix@";
-  nixLibexecDir = fromEnv "NIX_LIBEXEC_DIR" "@libexecdir@";
-  nixLocalstateDir = "@localstatedir@";
-  nixSysconfDir = "@sysconfdir@";
-  nixStoreDir = fromEnv "NIX_STORE_DIR" "@storedir@";
-
-  # If Nix is installed in the Nix store, then automatically add it as
-  # a dependency to the core packages. This ensures that they work
-  # properly in a chroot.
-  chrootDeps =
-    if dirOf nixPrefix == builtins.storeDir then
-      [ (builtins.storePath nixPrefix) ]
-    else
-      [ ];
 }

corepkgs/fetchurl.nix

@@ -1,27 +1,40 @@
-{ system ? builtins.currentSystem
-, url
-, md5 ? "", sha1 ? "", sha256 ? "", sha512 ? ""
-, outputHash ?
-    if sha512 != "" then sha512 else if sha1 != "" then sha1 else if md5 != "" then md5 else sha256
-, outputHashAlgo ?
-    if sha512 != "" then "sha512" else if sha1 != "" then "sha1" else if md5 != "" then "md5" else "sha256"
-, executable ? false
-, unpack ? false
-, name ? baseNameOf (toString url)
-}:
+with import <nix/config.nix>;
 
+{system ? builtins.currentSystem, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? "", executable ? false}:
+
+assert (outputHash != "" && outputHashAlgo != "")
+    || md5 != "" || sha1 != "" || sha256 != "";
+
+let
+
+  builder = builtins.toFile "fetchurl.sh"
+    (''
+      echo "downloading $url into $out"
+      ${curl} --fail --location --max-redirs 20 --insecure "$url" > "$out"
+    '' + (if executable then "${coreutils}/chmod +x $out" else ""));
+
+in
+    
 derivation {
-  builder = "builtin:fetchurl";
+  name = baseNameOf (toString url);
+  builder = shell;
+  args = [ "-e" builder ];
 
   # New-style output content requirements.
-  inherit outputHashAlgo outputHash;
-  outputHashMode = if unpack || executable then "recursive" else "flat";
-
-  inherit name system url executable unpack;
+  outputHashAlgo = if outputHashAlgo != "" then outputHashAlgo else
+      if sha256 != "" then "sha256" else if sha1 != "" then "sha1" else "md5";
+  outputHash = if outputHash != "" then outputHash else
+      if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5;
+  outputHashMode = if executable then "recursive" else "flat";
+  
+  inherit system url;
 
   # No need to double the amount of network traffic
   preferLocalBuild = true;
 
+  # Don't build in a chroot because Nix's dependencies may not be there.
+  __noChroot = true;
+
   impureEnvVars = [
     # We borrow these environment variables from the caller to allow
     # easy proxy configuration.  This is impure, but a fixed-output
@@ -29,7 +42,4 @@ derivation {
     # by definition pure.
     "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
   ];
-
-  # To make "nix-prefetch-url" work.
-  urls = [ url ];
 }

corepkgs/imported-drv-to-derivation.nix

@@ -1,10 +1,10 @@
-attrs @ { drvPath, outputs, name, ... }:
+attrs @ { drvPath, outputs, ... }:
 
 let
 
   commonAttrs = (builtins.listToAttrs outputsList) //
     { all = map (x: x.value) outputsList;
-      inherit drvPath name;
+      inherit drvPath;
       type = "derivation";
     };
 

corepkgs/local.mk

@@ -1,4 +1,4 @@
-corepkgs_FILES = buildenv.nix unpack-channel.nix derivation.nix fetchurl.nix imported-drv-to-derivation.nix
+corepkgs_FILES = nar.nix buildenv.nix buildenv.pl unpack-channel.nix derivation.nix fetchurl.nix imported-drv-to-derivation.nix
 
 $(foreach file,config.nix $(corepkgs_FILES),$(eval $(call install-data-in,$(d)/$(file),$(datadir)/nix/corepkgs)))
 

corepkgs/nar.nix

@@ -0,0 +1,49 @@
+with import <nix/config.nix>;
+
+let
+
+  builder = builtins.toFile "nar.sh"
+    ''
+      export PATH=${nixBinDir}:${coreutils}
+
+      if [ $compressionType = xz ]; then
+        ext=.xz
+        compressor="| ${xz} -7"
+      elif [ $compressionType = bzip2 ]; then
+        ext=.bz2
+        compressor="| ${bzip2}"
+      else
+        ext=
+        compressor=
+      fi
+
+      echo "packing ‘$storePath’..."
+      mkdir $out
+      dst=$out/tmp.nar$ext
+
+      set -o pipefail
+      eval "nix-store --dump \"$storePath\" $compressor > $dst"
+
+      hash=$(nix-hash --flat --type $hashAlgo --base32 $dst)
+      echo -n $hash > $out/nar-compressed-hash
+
+      mv $dst $out/$hash.nar$ext
+    '';
+
+in
+
+{ storePath, hashAlgo, compressionType }:
+
+derivation {
+  name = "nar";
+  system = builtins.currentSystem;
+  builder = shell;
+  args = [ "-e" builder ];
+  inherit storePath hashAlgo compressionType;
+
+  # Don't build in a chroot because Nix's dependencies may not be there.
+  __noChroot = true;
+
+  # Remote machines may not have ${nixBinDir} or ${coreutils} in the same prefixes
+  preferLocalBuild = true;
+}

corepkgs/unpack-channel.nix

@@ -15,9 +15,7 @@ let
       else
         ${bzip2} -d < $src | ${tar} xf - ${tarFlags}
       fi
-      if [ * != $channelName ]; then
-        mv * $out/$channelName
-      fi
+      mv * $out/$channelName
       if [ -n "$binaryCacheURL" ]; then
         mkdir $out/binary-caches
         echo -n "$binaryCacheURL" > $out/binary-caches/$channelName
@@ -39,5 +37,6 @@ derivation {
   # No point in doing this remotely.
   preferLocalBuild = true;
 
-  inherit chrootDeps;
+  # Don't build in a chroot because Nix's dependencies may not be there.
+  __noChroot = true;
 }

dev-shell

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+if [ -e tests/test-tmp ]; then
+    chmod -R u+w tests/test-tmp
+    rm -rf tests/test-tmp
+fi
+
+s=$(type -p nix-shell)
+exec $s release.nix -A tarball --command "
+    unset http_proxy
+    export NIX_REMOTE=$NIX_REMOTE
+    export NIX_PATH='$NIX_PATH'
+    export NIX_BUILD_SHELL=$(type -p bash)
+    export c=\$configureFlags
+    exec $s release.nix -A build.$(if [ $(uname -s) = Darwin ]; then echo x86_64-darwin; else echo x86_64-linux; fi) --exclude tarball --command '
+        configureFlags+=\" \$c --prefix=$(pwd)/inst --sysconfdir=$(pwd)/inst/etc\"
+        return
+    '" \
+    "$@"

doc/manual/advanced-topics/advanced-topics.xml

@@ -1,10 +0,0 @@
-<part xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0">
-
-<title>Advanced Topics</title>
-
-<xi:include href="distributed-builds.xml" />
-
-</part>

doc/manual/builds/build-farm.xml

@@ -0,0 +1,22 @@
+<part xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id='chap-distributed-builds'>
+
+<title>Distributed Builds</title>
+
+<partintro>
+<para>Nix supports distributed builds, where a local Nix installation can
+forward Nix builds to other machines over the network.  This allows
+multiple builds to be performed in parallel (thus improving
+performance) and allows Nix to perform multi-platform builds in a
+semi-transparent way.  For instance, if you perform a build for a
+<literal>powerpc-darwin</literal> on an <literal>i686-linux</literal>
+machine, Nix can automatically forward the build to a
+<literal>powerpc-darwin</literal> machine, if available.</para>
+</partintro>
+
+<xi:include href="enabling-builds.xml" />
+
+</part>

doc/manual/builds/enabling-builds.xml

@@ -2,18 +2,9 @@
       xmlns:xlink="http://www.w3.org/1999/xlink"
       xmlns:xi="http://www.w3.org/2001/XInclude"
       version="5.0"
-      xml:id='chap-distributed-builds'>
+      xml:id="ch-enabling-builds">
 
-<title>Distributed Builds</title>
-
-<para>Nix supports distributed builds, where a local Nix installation can
-forward Nix builds to other machines over the network.  This allows
-multiple builds to be performed in parallel (thus improving
-performance) and allows Nix to perform multi-platform builds in a
-semi-transparent way.  For instance, if you perform a build for a
-<literal>x86_64-darwin</literal> on an <literal>i686-linux</literal>
-machine, Nix can automatically forward the build to a
-<literal>x86_64-darwin</literal> machine, if available.</para>
+<title>Enabling Distributed Builds</title>
 
 <para>You can enable distributed builds by setting the environment
 variable <envar>NIX_BUILD_HOOK</envar> to point to a program that Nix
@@ -22,12 +13,15 @@ will call whenever it wants to build a derivation.  The build hook
 will perform it in the usual way if possible, or it can accept it, in
 which case it is responsible for somehow getting the inputs of the
 build to another machine, doing the build there, and getting the
-results back.</para>
+results back.  The details of the build hook protocol are described in
+the documentation of the <link
+linkend="envar-build-hook"><envar>NIX_BUILD_HOOK</envar>
+variable</link>.</para>
 
 <example xml:id='ex-remote-systems'><title>Remote machine configuration:
 <filename>remote-systems.conf</filename></title>
 <programlisting>
-nix@mcflurry.labs.cs.uu.nl  x86_64-darwin   /home/nix/.ssh/id_quarterpounder_auto  2
+nix@mcflurry.labs.cs.uu.nl  powerpc-darwin  /home/nix/.ssh/id_quarterpounder_auto  2
 nix@scratchy.labs.cs.uu.nl  i686-linux      /home/nix/.ssh/id_scratchy_auto        8 1 kvm
 nix@itchy.labs.cs.uu.nl     i686-linux      /home/nix/.ssh/id_scratchy_auto        8 2
 nix@poochie.labs.cs.uu.nl   i686-linux      /home/nix/.ssh/id_scratchy_auto        8 2 kvm perf
@@ -39,16 +33,15 @@ purposes.  It uses <command>ssh</command> and
 <command>nix-copy-closure</command> to copy the build inputs and
 outputs and perform the remote build.  To use it, you should set
 <envar>NIX_BUILD_HOOK</envar> to
-<filename><replaceable>prefix</replaceable>/libexec/nix/build-remote</filename>.
+<filename><replaceable>prefix</replaceable>/libexec/nix/build-remote.pl</filename>.
 You should also define a list of available build machines and point
-the environment variable <envar>NIX_REMOTE_SYSTEMS</envar> to
-it. <envar>NIX_REMOTE_SYSTEMS</envar> must be an absolute path. An
+the environment variable <envar>NIX_REMOTE_SYSTEMS</envar> to it.  An
 example configuration is shown in <xref linkend='ex-remote-systems'
 />.  Each line in the file specifies a machine, with the following
 bits of information:
 
 <orderedlist>
-
+  
   <listitem><para>The name of the remote machine, with optionally the
   user under which the remote build should be performed.  This is
   actually passed as an argument to <command>ssh</command>, so it can
@@ -56,7 +49,7 @@ bits of information:
   <filename>~/.ssh/config</filename>.</para></listitem>
 
   <listitem><para>A comma-separated list of Nix platform type
-  identifiers, such as <literal>x86_64-darwin</literal>.  It is
+  identifiers, such as <literal>powerpc-darwin</literal>.  It is
   possible for a machine to support multiple platform types, e.g.,
   <literal>i686-linux,x86_64-linux</literal>.</para></listitem>
 
@@ -65,7 +58,7 @@ bits of information:
   should not have a passphrase!</para></listitem>
 
   <listitem><para>The maximum number of builds that
-  <filename>build-remote</filename> will execute in parallel on the
+  <filename>build-remote.pl</filename> will execute in parallel on the
   machine.  Typically this should be equal to the number of CPU cores.
   For instance, the machine <literal>itchy</literal> in the example
   will execute up to 8 builds in parallel.</para></listitem>
@@ -77,12 +70,12 @@ bits of information:
   <listitem><para>A comma-separated list of <emphasis>supported
   features</emphasis>.  If a derivation has the
   <varname>requiredSystemFeatures</varname> attribute, then
-  <filename>build-remote</filename> will only perform the
+  <filename>build-remote.pl</filename> will only perform the
   derivation on a machine that has the specified features.  For
   instance, the attribute
-
+  
 <programlisting>
-requiredSystemFeatures = [ "kvm" ];
+requiredSystemFeatures = [ "kvm" ];  
 </programlisting>
 
   will cause the build to be performed on a machine that has the
@@ -100,6 +93,14 @@ requiredSystemFeatures = [ "kvm" ];
 
 </orderedlist>
 
-</para>
+You should also set up the environment variable
+<envar>NIX_CURRENT_LOAD</envar> to point at a directory (e.g.,
+<filename>/var/run/nix/current-load</filename>) that
+<filename>build-remote.pl</filename> uses to remember how many builds
+it is currently executing remotely.  It doesn't look at the actual
+load on the remote machine, so if you have multiple instances of Nix
+running, they should use the same <envar>NIX_CURRENT_LOAD</envar>
+file.  Maybe in the future <filename>build-remote.pl</filename> will
+look at the actual remote load.</para>
 
-</chapter>
+</chapter>

doc/manual/command-ref/conf-file.xml

@@ -17,48 +17,28 @@
 
 <refsection><title>Description</title>
 
-<para>Nix reads settings from two configuration files:</para>
-
-<itemizedlist>
-
-  <listitem>
-    <para>The system-wide configuration file
-    <filename><replaceable>sysconfdir</replaceable>/nix/nix.conf</filename>
-    (i.e. <filename>/etc/nix/nix.conf</filename> on most systems), or
-    <filename>$NIX_CONF_DIR/nix.conf</filename> if
-    <envar>NIX_CONF_DIR</envar> is set.</para>
-  </listitem>
-
-  <listitem>
-    <para>The user configuration file
-    <filename>$XDG_CONFIG_HOME/nix/nix.conf</filename>, or
-    <filename>~/.config/nix/nix.conf</filename> if
-    <envar>XDG_CONFIG_HOME</envar> is not set.</para>
-  </listitem>
-
-</itemizedlist>
-
-<para>The configuration files consist of
-<literal><replaceable>name</replaceable> =
+<para>A number of persistent settings of Nix are stored in the file
+<filename><replaceable>sysconfdir</replaceable>/nix/nix.conf</filename>.
+This file is a list of <literal><replaceable>name</replaceable> =
 <replaceable>value</replaceable></literal> pairs, one per line.
-Comments start with a <literal>#</literal> character.  Here is an
-example configuration file:</para>
+Comments start with a <literal>#</literal> character.  Here is an example
+configuration file:</para>
 
 <programlisting>
-keep-outputs = true       # Nice for developers
-keep-derivations = true   # Idem
+gc-keep-outputs = true       # Nice for developers
+gc-keep-derivations = true   # Idem
+env-keep-derivations = false
 </programlisting>
 
-<para>You can override settings on the command line using the
-<option>--option</option> flag, e.g. <literal>--option keep-outputs
-false</literal>.</para>
+<para>You can override settings using the <option>--option</option>
+flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
 
 <para>The following settings are currently available:
 
 <variablelist>
 
 
-  <varlistentry xml:id="conf-keep-outputs"><term><literal>keep-outputs</literal></term>
+  <varlistentry xml:id="conf-gc-keep-outputs"><term><literal>gc-keep-outputs</literal></term>
 
     <listitem><para>If <literal>true</literal>, the garbage collector
     will keep the outputs of non-garbage derivations.  If
@@ -75,7 +55,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-keep-derivations"><term><literal>keep-derivations</literal></term>
+  <varlistentry xml:id="conf-gc-keep-derivations"><term><literal>gc-keep-derivations</literal></term>
 
     <listitem><para>If <literal>true</literal> (default), the garbage
     collector will keep the derivations from which non-garbage store
@@ -86,13 +66,13 @@ false</literal>.</para>
     <para>Keeping derivation around is useful for querying and
     traceability (e.g., it allows you to ask with what dependencies or
     options a store path was built), so by default this option is on.
-    Turn it off to save a bit of disk space (or a lot if
-    <literal>keep-outputs</literal> is also turned on).</para></listitem>
+    Turn it off to safe a bit of disk space (or a lot if
+    <literal>gc-keep-outputs</literal> is also turned on).</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry><term><literal>keep-env-derivations</literal></term>
+  <varlistentry><term><literal>env-keep-derivations</literal></term>
 
     <listitem><para>If <literal>false</literal> (default), derivations
     are not stored in Nix user environments.  That is, the derivation
@@ -104,32 +84,32 @@ false</literal>.</para>
     garbage-collected until the user environment generation is deleted
     (<command>nix-env --delete-generations</command>).  To prevent
     build-time-only dependencies from being collected, you should also
-    turn on <literal>keep-outputs</literal>.</para>
+    turn on <literal>gc-keep-outputs</literal>.</para>
 
     <para>The difference between this option and
-    <literal>keep-derivations</literal> is that this one is
+    <literal>gc-keep-derivations</literal> is that this one is
     “sticky”: it applies to any user environment created while this
-    option was enabled, while <literal>keep-derivations</literal>
+    option was enabled, while <literal>gc-keep-derivations</literal>
     only applies at the moment the garbage collector is
     run.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-max-jobs"><term><literal>max-jobs</literal></term>
+  <varlistentry xml:id="conf-build-max-jobs"><term><literal>build-max-jobs</literal></term>
 
     <listitem><para>This option defines the maximum number of jobs
     that Nix will try to build in parallel.  The default is
-    <literal>1</literal>. The special value <literal>auto</literal>
-    causes Nix to use the number of CPUs in your system.  It can be
-    overridden using the <option
+    <literal>1</literal>.  You should generally set it to the number
+    of CPUs in your system (e.g., <literal>2</literal> on an Athlon 64
+    X2).  It can be overridden using the <option
     linkend='opt-max-jobs'>--max-jobs</option> (<option>-j</option>)
     command line switch.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-cores"><term><literal>cores</literal></term>
+  <varlistentry xml:id="conf-build-cores"><term><literal>build-cores</literal></term>
 
     <listitem><para>Sets the value of the
     <envar>NIX_BUILD_CORES</envar> environment variable in the
@@ -148,7 +128,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-max-silent-time"><term><literal>max-silent-time</literal></term>
+  <varlistentry xml:id="conf-build-max-silent-time"><term><literal>build-max-silent-time</literal></term>
 
     <listitem>
 
@@ -169,7 +149,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-timeout"><term><literal>timeout</literal></term>
+  <varlistentry xml:id="conf-build-timeout"><term><literal>build-timeout</literal></term>
 
     <listitem>
 
@@ -189,7 +169,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-max-build-log-size"><term><literal>max-build-log-size</literal></term>
+  <varlistentry xml:id="conf-build-max-log-size"><term><literal>build-max-log-size</literal></term>
 
     <listitem>
 
@@ -244,56 +224,43 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>sandbox</literal></term>
+  <varlistentry><term><literal>build-use-chroot</literal></term>
 
     <listitem><para>If set to <literal>true</literal>, builds will be
-    performed in a <emphasis>sandboxed environment</emphasis>, i.e.,
-    they’re isolated from the normal file system hierarchy and will
-    only see their dependencies in the Nix store, the temporary build
-    directory, private versions of <filename>/proc</filename>,
+    performed in a <emphasis>chroot environment</emphasis>, i.e., the
+    build will be isolated from the normal file system hierarchy and
+    will only see its dependencies in the Nix store, the temporary
+    build directory, private versions of <filename>/proc</filename>,
     <filename>/dev</filename>, <filename>/dev/shm</filename> and
-    <filename>/dev/pts</filename> (on Linux), and the paths configured with the
-    <link linkend='conf-sandbox-paths'><literal>sandbox-paths</literal>
+    <filename>/dev/pts</filename>, and the paths configured with the
+    <link linkend='conf-build-chroot-dirs'><literal>build-chroot-dirs</literal>
     option</link>. This is useful to prevent undeclared dependencies
-    on files in directories such as <filename>/usr/bin</filename>. In
-    addition, on Linux, builds run in private PID, mount, network, IPC
-    and UTS namespaces to isolate them from other processes in the
-    system (except that fixed-output derivations do not run in private
-    network namespace to ensure they can access the network).</para>
+    on files in directories such as
+    <filename>/usr/bin</filename>.</para>
 
-    <para>Currently, sandboxing only work on Linux and macOS. The use
-    of a sandbox requires that Nix is run as root (so you should use
-    the <link linkend='conf-build-users-group'>“build users”
-    feature</link> to perform the actual builds under different users
-    than root).</para>
-
-    <para>If this option is set to <literal>relaxed</literal>, then
-    fixed-output derivations and derivations that have the
-    <varname>__noChroot</varname> attribute set to
-    <literal>true</literal> do not run in sandboxes.</para>
-
-    <para>The default is <literal>false</literal>.</para>
+    <para>The use of a chroot requires that Nix is run as root (so you
+    should use the <link linkend='conf-build-users-group'>“build
+    users” feature</link> to perform the actual builds under different
+    users than root).  Currently, chroot builds only work on Linux
+    because Nix uses “bind mounts” to make the Nix store and other
+    directories available inside the chroot.</para>
 
     </listitem>
 
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-sandbox-paths">
-    <term><literal>sandbox-paths</literal></term>
+  <varlistentry xml:id="conf-build-chroot-dirs"><term><literal>build-chroot-dirs</literal></term>
 
-    <listitem><para>A list of paths bind-mounted into Nix sandbox
-    environments. You can use the syntax
+    <listitem><para>A list of paths bind-mounted into Nix chroot
+    environments.  Contrary to what the name suggests, the specified
+    paths do not have to be directories; you can bind-mount other
+    types of files as well.  You can use the syntax
     <literal><replaceable>target</replaceable>=<replaceable>source</replaceable></literal>
-    to mount a path in a different location in the sandbox; for
+    to mount a path in a different location in the chroot; for
     instance, <literal>/bin=/nix-bin</literal> will mount the path
     <literal>/nix-bin</literal> as <literal>/bin</literal> inside the
-    sandbox. If <replaceable>source</replaceable> is followed by
-    <literal>?</literal>, then it is not an error if
-    <replaceable>source</replaceable> does not exist; for example,
-    <literal>/dev/nvidiactl?</literal> specifies that
-    <filename>/dev/nvidiactl</filename> will only be mounted in the
-    sandbox if it exists in the host filesystem.</para>
+    chroot.</para>
 
     <para>Depending on how Nix was built, the default value for this option
     may be empty or provide <filename>/bin/sh</filename> as a
@@ -302,17 +269,16 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-extra-sandbox-paths">
-    <term><literal>build-extra-sandbox-paths</literal></term>
+  <varlistentry xml:id="conf-build-extra-chroot-dirs"><term><literal>build-extra-chroot-dirs</literal></term>
 
     <listitem><para>A list of additional paths appended to
-    <option>sandbox-paths</option>. Useful if you want to extend
+    <option>build-chroot-dirs</option>. Useful if you want to extend
     its default value.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry><term><literal>substitute</literal></term>
+  <varlistentry><term><literal>build-use-substitutes</literal></term>
 
     <listitem><para>If set to <literal>true</literal> (default), Nix
     will use binary substitutes if available.  This option can be
@@ -321,21 +287,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>builders-use-substitutes</literal></term>
-
-    <listitem><para>If set to <literal>true</literal>, Nix will instruct
-    remote build machines to use their own binary substitutes if available. In
-    practical terms, this means that remote hosts will fetch as many build
-    dependencies as possible from their own substitutes (e.g, from
-    <literal>cache.nixos.org</literal>), instead of waiting for this host to
-    upload them all. This can drastically reduce build times if the network
-    connection between this computer and the remote build host is slow. Defaults
-    to <literal>false</literal>.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><literal>fallback</literal></term>
+  <varlistentry><term><literal>build-fallback</literal></term>
 
     <listitem><para>If set to <literal>true</literal>, Nix will fall
     back to building from source if a binary substitute fails.  This
@@ -345,7 +297,22 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>keep-build-log</literal></term>
+  <varlistentry><term><literal>build-cache-failures</literal></term>
+
+    <listitem><para>If set to <literal>true</literal>, Nix will
+    “cache” build failures, meaning that it will remember (in its
+    database) that a derivation previously failed.  If you then try to
+    build the derivation again, Nix will immediately fail rather than
+    perform the build again.  Failures in fixed-output derivations
+    (such as <function>fetchurl</function> calls) are never cached.
+    The “failed” status of a derivation can be cleared using
+    <command>nix-store --clear-failed-paths</command>.  By default,
+    failure caching is disabled.</para></listitem>
+
+  </varlistentry>
+
+
+  <varlistentry><term><literal>build-keep-log</literal></term>
 
     <listitem><para>If set to <literal>true</literal> (the default),
     Nix will write the build log of a derivation (i.e. the standard
@@ -357,7 +324,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>compress-build-log</literal></term>
+  <varlistentry><term><literal>build-compress-log</literal></term>
 
     <listitem><para>If set to <literal>true</literal> (the default),
     build logs written to <filename>/nix/var/log/nix/drvs</filename>
@@ -367,16 +334,25 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>substituters</literal></term>
+  <varlistentry><term><literal>use-binary-caches</literal></term>
 
-    <listitem><para>A list of URLs of substituters, separated by
-    whitespace.  The default is
-    <literal>https://cache.nixos.org</literal>.</para></listitem>
+    <listitem><para>If set to <literal>true</literal> (the default),
+    Nix will check the binary caches specified by
+    <option>binary-caches</option> and related options to obtain
+    binary substitutes.</para></listitem>
+
+  </varlistentry>
+
+
+  <varlistentry><term><literal>binary-caches</literal></term>
+
+    <listitem><para>A list of URLs of binary caches, separated by
+    whitespace.  The default is
+    <literal>http://cache.nixos.org</literal>.</para></listitem>
 
   </varlistentry>
 
 
-  <!--
   <varlistentry><term><literal>binary-caches-files</literal></term>
 
     <listitem><para>A list of names of files that will be read to
@@ -389,98 +365,51 @@ false</literal>.</para>
     option to read files created by untrusted users!</para></listitem>
 
   </varlistentry>
-  -->
 
 
-  <varlistentry><term><literal>trusted-substituters</literal></term>
+  <varlistentry><term><literal>trusted-binary-caches</literal></term>
 
-    <listitem><para>A list of URLs of substituters, separated by
+    <listitem><para>A list of URLs of binary caches, separated by
     whitespace.  These are not used by default, but can be enabled by
     users of the Nix daemon by specifying <literal>--option
-    substituters <replaceable>urls</replaceable></literal> on the
+    binary-caches <replaceable>urls</replaceable></literal> on the
     command line.  Unprivileged users are only allowed to pass a
-    subset of the URLs listed in <literal>substituters</literal> and
-    <literal>trusted-substituters</literal>.</para></listitem>
+    subset of the URLs listed in <literal>binary-caches</literal> and
+    <literal>trusted-binary-caches</literal>.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry><term><literal>extra-substituters</literal></term>
+  <varlistentry><term><literal>extra-binary-caches</literal></term>
 
     <listitem><para>Additional binary caches appended to those
-    specified in <option>substituters</option>.  When used by
-    unprivileged users, untrusted substituters (i.e. those not listed
-    in <option>trusted-substituters</option>) are silently
+    specified in <option>binary-caches</option> and
+    <option>binary-caches-files</option>.  When used by unprivileged
+    users, untrusted binary caches (i.e. those not listed in
+    <option>trusted-binary-caches</option>) are silently
     ignored.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry><term><literal>require-sigs</literal></term>
+  <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>
 
