Fix perlBindings build on macOS

https://hydra.nixos.org/build/276515695
(cherry picked from commit 750db54bfc)

.clang-format

@@ -1,34 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 4
-BreakBeforeBraces: Custom
-BraceWrapping:
-  AfterStruct: true
-  AfterClass: true
-  AfterFunction: true
-  AfterUnion: true
-  SplitEmptyRecord: false
-PointerAlignment: Middle
-FixNamespaceComments: false
-SortIncludes: Never
-#IndentPPDirectives: BeforeHash
-SpaceAfterCStyleCast: true
-SpaceAfterTemplateKeyword: false
-AccessModifierOffset: -4
-AlignAfterOpenBracket: AlwaysBreak
-AlignEscapedNewlines: Left
-ColumnLimit: 120
-BreakStringLiterals: false
-BitFieldColonSpacing: None
-AllowShortFunctionsOnASingleLine: Empty
-AlwaysBreakTemplateDeclarations: Yes
-BinPackParameters: false
-BreakConstructorInitializers: BeforeComma
-EmptyLineAfterAccessModifier: Leave # change to always/never later?
-EmptyLineBeforeAccessModifier: Leave
-#PackConstructorInitializers: BinPack
-BreakBeforeBinaryOperators: NonAssignment
-AlwaysBreakBeforeMultilineStrings: true
-IndentPPDirectives: AfterHash
-PPIndentWidth: 2
-BinPackArguments: false
-BinPackParameters: false

.clang-tidy

@@ -1,3 +0,0 @@
-# We use pointers to aggregates in a couple of places, intentionally.
-# void * would look weird.
-Checks: '-bugprone-sizeof-expression'

.github/CODEOWNERS

@@ -10,8 +10,9 @@
 # This file
 .github/CODEOWNERS @edolstra
 
-# Documentation of built-in functions
-src/libexpr/primops.cc @roberth
+# Public documentation
+/doc @fricklerhandwerk
+*.md @fricklerhandwerk
 
 # Libstore layer
-/src/libstore @thufschmitt @ericson2314
+/src/libstore @thufschmitt

.github/PULL_REQUEST_TEMPLATE.md

@@ -10,8 +10,6 @@
 
 <!-- Large change: Provide instructions to reviewers how to read the diff. -->
 
-# Priorities and Process
+# Priorities
 
 Add :+1: to [pull requests you find important](https://github.com/NixOS/nix/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc).
-
-The Nix maintainer team uses a [GitHub project board](https://github.com/orgs/NixOS/projects/19) to [schedule and track reviews](https://github.com/NixOS/nix/tree/master/maintainers#project-board-protocol). 

.github/labeler.yml

@@ -1,43 +1,23 @@
-"c api":
-  - changed-files:
-    - any-glob-to-any-file: "src/lib*-c/**/*"
-    - any-glob-to-any-file: "test/unit/**/nix_api_*"
-    - any-glob-to-any-file: "doc/external-api/**/*"
-
-"contributor-experience":
-  - changed-files:
-    - any-glob-to-any-file: "CONTRIBUTING.md"
-    - any-glob-to-any-file: ".github/ISSUE_TEMPLATE/*"
-    - any-glob-to-any-file: ".github/PULL_REQUEST_TEMPLATE.md"
-    - any-glob-to-any-file: "doc/manual/src/contributing/**"
-
 "documentation":
-  - changed-files:
-    - any-glob-to-any-file: "doc/manual/**/*"
-    - any-glob-to-any-file: "src/nix/**/*.md"
+  - doc/manual/*
+  - src/nix/**/*.md
 
 "store":
-  - changed-files:
-    - any-glob-to-any-file: "src/libstore/store-api.*"
-    - any-glob-to-any-file: "src/libstore/*-store.*"
+  - src/libstore/store-api.*
+  - src/libstore/*-store.*
 