-    <listitem><para>If set to <literal>true</literal> (the default),
-    any non-content-addressed path added or copied to the Nix store
-    (e.g. when substituting from a binary cache) must have a valid
-    signature, that is, be signed using one of the keys listed in
-    <option>trusted-public-keys</option> or
-    <option>secret-key-files</option>. Set to <literal>false</literal>
-    to disable signature checking.</para></listitem>
+    <listitem><para>The maximum number of parallel HTTP connections
+    used by the binary cache substituter to get NAR info files.  This
+    number should be high to minimise latency.  It defaults to
+    150.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry><term><literal>trusted-public-keys</literal></term>
+  <varlistentry><term><literal>force-manifest</literal></term>
 
-    <listitem><para>A whitespace-separated list of public keys. When
-    paths are copied from another Nix store (such as a binary cache),
-    they must be signed with one of these keys. For example:
-    <literal>cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
-    hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=</literal>.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><literal>secret-key-files</literal></term>
-
-    <listitem><para>A whitespace-separated list of files containing
-    secret (private) keys. These are used to sign locally-built
-    paths. They can be generated using <command>nix-store
-    --generate-binary-cache-key</command>. The corresponding public
-    key can be distributed to other users, who can add it to
-    <option>trusted-public-keys</option> in their
-    <filename>nix.conf</filename>.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><literal>http-connections</literal></term>
-
-    <listitem><para>The maximum number of parallel TCP connections
-    used to fetch files from binary caches and by other downloads. It
-    defaults to 25. 0 means no limit.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><literal>netrc-file</literal></term>
-
-    <listitem><para>If set to an absolute path to a <filename>netrc</filename>
-    file, Nix will use the HTTP authentication credentials in this file when
-    trying to download from a remote host through HTTP or HTTPS. Defaults to
-    <filename>$NIX_CONF_DIR/netrc</filename>.</para>
-
-    <para>The <filename>netrc</filename> file consists of a list of
-    accounts in the following format:
-
-<screen>
-machine <replaceable>my-machine</replaceable>
-login <replaceable>my-username</replaceable>
-password <replaceable>my-password</replaceable>
-</screen>
-
-    For the exact syntax, see <link
-    xlink:href="https://ec.haxx.se/usingcurl-netrc.html">the
-    <literal>curl</literal> documentation.</link></para></listitem>
+    <listitem><para>If this option is set to <literal>false</literal>
+    (default) and a Nix channel provides both a manifest and a binary
+    cache, only the binary cache will be used.  If set to
+    <literal>true</literal>, the manifest will be fetched as well.
+    This is useful if you want to use binary patches (which are
+    currently not supported by binary caches).</para></listitem>
 
   </varlistentry>
 
@@ -490,15 +419,15 @@ password <replaceable>my-password</replaceable>
     <listitem><para>This option specifies the canonical Nix system
     name of the current installation, such as
     <literal>i686-linux</literal> or
-    <literal>x86_64-darwin</literal>.  Nix can only build derivations
+    <literal>powerpc-darwin</literal>.  Nix can only build derivations
     whose <literal>system</literal> attribute equals the value
     specified here.  In general, it never makes sense to modify this
     value from its default, since you can use it to ‘lie’ about the
     platform you are building on (e.g., perform a Mac OS build on a
     Linux machine; the result would obviously be wrong).  It only
     makes sense if the Nix binaries can run on multiple platforms,
-    e.g., ‘universal binaries’ that run on <literal>x86_64-linux</literal> and
-    <literal>i686-linux</literal>.</para>
+    e.g., ‘universal binaries’ that run on <literal>powerpc-darwin</literal> and
+    <literal>i686-darwin</literal>.</para>
 
     <para>It defaults to the canonical Nix system name detected by
     <filename>configure</filename> at build time.</para></listitem>
@@ -544,6 +473,20 @@ password <replaceable>my-password</replaceable>
   </varlistentry>
 
 
+  <varlistentry xml:id="conf-log-servers"><term><literal>log-servers</literal></term>
+
+    <listitem>
+
+      <para>A list of URL prefixes (such as
+      <literal>http://hydra.nixos.org/log</literal>) from which
+      <command>nix-store -l</command> will try to fetch build logs if
+      they’re not available locally.</para>
+
+    </listitem>
+
+  </varlistentry>
+
+
   <varlistentry xml:id="conf-trusted-users"><term><literal>trusted-users</literal></term>
 
     <listitem>
@@ -557,12 +500,11 @@ password <replaceable>my-password</replaceable>
       <literal>wheel</literal> group. The default is
       <literal>root</literal>.</para>
 
-      <warning><para>Adding a user to <option>trusted-users</option>
-      is essentially equivalent to giving that user root access to the
-      system. For example, the user can set
-      <option>sandbox-paths</option> and thereby obtain read access to
-      directories that are otherwise inacessible to
-      them.</para></warning>
+      <warning><para>The users listed here have the ability to
+      compromise the security of a multi-user Nix store. For instance,
+      they could install Trojan horses subsequently executed by other
+      users. So you should consider carefully whether to add users to
+      this list.</para></warning>
 
     </listitem>
 
@@ -587,153 +529,6 @@ password <replaceable>my-password</replaceable>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-restrict-eval"><term><literal>restrict-eval</literal></term>
-
-    <listitem>
-
-      <para>If set to <literal>true</literal>, the Nix evaluator will
-      not allow access to any files outside of the Nix search path (as
-      set via the <envar>NIX_PATH</envar> environment variable or the
-      <option>-I</option> option), or to URIs outside of
-      <option>allowed-uri</option>. The default is
-      <literal>false</literal>.</para>
-
-    </listitem>
-
-  </varlistentry>
-
-
-  <varlistentry xml:id="conf-allowed-uris"><term><literal>allowed-uris</literal></term>
-
-    <listitem>
-
-      <para>A list of URI prefixes to which access is allowed in
-      restricted evaluation mode. For example, when set to
-      <literal>https://github.com/NixOS</literal>, builtin functions
-      such as <function>fetchGit</function> are allowed to access
-      <literal>https://github.com/NixOS/patchelf.git</literal>.</para>
-
-    </listitem>
-
-  </varlistentry>
-
-
-  <varlistentry xml:id="conf-pre-build-hook"><term><literal>pre-build-hook</literal></term>
-
-    <listitem>
-
-
-      <para>If set, the path to a program that can set extra
-      derivation-specific settings for this system. This is used for settings
-      that can't be captured by the derivation model itself and are too variable
-      between different versions of the same system to be hard-coded into nix.
-      </para>
-
-      <para>The hook is passed the derivation path and, if sandboxes are enabled,
-      the sandbox directory. It can then modify the sandbox and send a series of
-      commands to modify various settings to stdout. The currently recognized
-      commands are:</para>
-
-      <variablelist>
-        <varlistentry xml:id="extra-sandbox-paths">
-          <term><literal>extra-sandbox-paths</literal></term>
-
-          <listitem>
-
-            <para>Pass a list of files and directories to be included in the
-            sandbox for this build. One entry per line, terminated by an empty
-            line. Entries have the same format as
-            <literal>sandbox-paths</literal>.</para>
-
-          </listitem>
-
-        </varlistentry>
-      </variablelist>
-    </listitem>
-
-  </varlistentry>
-
-
-  <varlistentry xml:id="conf-repeat"><term><literal>repeat</literal></term>
-
-    <listitem><para>How many times to repeat builds to check whether
-    they are deterministic. The default value is 0. If the value is
-    non-zero, every build is repeated the specified number of
-    times. If the contents of any of the runs differs from the
-    previous ones, the build is rejected and the resulting store paths
-    are not registered as “valid” in Nix’s database.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry xml:id="conf-sandbox-dev-shm-size"><term><literal>sandbox-dev-shm-size</literal></term>
-
-    <listitem><para>This option determines the maximum size of the
-    <literal>tmpfs</literal> filesystem mounted on
-    <filename>/dev/shm</filename> in Linux sandboxes. For the format,
-    see the description of the <option>size</option> option of
-    <literal>tmpfs</literal> in
-    <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>. The
-    default is <literal>50%</literal>.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry xml:id="conf-allow-import-from-derivation"><term><literal>allow-import-from-derivation</literal></term>
-
-    <listitem><para>By default, Nix allows you to <function>import</function> from a derivation,
-    allowing building at evaluation time. With this option set to false, Nix will throw an error
-    when evaluating an expression that uses this feature, allowing users to ensure their evaluation
-    will not require any builds to take place.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry xml:id="conf-allow-new-privileges"><term><literal>allow-new-privileges</literal></term>
-
-    <listitem><para>(Linux-specific.) By default, builders on Linux
-    cannot acquire new privileges by calling setuid/setgid programs or
-    programs that have file capabilities. For example, programs such
-    as <command>sudo</command> or <command>ping</command> will
-    fail. (Note that in sandbox builds, no such programs are available
-    unless you bind-mount them into the sandbox via the
-    <option>sandbox-paths</option> option.) You can allow the
-    use of such programs by enabling this option. This is impure and
-    usually undesirable, but may be useful in certain scenarios
-    (e.g. to spin up containers or set up userspace network interfaces
-    in tests).</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry xml:id="conf-hashed-mirrors"><term><literal>hashed-mirrors</literal></term>
-
-    <listitem><para>A list of web servers used by
-    <function>builtins.fetchurl</function> to obtain files by
-    hash. The default is
-    <literal>http://tarballs.nixos.org/</literal>. Given a hash type
-    <replaceable>ht</replaceable> and a base-16 hash
-    <replaceable>h</replaceable>, Nix will try to download the file
-    from
-    <literal>hashed-mirror/<replaceable>ht</replaceable>/<replaceable>h</replaceable></literal>.
-    This allows files to be downloaded even if they have disappeared
-    from their original URI. For example, given the default mirror
-    <literal>http://tarballs.nixos.org/</literal>, when building the derivation
-
-<programlisting>
-builtins.fetchurl {
-  url = https://example.org/foo-1.2.3.tar.xz;
-  sha256 = "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae";
-}
-</programlisting>
-
-    Nix will attempt to download this file from
-    <literal>http://tarballs.nixos.org/sha256/2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae</literal>
-    first. If it is not available there, if will try the original URI.</para></listitem>
-
-  </varlistentry>
-
-
 </variablelist>
 
 </para>

doc/manual/command-ref/env-common.xml

@@ -11,12 +11,6 @@
 
 <variablelist xml:id="env-common">
 
-<varlistentry><term><envar>IN_NIX_SHELL</envar></term>
-
-  <listitem><para>Indicator that tells if the current environment was set up by
-  <command>nix-shell</command>.</para></listitem>
-
-</varlistentry>
 
 <varlistentry xml:id="env-NIX_PATH"><term><envar>NIX_PATH</envar></term>
 
@@ -42,20 +36,8 @@ nixpkgs=/home/eelco/Dev/nixpkgs-branch:/etc/nixos</screen>
     <literal>&lt;nixpkgs/<replaceable>path</replaceable>></literal> in
     <filename>/home/eelco/Dev/nixpkgs-branch/<replaceable>path</replaceable></filename>
     and
-    <filename>/etc/nixos/nixpkgs/<replaceable>path</replaceable></filename>.</para>
-
-    <para>If a path in the Nix search path starts with
-    <literal>http://</literal> or <literal>https://</literal>, it is
-    interpreted as the URL of a tarball that will be downloaded and
-    unpacked to a temporary location. The tarball must consist of a
-    single top-level directory. For example, setting
-    <envar>NIX_PATH</envar> to
-
-    <screen>
-nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz</screen>
-
-    tells Nix to download the latest revision in the Nixpkgs/NixOS
-    14.12 channel.</para>
+    <filename>/etc/nixos/nixpkgs/<replaceable>path</replaceable></filename>.
+    </para>
 
     <para>The search path can be extended using the <option
     linkend="opt-I">-I</option> option, which takes precedence over
@@ -129,6 +111,15 @@ $ mount -o bind /mnt/otherdisk/nix /nix</screen>
 </varlistentry>
 
 
+<varlistentry><term><envar>NIX_DB_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix database (default
+  <filename><replaceable>$NIX_STATE_DIR</replaceable>/db</filename>, i.e.,
+  <filename><replaceable>prefix</replaceable>/var/nix/db</filename>).</para></listitem>
+
+</varlistentry>
+
+
 <varlistentry><term><envar>NIX_CONF_DIR</envar></term>
 
   <listitem><para>Overrides the location of the Nix configuration
@@ -148,6 +139,139 @@ $ mount -o bind /mnt/otherdisk/nix /nix</screen>
 </varlistentry>
 
 
+<varlistentry xml:id="envar-build-hook"><term><envar>NIX_BUILD_HOOK</envar></term>
+
+  <listitem>
+
+  <para>Specifies the location of the <emphasis>build hook</emphasis>,
+  which is a program (typically some script) that Nix will call
+  whenever it wants to build a derivation.  This is used to implement
+  distributed builds<phrase condition="manual"> (see <xref
+  linkend="chap-distributed-builds" />)</phrase>.</para>
+
+  <!--
+  The protocol by
+  which the calling Nix process and the build hook communicate is as
+  follows.
+
+  <para>The build hook is called with the following command-line
+  arguments:
+
+  <orderedlist>
+
+    <listitem><para>A boolean value <literal>0</literal> or
+    <literal>1</literal> specifying whether Nix can locally execute
+    more builds, as per the <link
+    linkend="opt-max-jobs"><option>- -max-jobs</option> option</link>.
+    The purpose of this argument is to allow the hook to not have to
+    maintain bookkeeping for the local machine.</para></listitem>
+
+    <listitem><para>The Nix platform identifier for the local machine
+    (e.g., <literal>i686-linux</literal>).</para></listitem>
+
+    <listitem><para>The Nix platform identifier for the derivation,
+    i.e., its <link linkend="attr-system"><varname>system</varname>
+    attribute</link>.</para></listitem>
+
+    <listitem><para>The store path of the derivation.</para></listitem>
+
+  </orderedlist>
+
+  </para>
+
+  <para>On the basis of this information, and whatever persistent
+  state the build hook keeps about other machines and their current
+  load, it has to decide what to do with the build.  It should print
+  out on standard error one of the following responses (terminated by
+  a newline, <literal>"\n"</literal>):
+
+  <variablelist>
+
+    <varlistentry><term><literal># decline</literal></term>
+
+      <listitem><para>The build hook is not willing or able to perform
+      the build; the calling Nix process should do the build itself,
+      if possible.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal># postpone</literal></term>
+
+      <listitem><para>The build hook cannot perform the build now, but
+      can do so in the future (e.g., because all available build slots
+      on remote machines are in use).  The calling Nix process should
+      postpone this build until at least one currently running build
+      has terminated.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal># accept</literal></term>
+
+      <listitem><para>The build hook has accepted the
+      build.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  <para>After sending <literal># accept</literal>, the hook should
+  read one line from standard input, which will be the string
+  <literal>okay</literal>.  It can then proceed with the build.
+  Before sending <literal>okay</literal>, Nix will store in the hook’s
+  current directory a number of text files that contain information
+  about the derivation:
+
+  <variablelist>
+
+    <varlistentry><term><filename>inputs</filename></term>
+
+      <listitem><para>The set of store paths that are inputs to the
+      build process (one per line).  These have to be copied
+      <emphasis>to</emphasis> the remote machine (in addition to the
+      store derivation itself).</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><filename>outputs</filename></term>
+
+      <listitem><para>The set of store paths that are outputs of the
+      derivation (one per line).  These have to be copied
+      <emphasis>from</emphasis> the remote machine if the build
+      succeeds.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><filename>references</filename></term>
+
+      <listitem><para>The reference graph of the inputs, in the format
+      accepted by the command <command>nix-store
+      - -register-validity</command>.  It is necessary to run this
+      command on the remote machine after copying the inputs to inform
+      Nix on the remote machine that the inputs are valid
+      paths.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  <para>The hook should copy the inputs to the remote machine,
+  register the validity of the inputs, perform the remote build, and
+  copy the outputs back to the local machine.  An exit code other than
+  <literal>0</literal> indicates that the hook has failed.  An exit
+  code equal to 100 means that the remote build failed (as opposed to,
+  e.g., a network error).</para>
+  -->
+
+  </listitem>
+
+
+</varlistentry>
+
+
 <varlistentry xml:id="envar-remote"><term><envar>NIX_REMOTE</envar></term>
 
   <listitem><para>This variable should be set to

doc/manual/command-ref/nix-build.xml

@@ -58,13 +58,6 @@ and so on).</para>
 <command>nix-build</command> will use <filename>default.nix</filename>
 in the current directory, if it exists.</para>
 
-<para>If an element of <replaceable>paths</replaceable> starts with
-<literal>http://</literal> or <literal>https://</literal>, it is
-interpreted as the URL of a tarball that will be downloaded and
-unpacked to a temporary location. The tarball must include a single
-top-level directory containing at least a file named
-<filename>default.nix</filename>.</para>
-
 <para><command>nix-build</command> is essentially a wrapper around
 <link
 linkend="sec-nix-instantiate"><command>nix-instantiate</command></link>
@@ -182,15 +175,6 @@ bar
 
 </para>
 
-<para>Build the GNU Hello package from the latest revision of the
-master branch of Nixpkgs:
-
-<screen>
-$ nix-build https://github.com/NixOS/nixpkgs/archive/master.tar.gz -A hello
-</screen>
-
-</para>
-
 </refsection>
 
 

doc/manual/command-ref/nix-channel.xml

@@ -21,7 +21,7 @@
     <command>nix-channel</command>
     <group choice='req'>
       <arg choice='plain'><option>--add</option> <replaceable>url</replaceable> <arg choice='opt'><replaceable>name</replaceable></arg></arg>
-      <arg choice='plain'><option>--remove</option> <replaceable>name</replaceable></arg>
+      <arg choice='plain'><option>--remove</option> <replaceable>url</replaceable></arg>
       <arg choice='plain'><option>--list</option></arg>
       <arg choice='plain'><option>--update</option> <arg rep='repeat'><replaceable>names</replaceable></arg></arg>
       <arg choice='plain'><option>--rollback</option> <arg choice='opt'><replaceable>generation</replaceable></arg></arg>
@@ -33,8 +33,8 @@
 
 <para>A Nix channel is mechanism that allows you to automatically stay
 up-to-date with a set of pre-built Nix expressions.  A Nix channel is
-just a URL that points to a place containing both a set of Nix
-expressions and a pointer to a binary cache.  <phrase
+just a URL that points to a place containing a set of Nix expressions
+and a <command>nix-push</command> manifest.  <phrase
 condition="manual">See also <xref linkend="sec-channels"
 />.</phrase></para>
 
@@ -73,10 +73,11 @@ condition="manual">See also <xref linkend="sec-channels"
 
     <listitem><para>Downloads the Nix expressions of all subscribed
     channels (or only those included in
-    <replaceable>names</replaceable> if specified) and makes them the
+    <replaceable>names</replaceable> if specified), makes them the
     default for <command>nix-env</command> operations (by symlinking
-    them from the directory
-    <filename>~/.nix-defexpr</filename>).</para></listitem>
+    them from the directory <filename>~/.nix-defexpr</filename>), and
+    performs a <command>nix-pull</command> on the manifests of all
+    channels to make pre-built binaries available.</para></listitem>
 
   </varlistentry>
 
@@ -98,6 +99,13 @@ an update.</para>
 <para>The list of subscribed channels is stored in
 <filename>~/.nix-channels</filename>.</para>
 
+<para>A channel consists of two elements: a bzipped Tar archive
+containing the Nix expressions, and a manifest created by
+<command>nix-push</command>.  These must be stored under
+<literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal> and
+<literal><replaceable>url</replaceable>/MANIFEST</literal>,
+respectively.</para>
+
 </refsection>
 
 <refsection><title>Examples</title>
@@ -128,7 +136,7 @@ $ nix-instantiate --eval -E '(import &lt;nixpkgs> {}).lib.nixpkgsVersion'
 
 <variablelist>
 
-  <varlistentry><term><filename>/nix/var/nix/profiles/per-user/<replaceable>username</replaceable>/channels</filename></term>
+  <varlistentry><term><filename>/nix/var/nix/profiles/<replaceable>username</replaceable>/channels</filename></term>
 
     <listitem><para><command>nix-channel</command> uses a
     <command>nix-env</command> profile to keep track of previous
@@ -143,7 +151,7 @@ $ nix-instantiate --eval -E '(import &lt;nixpkgs> {}).lib.nixpkgsVersion'
   <varlistentry><term><filename>~/.nix-defexpr/channels</filename></term>
 
     <listitem><para>This is a symlink to
-    <filename>/nix/var/nix/profiles/per-user/<replaceable>username</replaceable>/channels</filename>. It
+    <filename>/nix/var/nix/profiles/<replaceable>username</replaceable>/channels</filename>. It
     ensures that <command>nix-env</command> can find your channels. In
     a multi-user installation, you may also have
     <filename>~/.nix-defexpr/channels_root</filename>, which links to
@@ -155,37 +163,4 @@ $ nix-instantiate --eval -E '(import &lt;nixpkgs> {}).lib.nixpkgsVersion'
 
 </refsection>
 
-<refsection><title>Channel format</title>
-
-<para>A channel URL should point to a directory containing the
-following files:</para>
-
-<variablelist>
-
-  <varlistentry><term><filename>nixexprs.tar.xz</filename></term>
-
-    <listitem><para>A tarball containing Nix expressions and files
-    referenced by them (such as build scripts and patches). At
-    top-level, the tarball should contain a single directory. That
-    directory must contain a file <filename>default.nix</filename>
-    that serves as the channel’s “entry point”.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><filename>binary-cache-url</filename></term>
-
-    <listitem><para>A file containing the URL to a binary cache (such
-    as <uri>https://cache.nixos.org</uri>. Nix will automatically
-    check this cache for pre-built binaries, if the user has
-    sufficient rights to add binary caches. For instance, in a
-    multi-user Nix setup, the binary caches provided by the channels
-    of the root user are used automatically, but caches corresponding
-    to the channels of non-root users are ignored.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</refsection>
-
 </refentry>

doc/manual/command-ref/nix-collect-garbage.xml

@@ -28,7 +28,6 @@
       <arg choice='plain'><option>--print-dead</option></arg>
       <arg choice='plain'><option>--delete</option></arg>
     </group>
-    <arg><option>--max-freed</option> <replaceable>bytes</replaceable></arg>
     <arg><option>--dry-run</option></arg>
   </cmdsynopsis>
 </refsynopsisdiv>

doc/manual/command-ref/nix-copy-closure.xml

@@ -22,16 +22,14 @@
       <arg choice='plain'><option>--to</option></arg>
       <arg choice='plain'><option>--from</option></arg>
     </group>
+    <arg><option>--sign</option></arg>
     <arg><option>--gzip</option></arg>
     <!--
     <arg><option>- -show-progress</option></arg>
     -->
     <arg><option>--include-outputs</option></arg>
-    <group>
-      <arg choice='plain'><option>--use-substitutes</option></arg>
-      <arg choice='plain'><option>-s</option></arg>
-    </group>
-    <arg><option>-v</option></arg>
+    <arg><option>--use-substitutes</option></arg>
+    <arg><option>-s</option></arg>
     <arg choice='plain'>
       <replaceable>user@</replaceable><replaceable>machine</replaceable>
     </arg>
@@ -44,7 +42,7 @@
 
 <para><command>nix-copy-closure</command> gives you an easy and
 efficient way to exchange software between machines.  Given one or
-more Nix store <replaceable>paths</replaceable> on the local
+more Nix store paths <replaceable>paths</replaceable> on the local
 machine, <command>nix-copy-closure</command> computes the closure of
 those paths (i.e. all their dependencies in the Nix store), and copies
 all paths in the closure to the remote machine via the
@@ -88,6 +86,23 @@ those paths.  If this bothers you, use
 
   </varlistentry>
 
+  <varlistentry><term><option>--sign</option></term>
+
+    <listitem><para>Let the sending machine cryptographically sign the
+    dump of each path with the key in
+    <filename><replaceable>sysconfdir</replaceable>/nix/signing-key.sec</filename>.
+    If the user on the target machine does not have direct access to
+    the Nix store (i.e., if the target machine has a multi-user Nix
+    installation), then the target machine will check the dump against
+    <filename><replaceable>sysconfdir</replaceable>/nix/signing-key.pub</filename>
+    before unpacking it in its Nix store.  This allows secure sharing
+    of store paths between untrusted users on two machines, provided
+    that there is a trust relation between the Nix installations on
+    both machines (namely, they have matching public/secret
+    keys).</para></listitem>
+
+  </varlistentry>
+
   <varlistentry><term><option>--gzip</option></term>
 
     <listitem><para>Enable compression of the SSH
@@ -123,12 +138,6 @@ those paths.  If this bothers you, use
 
   </varlistentry>
 
-  <varlistentry><term><option>-v</option></term>
-
-    <listitem><para>Show verbose output.</para></listitem>
-
-  </varlistentry>
-
 </variablelist>
 
 </refsection>

doc/manual/command-ref/nix-env.xml

@@ -146,26 +146,20 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 
 <variablelist>
 
-  <varlistentry><term><option>--file</option> / <option>-f</option> <replaceable>path</replaceable></term>
+  <varlistentry><term><option>--file</option></term>
+    <term><option>-f</option></term>
 
     <listitem><para>Specifies the Nix expression (designated below as
     the <emphasis>active Nix expression</emphasis>) used by the
     <option>--install</option>, <option>--upgrade</option>, and
     <option>--query --available</option> operations to obtain
     derivations.  The default is
-    <filename>~/.nix-defexpr</filename>.</para>
-
-    <para>If the argument starts with <literal>http://</literal> or
-    <literal>https://</literal>, it is interpreted as the URL of a
-    tarball that will be downloaded and unpacked to a temporary
-    location. The tarball must include a single top-level directory
-    containing at least a file named <filename>default.nix</filename>.</para>
-
-    </listitem>
+    <filename>~/.nix-defexpr</filename>.</para></listitem>
 
   </varlistentry>
 
-  <varlistentry><term><option>--profile</option> / <option>-p</option> <replaceable>path</replaceable></term>
+  <varlistentry><term><option>--profile</option></term>
+    <term><option>-p</option></term>
 
     <listitem><para>Specifies the profile to be used by those
     operations that operate on a profile (designated below as the
@@ -365,10 +359,6 @@ number of possible ways:
   linkend="rsec-nix-store-realise">realised</link> and
   installed.</para></listitem>
 
-  <listitem><para>By default all outputs are installed for each derivation.
-  That can be reduced by setting <literal>meta.outputsToInstall</literal>.
-  </para></listitem> <!-- TODO: link nixpkgs docs on the ability to override those. -->
-
 </itemizedlist>
 
 </para>
@@ -380,7 +370,7 @@ number of possible ways:
 
 <variablelist>
 
-  <varlistentry><term><option>--prebuilt-only</option> / <option>-b</option></term>
+  <varlistentry><term><option>--prebuild-only</option> / <option>-b</option></term>
 
     <listitem><para>Use only derivations for which a substitute is
     registered, i.e., there is a pre-built binary available that can
@@ -426,7 +416,7 @@ $ nix-env --install gcc-3.3.2
 installing `gcc-3.3.2'
 uninstalling `gcc-3.1'</screen>
 
-Note the previously installed version is removed, since
+Note the the previously installed version is removed, since
 <option>--preserve-installed</option> was not specified.</para>
 
 <para>To install an arbitrary version:
@@ -491,27 +481,21 @@ set returned by calling the function defined in
 source:
 
 <screen>
-$ nix-env -f '&lt;nixpkgs>' -iA hello --dry-run
+$ nix-env -f pkgs/top-level/all-packages.nix -i f-spot --dry-run
 (dry run; not doing anything)
-installing ‘hello-2.10’
-these paths will be fetched (0.04 MiB download, 0.19 MiB unpacked):
-  /nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10
+installing `f-spot-0.0.10'
+the following derivations will be built:
+  /nix/store/0g63jv9aagwbgci4nnzs2dkxqz84kdja-libgnomeprintui-2.12.1.tar.bz2.drv
+  /nix/store/0gfarvxq6sannsdw8a1ir40j1ys2mqb4-ORBit2-2.14.2.tar.bz2.drv
+  /nix/store/0i9gs5zc04668qiy60ga2rc16abkj7g8-sqlite-2.8.17.drv
+  <replaceable>...</replaceable>
+the following paths will be substituted:
+  /nix/store/8zbipvm4gp9jfqh9nnk1n3bary1a37gs-perl-XML-Parser-2.34
+  /nix/store/b8a2bg7gnyvvvjjibp4axg9x1hzkw36c-mono-1.1.4
   <replaceable>...</replaceable></screen>
 
 </para>
 
-<para>To install Firefox from the latest revision in the Nixpkgs/NixOS
-14.12 channel:
-
-<screen>
-$ nix-env -f https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz -iA firefox
-</screen>
-
-(The GitHub repository <literal>nixpkgs-channels</literal> is updated
-automatically from the main <literal>nixpkgs</literal> repository
-after certain tests have succeeded and binaries have been built and
-uploaded to the binary cache at <uri>cache.nixos.org</uri>.)</para>
-
 </refsection>
 
 </refsection>
@@ -717,44 +701,6 @@ $ nix-env -e '.*' <lineannotation>(remove everything)</lineannotation></screen>
 
 
 
-<!--######################################################################-->
-
-<refsection xml:id="rsec-nix-env-set"><title>Operation <option>--set</option></title>
-
-<refsection><title>Synopsis</title>
-
-<cmdsynopsis>
-  <command>nix-env</command>
-  <arg choice='plain'><option>--set</option></arg>
-  <arg choice='plain'><replaceable>drvname</replaceable></arg>
-</cmdsynopsis>
-</refsection>
-
-<refsection><title>Description</title>
-
-<para>The <option>--set</option> operation modifies the current generation of a
-profile so that it contains exactly the specified derivation, and nothing else.
-</para>
-
-</refsection>
-
-<refsection><title>Examples</title>
-
-<para>
-The following updates a profile such that its current generation will contain
-just Firefox:
-
-<screen>
-$ nix-env -p /nix/var/nix/profiles/browser --set firefox</screen>
-
-</para>
-
-</refsection>
-
-</refsection>
-
-
-
 <!--######################################################################-->
 
 <refsection xml:id="rsec-nix-env-set-flag"><title>Operation <option>--set-flag</option></title>
@@ -1008,7 +954,7 @@ user environment elements, etc. -->
 
   </varlistentry>
 
-  <varlistentry><term><option>--prebuilt-only</option> / <option>-b</option></term>
+  <varlistentry><term><option>--prebuild-only</option> / <option>-b</option></term>
 
     <listitem><para>Show only derivations for which a substitute is
     registered, i.e., there is a pre-built binary available that can
@@ -1134,7 +1080,7 @@ user environment elements, etc. -->
 
     <listitem><para>Print all of the meta-attributes of the
     derivation.  This option is only available with
-    <option>--xml</option> or <option>--json</option>.</para></listitem>
+    <option>--xml</option>.</para></listitem>
 
   </varlistentry>
 
@@ -1145,103 +1091,54 @@ user environment elements, etc. -->
 
 <refsection><title>Examples</title>
 
-<para>To show installed packages:
-
 <screen>
-$ nix-env -q
+$ nix-env -q <lineannotation>(show installed derivations)</lineannotation>
 bison-1.875c
 docbook-xml-4.2
 firefox-1.0.4
 MPlayer-1.0pre7
 ORBit2-2.8.3
-<replaceable>…</replaceable>
-</screen>
+...
 
-</para>
-
-<para>To show available packages:
-
-<screen>
-$ nix-env -qa
+$ nix-env -qa <lineannotation>(show available derivations)</lineannotation>
 firefox-1.0.7
 GConf-2.4.0.1
 MPlayer-1.0pre7
 ORBit2-2.8.3
-<replaceable>…</replaceable>
-</screen>
+...
 
-</para>
-
-<para>To show the status of available packages:
-
-<screen>
-$ nix-env -qas
+$ nix-env -qas      <lineannotation>(show status of available derivations)</lineannotation>
 -P- firefox-1.0.7   <lineannotation>(not installed but present)</lineannotation>
 --S GConf-2.4.0.1   <lineannotation>(not present, but there is a substitute for fast installation)</lineannotation>
 --S MPlayer-1.0pre3 <lineannotation>(i.e., this is not the installed MPlayer, even though the version is the same!)</lineannotation>
 IP- ORBit2-2.8.3    <lineannotation>(installed and by definition present)</lineannotation>
-<replaceable>…</replaceable>
-</screen>
+...
 
-</para>
-
-<para>To show available packages in the Nix expression <filename>foo.nix</filename>:
-
-<screen>
+<lineannotation>(show available derivations in the Nix expression <!-- !!! <filename>-->foo.nix<!-- </filename> -->)</lineannotation>
 $ nix-env -f ./foo.nix -qa
 foo-1.2.3
-</screen>
 
-</para>
-
-<para>To compare installed versions to what’s available:
-
-<screen>
-$ nix-env -qc
+$ nix-env -qc <lineannotation>(compare installed versions to what’s available)</lineannotation>
 <replaceable>...</replaceable>
 acrobat-reader-7.0 - ?      <lineannotation>(package is not available at all)</lineannotation>
 autoconf-2.59      = 2.59   <lineannotation>(same version)</lineannotation>
 firefox-1.0.4      &lt; 1.0.7  <lineannotation>(a more recent version is available)</lineannotation>
 <replaceable>...</replaceable>
-</screen>
 
-</para>
-
-<para>To show all packages with “<literal>zip</literal>” in the name:
-
-<screen>
-$ nix-env -qa '.*zip.*'
+$ nix-env -qa '.*zip.*' <lineannotation>(show all packages with “zip” in the name)</lineannotation>
 bzip2-1.0.6
 gzip-1.6
 zip-3.0
-<replaceable>…</replaceable>
-</screen>
+<replaceable>...</replaceable>
 
-</para>
-
-<para>To show all packages with “<literal>firefox</literal>” or
-“<literal>chromium</literal>” in the name:
-
-<screen>
-$ nix-env -qa '.*(firefox|chromium).*'
+$ nix-env -qa '.*(firefox|chromium).*' <lineannotation>(show all packages with “firefox” or “chromium” in the name)</lineannotation>
 chromium-37.0.2062.94
 chromium-beta-38.0.2125.24
 firefox-32.0.3
 firefox-with-plugins-13.0.1
-<replaceable>…</replaceable>
+<replaceable>...</replaceable>
 </screen>
 
-</para>
-
-<para>To show all packages in the latest revision of the Nixpkgs
-repository:
-
-<screen>
-$ nix-env -f https://github.com/NixOS/nixpkgs/archive/master.tar.gz -qa
-</screen>
-
-</para>
-
 </refsection>
 
 </refsection>

doc/manual/command-ref/nix-generate-patches.xml

@@ -0,0 +1,44 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-nix-generate-patches">
+
+<refmeta>
+  <refentrytitle>nix-generate-patches</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-generate-patches</refname>
+  <refpurpose>generates binary patches between NAR files</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-generate-patches</command>
+    <arg choice='plain'><replaceable>NAR-DIR</replaceable></arg>
+	<arg choice='plain'><replaceable>PATCH-DIR</replaceable></arg>
+	<arg choice='plain'><replaceable>PATCH-URI</replaceable></arg>
+	<arg choice='plain'><replaceable>OLD-MANIFEST</replaceable></arg>
+	<arg choice='plain'><replaceable>NEW-MANIFEST</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-generate-patches</command> generates
+binary patches between NAR files listed in OLD-MANIFEST and NEW-MANIFEST.
+The patches are written to the directory PATCH-DIR, and the prefix
+PATCH-URI is used to generate URIs for the patches.  The patches are
+added to NEW-MANIFEST.  All NARs are required to exist in NAR-DIR.
+Patches are generated between succeeding versions of packages with
+the same name.</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/command-ref/nix-hash.xml

@@ -44,9 +44,7 @@
 cryptographic hash of the contents of each
 <replaceable>path</replaceable> and prints it on standard output.  By
 default, it computes an MD5 hash, but other hash algorithms are
-available as well.  The hash is printed in hexadecimal.  To generate
-the same hash as <command>nix-prefetch-url</command> you have to
-specify multiple arguments, see below for an example.</para>
+available as well.  The hash is printed in hexadecimal.</para>
 
 <para>The hash is computed over a <emphasis>serialisation</emphasis>
 of each path: a dump of the file system tree rooted at the path.  This
@@ -124,15 +122,6 @@ cryptographic hash as <literal>nix-store --dump
 
 <refsection><title>Examples</title>
 
-<para>Computing the same hash as <command>nix-prefetch-url</command>:
-<screen>
-$ nix-prefetch-url file://&lt;(echo test)
-1lkgqb6fclns49861dwk9rzb6xnfkxbpws74mxnx01z9qyv1pjpj
-$ nix-hash --type sha256 --flat --base32 &lt;(echo test)
-1lkgqb6fclns49861dwk9rzb6xnfkxbpws74mxnx01z9qyv1pjpj
-</screen>
-</para>
-
 <para>Computing hashes:
 
 <screen>

doc/manual/command-ref/nix-install-package.xml

@@ -0,0 +1,207 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-nix-install-package">
+  
+<refmeta>
+  <refentrytitle>nix-install-package</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-install-package</refname>
+  <refpurpose>install a Nix Package file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-install-package</command>
+    <arg><option>--non-interactive</option></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--profile</option></arg>
+        <arg choice='plain'><option>-p</option></arg>
+      </group>
+      <replaceable>path</replaceable>
+    </arg>
+    <arg><option>--set</option></arg>
+    <sbr />
+    <group choice='req'>
+      <arg choice='req'>
+        <option>--url</option>
+        <arg choice='plain'><replaceable>url</replaceable></arg>
+      </arg>
+      <arg choice='req'>
+        <arg choice='plain'><replaceable>file</replaceable></arg>
+      </arg>
+    </group>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-install-package</command> interactively
+installs a Nix Package file (<filename>*.nixpkg</filename>), which is
+a small file that contains a store path to be installed along with the
+URL of a <link linkend="sec-nix-push"><command>nix-push</command>
+manifest</link>.  The Nix Package file is either
+<replaceable>file</replaceable>, or automatically downloaded from
+<replaceable>url</replaceable> if the <option>--url</option> switch is
+used.</para>
+
+<para><command>nix-install-package</command> is used in <link
+linkend="sec-one-click">one-click installs</link> to download and
+install pre-built binary packages with all necessary dependencies.
+<command>nix-install-package</command> is intended to be associated
+with the MIME type <literal>application/nix-package</literal> in a web
+browser so that it is invoked automatically when you click on
+<filename>*.nixpkg</filename> files.  When invoked, it restarts itself
+in a terminal window (since otherwise it would be invisible when run
+from a browser), asks the user to confirm whether to install the
+package, and if so downloads and installs the package into the user’s
+current profile.</para>
+
+<para>To obtain a window, <command>nix-install-package</command> tries
+to restart itself with <command>xterm</command>,
+<command>konsole</command> and
+<command>gnome-terminal</command>.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+  
+  <varlistentry><term><option>--non-interactive</option></term>
+
+    <listitem><para>Do not open a new terminal window and do not ask
+    for confirmation.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--profile</option></term>
+    <term><option>-p</option></term>
+
+    <listitem><para>Install the package into the specified profile
+    rather than the user’s current profile.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--set</option></term>
+
+    <listitem><para>Install the package as the profile so that the
+    profile contains exactly the contents of the package.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To install <filename>subversion-1.4.0.nixpkg</filename> into the
+user’s current profile, without any prompting:
+
+<screen>
+$ nix-install-package --non-interactive subversion-1.4.0.nixpkg</screen>
+
+</para>
+
+<para>To install the same package from some URL into a different
+profile:
+
+<screen>
+$ nix-install-package --non-interactive -p /nix/var/nix/profiles/eelco \
+    --url http://nix.cs.uu.nl/dist/nix/nixpkgs-0.10pre6622/pkgs/subversion-1.4.0-i686-linux.nixpkg</screen>
+
+</para>
+
+</refsection>
+
+
+<refsection><title>Format of <literal>nixpkg</literal> files</title>
+
+<para>A Nix Package file consists of a single line with the following
+format:
+
+<screen>
+NIXPKG1 <replaceable>manifestURL</replaceable> <replaceable>name</replaceable> <replaceable>system</replaceable> <replaceable>drvPath</replaceable> <replaceable>outPath</replaceable></screen>
+
+The elements are as follows:
+
+<variablelist>
+
+  <varlistentry><term><literal>NIXPKG1</literal></term>
+  
+    <listitem><para>The version of the Nix Package
+    file.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>manifestURL</replaceable></term>
+  
+    <listitem><para>The manifest to be pulled by
+    <command>nix-pull</command>.  The manifest must contain
+    <replaceable>outPath</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>name</replaceable></term>
+  
+    <listitem><para>The symbolic name and version of the
+    package.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>system</replaceable></term>
+  
+    <listitem><para>The platform identifier of the platform for which
+    this binary package is intended.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>drvPath</replaceable></term>
+  
+    <listitem><para>The path in the Nix store of the derivation from
+    which <replaceable>outPath</replaceable> was built.  Not currently
+    used.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>outPath</replaceable></term>
+  
+    <listitem><para>The path in the Nix store of the package.  After
+    <command>nix-install-package</command> has obtained the manifest
+    from <replaceable>manifestURL</replaceable>, it performs a
+    <literal>nix-env -i</literal> <replaceable>outPath</replaceable>
+    to install the binary package.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+  
+</para>
+
+<para>An example follows:
+
+<screen>
+NIXPKG1 http://.../nixpkgs-0.10pre6622/MANIFEST subversion-1.4.0 i686-darwin \
+  /nix/store/4kh60jkp...-subversion-1.4.0.drv \
+  /nix/store/nkw7wpgb...-subversion-1.4.0</screen>
+
+(The line breaks (<literal>\</literal>) are for presentation purposes
+and not part of the actual file.)
+
+</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/command-ref/nix-instantiate.xml

@@ -24,7 +24,6 @@
       <arg choice='plain'>
         <option>--eval</option>
         <arg><option>--strict</option></arg>
-        <arg><option>--json</option></arg>
         <arg><option>--xml</option></arg>
       </arg>
     </group>
@@ -39,15 +38,14 @@
     </arg>
     <arg><option>--add-root</option> <replaceable>path</replaceable></arg>
     <arg><option>--indirect</option></arg>
-    <group>
+    <group choice='req'>
       <arg choice='plain'><option>--expr</option></arg>
       <arg choice='plain'><option>-E</option></arg>
     </group>
     <arg choice='plain' rep='repeat'><replaceable>files</replaceable></arg>
-  </cmdsynopsis>
-  <cmdsynopsis>
+    <sbr/>
     <command>nix-instantiate</command>
-    <arg choice='plain'><option>--find-file</option></arg>
+    <arg choice='plain'><option>--file-file</option></arg>
     <arg choice='plain' rep='repeat'><replaceable>files</replaceable></arg>
   </cmdsynopsis>
 </refsynopsisdiv>
@@ -117,6 +115,26 @@ input.</para>
 
   </varlistentry>
 
+  <varlistentry><term><option>--xml</option></term>
+
+    <listitem><para>When used with <option>--parse</option> and
+    <option>--eval</option>, print the resulting expression as an
+    XML representation of the abstract syntax tree rather than as an
+    ATerm.  The schema is the same as that used by the <link
+    linkend="builtin-toXML"><function>toXML</function>
+    built-in</link>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--json</option></term>
+
+    <listitem><para>When used with <option>--parse</option> and
+    <option>--eval</option>, print the resulting expression as an
+    JSON representation of the abstract syntax tree rather than as an
+    ATerm.</para></listitem>
+
+  </varlistentry>
+
   <varlistentry><term><option>--strict</option></term>
 
     <listitem><para>When used with <option>--eval</option>,
@@ -131,24 +149,6 @@ input.</para>
 
   </varlistentry>
 
-  <varlistentry><term><option>--json</option></term>
-
-    <listitem><para>When used with <option>--eval</option>, print the resulting
-    value as an JSON representation of the abstract syntax tree rather
-    than as an ATerm.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--xml</option></term>
-
-    <listitem><para>When used with <option>--eval</option>, print the resulting
-    value as an XML representation of the abstract syntax tree rather than as
-    an ATerm. The schema is the same as that used by the <link
-    linkend="builtin-toXML"><function>toXML</function> built-in</link>.
-    </para></listitem>
-
-  </varlistentry>
-
   <varlistentry><term><option>--read-write-mode</option></term>
 
     <listitem><para>When used with <option>--eval</option>, perform

doc/manual/command-ref/nix-prefetch-url.xml

@@ -3,7 +3,7 @@
       xmlns:xi="http://www.w3.org/2001/XInclude"
       version="5.0"
       xml:id="sec-nix-prefetch-url">
-
+  
 <refmeta>
   <refentrytitle>nix-prefetch-url</refentrytitle>
   <manvolnum>1</manvolnum>
@@ -19,16 +19,13 @@
 <refsynopsisdiv>
   <cmdsynopsis>
     <command>nix-prefetch-url</command>
-    <arg><option>--version</option></arg>
     <arg><option>--type</option> <replaceable>hashAlgo</replaceable></arg>
-    <arg><option>--print-path</option></arg>
-    <arg><option>--unpack</option></arg>
-    <arg><option>--name</option> <replaceable>name</replaceable></arg>
     <arg choice='plain'><replaceable>url</replaceable></arg>
     <arg><replaceable>hash</replaceable></arg>
   </cmdsynopsis>
 </refsynopsisdiv>
 
+
 <refsection><title>Description</title>
 
 <para>The command <command>nix-prefetch-url</command> downloads the
@@ -57,8 +54,8 @@ error if signaled if the actual hash of the file does not match the
 specified hash.</para>
 
 <para>This command prints the hash on standard output.  Additionally,
-if the option <option>--print-path</option> is used, the path of the
-downloaded file in the Nix store is also printed.</para>
+if the environment variable <envar>PRINT_PATH</envar> is set, the path
+of the downloaded file in the Nix store is also printed.</para>
 
 </refsection>
 
@@ -66,7 +63,7 @@ downloaded file in the Nix store is also printed.</para>
 <refsection><title>Options</title>
 
 <variablelist>
-
+  
   <varlistentry><term><option>--type</option> <replaceable>hashAlgo</replaceable></term>
 
     <listitem><para>Use the specified cryptographic hash algorithm,
@@ -76,35 +73,6 @@ downloaded file in the Nix store is also printed.</para>
 
   </varlistentry>
 
-  <varlistentry><term><option>--print-path</option></term>
-
-    <listitem><para>Print the store path of the downloaded file on
-    standard output.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--unpack</option></term>
-
-    <listitem><para>Unpack the archive (which must be a tarball or zip
-    file) and add the result to the Nix store. The resulting hash can
-    be used with functions such as Nixpkgs’s
-    <varname>fetchzip</varname> or
-    <varname>fetchFromGitHub</varname>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--name</option> <replaceable>name</replaceable></term>
-
-    <listitem><para>Override the name of the file in the Nix store. By
-    default, this is
-    <literal><replaceable>hash</replaceable>-<replaceable>basename</replaceable></literal>,
-    where <replaceable>basename</replaceable> is the last component of
-    <replaceable>url</replaceable>. Overriding the name is necessary
-    when <replaceable>basename</replaceable> contains characters that
-    are not allowed in Nix store paths.</para></listitem>
-
-  </varlistentry>
-
 </variablelist>
 
 </refsection>
@@ -113,19 +81,14 @@ downloaded file in the Nix store is also printed.</para>
 <refsection><title>Examples</title>
 
 <screen>
-$ nix-prefetch-url ftp://ftp.gnu.org/pub/gnu/hello/hello-2.10.tar.gz
-0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i
+$ nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
+0bbd1df101bc0294d440471e50feca71
 
-$ nix-prefetch-url --print-path mirror://gnu/hello/hello-2.10.tar.gz
-0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i
-/nix/store/3x7dwzq014bblazs7kq20p9hyzz0qh8g-hello-2.10.tar.gz
-
-$ nix-prefetch-url --unpack --print-path https://github.com/NixOS/patchelf/archive/0.8.tar.gz
-079agjlv0hrv7fxnx9ngipx14gyncbkllxrp9cccnh3a50fxcmy7
-/nix/store/19zrmhm3m40xxaw81c8cqm6aljgrnwj2-0.8.tar.gz
-</screen>
+$ PRINT_PATH=1 nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
+0bbd1df101bc0294d440471e50feca71
+/nix/store/wvyz8ifdn7wyz1p3pqyn0ra45ka2l492-make-3.80.tar.bz2</screen>
 
 </refsection>
 
-
+    
 </refentry>

doc/manual/command-ref/nix-pull.xml

@@ -0,0 +1,51 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-nix-pull">
+
+<refmeta>
+  <refentrytitle>nix-pull</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-pull</refname>
+  <refpurpose>pull substitutes from a network cache</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-pull</command>
+    <arg choice='plain'><replaceable>url</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-pull</command> obtains a list of
+pre-built store paths from the URL <replaceable>url</replaceable>, and
+for each of these store paths, registers a substitute derivation that
+downloads and unpacks it into the Nix store.  This is used to speed up
+installations: if you attempt to install something that has already
+been built and stored into the network cache, Nix can transparently
+re-use the pre-built store paths.</para>
+
+<para>The file at <replaceable>url</replaceable> must be compatible
+with the files created by <replaceable>nix-push</replaceable>.</para>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<screen>
+$ nix-pull http://nix.cs.uu.nl/dist/nix/nixpkgs-0.5pre753/MANIFEST</screen>
+
+</refsection>
+
+
+</refentry>