 "fetching":
-  - changed-files:
-    - any-glob-to-any-file: "src/libfetchers/**/*"
+  - src/libfetchers/**/*
 
 "repl":
-  - changed-files:
-    - any-glob-to-any-file: "src/libcmd/repl.*"
-    - any-glob-to-any-file: "src/nix/repl.*"
+  - src/libcmd/repl.*
+  - src/nix/repl.*
 
 "new-cli":
-  - changed-files:
-    - any-glob-to-any-file: "src/nix/**/*"
+  - src/nix/**/*
 
 "with-tests":
-  - changed-files:
-    # Unit tests
-    - any-glob-to-any-file: "src/*/tests/**/*"
-    # Functional and integration tests
-    - any-glob-to-any-file: "tests/functional/**/*"
-
+  # Unit tests
+  - src/*/tests/**/*
+  # Functional and integration tests
+  - tests/functional/**/*

.github/workflows/backport.yml

@@ -21,7 +21,7 @@ jobs:
           fetch-depth: 0
       - name: Create backport PRs
         # should be kept in sync with `version`
-        uses: zeebe-io/backport-action@v2.5.0
+        uses: zeebe-io/backport-action@v2.1.1
         with:
           # Config README: https://github.com/zeebe-io/backport-action#backport-action
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ci.yml

@@ -20,12 +20,12 @@ jobs:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: cachix/install-nix-action@V27
+    - uses: cachix/install-nix-action@v23
       with:
         # The sandbox would otherwise be disabled by default on Darwin
         extra_nix_config: "sandbox = true"
     - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
-    - uses: cachix/cachix-action@v15
+    - uses: cachix/cachix-action@v12
       if: needs.check_secrets.outputs.cachix == 'true'
       with:
         name: '${{ env.CACHIX_NAME }}'
@@ -62,10 +62,10 @@ jobs:
       with:
         fetch-depth: 0
     - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
-    - uses: cachix/install-nix-action@V27
+    - uses: cachix/install-nix-action@v23
       with:
-        install_url: https://releases.nixos.org/nix/nix-2.20.3/install
-    - uses: cachix/cachix-action@v15
+        install_url: https://releases.nixos.org/nix/nix-2.13.3/install
+    - uses: cachix/cachix-action@v12
       with:
         name: '${{ env.CACHIX_NAME }}'
         signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
@@ -84,7 +84,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
-    - uses: cachix/install-nix-action@V27
+    - uses: cachix/install-nix-action@v23
       with:
         install_url: '${{needs.installer.outputs.installerURL}}'
         install_options: "--tarball-url-prefix https://${{ env.CACHIX_NAME }}.cachix.org/serve"
@@ -114,12 +114,12 @@ jobs:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: cachix/install-nix-action@V27
+    - uses: cachix/install-nix-action@v23
       with:
-        install_url: https://releases.nixos.org/nix/nix-2.20.3/install
+        install_url: https://releases.nixos.org/nix/nix-2.13.3/install
     - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
     - run: echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#default.version | tr -d \")" >> $GITHUB_ENV
-    - uses: cachix/cachix-action@v15
+    - uses: cachix/cachix-action@v12
       if: needs.check_secrets.outputs.cachix == 'true'
       with:
         name: '${{ env.CACHIX_NAME }}'
@@ -153,17 +153,6 @@ jobs:
         IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
 
         docker tag nix:$NIX_VERSION $IMAGE_ID:$NIX_VERSION
-        docker tag nix:$NIX_VERSION $IMAGE_ID:latest
-        docker push $IMAGE_ID:$NIX_VERSION
-        docker push $IMAGE_ID:latest
-        # deprecated 2024-02-24
         docker tag nix:$NIX_VERSION $IMAGE_ID:master
+        docker push $IMAGE_ID:$NIX_VERSION
         docker push $IMAGE_ID:master
-
-  vm_tests:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: DeterminateSystems/magic-nix-cache-action@main
-      - run: nix build -L .#hydraJobs.tests.githubFlakes .#hydraJobs.tests.tarballFlakes