doc/manual/command-ref/nix-push.xml

@@ -0,0 +1,399 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-nix-push">
+
+<refmeta>
+  <refentrytitle>nix-push</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-push</refname>
+  <refpurpose>generate a binary cache</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-push</command>
+    <arg choice='plain'><option>--dest</option> <replaceable>dest-dir</replaceable></arg>
+    <arg><option>--bzip2</option></arg>
+    <arg><option>--none</option></arg>
+    <arg><option>--force</option></arg>
+    <arg><option>--link</option></arg>
+    <arg><option>--manifest</option></arg>
+    <arg><option>--manifest-path</option> <replaceable>filename</replaceable></arg>
+    <arg><option>--url-prefix</option> <replaceable>url</replaceable></arg>
+    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-push</command> produces a
+<emphasis>binary cache</emphasis>, a directory containing compressed
+Nix archives (NARs) plus some metadata of the closure of the specified
+store paths.  This directory can then be made available through a web
+server to other Nix installations, allowing them to skip building from
+source and instead download binaries from the cache
+automatically.</para>
+
+<para><command>nix-push</command> performs the following actions.
+      
+<orderedlist>
+
+  <listitem><para>Each path in <replaceable>paths</replaceable> is
+  built (using <link
+  linkend='rsec-nix-store-realise'><command>nix-store
+  --realise</command></link>).</para></listitem>
+
+  <listitem><para>All paths in the closure of
+  <replaceable>paths</replaceable> are determined (using
+  <command>nix-store --query --requisites
+  --include-outputs</command>).  Note that since the
+  <option>--include-outputs</option> flag is used, if
+  <replaceable>paths</replaceable> includes a store derivation, you
+  get a combined source/binary distribution (e.g., source tarballs
+  will be included).</para></listitem>
+
+  <listitem><para>All store paths determined in the previous step are
+  packaged into a NAR (using <command>nix-store --dump</command>) and
+  compressed using <command>xz</command> or <command>bzip2</command>.
+  The resulting files have the extension <filename>.nar.xz</filename>
+  or <filename>.nar.bz2</filename>.  Also for each store path, Nix
+  generates a file with extension <filename>.narinfo</filename>
+  containing metadata such as the references, cryptographic hash and
+  size of each path.</para></listitem>
+
+  <listitem><para>Optionally, a single <emphasis>manifest</emphasis>
+  file is created that contains the same metadata as the
+  <filename>.narinfo</filename> files.  This is for compatibility with
+  Nix versions prior to 1.2 (see <command>nix-pull</command> for
+  details).</para></listitem>
+
+  <listitem><para>A file named <option>nix-cache-info</option> is
+  placed in the destination directory.  The existence of this file
+  marks the directory as a binary cache.</para></listitem>
+
+</orderedlist>
+
+</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+
+  <varlistentry><term><option>--dest</option> <replaceable>dest-dir</replaceable></term>
+
+    <listitem><para>Set the destination directory to
+    <replaceable>dir</replaceable>, which is created if it does not
+    exist.  This flag is required.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--bzip2</option></term>
+
+    <listitem><para>Compress NARs using <command>bzip2</command>
+    instead of <command>xz -9</command>.  The latter compresses about
+    30% better on typical archives, decompresses about twice as fast,
+    but compresses a lot slower and is not supported by Nix prior to
+    version 1.2.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--none</option></term>
+
+    <listitem><para>Do not compress NARs.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--force</option></term>
+
+    <listitem><para>Overwrite <filename>.narinfo</filename> files if
+    they already exist.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--link</option></term>
+
+    <listitem><para>By default, NARs are generated in the Nix store
+    and then copied to <replaceable>dest-dir</replaceable>.  If this
+    option is given, hard links are used instead.  This only works if
+    <replaceable>dest-dir</replaceable> is on the same filesystem as
+    the Nix store.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--manifest</option></term>
+
+    <listitem><para>Force the generation of a manifest suitable for
+    use by <command>nix-pull</command>.  The manifest is stored as
+    <filename><replaceable>dest-dir</replaceable>/MANIFEST</filename>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--manifest-path</option> <replaceable>filename</replaceable></term>
+
+    <listitem><para>Like <option>--manifest</option>, but store the
+    manifest in <replaceable>filename</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--url-prefix</option> <replaceable>url</replaceable></term>
+
+    <listitem><para>Manifests are expected to contain the absolute
+    URLs of NARs.  For generating these URLs, the prefix
+    <replaceable>url</replaceable> is used.  It defaults to
+    <uri>file://<replaceable>dest-dir</replaceable></uri>.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To add the closure of Thunderbird to a binary cache:
+
+<screen>
+$ nix-push --dest /tmp/cache $(nix-build -A thunderbird)
+</screen>
+
+Assuming that <filename>/tmp/cache</filename> is exported by a web
+server as <uri>http://example.org/cache</uri>, you can then use this
+cache on another machine to speed up the installation of Thunderbird:
+
+<screen>
+$ nix-build -A thunderbird --option binary-caches http://example.org/cache
+</screen>
+
+Alternatively, you could add <literal>binary-caches =
+http://example.org/cache</literal> to
+<filename>nix.conf</filename>.</para>
+
+<para>To also include build-time dependencies (such as source
+tarballs):
+
+<screen>
+$ nix-push --dest /tmp/cache $(nix-instantiate -A thunderbird)
+</screen>
+
+</para>
+
+<para>To generate a manifest suitable for <command>nix-pull</command>:
+
+<screen>
+$ nix-push --dest /tmp/cache $(nix-build -A thunderbird) --manifest
+</screen>
+
+On another machine you can then do:
+
+<screen>
+$ nix-pull http://example.org/cache
+</screen>
+
+to cause the binaries to be used by subsequent Nix operations.</para>
+
+</refsection>
+
+
+<refsection><title>Binary cache format and operation</title>
+
+<para>A binary cache with URL <replaceable>url</replaceable> only
+denotes a valid binary cache if the file
+<uri><replaceable>url</replaceable>/nix-cache-info</uri> exists.  If
+this file does not exist (or cannot be downloaded), the cache is
+ignored.  If it does exist, it must be a text file containing cache
+properties.  Here’s an example:
+
+<screen>
+StoreDir: /nix/store
+WantMassQuery: 1
+Priority: 10
+</screen>
+
+The properties that are currently supported are:
+
+<variablelist>
+  
+  <varlistentry><term><literal>StoreDir</literal></term>
+
+    <listitem><para>The path of the Nix store to which this binary
+    cache applies.  Binaries are not relocatable — a binary built for
+    <filename>/nix/store</filename> won’t generally work in
+    <filename>/home/alice/store</filename> — so to prevent binaries
+    from being used in a wrong store, a binary cache is only used if
+    its <literal>StoreDir</literal> matches the local Nix
+    configuration.  The default is
+    <filename>/nix/store</filename>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>WantMassQuery</literal></term>
+
+    <listitem><para>Query operations such as <command>nix-env
+    -qas</command> can cause thousands of cache queries, and thus
+    thousands of HTTP requests, to determine which packages are
+    available in binary form.  While these requests are small, not
+    every server may appreciate a potential onslaught of queries.  If
+    <literal>WantMassQuery</literal> is set to <literal>0</literal>
+    (default), “mass queries” such as <command>nix-env -qas</command>
+    will skip this cache.  Thus a package may appear not to have a
+    binary substitute.  However, the binary will still be used when
+    you actually install the package.  If
+    <literal>WantMassQuery</literal> is set to <literal>1</literal>,
+    mass queries will use this cache.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>Priority</literal></term>
+
+    <listitem><para>Each binary cache has a priority (defaulting to
+    50).  Binary caches are checked for binaries in order of ascending
+    priority; thus a higher number denotes a lower priority.  The
+    binary cache <uri>http://cache.nixos.org</uri> has priority
+    40.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+<para>Every time Nix needs to build some store path
+<replaceable>p</replaceable>, it will check each configured binary
+cache to see if it has a NAR file for <replaceable>p</replaceable>,
+until it finds one.  If no cache has a NAR, Nix will fall back to
+building the path from source (if applicable).  To see if a cache with
+URL <replaceable>url</replaceable> has a binary for
+<replaceable>p</replaceable>, Nix fetches
+<replaceable>url/h</replaceable>, where <replaceable>h</replaceable>
+is the hash part of <replaceable>p</replaceable>.  Thus, if we have a
+cache <uri>http://cache.nixos.org</uri> and we want to obtain
+the store path
+<screen>
+/nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7
+</screen>
+then Nix will attempt to fetch
+<screen>
+http://cache.nixos.org/a8922c0h87iilxzzvwn2hmv8x210aqb9.narinfo
+</screen>
+(Commands such as <command>nix-env -qas</command> will issue an HTTP
+HEAD request, since it only needs to know if the
+<filename>.narinfo</filename> file exists.)  The
+<filename>.narinfo</filename> file is a simple text file that looks
+like this:
+
+<screen>
+StorePath: /nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7
+URL: nar/0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70.nar.bz2
+Compression: bzip2
+FileHash: sha256:0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70
+FileSize: 24473768
+NarHash: sha256:0s491y1h9hxj5ghiizlxk7ax6jwbha00zwn7lpyd5xg5bhf60vzg
+NarSize: 109521136
+References: 2ma2k0ys8knh4an48n28vigcmc2z8773-linux-headers-2.6.23.16 ...
+Deriver: 7akyyc87ka32xwmqza9dvyg5pwx3j212-glibc-2.7.drv
+</screen>
+
+The fields are as follows:
+
+<variablelist>
+  
+  <varlistentry><term><literal>StorePath</literal></term>
+
+    <listitem><para>The full store path, including the name part
+    (e.g., <literal>glibc-2.7</literal>).  It must match the
+    requested store path.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>URL</literal></term>
+
+    <listitem><para>The URL of the NAR, relative to the binary cache
+    URL.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>Compression</literal></term>
+
+    <listitem><para>The compression method; either
+    <literal>xz</literal> or
+    <literal>bzip2</literal>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>FileHash</literal></term>
+
+    <listitem><para>The SHA-256 hash of the compressed
+    NAR.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>FileSize</literal></term>
+
+    <listitem><para>The size of the compressed NAR.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>NarHash</literal></term>
+
+    <listitem><para>The SHA-256 hash of the uncompressed NAR.  This is
+    equal to the hash of the store path as returned by
+    <command>nix-store -q --hash
+    <replaceable>p</replaceable></command>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>NarSize</literal></term>
+
+    <listitem><para>The size of the uncompressed NAR.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>References</literal></term>
+
+    <listitem><para>The references of the store path, without the Nix
+    store prefix.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>Deriver</literal></term>
+
+    <listitem><para>The deriver of the store path, without the Nix
+    store prefix.  This field is optional.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>System</literal></term>
+
+    <listitem><para>The Nix platform type of this binary, if known.
+    This field is optional.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+<para>Thus, in our example, after recursively ensuring that the
+references exist (e.g.,
+<filename>/nix/store/2ma2k0ys8knh4an48n28vigcmc2z8773-linux-headers-2.6.23.16</filename>),
+Nix will fetch <screen>
+http://cache.nixos.org/nar/0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70.nar.bz2
+</screen> and decompress and unpack it to
+<filename>/nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7</filename>.</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/command-ref/nix-shell.xml

@@ -29,17 +29,16 @@
       <replaceable>attrPath</replaceable>
     </arg>
     <arg><option>--command</option> <replaceable>cmd</replaceable></arg>
-    <arg><option>--run</option> <replaceable>cmd</replaceable></arg>
     <arg><option>--exclude</option> <replaceable>regexp</replaceable></arg>
     <arg><option>--pure</option></arg>
     <group choice='req'>
-      <arg choice='plain'>
-        <group choice='req'>
+      <group choice='plain'>
+        <group>
           <arg choice='plain'><option>--packages</option></arg>
           <arg choice='plain'><option>-p</option></arg>
         </group>
-        <arg choice='plain' rep='repeat'><replaceable>packages</replaceable></arg>
-      </arg>
+        <replaceable>packages</replaceable>
+      </group>
       <arg><replaceable>path</replaceable></arg>
     </group>
   </cmdsynopsis>
@@ -61,13 +60,6 @@ derivation for development.</para>
 <filename>shell.nix</filename> if it exists, and
 <filename>default.nix</filename> otherwise.</para>
 
-<para>If <replaceable>path</replaceable> starts with
-<literal>http://</literal> or <literal>https://</literal>, it is
-interpreted as the URL of a tarball that will be downloaded and
-unpacked to a temporary location. The tarball must include a single
-top-level directory containing at least a file named
-<filename>default.nix</filename>.</para>
-
 <para>If the derivation defines the variable
 <varname>shellHook</varname>, it will be evaluated after
 <literal>$stdenv/setup</literal> has been sourced.  Since this hook is
@@ -100,24 +92,11 @@ also <xref linkend="sec-common-options" />.</phrase></para>
   <varlistentry><term><option>--command</option> <replaceable>cmd</replaceable></term>
 
     <listitem><para>In the environment of the derivation, run the
-    shell command <replaceable>cmd</replaceable>. This command is
-    executed in an interactive shell. (Use <option>--run</option> to
-    use a non-interactive shell instead.) However, a call to
-    <literal>exit</literal> is implicitly added to the command, so the
-    shell will exit after running the command. To prevent this, add
-    <literal>return</literal> at the end; e.g. <literal>--command
-    "echo Hello; return"</literal> will print <literal>Hello</literal>
-    and then drop you into the interactive shell. This can be useful
-    for doing any additional initialisation.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--run</option> <replaceable>cmd</replaceable></term>
-
-    <listitem><para>Like <option>--command</option>, but executes the
-    command in a non-interactive shell. This means (among other
-    things) that if you hit Ctrl-C while the command is running, the
-    shell exits.</para></listitem>
+    shell command <replaceable>cmd</replaceable> instead of starting
+    an interactive shell.  However, if you end the shell command with
+    <literal>return</literal>, you still get an interactive shell.
+    This can be useful for doing any additional
+    initialisation.</para></listitem>
 
   </varlistentry>
 
@@ -144,7 +123,7 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 
   </varlistentry>
 
-  <varlistentry><term><option>--packages</option> / <option>-p</option> <replaceable>packages</replaceable>…</term>
+  <varlistentry><term><option>--packages</option> / <option>-p</option></term>
 
     <listitem><para>Set up an environment in which the specified
     packages are present.  The command line arguments are interpreted
@@ -156,15 +135,6 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 
   </varlistentry>
 
-  <varlistentry><term><option>-i</option> <replaceable>interpreter</replaceable></term>
-
-    <listitem><para>The chained script interpreter to be invoked by
-    <command>nix-shell</command>. Only applicable in
-    <literal>#!</literal>-scripts (described <link
-    linkend="ssec-nix-shell-shebang">below</link>).</para>
-
-    </listitem></varlistentry>
-
 </variablelist>
 
 <para>The following common options are supported:</para>
@@ -176,22 +146,6 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 </refsection>
 
 
-<refsection><title>Environment variables</title>
-
-<variablelist>
-
-  <varlistentry><term><envar>NIX_BUILD_SHELL</envar></term>
-    
-    <listitem><para>Shell used to start the interactive environment. 
-    Defaults to the <command>bash</command> found in <envar>PATH</envar>.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</refsection>
-
-
 <refsection><title>Examples</title>
 
 <para>To build the dependencies of the package Pan, and start an
@@ -230,133 +184,6 @@ $ nix-shell -p sqlite xorg.libX11
 … -L/nix/store/j1zg5v…-sqlite-3.8.0.2/lib -L/nix/store/0gmcz9…-libX11-1.6.1/lib …
 </screen>
 
-The <command>-p</command> flag looks up Nixpkgs in the Nix search
-path. You can override it by passing <option>-I</option> or setting
-<envar>NIX_PATH</envar>. For example, the following gives you a shell
-containing the Pan package from a specific revision of Nixpkgs:
-
-<screen>
-$ nix-shell -p pan -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/8a3eea054838b55aca962c3fbde9c83c102b8bf2.tar.gz
-
-[nix-shell:~]$ pan --version
-Pan 0.139
-</screen>
-
-</para>
-
-</refsection>
-
-
-<refsection xml:id="ssec-nix-shell-shebang"><title>Use as a <literal>#!</literal>-interpreter</title>
-
-<para>You can use <command>nix-shell</command> as a script interpreter
-to allow scripts written in arbitrary languages to obtain their own
-dependencies via Nix. This is done by starting the script with the
-following lines:
-
-<programlisting>
-#! /usr/bin/env nix-shell
-#! nix-shell -i <replaceable>real-interpreter</replaceable> -p <replaceable>packages</replaceable>
-</programlisting>
-
-where <replaceable>real-interpreter</replaceable> is the “real” script
-interpreter that will be invoked by <command>nix-shell</command> after
-it has obtained the dependencies and initialised the environment, and
-<replaceable>packages</replaceable> are the attribute names of the
-dependencies in Nixpkgs.</para>
-
-<para>The lines starting with <literal>#! nix-shell</literal> specify
-<command>nix-shell</command> options (see above). Note that you cannot
-write <literal>#! /usr/bin/env nix-shell -i ...</literal> because
-many operating systems only allow one argument in
-<literal>#!</literal> lines.</para>
-
-<para>For example, here is a Python script that depends on Python and
-the <literal>prettytable</literal> package:
-
-<programlisting>
-#! /usr/bin/env nix-shell
-#! nix-shell -i python -p python pythonPackages.prettytable
-
-import prettytable
-
-# Print a simple table.
-t = prettytable.PrettyTable(["N", "N^2"])
-for n in range(1, 10): t.add_row([n, n * n])
-print t
-</programlisting>
-
-</para>
-
-<para>Similarly, the following is a Perl script that specifies that it
-requires Perl and the <literal>HTML::TokeParser::Simple</literal> and
-<literal>LWP</literal> packages:
-
-<programlisting>
-#! /usr/bin/env nix-shell
-#! nix-shell -i perl -p perl perlPackages.HTMLTokeParserSimple perlPackages.LWP
-
-use HTML::TokeParser::Simple;
-
-# Fetch nixos.org and print all hrefs.
-my $p = HTML::TokeParser::Simple->new(url => 'http://nixos.org/');
-
-while (my $token = $p->get_tag("a")) {
-    my $href = $token->get_attr("href");
-    print "$href\n" if $href;
-}
-</programlisting>
-
-</para>
-
-<para>Finally, the following Haskell script uses a specific branch of
-Nixpkgs/NixOS (the 14.12 stable branch):
-
-<programlisting><![CDATA[
-#! /usr/bin/env nix-shell
-#! nix-shell -i runghc -p haskellPackages.ghc haskellPackages.HTTP haskellPackages.tagsoup
-#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz
-
-import Network.HTTP
-import Text.HTML.TagSoup
-
--- Fetch nixos.org and print all hrefs.
-main = do
-  resp <- Network.HTTP.simpleHTTP (getRequest "http://nixos.org/")
-  body <- getResponseBody resp
-  let tags = filter (isTagOpenName "a") $ parseTags body
-  let tags' = map (fromAttrib "href") tags
-  mapM_ putStrLn $ filter (/= "") tags'
-]]></programlisting>
-
-If you want to be even more precise, you can specify a specific
-revision of Nixpkgs:
-
-<programlisting>
-#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/0672315759b3e15e2121365f067c1c8c56bb4722.tar.gz
-</programlisting>
-
-</para>
-
-<para>The examples above all used <option>-p</option> to get
-dependencies from Nixpkgs. You can also use a Nix expression to build
-your own dependencies. For example, the Python example could have been
-written as:
-
-<programlisting>
-#! /usr/bin/env nix-shell
-#! nix-shell deps.nix -i python
-</programlisting>
-
-where the file <filename>deps.nix</filename> in the same directory
-as the <literal>#!</literal>-script contains:
-
-<programlisting>
-with import &lt;nixpkgs> {};
-
-runCommand "dummy" { buildInputs = [ python pythonPackages.prettytable ]; } ""
-</programlisting>
-
 </para>
 
 </refsection>

doc/manual/command-ref/nix-store.xml

@@ -194,25 +194,6 @@ printed.)</para>
 
   </varlistentry>
 
-  <varlistentry><term><option>--check</option></term>
-
-    <listitem><para>This option allows you to check whether a
-    derivation is deterministic. It rebuilds the specified derivation
-    and checks whether the result is bitwise-identical with the
-    existing outputs, printing an error if that’s not the case. The
-    outputs of the specified derivation must already exist. When used
-    with <option>-K</option>, if an output path is not identical to
-    the corresponding output from the previous build, the new output
-    path is left in
-    <filename>/nix/store/<replaceable>name</replaceable>-check.</filename></para>
-
-    <para>See also the <option>build-repeat</option> configuration
-    option, which repeats a derivation a number of times and prevents
-    its outputs from being registered as “valid” in the Nix store
-    unless they are identical.</para></listitem>
-
-  </varlistentry>
-
 </variablelist>
 
 </refsection>
@@ -231,73 +212,6 @@ $ nix-store -r $(nix-instantiate ./test.nix)
 This is essentially what <link
 linkend="sec-nix-build"><command>nix-build</command></link> does.</para>
 
-<para>To test whether a previously-built derivation is deterministic:
-
-<screen>
-$ nix-build '&lt;nixpkgs>' -A hello --check -K
-</screen>
-
-</para>
-
-</refsection>
-
-
-</refsection>
-
-
-
-<!--######################################################################-->
-
-<refsection xml:id='rsec-nix-store-serve'><title>Operation <option>--serve</option></title>
-
-<refsection><title>Synopsis</title>
-
-<cmdsynopsis>
-  <command>nix-store</command>
-  <arg choice='plain'><option>--serve</option></arg>
-  <arg><option>--write</option></arg>
-</cmdsynopsis>
-
-</refsection>
-
-<refsection><title>Description</title>
-
-<para>The operation <option>--serve</option> provides access to
-the Nix store over stdin and stdout, and is intended to be used
-as a means of providing Nix store access to a restricted ssh user.
-</para>
-
-<para>The following flags are available:</para>
-
-<variablelist>
-
-  <varlistentry><term><option>--write</option></term>
-
-    <listitem><para>Allow the connected client to request the realization
-    of derivations. In effect, this can be used to make the host act
-    as a build slave.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</refsection>
-
-
-<refsection><title>Examples</title>
-
-<para>To turn a host into a build server, the
-<filename>authorized_keys</filename> file can be used to provide build
-access to a given SSH public key:
-
-<screen>
-$ cat &lt;&lt;EOF >>/root/.ssh/authorized_keys
-command="nice -n20 nix-store --serve --write" ssh-rsa AAAAB3NzaC1yc2EAAAA...
-EOF
-</screen>
-
-</para>
-
 </refsection>
 
 
@@ -397,9 +311,9 @@ options control what gets deleted and in what order:
 </para>
 
 <para>The behaviour of the collector is also influenced by the <link
-linkend="conf-keep-outputs"><literal>keep-outputs</literal></link>
+linkend="conf-gc-keep-outputs"><literal>gc-keep-outputs</literal></link>
 and <link
-linkend="conf-keep-derivations"><literal>keep-derivations</literal></link>
+linkend="conf-gc-keep-derivations"><literal>gc-keep-derivations</literal></link>
 variables in the Nix configuration file.</para>
 
 <para>With <option>--delete</option>, the collector prints the total
@@ -1115,18 +1029,18 @@ path).</para>
 <para>This command does not produce a <emphasis>closure</emphasis> of
 the specified paths, so if a store path references other store paths
 that are missing in the target Nix store, the import will fail.  To
-copy a whole closure, do something like:
+copy a whole closure, do something like
 
 <screen>
 $ nix-store --export $(nix-store -qR <replaceable>paths</replaceable>) > out</screen>
 
-To import the whole closure again, run:
-
-<screen>
-$ nix-store --import &lt; out</screen>
-
 </para>
 
+<para>For an example of how <option>--export</option> and
+<option>--import</option> can be used, see the source of the <command
+linkend="sec-nix-copy-closure">nix-copy-closure</command>
+command.</para>
+
 </refsection>
 
 
@@ -1236,7 +1150,12 @@ the store path is used.</para>
 <filename>/nix/var/log/nix/drvs</filename>.  However, there is no
 guarantee that a build log is available for any particular store path.
 For instance, if the path was downloaded as a pre-built binary through
-a substitute, then the log is unavailable.</para>
+a substitute, then the log is unavailable. If the log is not available
+locally, then <command>nix-store</command> will try to download the
+log from the servers specified in the Nix option
+<option>log-servers</option>. For example, if it’s set to
+<literal>http://hydra.nixos.org/log</literal>, then Nix will check
+<literal>http://hydra.nixos.org/log/<replaceable>base-name</replaceable></literal>.</para>
 
 </refsection>
 
@@ -1345,47 +1264,74 @@ export _args; _args='-e /nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25c-default-buil
 
 <!--######################################################################-->
 
-<refsection xml:id='rsec-nix-store-generate-binary-cache-key'><title>Operation <option>--generate-binary-cache-key</option></title>
+<refsection><title>Operation <option>--query-failed-paths</option></title>
 
 <refsection>
   <title>Synopsis</title>
   <cmdsynopsis>
     <command>nix-store</command>
-    <arg choice='plain'>
-      <option>--generate-binary-cache-key</option>
-      <option>key-name</option>
-      <option>secret-key-file</option>
-      <option>public-key-file</option>
-    </arg>
+    <arg choice='plain'><option>--query-failed-paths</option></arg>
   </cmdsynopsis>
 </refsection>
 
 <refsection><title>Description</title>
 
-<para>This command generates an <link
-xlink:href="http://ed25519.cr.yp.to/">Ed25519 key pair</link> that can
-be used to create a signed binary cache. It takes three mandatory
-parameters:
+<para>If build failure caching is enabled through the
+<literal>build-cache-failures</literal> configuration option, the
+operation <option>--query-failed-paths</option> will print out all
+store paths that have failed to build.</para>
 
-<orderedlist>
+</refsection>
 
-  <listitem><para>A key name, such as
-  <literal>cache.example.org-1</literal>, that is used to look up keys
-  on the client when it verifies signatures. It can be anything, but
-  it’s suggested to use the host name of your cache
-  (e.g. <literal>cache.example.org</literal>) with a suffix denoting
-  the number of the key (to be incremented every time you need to
-  revoke a key).</para></listitem>
+<refsection><title>Example</title>
 
-  <listitem><para>The file name where the secret key is to be
-  stored.</para></listitem>
+<screen>
+$ nix-store --query-failed-paths
+/nix/store/000zi5dcla86l92jn1g997jb06sidm7x-perl-PerlMagick-6.59
+/nix/store/0011iy7sfwbc1qj5a1f6ifjnbcdail8a-haskell-gitit-ghc7.0.4-0.8.1
+/nix/store/001c0yn1hkh86gprvrb46cxnz3pki7q3-gamin-0.1.10
+<replaceable>…</replaceable>
+</screen>
 
-  <listitem><para>The file name where the public key is to be
-  stored.</para></listitem>
+</refsection>
 
-</orderedlist>
+</refsection>
 
-</para>
+
+<!--######################################################################-->
+
+<refsection><title>Operation <option>--clear-failed-paths</option></title>
+
+<refsection>
+  <title>Synopsis</title>
+  <cmdsynopsis>
+    <command>nix-store</command>
+    <arg choice='plain'><option>--clear-failed-paths</option></arg>
+    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsection>
+
+<refsection><title>Description</title>
+
+<para>If build failure caching is enabled through the
+<literal>build-cache-failures</literal> configuration option, the
+operation <option>--clear-failed-paths</option> clears the “failed”
+state of the given store paths, allowing them to be built again.  This
+is useful if the failure was actually transient (e.g. because the disk
+was full).</para>
+
+<para>If a path denotes a derivation, its output paths are cleared.
+You can provide the argument <literal>*</literal> to clear all store
+paths.</para>
+
+</refsection>
+
+<refsection><title>Example</title>
+
+<screen>
+$ nix-store --clear-failed-paths /nix/store/000zi5dcla86l92jn1g997jb06sidm7x-perl-PerlMagick-6.59
+$ nix-store --clear-failed-paths *
+</screen>
 
 </refsection>
 

doc/manual/command-ref/opt-common-syn.xml

@@ -2,18 +2,10 @@
   
 <arg><option>--help</option></arg>
 <arg><option>--version</option></arg>
-<arg rep='repeat'>
-  <group choice='req'>
-    <arg choice='plain'><option>--verbose</option></arg>
-    <arg choice='plain'><option>-v</option></arg>
-  </group>
-</arg>
-<arg>
-  <group choice='plain'>
-    <arg choice='plain'><option>--no-build-output</option></arg>
-    <arg choice='plain'><option>-Q</option></arg>
-  </group>
-</arg>
+<arg rep='repeat'><option>--verbose</option></arg>
+<arg rep='repeat'><option>-v</option></arg>
+<arg><option>--no-build-output</option></arg>
+<arg><option>-Q</option></arg>
 <arg>
   <group choice='req'>
     <arg choice='plain'><option>--max-jobs</option></arg>
@@ -33,20 +25,13 @@
   <option>--timeout</option>
   <replaceable>number</replaceable>
 </arg>
-<arg>
-  <group choice='plain'>
-    <arg choice='plain'><option>--keep-going</option></arg>
-    <arg choice='plain'><option>-k</option></arg>
-  </group>
-</arg>
-<arg>
-  <group choice='plain'>
-    <arg choice='plain'><option>--keep-failed</option></arg>
-    <arg choice='plain'><option>-K</option></arg>
-  </group>
-</arg>
+<arg><option>--keep-going</option></arg>
+<arg><option>-k</option></arg>
+<arg><option>--keep-failed</option></arg>
+<arg><option>-K</option></arg>
 <arg><option>--fallback</option></arg>
 <arg><option>--readonly-mode</option></arg>
+<arg><option>--log-type</option> <replaceable>type</replaceable></arg>
 <arg><option>--show-trace</option></arg>
 <arg>
   <option>-I</option>

doc/manual/command-ref/opt-common.xml

@@ -22,7 +22,8 @@
 </varlistentry>
 
 
-<varlistentry><term><option>--verbose</option> / <option>-v</option></term>
+<varlistentry><term><option>--verbose</option></term>
+  <term><option>-v</option></term>
 
   <listitem>
 
@@ -75,7 +76,8 @@
 </varlistentry>
 
 
-<varlistentry><term><option>--no-build-output</option> / <option>-Q</option></term>
+<varlistentry><term><option>--no-build-output</option></term>
+  <term><option>-Q</option></term>
 
   <listitem><para>By default, output written by builders to standard
   output and standard error is echoed to the Nix command's standard
@@ -87,14 +89,13 @@
 </varlistentry>
 
 
-<varlistentry xml:id="opt-max-jobs"><term><option>--max-jobs</option> / <option>-j</option>
-<replaceable>number</replaceable></term>
+<varlistentry xml:id="opt-max-jobs"><term><option>--max-jobs</option></term>
+  <term><option>-j</option></term>
 
   <listitem><para>Sets the maximum number of build jobs that Nix will
-  perform in parallel to the specified number.  Specify
-  <literal>auto</literal> to use the number of CPUs in the system.
-  The default is specified by the <link
-  linkend='conf-max-jobs'><literal>max-jobs</literal></link>
+  perform in parallel to the specified number.  The default is
+  specified by the <link
+  linkend='conf-build-max-jobs'><literal>build-max-jobs</literal></link>
   configuration setting, which itself defaults to
   <literal>1</literal>.  A higher value is useful on SMP systems or to
   exploit I/O latency.</para></listitem>
@@ -112,7 +113,7 @@
   <literal>true</literal>, the builder passes the
   <option>-j<replaceable>N</replaceable></option> flag to GNU Make.
   It defaults to the value of the <link
-  linkend='conf-cores'><literal>cores</literal></link>
+  linkend='conf-build-cores'><literal>build-cores</literal></link>
   configuration setting, if set, or <literal>1</literal> otherwise.
   The value <literal>0</literal> means that the builder should use all
   available CPU cores in the system.</para></listitem>
@@ -125,7 +126,7 @@
   <listitem><para>Sets the maximum number of seconds that a builder
   can go without producing any data on standard output or standard
   error.  The default is specified by the <link
-  linkend='conf-max-silent-time'><literal>max-silent-time</literal></link>
+  linkend='conf-build-max-silent-time'><literal>build-max-silent-time</literal></link>
   configuration setting.  <literal>0</literal> means no
   time-out.</para></listitem>
 
@@ -135,13 +136,14 @@
 
   <listitem><para>Sets the maximum number of seconds that a builder
   can run.  The default is specified by the <link
-  linkend='conf-timeout'><literal>timeout</literal></link>
+  linkend='conf-build-timeout'><literal>build-timeout</literal></link>
   configuration setting.  <literal>0</literal> means no
   timeout.</para></listitem>
 
 </varlistentry>
 
-<varlistentry><term><option>--keep-going</option> / <option>-k</option></term>
+<varlistentry><term><option>--keep-going</option></term>
+  <term><option>-k</option></term>
 
   <listitem><para>Keep going in case of failed builds, to the
   greatest extent possible.  That is, if building an input of some
@@ -153,7 +155,8 @@
 </varlistentry>
 
 
-<varlistentry><term><option>--keep-failed</option> / <option>-K</option></term>
+<varlistentry><term><option>--keep-failed</option></term>
+  <term><option>-K</option></term>
 
   <listitem><para>Specifies that in case of a build failure, the
   temporary directory (usually in <filename>/tmp</filename>) in which
@@ -188,23 +191,6 @@
 
 </varlistentry>
 
-<varlistentry><term><option>--no-build-hook</option></term>
-
-  <listitem>
-
-  <para>Disables the build hook mechanism.  This allows to ignore remote
-  builders if they are setup on the machine.</para>
-
-  <para>It's useful in cases where the bandwidth between the client and the
-  remote builder is too low.  In that case it can take more time to upload the
-  sources to the remote builder and fetch back the result than to do the
-  computation locally.</para>
-
-  </listitem>
-
-</varlistentry>
-
-
 
 <varlistentry><term><option>--readonly-mode</option></term>
 
@@ -215,6 +201,61 @@
 </varlistentry>
 
 
+<varlistentry xml:id="opt-log-type"><term><option>--log-type</option>
+<replaceable>type</replaceable></term>
+
+  <listitem>
+
+  <para>This option determines how the output written to standard
+  error is formatted.  Nix’s diagnostic messages are typically
+  <emphasis>nested</emphasis>.  For instance, when tracing Nix
+  expression evaluation (<command>nix-env -vvvvv</command>, messages
+  from subexpressions are nested inside their parent expressions.  Nix
+  builder output is also often nested.  For instance, the Nix Packages
+  generic builder nests the various build tasks (unpack, configure,
+  compile, etc.), and the GNU Make in <literal>stdenv-linux</literal>
+  has been patched to provide nesting for recursive Make
+  invocations.</para>
+
+  <para><replaceable>type</replaceable> can be one of the
+  following:
+
+  <variablelist>
+
+    <varlistentry><term><literal>pretty</literal></term>
+
+      <listitem><para>Pretty-print the output, indicating different
+      nesting levels using spaces.  This is the
+      default.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>escapes</literal></term>
+
+      <listitem><para>Indicate nesting using escape codes that can be
+      interpreted by the <command>nix-log2xml</command> tool in the
+      Nix source distribution.  The resulting XML file can be fed into
+      the <command>log2html.xsl</command> stylesheet to create an HTML
+      file that can be browsed interactively, using JavaScript to
+      expand and collapse parts of the output.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>flat</literal></term>
+
+      <listitem><para>Remove all nesting.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  </listitem>
+
+</varlistentry>
+
+
 <varlistentry><term><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></term>
 
   <listitem><para>This option is accepted by
@@ -232,8 +273,9 @@
   named <replaceable>name</replaceable>, it will call it with value
   <replaceable>value</replaceable>.</para>
 
-  <para>For instance, the top-level <literal>default.nix</literal> in
-  Nixpkgs is actually a function:
+  <para>For instance, the file
+  <literal>pkgs/top-level/all-packages.nix</literal> in Nixpkgs is
+  actually a function:
 
 <programlisting>
 { # The system (e.g., `i686-linux') for which to build the packages.

doc/manual/command-ref/utilities.xml

@@ -13,8 +13,12 @@ work with Nix.</para>
 <xi:include href="nix-collect-garbage.xml" />
 <xi:include href="nix-copy-closure.xml" />
 <xi:include href="nix-daemon.xml" />
+<xi:include href="nix-generate-patches.xml" />
 <xi:include href="nix-hash.xml" />
+<xi:include href="nix-install-package.xml" />
 <xi:include href="nix-instantiate.xml" />
 <xi:include href="nix-prefetch-url.xml" />
+<xi:include href="nix-pull.xml" />
+<xi:include href="nix-push.xml" />
 
-</chapter>
+</chapter>

doc/manual/expressions/advanced-attributes.xml

@@ -40,7 +40,7 @@ allowedReferences = [];
     recursively.  For example,
 
 <programlisting>
-allowedRequisites = [ foobar ];
+allowedReferences = [ foobar ];
 </programlisting>
 
     enforces that the output of a derivation cannot have any other
@@ -90,33 +90,6 @@ derivation {
   </varlistentry>
 
 
-  <varlistentry><term><varname>impureEnvVars</varname></term>
-
-    <listitem><para>This attribute allows you to specify a list of
-    environment variables that should be passed from the environment
-    of the calling user to the builder.  Usually, the environment is
-    cleared completely when the builder is executed, but with this
-    attribute you can allow specific environment variables to be
-    passed unmodified.  For example, <function>fetchurl</function> in
-    Nixpkgs has the line
-
-<programlisting>
-impureEnvVars = [ "http_proxy" "https_proxy" <replaceable>...</replaceable> ];
-</programlisting>
-
-    to make it use the proxy server configuration specified by the
-    user in the environment variables <envar>http_proxy</envar> and
-    friends.</para>
-
-    <para>This attribute is only allowed in <link
-    linkend="fixed-output-drvs">fixed-output derivations</link>, where
-    impurities such as these are okay since (the hash of) the output
-    is known in advance.  It is ignored for all other
-    derivations.</para></listitem>
-
-  </varlistentry>
-
-
   <varlistentry xml:id="fixed-output-drvs">
     <term><varname>outputHash</varname></term>
     <term><varname>outputHashAlgo</varname></term>
@@ -139,7 +112,7 @@ impureEnvVars = [ "http_proxy" "https_proxy" <replaceable>...</replaceable> ];
 <programlisting>
 fetchurl {
   url = http://ftp.gnu.org/pub/gnu/hello/hello-2.1.1.tar.gz;
-  sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
+  md5 = "70c9ccf9fac07f762c24f2df2290784d";
 }
 </programlisting>
 
@@ -150,7 +123,7 @@ fetchurl {
 <programlisting>
 fetchurl {
   url = ftp://ftp.nluug.nl/pub/gnu/hello/hello-2.1.1.tar.gz;
-  sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
+  md5 = "70c9ccf9fac07f762c24f2df2290784d";
 }
 </programlisting>
 
@@ -242,29 +215,29 @@ stdenv.mkDerivation {
   </varlistentry>
 
 
-  <varlistentry><term><varname>passAsFile</varname></term>
+  <varlistentry><term><varname>impureEnvVars</varname></term>
 
-    <listitem><para>A list of names of attributes that should be
-    passed via files rather than environment variables.  For example,
-    if you have
+    <listitem><para>This attribute allows you to specify a list of
+    environment variables that should be passed from the environment
+    of the calling user to the builder.  Usually, the environment is
+    cleared completely when the builder is executed, but with this
+    attribute you can allow specific environment variables to be
+    passed unmodified.  For example, <function>fetchurl</function> in
+    Nixpkgs has the line
 
-    <programlisting>
-passAsFile = ["big"];
-big = "a very long string";
-    </programlisting>
+<programlisting>
+impureEnvVars = [ "http_proxy" "https_proxy" <replaceable>...</replaceable> ];
+</programlisting>
 
-    then when the builder runs, the environment variable
-    <envar>bigPath</envar> will contain the absolute path to a
-    temporary file containing <literal>a very long
-    string</literal>. That is, for any attribute
-    <replaceable>x</replaceable> listed in
-    <varname>passAsFile</varname>, Nix will pass an environment
-    variable <envar><replaceable>x</replaceable>Path</envar> holding
-    the path of the file containing the value of attribute
-    <replaceable>x</replaceable>. This is useful when you need to pass
-    large strings to a builder, since most operating systems impose a
-    limit on the size of the environment (typically, a few hundred
-    kilobyte).</para></listitem>
+    to make it use the proxy server configuration specified by the
+    user in the environment variables <envar>http_proxy</envar> and
+    friends.</para>
+
+    <para>This attribute is only allowed in <link
+    linkend="fixed-output-drvs">fixed-output derivations</link>, where
+    impurities such as these are okay since (the hash of) the output
+    is known in advance.  It is ignored for all other
+    derivations.</para></listitem>
 
   </varlistentry>
 

doc/manual/expressions/builtins.xml

@@ -32,52 +32,27 @@ available as <function>builtins.derivation</function>.</para>
   <varlistentry><term><function>builtins.add</function>
   <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
 
-    <listitem><para>Return the sum of the numbers
+    <listitem><para>Return the sum of the integers
     <replaceable>e1</replaceable> and
     <replaceable>e2</replaceable>.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry><term><function>builtins.all</function>
-  <replaceable>pred</replaceable> <replaceable>list</replaceable></term>
-
-    <listitem><para>Return <literal>true</literal> if the function
-    <replaceable>pred</replaceable> returns <literal>true</literal>
-    for all elements of <replaceable>list</replaceable>,
-    and <literal>false</literal> otherwise.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><function>builtins.any</function>
-  <replaceable>pred</replaceable> <replaceable>list</replaceable></term>
-
-    <listitem><para>Return <literal>true</literal> if the function
-    <replaceable>pred</replaceable> returns <literal>true</literal>
-    for at least one element of <replaceable>list</replaceable>,
-    and <literal>false</literal> otherwise.</para></listitem>
-
-  </varlistentry>
-
-
   <varlistentry><term><function>builtins.attrNames</function>
   <replaceable>set</replaceable></term>
 
     <listitem><para>Return the names of the attributes in the set
-    <replaceable>set</replaceable> in an alphabetically sorted list.  For instance,
+    <replaceable>set</replaceable> in a sorted list.  For instance,
     <literal>builtins.attrNames { y = 1; x = "foo"; }</literal>
-    evaluates to <literal>[ "x" "y" ]</literal>.</para></listitem>
+    evaluates to <literal>[ "x" "y" ]</literal>.  There is no built-in
+    function <function>attrValues</function>, but you can easily
+    define it yourself:
 
-  </varlistentry>
+<programlisting>
+attrValues = set: map (name: builtins.getAttr name set) (builtins.attrNames set);</programlisting>
 
-
-  <varlistentry><term><function>builtins.attrValues</function>
-  <replaceable>set</replaceable></term>
-
-    <listitem><para>Return the values of the attributes in the set
-    <replaceable>set</replaceable> in the order corresponding to the
-    sorted attribute names.</para></listitem>
+    </para></listitem>
 
   </varlistentry>
 
@@ -134,14 +109,6 @@ if builtins ? getEnv then builtins.getEnv "PATH" else ""</programlisting>
 
   </varlistentry>
 
-  <varlistentry><term><function>builtins.concatStringsSep</function>
-  <replaceable>separator</replaceable> <replaceable>list</replaceable></term>
-
-    <listitem><para>Concatenate a list of strings with a separator
-    between each element, e.g. <literal>concatStringsSep "/"
-    ["usr" "local" "bin"] == "usr/local/bin"</literal></para></listitem>
-
-  </varlistentry>
 
   <varlistentry
   xml:id='builtin-currentSystem'><term><varname>builtins.currentSystem</varname></term>
@@ -150,7 +117,7 @@ if builtins ? getEnv then builtins.getEnv "PATH" else ""</programlisting>
     evaluates to the Nix platform identifier for the Nix installation
     on which the expression is being evaluated, such as
     <literal>"i686-linux"</literal> or
-    <literal>"x86_64-darwin"</literal>.</para></listitem>
+    <literal>"powerpc-darwin"</literal>.</para></listitem>
 
   </varlistentry>
 
@@ -177,19 +144,6 @@ if builtins ? getEnv then builtins.getEnv "PATH" else ""</programlisting>
   -->
 
 
-  <varlistentry><term><function>builtins.deepSeq</function>
-  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
-
-    <listitem><para>This is like <literal>seq
-    <replaceable>e1</replaceable>
-    <replaceable>e2</replaceable></literal>, except that
-    <replaceable>e1</replaceable> is evaluated
-    <emphasis>deeply</emphasis>: if it’s a list or set, its elements
-    or attributes are also evaluated recursively.</para></listitem>
-
-  </varlistentry>
-
-
   <varlistentry><term><function>derivation</function>
   <replaceable>attrs</replaceable></term>
 
@@ -212,12 +166,13 @@ if builtins ? getEnv then builtins.getEnv "PATH" else ""</programlisting>
   <varlistentry><term><function>builtins.div</function>
   <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
 
-    <listitem><para>Return the quotient of the numbers
+    <listitem><para>Return the quotient of the integers
     <replaceable>e1</replaceable> and
     <replaceable>e2</replaceable>.</para></listitem>
 
   </varlistentry>
 
+
   <varlistentry><term><function>builtins.elem</function>
   <replaceable>x</replaceable> <replaceable>xs</replaceable></term>
 
@@ -240,63 +195,6 @@ if builtins ? getEnv then builtins.getEnv "PATH" else ""</programlisting>
   </varlistentry>
 
 
-  <varlistentry><term><function>builtins.fetchurl</function>
-  <replaceable>url</replaceable></term>
-
-    <listitem><para>Download the specified URL and return the path of
-    the downloaded file. This function is not available if <link
-    linkend="conf-restrict-eval">restricted evaluation mode</link> is
-    enabled.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><function>fetchTarball</function>
-  <replaceable>url</replaceable></term>
-
-    <listitem><para>Download the specified URL, unpack it and return
-    the path of the unpacked tree. The file must be a tape archive
-    (<filename>.tar</filename>) compressed with
-    <literal>gzip</literal>, <literal>bzip2</literal> or
-    <literal>xz</literal>. The top-level path component of the files
-    in the tarball is removed, so it is best if the tarball contains a
-    single directory at top level. The typical use of the function is
-    to obtain external Nix expression dependencies, such as a
-    particular version of Nixpkgs, e.g.
-
-<programlisting>
-with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz) {};
-
-stdenv.mkDerivation { … }
-</programlisting>
-
-    Note that when obtaining the hash with <varname>nix-prefetch-url
-    </varname> the option <varname>--unpack</varname> is required.
-    </para>
-
-    <para>This function can also verify the contents against a hash.
-    In that case, the function takes a set instead of a URL. The set
-    requires the attribute <varname>url</varname> and the attribute
-    <varname>sha256</varname>, e.g.
-
-<programlisting>
-with import (fetchTarball {
-  url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz;
-  sha256 = "1jppksrfvbk5ypiqdz4cddxdl8z6zyzdb2srq8fcffr327ld5jj2";
-}) {};
-
-stdenv.mkDerivation { … }
-</programlisting>
-
-    </para>
-
-    <para>This function is not available if <link
-    linkend="conf-restrict-eval">restricted evaluation mode</link> is
-    enabled.</para></listitem>
-
-  </varlistentry>
-
-
   <varlistentry><term><function>builtins.filter</function>
   <replaceable>f</replaceable> <replaceable>xs</replaceable></term>
 
@@ -360,37 +258,6 @@ stdenv.mkDerivation {
   </varlistentry>
 
 
-  <varlistentry><term><function>builtins.foldl’</function>
-    <replaceable>op</replaceable> <replaceable>nul</replaceable> <replaceable>list</replaceable></term>
-
-    <listitem><para>Reduce a list by applying a binary operator, from
-    left to right, e.g. <literal>foldl’ op nul [x0 x1 x2 ...] = op (op
-    (op nul x0) x1) x2) ...</literal>. The operator is applied
-    strictly, i.e., its arguments are evaluated first. For example,
-    <literal>foldl’ (x: y: x + y) 0 [1 2 3]</literal> evaluates to
-    6.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><function>builtins.functionArgs</function>
-    <replaceable>f</replaceable></term>
-
-    <listitem><para>
-    Return a set containing the names of the formal arguments expected
-    by the function <replaceable>f</replaceable>.
-    The value of each attribute is a Boolean denoting whether the corresponding
-    argument has a default value.  For instance,
-    <literal>functionArgs ({ x, y ? 123}: ...)  =  { x = false; y = true; }</literal>.
-    </para>
-
-    <para>"Formal argument" here refers to the attributes pattern-matched by
-    the function.  Plain lambdas are not included, e.g.
-    <literal>functionArgs (x: ...)  =  { }</literal>.
-    </para></listitem>
-  </varlistentry>
-
-
   <varlistentry><term><function>builtins.fromJSON</function> <replaceable>e</replaceable></term>
 
     <listitem><para>Convert a JSON string to a Nix
@@ -407,24 +274,6 @@ builtins.fromJSON ''{"x": [1, 2, 3], "y": null}''
   </varlistentry>
 
 
-  <varlistentry><term><function>builtins.genList</function>
-  <replaceable>generator</replaceable> <replaceable>length</replaceable></term>
-
-    <listitem><para>Generate list of size
-    <replaceable>length</replaceable>, with each element
-    <replaceable>i</replaceable> equal to the value returned by
-    <replaceable>generator</replaceable> <literal>i</literal>. For
-    example,
-
-<programlisting>
-builtins.genList (x: x * x) 5
-</programlisting>
-
-    returns the list <literal>[ 0 1 4 9 16 ]</literal>.</para></listitem>
-
-  </varlistentry>
-
-
   <varlistentry><term><function>builtins.getAttr</function>
   <replaceable>s</replaceable> <replaceable>set</replaceable></term>
 
@@ -608,16 +457,6 @@ x: x + 456</programlisting>
   </varlistentry>
 
 
-  <varlistentry><term><function>builtins.isFloat</function>
-  <replaceable>e</replaceable></term>
-
-    <listitem><para>Return <literal>true</literal> if
-    <replaceable>e</replaceable> evaluates to a float, and
-    <literal>false</literal> otherwise.</para></listitem>
-
-  </varlistentry>
-
-
   <varlistentry><term><function>builtins.isBool</function>
   <replaceable>e</replaceable></term>
 
@@ -655,12 +494,12 @@ x: x + 456</programlisting>
   <varlistentry><term><function>builtins.lessThan</function>
   <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
 
-    <listitem><para>Return <literal>true</literal> if the number
-    <replaceable>e1</replaceable> is less than the number
+    <listitem><para>Return <literal>true</literal> if the integer
+    <replaceable>e1</replaceable> is less than the integer
     <replaceable>e2</replaceable>, and <literal>false</literal>
     otherwise.  Evaluation aborts if either
     <replaceable>e1</replaceable> or <replaceable>e2</replaceable>
-    does not evaluate to a number.</para></listitem>
+    does not evaluate to an integer.</para></listitem>
 
   </varlistentry>
 
@@ -708,46 +547,10 @@ map (x: "foo" + x) [ "bar" "bla" "abc" ]</programlisting>
   </varlistentry>
 
 
-  <varlistentry><term><function>builtins.match</function>
-  <replaceable>regex</replaceable> <replaceable>str</replaceable></term>
-
-  <listitem><para>Returns a list if the <link
-  xlink:href="http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap09.html#tag_09_04">extended
-  POSIX regular expression</link> <replaceable>regex</replaceable>
-  matches <replaceable>str</replaceable> precisely, otherwise returns
-  <literal>null</literal>.  Each item in the list is a regex group.
-
-<programlisting>
-builtins.match "ab" "abc"
-</programlisting>
-
-Evaluates to <literal>null</literal>.
-
-<programlisting>
-builtins.match "abc" "abc"
-</programlisting>
-
-Evaluates to <literal>[ ]</literal>.
-
-<programlisting>
-builtins.match "a(b)(c)" "abc"
-</programlisting>
-
-Evaluates to <literal>[ "b" "c" ]</literal>.
-
-<programlisting>
-builtins.match "[[:space:]]+([[:upper:]]+)[[:space:]]+" "  FOO   "
-</programlisting>
-
-Evaluates to <literal>[ "foo" ]</literal>.
-
-  </para></listitem>
-  </varlistentry>
-
   <varlistentry><term><function>builtins.mul</function>
   <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
 
-    <listitem><para>Return the product of the numbers
+    <listitem><para>Return the product of the integers
     <replaceable>e1</replaceable> and
     <replaceable>e2</replaceable>.</para></listitem>
 
@@ -793,26 +596,13 @@ in config.someSetting</programlisting>
   </varlistentry>
 
 
-  <varlistentry><term><function>builtins.readDir</function>
-  <replaceable>path</replaceable></term>
+  <!--
+  <varlistentry><term><function>relativise</function></term>
 
-    <listitem><para>Return the contents of the directory
-    <replaceable>path</replaceable> as a set mapping directory entries
-    to the corresponding file type. For instance, if directory
-    <filename>A</filename> contains a regular file
-    <filename>B</filename> and another directory
-    <filename>C</filename>, then <literal>builtins.readDir
-    ./A</literal> will return the set
-
-<programlisting>
-{ B = "regular"; C = "directory"; }</programlisting>
-
-    The possible values for the file type are
-    <literal>"regular"</literal>, <literal>"directory"</literal>,
-    <literal>"symlink"</literal> and
-    <literal>"unknown"</literal>.</para></listitem>
+    <listitem><para>TODO</para></listitem>
 
   </varlistentry>
+  -->
 
 
   <varlistentry><term><function>builtins.readFile</function>
@@ -832,102 +622,14 @@ in config.someSetting</programlisting>
     <replaceable>set</replaceable>.  The attributes don’t have to
     exist in <replaceable>set</replaceable>. For instance,
 
-<programlisting>
-removeAttrs { x = 1; y = 2; z = 3; } [ "a" "x" "z" ]</programlisting>
+<screen>
+removeAttrs { x = 1; y = 2; z = 3; } [ "a" "x" "z" ]</screen>
 
     evaluates to <literal>{ y = 2; }</literal>.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry><term><function>builtins.replaceStrings</function>
-  <replaceable>from</replaceable> <replaceable>to</replaceable> <replaceable>s</replaceable></term>
-
-    <listitem><para>Given string <replaceable>s</replaceable>, replace
-    every occurrence of the strings in <replaceable>from</replaceable>
-    with the corresponding string in
-    <replaceable>to</replaceable>. For example,
-
-<programlisting>
-builtins.replaceStrings ["oo" "a"] ["a" "i"] "foobar"
-</programlisting>
-
-    evaluates to <literal>"fabir"</literal>.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><function>builtins.seq</function>
-  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
-
-    <listitem><para>Evaluate <replaceable>e1</replaceable>, then
-    evaluate and return <replaceable>e2</replaceable>. This ensures
-    that a computation is strict in the value of
-    <replaceable>e1</replaceable>.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><function>builtins.sort</function>
-  <replaceable>comparator</replaceable> <replaceable>list</replaceable></term>
-
-    <listitem><para>Return <replaceable>list</replaceable> in sorted
-    order. It repeatedly calls the function
-    <replaceable>comparator</replaceable> with two elements. The
-    comparator should return <literal>true</literal> if the first
-    element is less than the second, and <literal>false</literal>
-    otherwise. For example,
-
-<programlisting>
-builtins.sort builtins.lessThan [ 483 249 526 147 42 77 ]
-</programlisting>
-
-    produces the list <literal>[ 42 77 147 249 483 526
-    ]</literal>.</para>
-
-    <para>This is a stable sort: it preserves the relative order of
-    elements deemed equal by the comparator.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><function>builtins.split</function>
-  <replaceable>regex</replaceable> <replaceable>str</replaceable></term>
-
-  <listitem><para>Returns a list composed of non matched strings interleaved
-  with the lists of the <link
-  xlink:href="http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap09.html#tag_09_04">extended
-  POSIX regular expression</link> <replaceable>regex</replaceable> matches
-  of <replaceable>str</replaceable>. Each item in the lists of matched
-  sequences is a regex group.
-
-<programlisting>
-builtins.split "(a)b" "abc"
-</programlisting>
-
-Evaluates to <literal>[ "" [ "a" ] "c" ]</literal>.
-
-<programlisting>
-builtins.split "([ac])" "abc"
-</programlisting>
-
-Evaluates to <literal>[ "" [ "a" ] "b" [ "c" ] "" ]</literal>.
-
-<programlisting>
-builtins.split "(a)|(c)" "abc"
-</programlisting>
-
-Evaluates to <literal>[ "" [ "a" null ] "b" [ null "c" ] "" ]</literal>.
-
-<programlisting>
-builtins.split "([[:upper:]]+)" "  FOO   "
-</programlisting>
-
-Evaluates to <literal>[ "  " [ "FOO" ] "   " ]</literal>.
-
-  </para></listitem>
-  </varlistentry>
-
   <varlistentry><term><function>builtins.stringLength</function>
   <replaceable>e</replaceable></term>
 
@@ -941,7 +643,7 @@ Evaluates to <literal>[ "  " [ "FOO" ] "   " ]</literal>.
   <varlistentry><term><function>builtins.sub</function>
   <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>
 
-    <listitem><para>Return the difference between the numbers
+    <listitem><para>Return the difference between the integers
     <replaceable>e1</replaceable> and
     <replaceable>e2</replaceable>.</para></listitem>
 
@@ -961,14 +663,7 @@ Evaluates to <literal>[ "  " [ "FOO" ] "   " ]</literal>.
     len</replaceable> lies beyond the end of the string, only the
     substring up to the end of the string is returned.
     <replaceable>start</replaceable> must be
-    non-negative. For example,
-
-<programlisting>
-builtins.substring 0 3 "nixos"
-</programlisting>
-
-   evaluates to <literal>"nix"</literal>.
-   </para></listitem>
+    non-negative.</para></listitem>
 
   </varlistentry>
 
@@ -1028,8 +723,8 @@ stdenv.mkDerivation {
   ";
 
   src = fetchurl {
-    url = http://ftp.nluug.nl/pub/gnu/hello/hello-2.1.1.tar.gz;
-    sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
+    url = http://nix.cs.uu.nl/dist/tarballs/hello-2.1.1.tar.gz;
+    md5 = "70c9ccf9fac07f762c24f2df2290784d";
   };
   inherit perl;
 }</programlisting>
@@ -1075,7 +770,7 @@ in foo</programlisting>
   <varlistentry><term><function>builtins.toJSON</function> <replaceable>e</replaceable></term>
 
     <listitem><para>Return a string containing a JSON representation
-    of <replaceable>e</replaceable>.  Strings, integers, floats, booleans,
+    of <replaceable>e</replaceable>.  Strings, integers, booleans,
     nulls and lists are mapped to their JSON equivalents.  Sets
     (except derivations) are represented as objects.  Derivations are
     translated to a JSON string containing the derivation’s output
@@ -1102,17 +797,10 @@ in foo</programlisting>
 
     <listitem><para>Convert the expression
     <replaceable>e</replaceable> to a string.
-    <replaceable>e</replaceable> can be:</para>
-    <itemizedlist>
-      <listitem><para>A string (in which case the string is returned unmodified).</para></listitem>
-      <listitem><para>A path (e.g., <literal>toString /foo/bar</literal> yields <literal>"/foo/bar"</literal>.</para></listitem>
-      <listitem><para>A set containing <literal>{ __toString = self: ...; }</literal>.</para></listitem>
-      <listitem><para>An integer.</para></listitem>
-      <listitem><para>A list, in which case the string representations of its elements are joined with spaces.</para></listitem>
-      <listitem><para>A Boolean (<literal>false</literal> yields <literal>""</literal>, <literal>true</literal> yields <literal>"1"</literal>.</para></listitem>
-      <listitem><para><literal>null</literal>, which yields the empty string.</para></listitem>
-    </itemizedlist>
-    </listitem>
+    <replaceable>e</replaceable> can be a string (in which case
+    <function>toString</function> is a no-op) or a path (e.g.,
+    <literal>toString /foo/bar</literal> yields
+    <literal>"/foo/bar"</literal>.</para></listitem>
 