.github/workflows/labels.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     steps:
-    - uses: actions/labeler@v5
+    - uses: actions/labeler@v4
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         sync-labels: false

.gitignore

@@ -10,7 +10,6 @@ perl/Makefile.config
 /stamp-h1
 /svn-revision
 /libtool
-/config/config.*
 
 # /doc/manual/
 /doc/manual/*.1
@@ -22,16 +21,12 @@ perl/Makefile.config
 /doc/manual/language.json
 /doc/manual/xp-features.json
 /doc/manual/src/SUMMARY.md
-/doc/manual/src/SUMMARY-rl-next.md
-/doc/manual/src/store/types/*
-!/doc/manual/src/store/types/index.md.in
 /doc/manual/src/command-ref/new-cli
 /doc/manual/src/command-ref/conf-file.md
 /doc/manual/src/command-ref/experimental-features-shortlist.md
 /doc/manual/src/contributing/experimental-feature-descriptions.md
 /doc/manual/src/language/builtins.md
 /doc/manual/src/language/builtin-constants.md
-/doc/manual/src/release-notes/rl-next.md
 
 # /scripts/
 /scripts/nix-profile.sh
@@ -46,24 +41,18 @@ perl/Makefile.config
 /src/libexpr/parser-tab.hh
 /src/libexpr/parser-tab.output
 /src/libexpr/nix.tbl
-/src/libexpr/tests
 /tests/unit/libexpr/libnixexpr-tests
 
-# /src/libfetchers
-/tests/unit/libfetchers/libnixfetchers-tests
-
 # /src/libstore/
 *.gen.*
-/src/libstore/tests
 /tests/unit/libstore/libnixstore-tests
 
 # /src/libutil/
-/src/libutil/tests
 /tests/unit/libutil/libnixutil-tests
 
 /src/nix/nix
 
-/src/nix/generated-doc
+/src/nix/doc
 
 # /src/nix-env/
 /src/nix-env/nix-env
@@ -101,7 +90,6 @@ perl/Makefile.config
 /tests/functional/ca/config.nix
 /tests/functional/dyn-drv/config.nix
 /tests/functional/repl-result-out
-/tests/functional/debugger-test-out
 /tests/functional/test-libstoreconsumer/test-libstoreconsumer
 
 # /tests/functional/lang/
@@ -118,6 +106,8 @@ perl/Makefile.config
 /misc/systemd/nix-daemon.conf
 /misc/upstart/nix-daemon.conf
 
+/src/resolve-system-dependencies/resolve-system-dependencies
+
 outputs/
 
 *.a
@@ -143,21 +133,14 @@ GTAGS
 
 # auto-generated compilation database
 compile_commands.json
-*.compile_commands.json
 
 nix-rust/target
 
 result
-result-*
 
 # IDE
 .vscode/
 .idea/
 
-.pre-commit-config.yaml
-
 # clangd and possibly more
 .cache/
-
-# Mac OS
-.DS_Store

.version

@@ -1 +1 @@
-2.23.0
+2.19.7

CITATION.cff

@@ -1,42 +0,0 @@
-cff-version: 1.2.0
-title: Nix
-message: >-
-  If you use this software, please cite it using the
-  metadata from this file.
-type: software
-authors:
-  - given-names: Eelco
-    family-names: Dolstra
-    email: edolstra@gmail.com
-  - name: The Nix contributors
-    website: 'https://github.com/NixOS/nix'
-references:
-  - title: The Purely Functional Software Deployment Model
-    authors:
-    - family-names: Dolstra
-      given-names: Eelco
-    year: 2006
-    type: thesis
-    thesis-type: PhD thesis
-    isbn: 90-393-4130-3
-    url: https://dspace.library.uu.nl/handle/1874/7540
-    database-provider: Utrecht University Repository
-    institution:
-      name: Utrecht University
-    keywords:
-    - configuration management
-    - software deployment
-    - purely functional
-    - component-based software engineering
-repository-code: 'https://github.com/NixOS/nix'
-url: 'https://nixos.org/'
-abstract: >-
-  Nix, a purely functional package manager, is a powerful
-  package manager for Linux and other Unix systems that
-  makes package management reliable and reproducible.
-keywords:
-  - reproducibility
-  - open-source
-  - c++
-  - functional
-license: LGPL-2.1