   </varlistentry>
 
@@ -1242,19 +930,6 @@ stdenv.mkDerivation (rec {
 
   </varlistentry>
 
-  <varlistentry><term><function>builtins.tryEval</function>
-  <replaceable>e</replaceable></term>
-
-    <listitem><para>Try to evaluate <replaceable>e</replaceable>.
-    Return a set containing the attributes <literal>success</literal>
-    (<literal>true</literal> if <replaceable>e</replaceable> evaluated
-    successfully, <literal>false</literal> if an error was thrown) and
-    <literal>value</literal>, equalling <replaceable>e</replaceable>
-    if successful and <literal>false</literal> otherwise.
-    </para></listitem>
-
-  </varlistentry>
-
 
   <varlistentry><term><function>builtins.typeOf</function>
   <replaceable>e</replaceable></term>
@@ -1263,9 +938,8 @@ stdenv.mkDerivation (rec {
     <replaceable>e</replaceable>, namely <literal>"int"</literal>,
     <literal>"bool"</literal>, <literal>"string"</literal>,
     <literal>"path"</literal>, <literal>"null"</literal>,
-    <literal>"set"</literal>, <literal>"list"</literal>,
-    <literal>"lambda"</literal> or
-    <literal>"float"</literal>.</para></listitem>
+    <literal>"set"</literal>, <literal>"list"</literal> or
+    <literal>"lambda"</literal>.</para></listitem>
 
   </varlistentry>
 

doc/manual/expressions/custom-builder.xml

@@ -0,0 +1,26 @@
+<section xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-custom-builder">
+
+<title>Customizing the Generic Builder</title>
+
+<para>The operation of the generic builder can be modified in many
+places by setting certain variables.  These <emphasis>hook
+variables</emphasis> are typically set to the name of some shell
+function defined by you.  For instance, to perform some additional
+steps after <command>make install</command> you would set the
+<varname>postInstall</varname> variable:
+
+<programlisting>
+postInstall=myPostInstall
+
+myPostInstall() {
+    mkdir $out/share/extra
+    cp extrafiles/* $out/share/extra
+}</programlisting>
+
+</para>
+
+</section>

doc/manual/expressions/debug-build.xml

@@ -6,14 +6,13 @@
 
 <title>Debugging Build Failures</title>
 
-<para>At the beginning of each phase of the build (such as unpacking,
-building or installing), the set of all shell variables is written to
-the file <filename>env-vars</filename> at the top-level build
-directory.  This is useful for debugging: it allows you to recreate
-the environment in which a build was performed.  For instance, if a
-build fails, then assuming you used the <option>-K</option> flag, you
-can go to the output directory and <quote>switch</quote> to the
-environment of the builder:
+<para>At the beginning of each phase, the set of all shell variables
+is written to the file <filename>env-vars</filename> at the top-level
+build directory.  This is useful for debugging: it allows you to
+recreate the environment in which a build was performed.  For
+instance, if a build fails, then assuming you used the
+<option>-K</option> flag, you can go to the output directory and
+<quote>switch</quote> to the environment of the builder:
 
 <screen>
 $ nix-build -K ./foo.nix
@@ -31,4 +30,4 @@ $ make
 
 </para>
 
-</section>
+</section>

doc/manual/expressions/derivations.xml

@@ -16,7 +16,7 @@ of which specify the inputs of the build.</para>
   <listitem xml:id="attr-system"><para>There must be an attribute named
   <varname>system</varname> whose value must be a string specifying a
   Nix platform identifier, such as <literal>"i686-linux"</literal> or
-  <literal>"x86_64-darwin"</literal><footnote><para>To figure out
+  <literal>"powerpc-darwin"</literal><footnote><para>To figure out
   your platform identifier, look at the line <quote>Checking for the
   canonical Nix system name</quote> in the output of Nix's
   <filename>configure</filename> script.</para></footnote> The build
@@ -43,7 +43,7 @@ of which specify the inputs of the build.</para>
 
     <itemizedlist>
 
-      <listitem><para>Strings and numbers are just passed
+      <listitem><para>Strings and integers are just passed
       verbatim.</para></listitem>
 
       <listitem><para>A <emphasis>path</emphasis> (e.g.,
@@ -100,7 +100,7 @@ outputs = [ "lib" "headers" "doc" ];
 <programlisting>
 buildInputs = [ pkg.lib pkg.headers ];
 </programlisting>
-  The first element of <varname>outputs</varname> determines the
+  The first element of <varname>output</varname> determines the
   <emphasis>default output</emphasis>.  Thus, you could also write
 <programlisting>
 buildInputs = [ pkg pkg.headers ];
@@ -110,12 +110,12 @@ buildInputs = [ pkg pkg.headers ];
 
 </itemizedlist>
 
-<para>The function <function>mkDerivation</function> in the Nixpkgs
-standard environment is a wrapper around
-<function>derivation</function> that adds a default value for
-<varname>system</varname> and always uses Bash as the builder, to
-which the supplied builder is passed as a command-line argument.  See
-the Nixpkgs manual for details.</para>
+<para>The function <function>mkDerivation</function> in the standard
+environment is a wrapper around <function>derivation</function> that
+adds a default value for <varname>system</varname> and always uses
+Bash as the builder, to which the supplied builder is passed as a
+command-line argument.  See <xref linkend='sec-standard-environment'
+/>.</para>
 
 <para>The builder is executed as follows:
 
@@ -208,4 +208,4 @@ the Nixpkgs manual for details.</para>
 
 <xi:include href="advanced-attributes.xml" />
 
-</section>
+</section>

doc/manual/expressions/expression-syntax.xml

@@ -16,7 +16,7 @@ stdenv.mkDerivation { <co xml:id='ex-hello-nix-co-2' />
   builder = ./builder.sh; <co xml:id='ex-hello-nix-co-4' />
   src = fetchurl { <co xml:id='ex-hello-nix-co-5' />
     url = ftp://ftp.nluug.nl/pub/gnu/hello/hello-2.1.1.tar.gz;
-    sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
+    md5 = "70c9ccf9fac07f762c24f2df2290784d";
   };
   inherit perl; <co xml:id='ex-hello-nix-co-6' />
 }</programlisting>
@@ -108,7 +108,7 @@ the single Nix expression in that directory
     <para>The builder has to know what the sources of the package
     are.  Here, the attribute <varname>src</varname> is bound to the
     result of a call to the <command>fetchurl</command> function.
-    Given a URL and a SHA-256 hash of the expected contents of the file
+    Given a URL and an MD5 hash of the expected contents of the file
     at that URL, this function builds a derivation that downloads the
     file and checks its hash.  So the sources are a dependency that
     like all other dependencies is built before Hello itself is
@@ -145,4 +145,4 @@ perl = perl;</programlisting>
 
 </para>
 
-</section>
+</section>

doc/manual/expressions/generic-builder.xml

@@ -71,7 +71,7 @@ genericBuild <co xml:id='ex-hello-builder2-co-3' /></programlisting>
     generic builder is smart enough to figure out whether to unpack
     the sources using <command>gzip</command>,
     <command>bzip2</command>, etc.  It can be customised in many ways;
-    see the Nixpkgs manual for details.</para>
+    see <xref linkend='sec-standard-environment' />.</para>
 
   </callout>
 
@@ -95,4 +95,4 @@ In fact, <varname>mkDerivation</varname> provides a default builder
 that looks exactly like that, so it is actually possible to omit the
 builder for Hello entirely.</para>
 
-</section>
+</section>

doc/manual/expressions/language-constructs.xml

@@ -177,19 +177,13 @@ map (concat "foo") [ "bar" "bla" "abc" ]</programlisting>
   <listitem><para>An <literal>@</literal>-pattern provides a means of referring
   to the whole value being matched:
 
-<programlisting> args@{ x, y, z, ... }: z + y + x + args.a</programlisting>
-
-but can also be written as:
-
-<programlisting> { x, y, z, ... } @ args: z + y + x + args.a</programlisting>
+<programlisting>
+args@{ x, y, z, ... }: z + y + x + args.a</programlisting>
 
   Here <varname>args</varname> is bound to the entire argument, which
   is further matched against the pattern <literal>{ x, y, z,
-  ... }</literal>. <literal>@</literal>-pattern makes mainly sense with an 
-  ellipsis(<literal>...</literal>) as you can access attribute names as 
-  <literal>a</literal>, using <literal>args.a</literal>, which was given as an
-  additional attribute to the function.
-  </para></listitem>
+  ... }</literal>.</para></listitem>
+
 
 </itemizedlist>
 
@@ -333,20 +327,7 @@ with (import ./definitions.nix); ...</programlisting>
 
 makes all attributes defined in the file
 <filename>definitions.nix</filename> available as if they were defined
-locally in a <literal>let</literal>-expression.</para>
-
-<para>The bindings introduced by <literal>with</literal> do not shadow bindings
-introduced by other means, e.g.
-
-<programlisting>
-let a = 3; in with { a = 1; }; let a = 4; in with { a = 2; }; ...</programlisting>
-
-establishes the same scope as
-
-<programlisting>
-let a = 1; in let a = 2; in let a = 3; in let a = 4; in ...</programlisting>
-
-</para>
+locally in a <literal>rec</literal>-expression.</para>
 
 </simplesect>
 
@@ -360,4 +341,4 @@ character, or inline/multi-line, enclosed within <literal>/*
 </simplesect>
 
 
-</section>
+</section>

doc/manual/expressions/language-operators.xml

@@ -40,11 +40,6 @@ weakest binding).</para>
         <entry>Call function <replaceable>e1</replaceable> with
         argument <replaceable>e2</replaceable>.</entry>
       </row>
-      <row>
-        <entry><literal>-</literal> <replaceable>e</replaceable></entry>
-        <entry>none</entry>
-        <entry>Arithmetic negation.</entry>
-      </row>
       <row>
         <entry><replaceable>e</replaceable> <literal>?</literal>
         <replaceable>attrpath</replaceable></entry>
@@ -60,24 +55,13 @@ weakest binding).</para>
         <entry>List concatenation.</entry>
       </row>
       <row>
-        <entry>
-          <replaceable>e1</replaceable> <literal>*</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>/</literal> <replaceable>e2</replaceable>
-        </entry>
+        <entry><replaceable>e1</replaceable> <literal>+</literal> <replaceable>e2</replaceable></entry>
         <entry>left</entry>
-        <entry>Arithmetic multiplication and division.</entry>
-      </row>
-      <row>
-        <entry>
-          <replaceable>e1</replaceable> <literal>+</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>-</literal> <replaceable>e2</replaceable>
-        </entry>
-        <entry>left</entry>
-        <entry>Arithmetic addition and subtraction.  String or path concatenation (only by <literal>+</literal>).</entry>
+        <entry>String or path concatenation.</entry>
       </row>
       <row>
         <entry><literal>!</literal> <replaceable>e</replaceable></entry>
-        <entry>none</entry>
+        <entry>left</entry>
         <entry>Boolean negation.</entry>
       </row>
       <row>
@@ -91,22 +75,16 @@ weakest binding).</para>
         attributes).</entry>
       </row>
       <row>
-        <entry>
-          <replaceable>e1</replaceable> <literal>&lt;</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>&gt;</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>&lt;=</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>&gt;=</literal> <replaceable>e2</replaceable>
-        </entry>
+        <entry><replaceable>e1</replaceable> <literal>==</literal>
+        <replaceable>e2</replaceable></entry>
         <entry>none</entry>
-        <entry>Arithmetic comparison.</entry>
+        <entry>Equality.</entry>
       </row>
       <row>
-        <entry>
-          <replaceable>e1</replaceable> <literal>==</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>!=</literal> <replaceable>e2</replaceable>
-        </entry>
+        <entry><replaceable>e1</replaceable> <literal>!=</literal>
+        <replaceable>e2</replaceable></entry>
         <entry>none</entry>
-        <entry>Equality and inequality.</entry>
+        <entry>Inequality.</entry>
       </row>
       <row>
         <entry><replaceable>e1</replaceable> <literal>&amp;&amp;</literal>

doc/manual/expressions/language-values.xml

@@ -98,17 +98,13 @@ configureFlags = "
 
     <para>Since <literal>${</literal> and <literal>''</literal> have
     special meaning in indented strings, you need a way to quote them.
-    <literal>$</literal> can be escaped by prefixing it with
+    <literal>${</literal> can be escaped by prefixing it with
     <literal>''</literal> (that is, two single quotes), i.e.,
-    <literal>''$</literal>. <literal>''</literal> can be escaped by
+    <literal>''${</literal>.  <literal>''</literal> can be escaped by
     prefixing it with <literal>'</literal>, i.e.,
-    <literal>'''</literal>. <literal>$</literal> removes any special meaning
-    from the following <literal>$</literal>. Linefeed, carriage-return and tab
-    characters can be written as <literal>''\n</literal>,
-    <literal>''\r</literal>, <literal>''\t</literal>, and <literal>''\</literal>
-    escapes any other character.
-
-    </para>
+    <literal>'''</literal>.  Finally, linefeed, carriage-return and
+    tab characters can be written as <literal>''\n</literal>,
+    <literal>''\r</literal>, <literal>''\t</literal>.</para>
 
     <para>Indented strings are primarily useful in that they allow
     multi-line string literals to follow the indentation of the
@@ -144,13 +140,8 @@ stdenv.mkDerivation {
 
   </listitem>
 
-  <listitem><para>Numbers, which can be <emphasis>integers</emphasis> (like
-  <literal>123</literal>) or <emphasis>floating point</emphasis> (like
-  <literal>123.43</literal> or <literal>.27e13</literal>).</para>
-
-  <para>Numbers are type-compatible: pure integer operations will always
-  return integers, whereas any operation involving at least one floating point
-  number will have a floating point number as a result.</para></listitem>
+  <listitem><para><emphasis>Integers</emphasis>, e.g.,
+  <literal>123</literal>.</para></listitem>
 
   <listitem><para><emphasis>Paths</emphasis>, e.g.,
   <filename>/bin/sh</filename> or <filename>./builder.sh</filename>.
@@ -164,23 +155,7 @@ stdenv.mkDerivation {
   expression that contained it.  For instance, if a Nix expression in
   <filename>/foo/bar/bla.nix</filename> refers to
   <filename>../xyzzy/fnord.nix</filename>, the absolute path is
-  <filename>/foo/xyzzy/fnord.nix</filename>.</para>
-
-  <para>If the first component of a path is a <literal>~</literal>,
-  it is interpreted as if the rest of the path were relative to the
-  user's home directory. e.g. <filename>~/foo</filename> would be
-  equivalent to <filename>/home/edolstra/foo</filename> for a user
-  whose home directory is <filename>/home/edolstra</filename>.
-  </para>
-
-  <para>Paths can also be specified between angle brackets, e.g.
-  <literal>&lt;nixpkgs&gt;</literal>. This means that the directories
-  listed in the environment variable
-  <envar linkend="env-NIX_PATH">NIX_PATH</envar> will be searched
-  for the given file or directory name.
-  </para>
-
-  </listitem>
+  <filename>/foo/xyzzy/fnord.nix</filename>.</para></listitem>
 
   <listitem><para><emphasis>Booleans</emphasis> with values
   <literal>true</literal> and
@@ -289,23 +264,6 @@ added to the set:
 This will evaluate to <literal>{}</literal> if <literal>foo</literal>
 evaluates to <literal>false</literal>.</para>
 
-<para>A set that has a <literal>__functor</literal> attribute whose value
-is callable (i.e. is itself a function or a set with a
-<literal>__functor</literal> attribute whose value is callable) can be
-applied as if it were a function, with the set itself passed in first
-, e.g.,
-
-<programlisting>
-let add = { __functor = self: x: x + self.x; };
-    inc = add // { x = 1; };
-in inc 1
-</programlisting>
-
-evaluates to <literal>2</literal>. This can be used to attach metadata to a
-function without the caller needing to treat it specially, or to implement
-a form of object-oriented programming, for example.
-
-</para>
 
 </simplesect>
 

doc/manual/expressions/simple-building-testing.xml

@@ -7,14 +7,15 @@
 <title>Building and Testing</title>
 
 <para>You can now try to build Hello.  Of course, you could do
-<literal>nix-env -i hello</literal>, but you may not want to install a
-possibly broken package just yet.  The best way to test the package is by
-using the command <command linkend="sec-nix-build">nix-build</command>,
-which builds a Nix expression and creates a symlink named
-<filename>result</filename> in the current directory:
+<literal>nix-env -f pkgs/top-level/all-packages.nix -i hello</literal>,
+but you may not want to install a possibly broken package just yet.
+The best way to test the package is by using the command <command
+linkend="sec-nix-build">nix-build</command>, which builds a Nix
+expression and creates a symlink named <filename>result</filename> in
+the current directory:
 
 <screen>
-$ nix-build -A hello
+$ nix-build pkgs/top-level/all-packages.nix -A hello
 building path `/nix/store/632d2b22514d...-hello-2.1.1'
 hello-2.1.1/
 hello-2.1.1/intl/
@@ -28,7 +29,8 @@ $ ./result/bin/hello
 Hello, world!</screen>
 
 The <link linkend='opt-attr'><option>-A</option></link> option selects
-the <literal>hello</literal> attribute.  This is faster than using the
+the <literal>hello</literal> attribute from
+<filename>all-packages.nix</filename>.  This is faster than using the
 symbolic package name specified by the <literal>name</literal>
 attribute (which also happens to be <literal>hello</literal>) and is
 unambiguous (there can be multiple packages with the symbolic name
@@ -67,7 +69,7 @@ block (or perform other derivations if available) until the build
 finishes:
 
 <screen>
-$ nix-build -A hello
+$ nix-build pkgs/top-level/all-packages.nix -A hello
 waiting for lock on `/nix/store/0h5b7hp8d4hqfrw8igvx97x1xawrjnac-hello-2.1.1x'</screen>
 
 So it is always safe to run multiple instances of Nix in parallel
@@ -81,6 +83,4 @@ Just pass the option <link linkend='opt-max-jobs'><option>-j
 in parallel, or set.  Typically this should be the number of
 CPUs.</para>
 
-<xi:include href="debug-build.xml" />
-
-</section>
+</section>

doc/manual/expressions/simple-expression.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-simple-expression">
 
-<title>A Simple Nix Expression</title>
+<title>Simple Nix Expression Use-Case</title>
 
 <para>This section shows how to add and test the <link
 xlink:href='http://www.gnu.org/software/hello/hello.html'>GNU Hello
@@ -44,4 +44,4 @@ need to do three things:
 <xi:include href="simple-building-testing.xml" />
 <xi:include href="generic-builder.xml" />
 
-</chapter>
+</chapter>

doc/manual/expressions/standard-env.xml

@@ -0,0 +1,60 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id='sec-standard-environment'>
+
+<title>The Standard Environment</title>
+
+
+<para>The standard environment is used by passing it as an input
+called <envar>stdenv</envar> to the derivation, and then doing
+
+<programlisting>
+source $stdenv/setup</programlisting>
+
+at the top of the builder.</para>
+
+<para>Apart from adding the aforementioned commands to the
+<envar>PATH</envar>, <filename>setup</filename> also does the
+following:
+
+<itemizedlist>
+
+  <listitem><para>All input packages specified in the
+  <envar>buildInputs</envar> environment variable have their
+  <filename>/bin</filename> subdirectory added to <envar>PATH</envar>,
+  their <filename>/include</filename> subdirectory added to the C/C++
+  header file search path, and their <filename>/lib</filename>
+  subdirectory added to the linker search path.  This can be extended.
+  For instance, when the <command>pkgconfig</command> package is
+  used, the subdirectory <filename>/lib/pkgconfig</filename> of each
+  input is added to the <envar>PKG_CONFIG_PATH</envar> environment
+  variable.</para></listitem>
+
+  <listitem><para>The environment variable
+  <envar>NIX_CFLAGS_STRIP</envar> is set so that the compiler strips
+  debug information from object files.  This can be disabled by
+  setting <envar>NIX_STRIP_DEBUG</envar> to
+  <literal>0</literal>.</para></listitem>
+
+</itemizedlist>
+
+</para>
+
+<para>The <filename>setup</filename> script also exports a function
+called <function>genericBuild</function> that knows how to build
+typical Autoconf-style packages.  It can be customised to perform
+builds for any type of package.  It is advisable to use
+<function>genericBuild</function> since it provides facilities that
+are almost always useful such as unpacking of sources, patching of
+sources, nested logging, etc.</para>
+
+<para>The definitive, up-to-date documentation of the generic builder
+is the source itself, which resides in
+<filename>pkgs/stdenv/generic/setup.sh</filename>.</para>
+
+<xi:include href="custom-builder.xml" />
+<xi:include href="debug-build.xml" />
+
+</chapter>

doc/manual/expressions/writing-nix-expressions.xml

@@ -22,5 +22,6 @@ manual</link>.</para></note>
 
 <xi:include href="simple-expression.xml" />
 <xi:include href="expression-language.xml" />
+<xi:include href="standard-env.xml" />
 
 </part>

doc/manual/glossary/glossary.xml

@@ -54,7 +54,7 @@
 
   <glossdef><para>A substitute is a command invocation stored in the
   Nix database that describes how to build a store object, bypassing
-  the normal build mechanism (i.e., derivations).  Typically, the
+  normal the build mechanism (i.e., derivations).  Typically, the
   substitute builds the store object by downloading a pre-built
   version of the store object from some server.</para></glossdef>
 

doc/manual/hacking.xml

@@ -22,7 +22,7 @@ $ nix-build release.nix -A build.x86_64-linux
 environment variables are set up so that those dependencies can be
 found:
 <screen>
-$ nix-shell
+$ ./dev-shell
 </screen>
 To build Nix itself in this shell:
 <screen>
@@ -30,7 +30,7 @@ To build Nix itself in this shell:
 [nix-shell]$ configurePhase
 [nix-shell]$ make
 </screen>
-To install it in <literal>$(pwd)/nix</literal> and test it:
+To test it:
 <screen>
 [nix-shell]$ make install
 [nix-shell]$ make installcheck

doc/manual/installation/building-source.xml

@@ -46,4 +46,12 @@ packages will need to be built from source.</para></warning>
 <filename>/nix/var</filename> by default.  This can be changed using
 <option>--localstatedir=<replaceable>path</replaceable></option>.</para>
 
-</section>
+<para>If you want to rebuild the documentation, pass the full path to
+the DocBook RELAX NG schemas and to the DocBook XSL stylesheets using
+the
+<option>--with-docbook-rng=<replaceable>path</replaceable></option>
+and
+<option>--with-docbook-xsl=<replaceable>path</replaceable></option>
+options.</para>
+
+</section>

doc/manual/installation/installing-binary.xml

@@ -6,8 +6,7 @@
 
 <title>Installing a Binary Distribution</title>
 
-<para>If you are using Linux or macOS, the easiest way to install
-Nix is to run the following command:
+<para>The easiest way to install Nix is to run the following command:
 
 <screen>
 $ bash &lt;(curl https://nixos.org/nix/install)
@@ -19,27 +18,18 @@ run this under your usual user account, <emphasis>not</emphasis> as
 root.  The script will invoke <command>sudo</command> to create
 <filename>/nix</filename> if it doesn’t already exist.  If you don’t
 have <command>sudo</command>, you should manually create
-<command>/nix</command> first as root, e.g.:
+<command>/nix</command> first as root:
 
 <screen>
 $ mkdir /nix
 $ chown alice /nix
 </screen>
 
-The install script will modify the first writable file from amongst
-<filename>.bash_profile</filename>, <filename>.bash_login</filename>
-and <filename>.profile</filename> to source
-<filename>~/.nix-profile/etc/profile.d/nix.sh</filename>. You can set
-the <command>NIX_INSTALLER_NO_MODIFY_PROFILE</command> environment
-variable before executing the install script to disable this
-behaviour.
-
 </para>
 
-<!--
 <para>You can also manually download and install a binary package.
 Binary packages of the latest stable release are available for Fedora,
-Debian, Ubuntu, macOS and various other systems from the <link
+Debian, Ubuntu, Mac OS X and various other systems from the <link
 xlink:href="http://nixos.org/nix/download.html">Nix homepage</link>.
 You can also get builds of the latest development release from our
 <link
@@ -50,7 +40,7 @@ build system</link>.</para>
 or upgraded using <command>rpm -U</command>.  For example,
 
 <screen>
-$ rpm -U nix-1.8-1.i386.rpm</screen>
+$ rpm -U nix-1.7-1.i386.rpm</screen>
 
 </para>
 
@@ -58,22 +48,21 @@ $ rpm -U nix-1.8-1.i386.rpm</screen>
 install it like this:
 
 <screen>
-$ dpkg -i nix_1.8-1_amd64.deb</screen>
+$ dpkg -i nix_1.7-1_amd64.deb</screen>
 
 </para>
--->
 
-<para>You can also download a binary tarball that contains Nix and all
-its dependencies.  (This is what the install script at
-<uri>https://nixos.org/nix/install</uri> does automatically.)  You
-should unpack it somewhere (e.g. in <filename>/tmp</filename>), and
-then run the script named <command>install</command> inside the binary
-tarball:
+<para>For other platforms, including Mac OS X (Darwin), FreeBSD and
+other Linux distributions, you can download a binary tarball that
+contains Nix and all its dependencies.  (This is what the install
+script at <uri>https://nixos.org/nix/install</uri> uses.)  You should
+unpack it somewhere (e.g. in <filename>/tmp</filename>), and then run
+the script named <command>install</command> inside the binary tarball:
 
 <screen>
 alice$ cd /tmp
-alice$ tar xfj nix-1.8-x86_64-darwin.tar.bz2
-alice$ cd nix-1.8-x86_64-darwin
+alice$ tar xfj nix-1.7-x86_64-darwin.tar.bz2
+alice$ cd nix-1.7-x86_64-darwin
 alice$ ./install
 </screen>
 
@@ -89,12 +78,4 @@ $ rm -rf /nix</screen>
 
 </para>
 
-<para>You can uninstall Nix simply by running:
-
-<screen>
-$ rm -rf /nix
-</screen>
-
-</para>
-
-</chapter>
+</chapter>

doc/manual/installation/multi-user.xml

@@ -23,11 +23,11 @@ daemon</emphasis> running under the owner of the Nix store/database
 that performs the operation.</para>
 
 <note><para>Multi-user mode has one important limitation: only
-<systemitem class="username">root</systemitem> and a set of trusted
-users specified in <filename>nix.conf</filename> can specify arbitrary
-binary caches. So while unprivileged users may install packages from
-arbitrary Nix expressions, they may not get pre-built
-binaries.</para></note>
+<systemitem class="username">root</systemitem> can run <command
+linkend="sec-nix-pull">nix-pull</command> to register the availability
+of pre-built binaries.  However, those registrations are shared by all
+users, so they still get the benefit from <command>nix-pull</command>s
+done by <systemitem class="username">root</systemitem>.</para></note>
 
 
 <simplesect>
@@ -52,34 +52,6 @@ This creates 10 build users. There can never be more concurrent builds
 than the number of build users, so you may want to increase this if
 you expect to do many builds at the same time.</para>
 
-<para>On macOS, you can create the required group and users by
-running the following script:
-
-<programlisting>
-#! /bin/bash -e
-
-dseditgroup -o create nixbld -q
-
-gid=$(dscl . -read /Groups/nixbld | awk '($1 == "PrimaryGroupID:") {print $2 }')
-
-echo "created nixbld group with gid $gid"
-
-for i in $(seq 1 10); do
-    user=/Users/nixbld$i
-    uid="$((30000 + $i))"
-    dscl . create $user
-    dscl . create $user RealName "Nix build user $i"
-    dscl . create $user PrimaryGroupID "$gid"
-    dscl . create $user UserShell /usr/bin/false
-    dscl . create $user NFSHomeDirectory /var/empty
-    dscl . create $user UniqueID "$uid"
-    dseditgroup -o edit -a nixbld$i -t user nixbld
-    echo "created nixbld$i user with uid $uid"
-done
-</programlisting>
-
-</para>
-
 </simplesect>
 
 

doc/manual/installation/prerequisites-source.xml

@@ -10,7 +10,9 @@
 
   <listitem><para>GNU Make.</para></listitem>
 
-  <listitem><para>A version of GCC or Clang that supports C++14.</para></listitem>
+  <listitem><para>A version of GCC or Clang that supports C++11.</para></listitem>
+
+  <listitem><para>Perl 5.8 or higher.</para></listitem>
 
   <listitem><para><command>pkg-config</command> to locate
   dependencies.  If your distribution does not provide it, you can get
@@ -18,10 +20,6 @@
   xlink:href="http://www.freedesktop.org/wiki/Software/pkg-config"
   />.</para></listitem>
 
-  <listitem><para>The OpenSSL library to calculate cryptographic hashes.
-  If your distribution does not provide it, you can get it from <link
-  xlink:href="https://www.openssl.org"/>.</para></listitem>
-
   <listitem><para>The bzip2 compressor program and the
   <literal>libbz2</literal> library.  Thus you must have bzip2
   installed, including development headers and libraries.  If your
@@ -32,8 +30,13 @@
   or higher.  If your distribution does not provide it, please install
   it from <link xlink:href="http://www.sqlite.org/" />.</para></listitem>
 
+  <listitem><para>The Perl DBI and DBD::SQLite libraries, which are
+  available from <link
+  xlink:href="http://search.cpan.org/">CPAN</link> if your
+  distribution does not provide them.</para></listitem>
+
   <listitem><para>The <link
-  xlink:href="http://www.hboehm.info/gc/">Boehm
+  xlink:href="http://www.hpl.hp.com/personal/Hans_Boehm/gc/">Boehm
   garbage collector</link> to reduce the evaluator’s memory
   consumption (optional).  To enable it, install
   <literal>pkgconfig</literal> and the Boehm garbage collector, and
@@ -67,4 +70,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/installation/supported-platforms.xml

@@ -10,13 +10,12 @@
 
 <itemizedlist>
 
-  <listitem><para>Linux (i686, x86_64).</para></listitem>
+  <listitem><para>Linux (particularly on x86, x86_64, and
+  PowerPC).</para></listitem>
 
-  <listitem><para>macOS (x86_64).</para></listitem>
+  <listitem><para>Mac OS X.</para></listitem>
 
-  <!--
   <listitem><para>FreeBSD (only tested on Intel).</para></listitem>
-  -->
 
   <!--
   <listitem><para>Windows through <link
@@ -33,7 +32,7 @@
 
 </para>
 
-<para>Nix is fairly portable, so it should work on most platforms that
-support POSIX threads and have a C++11 compiler.</para>
+<para>Nix is pretty portable, so it should work on most other Unix
+platforms as well.</para>
 
-</chapter>
+</chapter>

doc/manual/introduction/about-nix.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-about-nix">
 
-<title>About Nix</title>
+<title>Introduction</title>
 
 <para>Nix is a <emphasis>purely functional package manager</emphasis>.
 This means that it treats packages like values in purely functional
@@ -16,10 +16,10 @@ store</emphasis>, usually the directory
 subdirectory such as
 
 <programlisting>
-/nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1/
+/nix/store/nlc4z5y1hm8w9s8vm6m1f5hy962xjmp5-firefox-12.0
 </programlisting>
 
-where <literal>b6gvzjyb2pg0…</literal> is a unique identifier for the
+where <literal>nlc4z5…</literal> is a unique identifier for the
 package that captures all its dependencies (it’s a cryptographic hash
 of the package’s build dependency graph).  This enables many powerful
 features.</para>
@@ -62,10 +62,9 @@ directories such as
 so if a package builds correctly on your system, this is because you
 specified the dependency explicitly.</para>
 
-<para>Once a package is built, runtime dependencies are found by
-scanning binaries for the hash parts of Nix store paths (such as
-<literal>r8vvq9kq…</literal>).  This sounds risky, but it works
-extremely well.</para>
+<para>Runtime dependencies are found by scanning binaries for the hash
+parts of Nix store paths (such as <literal>r8vvq9kq…</literal>).  This
+sounds risky, but it works extremely well.</para>
 
 </simplesect>
 
@@ -93,7 +92,7 @@ time window in which the package has some files from the old version
 and some files from the new version — which would be bad because a
 program might well crash if it’s started during that period.</para>
 
-<para>And since packages aren’t overwritten, the old versions are still
+<para>And since package aren’t overwritten, the old versions are still
 there after an upgrade.  This means that you can <emphasis>roll
 back</emphasis> to the old version:</para>
 
@@ -162,19 +161,19 @@ library and the compiler) would have to built, at least if they are
 not already in the Nix store.  This is a <emphasis>source deployment
 model</emphasis>.  For most users, building from source is not very
 pleasant as it takes far too long.  However, Nix can automatically
-skip building from source and instead use a <emphasis>binary
-cache</emphasis>, a web server that provides pre-built binaries. For
-instance, when asked to build
-<literal>/nix/store/b6gvzjyb2pg0…-firefox-33.1</literal> from source,
-Nix would first check if the file
-<uri>https://cache.nixos.org/b6gvzjyb2pg0….narinfo</uri> exists, and
-if so, fetch the pre-built binary referenced from there; otherwise, it
-would fall back to building from source.</para>
+skip building from source and download a pre-built binary instead if
+it knows about it.  <emphasis>Nix channels</emphasis> provide Nix
+expressions along with pre-built binaries.</para>
+
+<!--
+<para>source deployment model (like <a
+href="http://www.gentoo.org/">Gentoo</a>) and a binary model (like
+RPM)</para>
+-->
 
 </simplesect>
 
 
-<!--
 <simplesect><title>Binary patching</title>
 
 <para>In addition to downloading binaries automatically if they’re
@@ -183,7 +182,6 @@ package in the Nix store into a new version.  This speeds up
 upgrades.</para>
 
 </simplesect>
--->
 
 
 <simplesect><title>Nix Packages collection</title>
@@ -195,48 +193,10 @@ collection</emphasis> (Nixpkgs).</para>
 </simplesect>
 
 
-<simplesect><title>Managing build environments</title>
-
-<para>Nix is extremely useful for developers as it makes it easy to
-automatically set up the build environment for a package. Given a
-Nix expression that describes the dependencies of your package, the
-command <command>nix-shell</command> will build or download those
-dependencies if they’re not already in your Nix store, and then start
-a Bash shell in which all necessary environment variables (such as
-compiler search paths) are set.</para>
-
-<para>For example, the following command gets all dependencies of the
-Pan newsreader, as described by <link
-xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/newsreaders/pan/default.nix">its
-Nix expression</link>:</para>
-
-<screen>
-$ nix-shell '&lt;nixpkgs>' -A pan
-</screen>
-
-<para>You’re then dropped into a shell where you can edit, build and test
-the package:</para>
-
-<screen>
-[nix-shell]$ tar xf $src
-[nix-shell]$ cd pan-*
-[nix-shell]$ ./configure
-[nix-shell]$ make
-[nix-shell]$ ./pan/gui/pan
-</screen>
-
-<!--
-<para>Since Nix packages are reproducible and have complete dependency
-specifications, Nix makes an excellent basis for <a
-href="[%root%]hydra">a continuous build system</a>.</para>
--->
-
-</simplesect>
-
-
 <simplesect><title>Portability</title>
 
-<para>Nix runs on Linux and macOS.</para>
+<para>Nix should run on most Unix systems, including Linux and Mac OS
+X.</para>
 
 </simplesect>
 
@@ -246,28 +206,20 @@ href="[%root%]hydra">a continuous build system</a>.</para>
 <para>NixOS is a Linux distribution based on Nix.  It uses Nix not
 just for package management but also to manage the system
 configuration (e.g., to build configuration files in
-<filename>/etc</filename>).  This means, among other things, that it
-is easy to roll back the entire configuration of the system to an
-earlier state.  Also, users can install software without root
+<filename>/etc</filename>).  This means, among other things, that it’s
+possible to easily roll back the entire configuration of the system to
+an earlier state.  Also, users can install software without root
 privileges.  For more information and downloads, see the <link
 xlink:href="http://nixos.org/">NixOS homepage</link>.</para>
 
 </simplesect>
 
 
-<simplesect><title>License</title>
+<!-- other features:
 
-<para>Nix is released under the terms of the <link
-xlink:href="http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html">GNU
-LGPLv2.1 or (at your option) any later version</link>.</para>
-
-<para>Nix uses the <link
-xlink:href="https://github.com/arangodb/linenoise-ng">linenoise-ng
-library</link>, which has the following license:</para>
-
-<programlisting><xi:include href="../../../src/linenoise/LICENSE" parse="text" /></programlisting>
-
-</simplesect>
+- build farms
+- reproducibility (Nix expressions allows whole configuration to be rebuilt)
 
+-->
 
 </chapter>

doc/manual/introduction/introduction.xml

@@ -7,6 +7,5 @@
 <title>Introduction</title>
 
 <xi:include href="about-nix.xml" />
-<xi:include href="quick-start.xml" />
 
 </part>

doc/manual/local.mk

@@ -1,6 +1,3 @@
-
-ifeq ($(doc_generate),yes)
-
 XSLTPROC = $(xsltproc) --nonet $(xmlflags) \
   --param section.autolabel 1 \
   --param section.label.includes.component.label 1 \
@@ -10,11 +7,7 @@ XSLTPROC = $(xsltproc) --nonet $(xmlflags) \
   --param admon.style \'\' \
   --param callout.graphics.extension \'.gif\' \
   --param contrib.inline.enabled 0 \
-  --stringparam generate.toc "book toc" \
-  --param keep.relative.image.uris 0
-
-docbookxsl = http://docbook.sourceforge.net/release/xsl-ns/current
-docbookrng = http://docbook.org/xml/5.0/rng/docbook.rng
+  --stringparam generate.toc "book toc"
 
 MANUAL_SRCS := $(call rwildcard, $(d), *.xml)
 
@@ -31,7 +24,7 @@ $(d)/version.txt:
 $(d)/manual.is-valid: $(d)/manual.xmli
 	$(trace-gen) $(XSLTPROC) --novalid --stringparam profile.condition manual \
 	  $(docbookxsl)/profiling/profile.xsl $< 2> /dev/null | \
-	  $(xmllint) --nonet --noout --relaxng $(docbookrng) -
+	  $(xmllint) --nonet --noout --relaxng $(docbookrng)/docbook.rng -
 	@touch $@
 
 clean-files += $(d)/manual.xmli $(d)/version.txt $(d)/manual.is-valid
@@ -42,9 +35,9 @@ dist-files += $(d)/manual.xmli $(d)/version.txt $(d)/manual.is-valid
 # Generate man pages.
 man-pages := $(foreach n, \
   nix-env.1 nix-build.1 nix-shell.1 nix-store.1 nix-instantiate.1 \
-  nix-collect-garbage.1 \
-  nix-prefetch-url.1 nix-channel.1 \
-  nix-hash.1 nix-copy-closure.1 \
+  nix-collect-garbage.1 nix-push.1 nix-pull.1 \
+  nix-prefetch-url.1 nix-channel.1 nix-generate-patches.1 \
+  nix-install-package.1 nix-hash.1 nix-copy-closure.1 \
   nix.conf.5 nix-daemon.8, \
   $(d)/$(n))
 
@@ -74,14 +67,22 @@ $(foreach file, $(wildcard $(d)/images/callouts/*.gif), $(eval $(call install-da
 
 $(eval $(call install-symlink, manual.html, $(docdir)/manual/index.html))
 
-
 all: $(d)/manual.html
 
-
-
 clean-files += $(d)/manual.html
 
 dist-files += $(d)/manual.html
 
 
-endif
+# Generate the PDF manual.
+$(d)/manual.pdf: $(d)/manual.xml $(MANUAL_SRCS) $(d)/manual.is-valid
+	$(trace-gen) if test "$(dblatex)" != ""; then \
+		cd doc/manual && $(XSLTPROC) --xinclude --stringparam profile.condition manual \
+		  $(docbookxsl)/profiling/profile.xsl manual.xml | \
+		  $(dblatex) -o $(notdir $@) $(dblatex_opts) -; \
+	else \
+		echo "Please install dblatex and rerun configure."; \
+		exit 1; \
+	fi
+
+clean-files += $(d)/manual.pdf

doc/manual/manual.xml

@@ -4,8 +4,10 @@
       version="5.0">
 
   <info>
+
     <title>Nix Package Manager Guide</title>
-    <subtitle>Version <xi:include href="version.txt" parse="text" /></subtitle>
+
+    <edition>Version <xi:include href="version.txt" parse="text" /></edition>
 
     <author>
       <personname>
@@ -23,23 +25,22 @@
       <holder>Eelco Dolstra</holder>
     </copyright>
 
-    <date>November 2014</date>
+    <date>September 2014</date>
 
   </info>
 
-  <!--
   <preface>
     <title>Preface</title>
     <para>This manual describes how to set up and use the Nix package
     manager.</para>
   </preface>
-  -->
 
   <xi:include href="introduction/introduction.xml" />
+  <xi:include href="quick-start/quick-start.xml" />
   <xi:include href="installation/installation.xml" />
   <xi:include href="packages/package-management.xml" />
   <xi:include href="expressions/writing-nix-expressions.xml" />
-  <xi:include href="advanced-topics/advanced-topics.xml" />
+  <xi:include href="builds/build-farm.xml" />
   <xi:include href="command-ref/command-ref.xml" />
   <xi:include href="troubleshooting/troubleshooting.xml" />
   <xi:include href="glossary/glossary.xml" />

doc/manual/packages/basic-package-mgmt.xml

@@ -28,71 +28,40 @@ Nix expressions called the Nix Package collection that contains
 packages ranging from basic development stuff such as GCC and Glibc,
 to end-user applications like Mozilla Firefox.  (Nix is however not
 tied to the Nix Package collection; you could write your own Nix
-expressions based on it, or completely new ones.)</para>
+expressions based on it, or completely new ones.)  You can download
+the latest version from <link
+xlink:href='http://nixos.org/nixpkgs/download.html' />.</para>
 
-<para>You can manually download the latest version of Nixpkgs from
-<link xlink:href='http://nixos.org/nixpkgs/download.html'/>. However,
-it’s much more convenient to use the Nixpkgs
-<emphasis>channel</emphasis>, since it makes it easy to stay up to
-date with new versions of Nixpkgs. (Channels are described in more
-detail in <xref linkend="sec-channels"/>.) Nixpkgs is automatically
-added to your list of “subscribed” channels when you install
-Nix. If this is not the case for some reason, you can add it as
-follows:
+<para>Assuming that you have downloaded and unpacked a release of Nix
+Packages, you can view the set of available packages in the release:
 
 <screen>
-$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable
-$ nix-channel --update
-</screen>
-
-</para>
-
-<note><para>On NixOS, you’re automatically subscribed to a NixOS
-channel corresponding to your NixOS major release
-(e.g. <uri>http://nixos.org/channels/nixos-14.12</uri>). A NixOS
-channel is identical to the Nixpkgs channel, except that it contains
-only Linux binaries and is updated only if a set of regression tests
-succeed.</para></note>
-
-<para>You can view the set of available packages in Nixpkgs:
-
-<screen>
-$ nix-env -qa
+$ nix-env -qaf nixpkgs-<replaceable>version</replaceable> '*'
+ant-blackdown-1.4.2
 aterm-2.2
 bash-3.0
 binutils-2.15
 bison-1.875d
 blackdown-1.4.2
 bzip2-1.0.2
-…</screen>
+...</screen>
 
-The flag <option>-q</option> specifies a query operation, and
-<option>-a</option> means that you want to show the “available” (i.e.,
-installable) packages, as opposed to the installed packages. If you
-downloaded Nixpkgs yourself, or if you checked it out from GitHub,
-then you need to pass the path to your Nixpkgs tree using the
-<option>-f</option> flag:
+where <literal>nixpkgs-<replaceable>version</replaceable></literal> is
+where you’ve unpacked the release.  The flag <option>-q</option>
+specifies a query operation; <option>-a</option> means that you want
+to show the “available” (i.e., installable) packages, as opposed to
+the installed packages; and <option>-f</option>
+<filename>nixpkgs-<replaceable>version</replaceable></filename>
+specifies the source of the packages.  The argument
+<literal>'*'</literal> shows all installable packages. (The quotes are
+necessary to prevent shell expansion.)  You can also select specific
+packages by name:
 
 <screen>
-$ nix-env -qaf <replaceable>/path/to/nixpkgs</replaceable>
-</screen>
-
-where <replaceable>/path/to/nixpkgs</replaceable> is where you’ve
-unpacked or checked out Nixpkgs.</para>
-
-<para>You can select specific packages by name:
-
-<screen>
-$ nix-env -qa firefox
-firefox-34.0.5
-firefox-with-plugins-34.0.5
-</screen>
-
-and using regular expressions:
-
-<screen>
-$ nix-env -qa 'firefox.*'
-</screen>
+$ nix-env -qaf nixpkgs-<replaceable>version</replaceable> gcc
+gcc-3.4.6
+gcc-4.0.3
+gcc-4.1.1</screen>
 
 </para>
 
@@ -101,12 +70,12 @@ available packages, i.e., whether they are installed into the user
 environment and/or present in the system:
 
 <screen>
-$ nix-env -qas
-…
+$ nix-env -qasf nixpkgs-<replaceable>version</replaceable> '*'
+...
 -PS bash-3.0
 --S binutils-2.15
 IPS bison-1.875d
-…</screen>
+...</screen>
 
 The first character (<literal>I</literal>) indicates whether the
 package is installed in your current user environment.  The second
@@ -119,33 +88,40 @@ just means that Nix knows that it can fetch a pre-built package from
 somewhere (typically a network server) instead of building it
 locally.</para>
 
-<para>You can install a package using <literal>nix-env -i</literal>.
-For instance,
+<para>So now that we have a set of Nix expressions we can build the
+packages contained in them.  This is done using <literal>nix-env
+-i</literal>.  For instance,
 
 <screen>
-$ nix-env -i subversion</screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -i subversion</screen>
 
 will install the package called <literal>subversion</literal> (which
 is, of course, the <link
 xlink:href='http://subversion.tigris.org/'>Subversion version
 management system</link>).</para>
 
-<note><para>When you ask Nix to install a package, it will first try
-to get it in pre-compiled form from a <emphasis>binary
-cache</emphasis>. By default, Nix will use the binary cache
-<uri>https://cache.nixos.org</uri>; it contains binaries for most
-packages in Nixpkgs. Only if no binary is available in the binary
-cache, Nix will build the package from source. So if <literal>nix-env
--i subversion</literal> results in Nix building stuff from source,
-then either the package is not built for your platform by the Nixpkgs
-build servers, or your version of Nixpkgs is too old or too new. For
-instance, if you have a very recent checkout of Nixpkgs, then the
-Nixpkgs build servers may not have had a chance to build everything
-and upload the resulting binaries to
-<uri>https://cache.nixos.org</uri>. The Nixpkgs channel is only
-updated after all binaries have been uploaded to the cache, so if you
-stick to the Nixpkgs channel (rather than using a Git checkout of the
-Nixpkgs tree), you will get binaries for most packages.</para></note>
+<para>When you do this for the first time, Nix will start building
+Subversion and all its dependencies.  This will take quite a while —
+typically an hour or two on modern machines.  Fortunately, there is a
+faster way (so do a Ctrl-C on that install operation!): you just need
+to tell Nix that pre-built binaries of all those packages are
+available somewhere.  This is done using the
+<command>nix-pull</command> command, which must be supplied with a URL
+containing a <emphasis>manifest</emphasis> describing what binaries
+are available.  This URL should correspond to the Nix Packages release
+that you’re using.  For instance, if you obtained a release from <link
+xlink:href='http://nixos.org/releases/nixpkgs/nixpkgs-0.12pre11712-4lrp7j8x'
+/>, then you should do:
+
+<screen>
+$ nix-pull http://nixos.org/releases/nixpkgs/nixpkgs-0.12pre11712-4lrp7j8x/MANIFEST</screen>
+
+If you then issue the installation command, it should start
+downloading binaries from <systemitem
+class='fqdomainname'>nixos.org</systemitem>, instead of building
+them from source.  This might still take a while since all
+dependencies must be downloaded, but on a reasonably fast connection
+such as a DSL line it’s on the order of a few minutes.</para>
 
 <para>Naturally, packages can also be uninstalled:
 
@@ -158,7 +134,7 @@ $ nix-env -e subversion</screen>
 release of Nix Packages, you can do:
 
 <screen>
-$ nix-env -u subversion</screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -u subversion</screen>
 
 This will <emphasis>only</emphasis> upgrade Subversion if there is a
 “newer” version in the new set of Nix expressions, as
@@ -173,17 +149,17 @@ whatever version is already installed.</para>
 versions:
 
 <screen>
-$ nix-env -u</screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -u '*'</screen>
 
 </para>
 
 <para>Sometimes it’s useful to be able to ask what
 <command>nix-env</command> would do, without actually doing it.  For
 instance, to find out what packages would be upgraded by
-<literal>nix-env -u</literal>, you can do
+<literal>nix-env -u '*'</literal>, you can do
 
 <screen>
-$ nix-env -u --dry-run
+$ nix-env ... -u '*' --dry-run
 (dry run; not doing anything)
 upgrading `libxslt-1.1.0' to `libxslt-1.1.10'
 upgrading `graphviz-1.10' to `graphviz-1.12'
@@ -191,4 +167,4 @@ upgrading `coreutils-5.0' to `coreutils-5.2.1'</screen>
 
 </para>
 
-</chapter>
+</chapter>

doc/manual/packages/binary-cache-substituter.xml

@@ -1,70 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="ssec-binary-cache-substituter">
-
-<title>Serving a Nix store via HTTP</title>
-
-<para>You can easily share the Nix store of a machine via HTTP. This
-allows other machines to fetch store paths from that machine to speed
-up installations. It uses the same <emphasis>binary cache</emphasis>
-mechanism that Nix usually uses to fetch pre-built binaries from
-<uri>https://cache.nixos.org</uri>.</para>
-
-<para>The daemon that handles binary cache requests via HTTP,
-<command>nix-serve</command>, is not part of the Nix distribution, but
-you can install it from Nixpkgs:
-
-<screen>
-$ nix-env -i nix-serve
-</screen>
-
-You can then start the server, listening for HTTP connections on
-whatever port you like:
-
-<screen>
-$ nix-serve -p 8080
-</screen>
-
-To check whether it works, try the following on the client:
-
-<screen>
-$ curl http://avalon:8080/nix-cache-info
-</screen>
-
-which should print something like:
-
-<screen>
-StoreDir: /nix/store
-WantMassQuery: 1
-Priority: 30
-</screen>
-
-</para>
-
-<para>On the client side, you can tell Nix to use your binary cache
-using <option>--option extra-binary-caches</option>, e.g.:
-
-<screen>
-$ nix-env -i firefox --option extra-binary-caches http://avalon:8080/
-</screen>
-
-The option <option>extra-binary-caches</option> tells Nix to use this
-binary cache in addition to your default caches, such as
-<uri>https://cache.nixos.org</uri>. Thus, for any path in the closure
-of Firefox, Nix will first check if the path is available on the
-server <literal>avalon</literal> or another binary caches. If not, it
-will fall back to building from source.</para>
-
-<para>You can also tell Nix to always use your binary cache by adding
-a line to the <filename linkend="sec-conf-file">nix.conf</filename>
-configuration file like this:
-
-<programlisting>
-binary-caches = http://avalon:8080/ https://cache.nixos.org/
-</programlisting>
-
-</para>
-
-</section>

doc/manual/packages/channels.xml

@@ -8,9 +8,10 @@
 
 <para>If you want to stay up to date with a set of packages, it’s not
 very convenient to manually download the latest set of Nix expressions
-for those packages and upgrade using <command>nix-env</command>.
-Fortunately, there’s a better way: <emphasis>Nix
-channels</emphasis>.</para>
+for those packages, use <command>nix-pull</command> to register
+pre-built binaries (if available), and upgrade using
+<command>nix-env</command>.  Fortunately, there’s a better way:
+<emphasis>Nix channels</emphasis>.</para>
 
 <para>A Nix channel is just a URL that points to a place that contains
 a set of Nix expressions and a manifest.  Using the command <link
@@ -22,36 +23,35 @@ URL.</para>
 <command>nix-channel --add</command>, e.g.,
 
 <screen>
-$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable</screen>
+$ nix-channel --add http://nixos.org/channels/nixpkgs-unstable</screen>
 
 subscribes you to a channel that always contains that latest version
-of the Nix Packages collection.  (Subscribing really just means that
-the URL is added to the file <filename>~/.nix-channels</filename>,
-where it is read by subsequent calls to <command>nix-channel
---update</command>.) You can “unsubscribe” using <command>nix-channel
---remove</command>:
-
-<screen>
-$ nix-channel --remove nixpkgs
-</screen>
-</para>
+of the Nix Packages collection.  (Instead of
+<literal>nixpkgs-unstable</literal> you could also subscribe to
+<literal>nixpkgs-stable</literal>, which should have a higher level of
+stability, but right now is just outdated.)  Subscribing really just
+means that the URL is added to the file
+<filename>~/.nix-channels</filename>.  Right now there is no command
+to “unsubscribe”; you should just edit that file manually
+and delete the offending URL.</para>
 
 <para>To obtain the latest Nix expressions available in a channel, do
 
 <screen>
 $ nix-channel --update</screen>
 
-This downloads and unpacks the Nix expressions in every channel
-(downloaded from <literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal>).
-It also makes the union of each channel’s Nix expressions available by
-default to <command>nix-env</command> operations (via the symlink
-<filename>~/.nix-defexpr/channels</filename>).  Consequently, you can
-then say
+This downloads the Nix expressions in every channel (downloaded from
+<literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal>)
+and registers any available pre-built binaries in every channel
+(by <command>nix-pull</command>ing
+<literal><replaceable>url</replaceable>/MANIFEST</literal>).  It also
+makes the union of each channel’s Nix expressions the default for
+<command>nix-env</command> operations.  Consequently, you can then say
 
 <screen>
-$ nix-env -u</screen>
+$ nix-env -u '*'</screen>
 
 to upgrade all packages in your profile to the latest versions
 available in the subscribed channels.</para>
 