CONTRIBUTING.md

@@ -27,8 +27,6 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).
 1. Search for related issues that cover what you're going to work on.
    It could help to mention there that you will work on the issue.
 
-   We strongly recommend first-time contributors not to propose new features but rather fix tightly-scoped problems in order to build trust and a working relationship with maintainers.
-
    Issues labeled [good first issue](https://github.com/NixOS/nix/labels/good%20first%20issue) should be relatively easy to fix and are likely to get merged quickly.
    Pull requests addressing issues labeled [idea approved](https://github.com/NixOS/nix/labels/idea%20approved) or [RFC](https://github.com/NixOS/nix/labels/RFC) are especially welcomed by maintainers and will receive prioritised review.
 
@@ -65,11 +63,11 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).
      - Functional tests – [`tests/functional/**.sh`](./tests/functional)
      - Unit tests – [`src/*/tests`](./src/)
      - Integration tests – [`tests/nixos/*`](./tests/nixos)
-   - [ ] User documentation in the [manual](./doc/manual/src)
+   - [ ] User documentation in the [manual](..doc/manual/src)
    - [ ] API documentation in header files
    - [ ] Code and comments are self-explanatory
    - [ ] Commit message explains **why** the change was made
-   - [ ] New feature or incompatible change: [add a release note](https://nixos.org/manual/nix/stable/contributing/hacking#add-a-release-note)
+   - [ ] New feature or incompatible change: updated [release notes](./doc/manual/src/release-notes/rl-next.md)
 
 7. If you need additional feedback or help to getting pull request into shape, ask other contributors using [@mentions](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#mentioning-people-and-teams).
 

Makefile

@@ -1,13 +1,5 @@
-# External build directory support
-
-include mk/build-dir.mk
-
--include $(buildprefix)Makefile.config
-clean-files += $(buildprefix)Makefile.config
-
-# List makefiles
-
-include mk/platform.mk
+-include Makefile.config
+clean-files += Makefile.config
 
 ifeq ($(ENABLE_BUILD), yes)
 makefiles = \
@@ -20,63 +12,39 @@ makefiles = \
   src/libexpr/local.mk \
   src/libcmd/local.mk \
   src/nix/local.mk \
-  src/libutil-c/local.mk \
-  src/libstore-c/local.mk \
-  src/libexpr-c/local.mk
-
-ifdef HOST_UNIX
-makefiles += \
+  src/resolve-system-dependencies/local.mk \
   scripts/local.mk \
-  maintainers/local.mk \
   misc/bash/local.mk \
   misc/fish/local.mk \
   misc/zsh/local.mk \
   misc/systemd/local.mk \
   misc/launchd/local.mk \
-  misc/upstart/local.mk
-endif
+  misc/upstart/local.mk \
+  doc/manual/local.mk \
+  doc/internal-api/local.mk
 endif
 
-ifeq ($(ENABLE_UNIT_TESTS), yes)
+ifeq ($(ENABLE_BUILD)_$(ENABLE_TESTS), yes_yes)
 makefiles += \
   tests/unit/libutil/local.mk \
   tests/unit/libutil-support/local.mk \
   tests/unit/libstore/local.mk \
   tests/unit/libstore-support/local.mk \
-  tests/unit/libfetchers/local.mk \
   tests/unit/libexpr/local.mk \
   tests/unit/libexpr-support/local.mk
 endif
 