-</chapter>
+</chapter>

doc/manual/packages/copy-closure.xml

@@ -1,50 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="ssec-copy-closure">
-
-<title>Copying Closures Via SSH</title>
-
-<para>The command <command
-linkend="sec-nix-copy-closure">nix-copy-closure</command> copies a Nix
-store path along with all its dependencies to or from another machine
-via the SSH protocol.  It doesn’t copy store paths that are already
-present on the target machine.  For example, the following command
-copies Firefox with all its dependencies:
-
-<screen>
-$ nix-copy-closure --to alice@itchy.example.org $(type -p firefox)</screen>
-
-See <xref linkend='sec-nix-copy-closure' /> for details.</para>
-
-<para>With <command linkend='refsec-nix-store-export'>nix-store
---export</command> and <command
-linkend='refsec-nix-store-import'>nix-store --import</command> you can
-write the closure of a store path (that is, the path and all its
-dependencies) to a file, and then unpack that file into another Nix
-store.  For example,
-
-<screen>
-$ nix-store --export $(nix-store -qR $(type -p firefox)) > firefox.closure</screen>
-
-writes the closure of Firefox to a file.  You can then copy this file
-to another machine and install the closure:
-
-<screen>
-$ nix-store --import &lt; firefox.closure</screen>
-
-Any store paths in the closure that are already present in the target
-store are ignored.  It is also possible to pipe the export into
-another command, e.g. to copy and install a closure directly to/on
-another machine:
-
-<screen>
-$ nix-store --export $(nix-store -qR $(type -p firefox)) | bzip2 | \
-    ssh alice@itchy.example.org "bunzip2 | nix-store --import"</screen>
-
-However, <command>nix-copy-closure</command> is generally more
-efficient because it only copies paths that are not already present in
-the target Nix store.</para>
-
-</section>

doc/manual/packages/garbage-collection.xml

@@ -37,14 +37,7 @@ generations, e.g.,
 <screen>
 $ nix-env --delete-generations 10 11 14</screen>
 
-To delete all generations older than a specified number of days
-(except the current generation), use the <literal>d</literal>
-suffix. For example,
-
-<screen>
-$ nix-env --delete-generations 14d</screen>
-
-deletes all generations older than two weeks.</para>
+</para>
 
 <para>After removing appropriate old generations you can run the
 garbage collector as follows:
@@ -74,4 +67,4 @@ is a quick and easy way to clean up your system.</para>
 
 <xi:include href="garbage-collector-roots.xml" />
 
-</chapter>
+</chapter>

doc/manual/packages/one-click.xml

@@ -0,0 +1,37 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-one-click">
+
+<title>One-Click Installation</title>
+
+<para>Often, when you want to install a specific package (e.g., from
+the <link
+xlink:href="http://nixos.org/nixpkgs/">Nix
+Packages collection</link>), subscribing to a channel is a bit
+cumbersome.  And channels don’t help you at all if you want to install
+an older version of a package than the one provided by the current
+contents of the channel, or a package that has been removed from the
+channel.  That’s when <emphasis>one-click installs</emphasis> come in
+handy: you can just go to the web page that contains the package,
+click on it, and it will be installed with all the necessary
+dependencies.</para>
+
+<para>For instance, you can go to <link
+xlink:href="http://hydra.nixos.org/jobset/nixpkgs/trunk/channel/latest"
+/> and click on any link for the individual packages for your
+platform.  The first time you do this, your browser will ask what to
+do with <literal>application/nix-package</literal> files.  You should
+open them with <filename>/nix/bin/nix-install-package</filename>.
+This will open a window that asks you to confirm that you want to
+install the package.  When you answer <literal>Y</literal>, the
+package and all its dependencies will be installed.  This is a binary
+deployment mechanism — you get packages pre-compiled for the selected
+platform type.</para>
+
+<para>You can also install <literal>application/nix-package</literal>
+files from the command line directly.  See <xref
+linkend='sec-nix-install-package' /> for details.</para>
+
+</chapter>

doc/manual/packages/package-management.xml

@@ -18,6 +18,7 @@ who want to <emphasis>create</emphasis> packages should consult
 <xi:include href="profiles.xml" />
 <xi:include href="garbage-collection.xml" />
 <xi:include href="channels.xml" />
+<xi:include href="one-click.xml" />
 <xi:include href="sharing-packages.xml" />
 
 </part>

doc/manual/packages/profiles.xml

@@ -30,7 +30,7 @@ store.</para>
 <figure xml:id='fig-user-environments'><title>User environments</title>
   <mediaobject>
     <imageobject>
-      <imagedata fileref='../figures/user-environments.png' format='PNG' />
+      <imagedata fileref='figures/user-environments.png' format='PNG' />
     </imageobject>
   </mediaobject>
 </figure>
@@ -73,9 +73,9 @@ generated based on the current one.  For instance, generation 43 was
 created from generation 42 when we did
 
 <screen>
-$ nix-env -i subversion firefox</screen>
+$ nix-env -i subversion mozilla</screen>
 
-on a set of Nix expressions that contained Firefox and a new version
+on a set of Nix expressions that contained Mozilla and a new version
 of Subversion.</para>
 
 <para>Generations are grouped together into
@@ -120,7 +120,8 @@ can also see all available generations:
 <screen>
 $ nix-env --list-generations</screen></para>
 
-<para>You generally wouldn’t have
+<para>Actually, there is another level of indirection not shown in the
+figure above.  You generally wouldn’t have
 <filename>/nix/var/nix/profiles/<replaceable>some-profile</replaceable>/bin</filename>
 in your <envar>PATH</envar>.  Rather, there is a symlink
 <filename>~/.nix-profile</filename> that points to your current
@@ -155,4 +156,4 @@ $ nix-env -p /nix/var/nix/profiles/other-profile -i subversion</screen>
 This will <emphasis>not</emphasis> change the
 <command>~/.nix-profile</command> symlink.</para>
 
-</chapter>
+</chapter>

doc/manual/packages/sharing-packages.xml

@@ -12,8 +12,46 @@ another machine already has some or all of those packages or their
 dependencies.  In that case there are mechanisms to quickly copy
 packages between machines.</para>
 
-<xi:include href="binary-cache-substituter.xml" />
-<xi:include href="copy-closure.xml" />
-<xi:include href="ssh-substituter.xml" />
+<para>The command <command
+linkend="sec-nix-copy-closure">nix-copy-closure</command> copies a Nix
+store path along with all its dependencies to or from another machine
+via the SSH protocol.  It doesn’t copy store paths that are already
+present on the target machine.  For example, the following command
+copies Firefox with all its dependencies:
+
+<screen>
+$ nix-copy-closure --to alice@itchy.example.org $(type -p firefox)</screen>
+
+See <xref linkend='sec-nix-copy-closure' /> for details.</para>
+
+<para>With <command linkend='refsec-nix-store-export'>nix-store
+--export</command> and <command
+linkend='refsec-nix-store-import'>nix-store --import</command> you can
+write the closure of a store path (that is, the path and all its
+dependencies) to a file, and then unpack that file into another Nix
+store.  For example,
+
+<screen>
+$ nix-store --export $(nix-store -qR $(type -p firefox)) > firefox.closure</screen>
+
+writes the closure of Firefox to a file.  You can then copy this file
+to another machine and install the closure:
+
+<screen>
+$ nix-store --import &lt; firefox.closure</screen>
+
+Any store paths in the closure that are already present in the target
+store are ignored.  It is also possible to pipe the export into
+another command, e.g. to copy and install a closure directly to/on
+another machine:
+
+<screen>
+$ nix-store --export $(nix-store -qR $(type -p firefox)) | bzip2 | \
+    ssh alice@itchy.example.org "bunzip2 | nix-store --import"</screen>
+
+But note that <command>nix-copy-closure</command> is generally more
+efficient in this example because it only copies paths that are not
+already present in the target Nix store.</para>
+
 
 </chapter>

doc/manual/packages/ssh-substituter.xml

@@ -1,73 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="ssec-ssh-substituter">
-
-<title>Serving a Nix store via SSH</title>
-
-<para>You can tell Nix to automatically fetch needed binaries from a
-remote Nix store via SSH. For example, the following installs Firefox,
-automatically fetching any store paths in Firefox’s closure if they
-are available on the server <literal>avalon</literal>:
-
-<screen>
-$ nix-env -i firefox --option ssh-substituter-hosts alice@avalon
-</screen>
-
-This works similar to the binary cache substituter that Nix usually
-uses, only using SSH instead of HTTP: if a store path
-<literal>P</literal> is needed, Nix will first check if it’s available
-in the Nix store on <literal>avalon</literal>. If not, it will fall
-back to using the binary cache substituter, and then to building from
-source.</para>
-
-<note><para>The SSH substituter currently does not allow you to enter
-an SSH passphrase interactively. Therefore, you should use
-<command>ssh-add</command> to load the decrypted private key into
-<command>ssh-agent</command>.</para></note>
-
-<para>You can also copy the closure of some store path, without
-installing it into your profile, e.g.
-
-<screen>
-$ nix-store -r /nix/store/m85bxg…-firefox-34.0.5 --option ssh-substituter-hosts alice@avalon
-</screen>
-
-This is essentially equivalent to doing
-
-<screen>
-$ nix-copy-closure --from alice@avalon /nix/store/m85bxg…-firefox-34.0.5
-</screen>
-
-</para>
-
-<para>You can use SSH’s <emphasis>forced command</emphasis> feature to
-set up a restricted user account for SSH substituter access, allowing
-read-only access to the local Nix store, but nothing more. For
-example, add the following lines to <filename>sshd_config</filename>
-to restrict the user <literal>nix-ssh</literal>:
-
-<programlisting>
-Match User nix-ssh
-  AllowAgentForwarding no
-  AllowTcpForwarding no
-  PermitTTY no
-  PermitTunnel no
-  X11Forwarding no
-  ForceCommand nix-store --serve
-Match All
-</programlisting>
-
-On NixOS, you can accomplish the same by adding the following to your
-<filename>configuration.nix</filename>:
-
-<programlisting>
-nix.sshServe.enable = true;
-nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ];
-</programlisting>
-
-where the latter line lists the public keys of users that are allowed
-to connect.</para>
-
-</section>

doc/manual/quick-start/getting-started.xml

@@ -2,14 +2,11 @@
       xmlns:xlink="http://www.w3.org/1999/xlink"
       xmlns:xi="http://www.w3.org/2001/XInclude"
       version="5.0"
-      xml:id="chap-quick-start">
+      xml:id="ch-getting-started-nix"> 
 
-<title>Quick Start</title>
-
-<para>This chapter is for impatient people who don't like reading
-documentation.  For more in-depth information you are kindly referred
-to subsequent chapters.</para>
+<title>Getting Started with Nix</title>
 
+<para>This tutorial takes you through the basic tasks you might perform when you start using Nix.</para>
 <procedure>
 
 <step><para>Install single-user Nix by running the following:
@@ -28,11 +25,10 @@ in the channel:
 
 <screen>
 $ nix-env -qa
-docbook-xml-4.3
-docbook-xml-4.5
-firefox-33.0.2
-hello-2.9
-libxslt-1.1.28
+docbook-xml-4.2
+firefox-1.0pre-PR-0.10.1
+hello-2.1.1
+libxslt-1.1.0
 <replaceable>...</replaceable></screen>
 
 </para></step>
@@ -40,7 +36,7 @@ libxslt-1.1.28
 <step><para>Install some packages from the channel:
 
 <screen>
-$ nix-env -i hello</screen>
+$ nix-env -i hello <replaceable>...</replaceable> </screen>
 
 This should download pre-built packages; it should not build them
 locally (if it does, something went wrong).</para></step>
@@ -63,28 +59,6 @@ $ nix-env -e hello</screen>
 
 </para></step>
 
-<step><para>You can also test a package without installing it:
-
-<screen>
-$ nix-shell -p hello
-</screen>
-
-This builds or downloads GNU Hello and its dependencies, then drops
-you into a Bash shell where the <command>hello</command> command is
-present, all without affecting your normal environment:
-
-<screen>
-[nix-shell:~]$ hello
-Hello, world!
-
-[nix-shell:~]$ exit
-
-$ hello
-hello: command not found
-</screen>
-
-</para></step>
-
 <step><para>To keep up-to-date with the channel, do:
 
 <screen>
@@ -95,6 +69,16 @@ The latter command will upgrade each installed package for which there
 is a “newer” version (as determined by comparing the version
 numbers).</para></step>
 
+<step><para>You can also install specific packages directly from
+your web browser.  For instance, you can go to <link
+xlink:href="http://hydra.nixos.org/jobset/nixpkgs/trunk/channel/latest"
+/> and click on any link for the individual packages for your
+platform.  Associate <literal>application/nix-package</literal> with
+the program <command>nix-install-package</command>.  A window should
+appear asking you whether it’s okay to install the package.  Say
+<literal>Y</literal>.  The package and all its dependencies will be
+installed.</para></step>
+
 <step><para>If you're unhappy with the result of a
 <command>nix-env</command> action (e.g., an upgraded package turned
 out not to work properly), you can go back:

doc/manual/quick-start/quick-start.xml

@@ -0,0 +1,17 @@
+<part xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="chap-quick-start">
+
+<title>Quick-Start</title>
+
+<partintro>
+<para>This section is for impatient people who don't like reading
+documentation.  For more in-depth information you are kindly referred
+to subsequent chapters.</para>
+</partintro>
+
+<xi:include href="getting-started.xml" />
+
+</part>

doc/manual/release-notes/release-notes.xml

@@ -12,11 +12,6 @@
 </partintro>
 -->
 
-<xi:include href="rl-1.12.xml" />
-<xi:include href="rl-1.11.10.xml" />
-<xi:include href="rl-1.11.xml" />
-<xi:include href="rl-1.10.xml" />
-<xi:include href="rl-1.9.xml" />
 <xi:include href="rl-1.8.xml" />
 <xi:include href="rl-1.7.xml" />
 <xi:include href="rl-1.6.1.xml" />

doc/manual/release-notes/rl-0.10.1.xml

@@ -4,10 +4,10 @@
       version="5.0"
       xml:id="ch-relnotes-0.10.1">
 
-<title>Release 0.10.1 (2006-10-11)</title>
+<title>Release 0.10.1 (October 11, 2006)</title>
 
 <para>This release fixes two somewhat obscure bugs that occur when
 evaluating Nix expressions that are stored inside the Nix store
 (<literal>NIX-67</literal>).  These do not affect most users.</para>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.10.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.10">
 
-<title>Release 0.10 (2006-10-06)</title>
+<title>Release 0.10 (October 6, 2006)</title>
 
 <note><para>This version of Nix uses Berkeley DB 4.4 instead of 4.3.
 The database is upgraded automatically, but you should be careful not
@@ -320,4 +320,4 @@ irreversible.</para></warning>
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.11.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-0.11">
 
-<title>Release 0.11 (2007-12-31)</title>
+<title>Release 0.11 (December 31, 2007)</title>
 
 <para>Nix 0.11 has many improvements over the previous stable release.
 The most important improvement is secure multi-user support.  It also
@@ -258,4 +258,4 @@ on Nix.  Here is an (incomplete) list:</para>
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.12.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-0.12">
 
-<title>Release 0.12 (2008-11-20)</title>
+<title>Release 0.12 (November 20, 2008)</title>
 
 <itemizedlist>
 
@@ -172,4 +172,4 @@ the following paths will be downloaded/copied (30.02 MiB):
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.13.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-0.13">
 
-<title>Release 0.13 (2009-11-05)</title>
+<title>Release 0.13 (November 5, 2009)</title>
 
 <para>This is primarily a bug fix release.  It has some new
 features:</para>
@@ -103,4 +103,4 @@ features:</para>
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.14.xml

@@ -2,9 +2,7 @@
       xmlns:xlink="http://www.w3.org/1999/xlink"
       xmlns:xi="http://www.w3.org/2001/XInclude"
       version="5.0"
-      xml:id="ssec-relnotes-0.14">
-
-<title>Release 0.14 (2010-02-04)</title>
+      xml:id="ssec-relnotes-0.14"><title>Release 0.14 (February 4, 2010)</title>
 
 <para>This release has the following improvements:</para>
 
@@ -43,4 +41,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.15.xml

@@ -4,11 +4,11 @@
       version="5.0"
       xml:id="ssec-relnotes-0.15">
 
-<title>Release 0.15 (2010-03-17)</title>
+<title>Release 0.15 (March 17, 2010)</title>
 
 <para>This is a bug-fix release.  Among other things, it fixes
 building on Mac OS X (Snow Leopard), and improves the contents of
 <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
 in <literal>chroot</literal> builds.</para>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.16.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-0.16">
 
-<title>Release 0.16 (2010-08-17)</title>
+<title>Release 0.16 (August 17, 2010)</title>
 
 <para>This release has the following improvements:</para>
 
@@ -52,4 +52,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.6.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.6">
 
-<title>Release 0.6 (2004-11-14)</title>
+<title>Release 0.6 (November 14, 2004)</title>
 
 <itemizedlist>
 
@@ -119,4 +119,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.7.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.7">
 
-<title>Release 0.7 (2005-01-12)</title>
+<title>Release 0.7 (January 12, 2005)</title>
 
 <itemizedlist>
 
@@ -32,4 +32,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.8.1.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.8.1">
 
-<title>Release 0.8.1 (2005-04-13)</title>
+<title>Release 0.8.1 (April 13, 2005)</title>
 
 <para>This is a bug fix release.</para>
 
@@ -18,4 +18,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.8.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.8">
 
-<title>Release 0.8 (2005-04-11)</title>
+<title>Release 0.8 (April 11, 2005)</title>
 
 <para>NOTE: the hashing scheme in Nix 0.8 changed (as detailed below).
 As a result, <command>nix-pull</command> manifests and channels built
@@ -243,4 +243,4 @@ $ nix-env -f .../i686-linux.nix -i -E 'x: x.firefoxWrapper'</screen>
 
 </para>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.9.1.xml

@@ -4,10 +4,10 @@
       version="5.0"
       xml:id="ch-relnotes-0.9.1">
 
-<title>Release 0.9.1 (2005-09-20)</title>
+<title>Release 0.9.1 (September 20, 2005)</title>
 
 <para>This bug fix release addresses a problem with the ATerm library
 when the <option>--with-aterm</option> flag in
 <command>configure</command> was <emphasis>not</emphasis> used.</para>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.9.2.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.9.2">
 
-<title>Release 0.9.2 (2005-09-21)</title>
+<title>Release 0.9.2 (September 21, 2005)</title>
 
 <para>This bug fix release fixes two problems on Mac OS X:
 
@@ -25,4 +25,4 @@
 
 </para>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.9.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.9">
 
-<title>Release 0.9 (2005-09-16)</title>
+<title>Release 0.9 (September 16, 2005)</title>
 
 <para>NOTE: this version of Nix uses Berkeley DB 4.3 instead of 4.2.
 The database is upgraded automatically, but you should be careful not
@@ -95,4 +95,4 @@ svnService = derivation {
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-1.0.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-1.0">
 
-<title>Release 1.0 (2012-05-11)</title>
+<title>Release 1.0 (May 11, 2012)</title>
 
 <para>There have been numerous improvements and bug fixes since the
 previous release.  Here are the most significant:</para>
@@ -116,4 +116,4 @@ previous release.  Here are the most significant:</para>
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-1.1.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-1.1">
 
-<title>Release 1.1 (2012-07-18)</title>
+<title>Release 1.1 (July 18, 2012)</title>
 
 <para>This release has the following improvements:</para>
 
@@ -97,4 +97,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-1.10.xml

@@ -1,64 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id="ssec-relnotes-1.10">
-
-<title>Release 1.10 (2015-09-03)</title>
-
-<para>This is primarily a bug fix release. It also has a number of new
-features:</para>
-
-<itemizedlist>
-
-  <listitem>
-    <para>A number of builtin functions have been added to reduce
-    Nixpkgs/NixOS evaluation time and memory consumption:
-    <function>all</function>,
-    <function>any</function>,
-    <function>concatStringsSep</function>,
-    <function>foldl’</function>,
-    <function>genList</function>,
-    <function>replaceStrings</function>,
-    <function>sort</function>.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>The garbage collector is more robust when the disk is full.</para>
-  </listitem>
-
-  <listitem>
-    <para>Nix supports a new API for building derivations that doesn’t
-    require a <literal>.drv</literal> file to be present on disk; it
-    only requires an in-memory representation of the derivation. This
-    is used by the Hydra continuous build system to make remote builds
-    more efficient.</para>
-  </listitem>
-
-  <listitem>
-    <para>The function <literal>&lt;nix/fetchurl.nix></literal> now
-    uses a <emphasis>builtin</emphasis> builder (i.e. it doesn’t
-    require starting an external process; the download is performed by
-    Nix itself). This ensures that derivation paths don’t change when
-    Nix is upgraded, and obviates the need for ugly hacks to support
-    chroot execution.</para>
-  </listitem>
-
-  <listitem>
-    <para><option>--version -v</option> now prints some configuration
-    information, in particular what compile-time optional features are
-    enabled, and the paths of various directories.</para>
-  </listitem>
-
-  <listitem>
-    <para>Build users have their supplementary groups set correctly.</para>
-  </listitem>
-
-</itemizedlist>
-
-<para>This release has contributions from Eelco Dolstra, Guillaume
-Maudoux, Iwan Aucamp, Jaka Hudoklin, Kirill Elagin, Ludovic Courtès,
-Manolis Ragkousis, Nicolas B. Pierron and Shea Levy.</para>
-
-</section>

doc/manual/release-notes/rl-1.11.10.xml

@@ -1,31 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id="ssec-relnotes-1.11.10">
-
-<title>Release 1.11.10 (2017-06-12)</title>
-
-<para>This release fixes a security bug in Nix’s “build user” build
-isolation mechanism. Previously, Nix builders had the ability to
-create setuid binaries owned by a <literal>nixbld</literal>
-user. Such a binary could then be used by an attacker to assume a
-<literal>nixbld</literal> identity and interfere with subsequent
-builds running under the same UID.</para>
-
-<para>To prevent this issue, Nix now disallows builders to create
-setuid and setgid binaries. On Linux, this is done using a seccomp BPF
-filter. Note that this imposes a small performance penalty (e.g. 1%
-when building GNU Hello). Using seccomp, we now also prevent the
-creation of extended attributes and POSIX ACLs since these cannot be
-represented in the NAR format and (in the case of POSIX ACLs) allow
-bypassing regular Nix store permissions. On macOS, the restriction is
-implemented using the existing sandbox mechanism, which now uses a
-minimal “allow all except the creation of setuid/setgid binaries”
-profile when regular sandboxing is disabled. On other platforms, the
-“build user” mechanism is now disabled.</para>
-
-<para>Thanks go to Linus Heckemann for discovering and reporting this
-bug.</para>
-
-</section>

doc/manual/release-notes/rl-1.11.xml

@@ -1,141 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id="ssec-relnotes-1.11">
-
-<title>Release 1.11 (2016-01-19)</title>
-
-<para>This is primarily a bug fix release. It also has a number of new
-features:</para>
-
-<itemizedlist>
-
-  <listitem>
-    <para><command>nix-prefetch-url</command> can now download URLs
-    specified in a Nix expression. For example,
-
-<screen>
-$ nix-prefetch-url -A hello.src
-</screen>
-
-    will prefetch the file specified by the
-    <function>fetchurl</function> call in the attribute
-    <literal>hello.src</literal> from the Nix expression in the
-    current directory, and print the cryptographic hash of the
-    resulting file on stdout. This differs from <literal>nix-build -A
-    hello.src</literal> in that it doesn't verify the hash, and is
-    thus useful when you’re updating a Nix expression.</para>
-
-    <para>You can also prefetch the result of functions that unpack a
-    tarball, such as <function>fetchFromGitHub</function>. For example:
-
-<screen>
-$ nix-prefetch-url --unpack https://github.com/NixOS/patchelf/archive/0.8.tar.gz
-</screen>
-
-    or from a Nix expression:
-
-<screen>
-$ nix-prefetch-url -A nix-repl.src
-</screen>
-
-    </para>
-
-  </listitem>
-
-  <listitem>
-    <para>The builtin function
-    <function>&lt;nix/fetchurl.nix></function> now supports
-    downloading and unpacking NARs. This removes the need to have
-    multiple downloads in the Nixpkgs stdenv bootstrap process (like a
-    separate busybox binary for Linux, or curl/mkdir/sh/bzip2 for
-    Darwin). Now all those files can be combined into a single NAR,
-    optionally compressed using <command>xz</command>.</para>
-  </listitem>
-
-  <listitem>
-    <para>Nix now supports SHA-512 hashes for verifying fixed-output
-    derivations, and in <function>builtins.hashString</function>.</para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The new flag <option>--option build-repeat
-      <replaceable>N</replaceable></option> will cause every build to
-      be executed <replaceable>N</replaceable>+1 times. If the build
-      output differs between any round, the build is rejected, and the
-      output paths are not registered as valid. This is primarily
-      useful to verify build determinism. (We already had a
-      <option>--check</option> option to repeat a previously succeeded
-      build. However, with <option>--check</option>, non-deterministic
-      builds are registered in the DB. Preventing that is useful for
-      Hydra to ensure that non-deterministic builds don't end up
-      getting published to the binary cache.)
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The options <option>--check</option> and <option>--option
-      build-repeat <replaceable>N</replaceable></option>, if they
-      detect a difference between two runs of the same derivation and
-      <option>-K</option> is given, will make the output of the other
-      run available under
-      <filename><replaceable>store-path</replaceable>-check</filename>. This
-      makes it easier to investigate the non-determinism using tools
-      like <command>diffoscope</command>, e.g.,
-
-<screen>
-$ nix-build pkgs/stdenv/linux -A stage1.pkgs.zlib --check -K
-error: derivation ‘/nix/store/l54i8wlw2265…-zlib-1.2.8.drv’ may not
-be deterministic: output ‘/nix/store/11a27shh6n2i…-zlib-1.2.8’
-differs from ‘/nix/store/11a27shh6n2i…-zlib-1.2.8-check’
-
-$ diffoscope /nix/store/11a27shh6n2i…-zlib-1.2.8 /nix/store/11a27shh6n2i…-zlib-1.2.8-check
-…
-├── lib/libz.a
-│   ├── metadata
-│   │ @@ -1,15 +1,15 @@
-│   │ -rw-r--r-- 30001/30000   3096 Jan 12 15:20 2016 adler32.o
-…
-│   │ +rw-r--r-- 30001/30000   3096 Jan 12 15:28 2016 adler32.o
-…
-</screen>
-
-    </para></listitem>
-
-  <listitem>
-    <para>Improved FreeBSD support.</para>
-  </listitem>
-
-  <listitem>
-    <para><command>nix-env -qa --xml --meta</command> now prints
-    license information.</para>
-  </listitem>
-
-  <listitem>
-    <para>The maximum number of parallel TCP connections that the
-    binary cache substituter will use has been decreased from 150 to
-    25. This should prevent upsetting some broken NAT routers, and
-    also improves performance.</para>
-  </listitem>
-
-  <listitem>
-    <para>All "chroot"-containing strings got renamed to "sandbox".
-      In particular, some Nix options got renamed, but the old names
-      are still accepted as lower-priority aliases.
-    </para>
-  </listitem>
-
-</itemizedlist>
-
-<para>This release has contributions from Anders Claesson, Anthony
-Cowley, Bjørn Forsman, Brian McKenna, Danny Wilson, davidak, Eelco Dolstra,
-Fabian Schmitthenner, FrankHB, Ilya Novoselov, janus, Jim Garrison, John
-Ericson, Jude Taylor, Ludovic Courtès, Manuel Jacob, Mathnerd314,
-Pascal Wittmann, Peter Simons, Philip Potter, Preston Bennes, Rommel
-M. Martinez, Sander van der Burg, Shea Levy, Tim Cuthbertson, Tuomas
-Tynkkynen, Utku Demir and Vladimír Čunát.</para>
-
-</section>