-ifeq ($(ENABLE_FUNCTIONAL_TESTS), yes)
-ifdef HOST_UNIX
+ifeq ($(ENABLE_TESTS), yes)
 makefiles += \
   tests/functional/local.mk \
   tests/functional/ca/local.mk \
-  tests/functional/git-hashing/local.mk \
   tests/functional/dyn-drv/local.mk \
-  tests/functional/local-overlay-store/local.mk \
   tests/functional/test-libstoreconsumer/local.mk \
   tests/functional/plugins/local.mk
+else
+makefiles += \
+  mk/disable-tests.mk
 endif
-endif
-
-# Some makefiles require access to built programs and must be included late.
-makefiles-late =
-
-ifeq ($(ENABLE_DOC_GEN), yes)
-makefiles-late += doc/manual/local.mk
-endif
-
-ifeq ($(ENABLE_INTERNAL_API_DOCS), yes)
-makefiles-late += doc/internal-api/local.mk
-endif
-
-ifeq ($(ENABLE_EXTERNAL_API_DOCS), yes)
-makefiles-late += doc/external-api/local.mk
-endif
-
-# Miscellaneous global Flags
 
 OPTIMIZE = 1
 
@@ -85,63 +53,8 @@ ifeq ($(OPTIMIZE), 1)
   GLOBAL_LDFLAGS += $(CXXLTO)
 else
   GLOBAL_CXXFLAGS += -O0 -U_FORTIFY_SOURCE
-  unexport NIX_HARDENING_ENABLE
 endif
 
-ifdef HOST_WINDOWS
-  # Windows DLLs are stricter about symbol visibility than Unix shared
-  # objects --- see https://gcc.gnu.org/wiki/Visibility for details.
-  # This is a temporary sledgehammer to export everything like on Unix,
-  # and not detail with this yet.
-  #
-  # TODO do not do this, and instead do fine-grained export annotations.
-  GLOBAL_LDFLAGS += -Wl,--export-all-symbols
-endif
-
-GLOBAL_CXXFLAGS += -g -Wall -Wdeprecated-copy -Wignored-qualifiers -Wimplicit-fallthrough -include $(buildprefix)config.h -std=c++2a -I src
-
-# Include the main lib, causing rules to be defined
-
 include mk/lib.mk
 
-# Fallback stub rules for better UX when things are disabled
-#
-# These must be defined after `mk/lib.mk`. Otherwise the first rule
-# incorrectly becomes the default target.
-
-ifneq ($(ENABLE_UNIT_TESTS), yes)
-.PHONY: check
-check:
-	@echo "Unit tests are disabled. Configure without '--disable-unit-tests', or avoid calling 'make check'."
-	@exit 1
-endif
-
-ifneq ($(ENABLE_FUNCTIONAL_TESTS), yes)
-.PHONY: installcheck
-installcheck:
-	@echo "Functional tests are disabled. Configure without '--disable-functional-tests', or avoid calling 'make installcheck'."
-	@exit 1
-endif
-
-# Documentation fallback stub rules.
-
-ifneq ($(ENABLE_DOC_GEN), yes)
-.PHONY: manual-html manpages
-manual-html manpages:
-	@echo "Generated docs are disabled. Configure without '--disable-doc-gen', or avoid calling 'make manpages' and 'make manual-html'."
-	@exit 1
-endif
-
-ifneq ($(ENABLE_INTERNAL_API_DOCS), yes)
-.PHONY: internal-api-html
-internal-api-html:
-	@echo "Internal API docs are disabled. Configure with '--enable-internal-api-docs', or avoid calling 'make internal-api-html'."
-	@exit 1
-endif
-
-ifneq ($(ENABLE_EXTERNAL_API_DOCS), yes)
-.PHONY: external-api-html
-external-api-html:
-	@echo "External API docs are disabled. Configure with '--enable-external-api-docs', or avoid calling 'make external-api-html'."
-	@exit 1
-endif
+GLOBAL_CXXFLAGS += -g -Wall -include config.h -std=c++2a -I src

Makefile.config.in

@@ -8,28 +8,21 @@ CXX = @CXX@
 CXXFLAGS = @CXXFLAGS@
 CXXLTO = @CXXLTO@
 EDITLINE_LIBS = @EDITLINE_LIBS@
-ENABLE_BUILD = @ENABLE_BUILD@
-ENABLE_DOC_GEN = @ENABLE_DOC_GEN@
-ENABLE_FUNCTIONAL_TESTS = @ENABLE_FUNCTIONAL_TESTS@
-ENABLE_INTERNAL_API_DOCS = @ENABLE_INTERNAL_API_DOCS@
-ENABLE_EXTERNAL_API_DOCS = @ENABLE_EXTERNAL_API_DOCS@
 ENABLE_S3 = @ENABLE_S3@
-ENABLE_UNIT_TESTS = @ENABLE_UNIT_TESTS@
 GTEST_LIBS = @GTEST_LIBS@
 HAVE_LIBCPUID = @HAVE_LIBCPUID@
 HAVE_SECCOMP = @HAVE_SECCOMP@
 HOST_OS = @host_os@
-INSTALL_UNIT_TESTS = @INSTALL_UNIT_TESTS@
 LDFLAGS = @LDFLAGS@
 LIBARCHIVE_LIBS = @LIBARCHIVE_LIBS@
 LIBBROTLI_LIBS = @LIBBROTLI_LIBS@
 LIBCURL_LIBS = @LIBCURL_LIBS@
-LIBGIT2_LIBS = @LIBGIT2_LIBS@
 LIBSECCOMP_LIBS = @LIBSECCOMP_LIBS@
 LOWDOWN_LIBS = @LOWDOWN_LIBS@
 OPENSSL_LIBS = @OPENSSL_LIBS@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
+RAPIDCHECK_HEADERS = @RAPIDCHECK_HEADERS@
 SHELL = @bash@
 SODIUM_LIBS = @SODIUM_LIBS@
 SQLITE3_LIBS = @SQLITE3_LIBS@
@@ -39,6 +32,7 @@ checkbindir = @checkbindir@
 checklibdir = @checklibdir@
 datadir = @datadir@
 datarootdir = @datarootdir@
+doc_generate = @doc_generate@
 docdir = @docdir@
 embedded_sandbox_shell = @embedded_sandbox_shell@
 exec_prefix = @exec_prefix@
@@ -54,3 +48,7 @@ sandbox_shell = @sandbox_shell@
 storedir = @storedir@
 sysconfdir = @sysconfdir@
 system = @system@
+ENABLE_BUILD = @ENABLE_BUILD@
+ENABLE_TESTS = @ENABLE_TESTS@
+INSTALL_UNIT_TESTS = @INSTALL_UNIT_TESTS@
+internal_api_docs = @internal_api_docs@

configure.ac

@@ -47,10 +47,6 @@ AC_DEFINE_UNQUOTED(SYSTEM, ["$system"], [platform identifier ('cpu-os')])
 # State should be stored in /nix/var, unless the user overrides it explicitly.
 test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var
 
-# Assign a default value to C{,XX}FLAGS as the default configure script sets them
-# to -O2 otherwise, which we don't want to have hardcoded
-CFLAGS=${CFLAGS-""}
-CXXFLAGS=${CXXFLAGS-""}
 
 AC_PROG_CC
 AC_PROG_CXX
@@ -62,12 +58,17 @@ AC_CHECK_TOOL([AR], [ar])
 AC_SYS_LARGEFILE
 
 
-# Solaris-specific stuff.
+# OS-specific stuff.
+AC_STRUCT_DIRENT_D_TYPE
 case "$host_os" in
   solaris*)
     # Solaris requires -lsocket -lnsl for network functions
     LDFLAGS="-lsocket -lnsl $LDFLAGS"
     ;;
+  darwin*)
+    # Need to link to libsandbox.
+    LDFLAGS="-lsandbox $LDFLAGS"
+    ;;
 esac
 
 
@@ -125,6 +126,7 @@ AC_PATH_PROG(flex, flex, false)
 AC_PATH_PROG(bison, bison, false)
 AC_PATH_PROG(dot, dot)
 AC_PATH_PROG(lsof, lsof, lsof)
+NEED_PROG(jq, jq)
 
 
 AC_SUBST(coreutils, [$(dirname $(type -p cat))])
@@ -135,57 +137,6 @@ AC_ARG_WITH(store-dir, AS_HELP_STRING([--with-store-dir=PATH],[path of the Nix s
 AC_SUBST(storedir)
 
 
-# Running the functional tests without building Nix is useful for testing
-# different pre-built versions of Nix against each other.
-AC_ARG_ENABLE(build, AS_HELP_STRING([--disable-build],[Do not build nix]),
-  ENABLE_BUILD=$enableval, ENABLE_BUILD=yes)
-AC_SUBST(ENABLE_BUILD)
-
-# Building without unit tests is useful for bootstrapping with a smaller footprint
-# or running the tests in a separate derivation. Otherwise, we do compile and
-# run them.
-
-AC_ARG_ENABLE(unit-tests, AS_HELP_STRING([--disable-unit-tests],[Do not build the tests]),
-  ENABLE_UNIT_TESTS=$enableval, ENABLE_UNIT_TESTS=$ENABLE_BUILD)
-AC_SUBST(ENABLE_UNIT_TESTS)
-
-# Build external API docs by default
-AC_ARG_ENABLE(external_api_docs, AS_HELP_STRING([--enable-external-api-docs],[Build API docs for Nix's C interface]),
-  external_api_docs=$enableval, external_api_docs=yes)
-AC_SUBST(external_api_docs)
-
-AS_IF(
-  [test "$ENABLE_BUILD" == "no" && test "$ENABLE_UNIT_TESTS" == "yes"],
-  [AC_MSG_ERROR([Cannot enable unit tests when building overall is disabled. Please do not pass '--enable-unit-tests' or do not pass '--disable-build'.])])
-
-AC_ARG_ENABLE(functional-tests, AS_HELP_STRING([--disable-functional-tests],[Do not build the tests]),
-  ENABLE_FUNCTIONAL_TESTS=$enableval, ENABLE_FUNCTIONAL_TESTS=yes)
-AC_SUBST(ENABLE_FUNCTIONAL_TESTS)
-
-# documentation generation switch
-AC_ARG_ENABLE(doc-gen, AS_HELP_STRING([--disable-doc-gen],[disable documentation generation]),
-  ENABLE_DOC_GEN=$enableval, ENABLE_DOC_GEN=$ENABLE_BUILD)
-AC_SUBST(ENABLE_DOC_GEN)
-
-AS_IF(
-  [test "$ENABLE_BUILD" == "no" && test "$ENABLE_DOC_GEN" == "yes"],
-  [AC_MSG_ERROR([Cannot enable generated docs when building overall is disabled. Please do not pass '--enable-doc-gen' or do not pass '--disable-build'.])])
-
-# Building without API docs is the default as Nix' C++ interfaces are internal and unstable.
-AC_ARG_ENABLE(internal-api-docs, AS_HELP_STRING([--enable-internal-api-docs],[Build API docs for Nix's internal unstable C++ interfaces]),
-  ENABLE_INTERNAL_API_DOCS=$enableval, ENABLE_INTERNAL_API_DOCS=no)
-AC_SUBST(ENABLE_INTERNAL_API_DOCS)
-
-AC_ARG_ENABLE(external-api-docs, AS_HELP_STRING([--enable-external-api-docs],[Build API docs for Nix's external unstable C interfaces]),
-  ENABLE_EXTERNAL_API_DOCS=$enableval, ENABLE_EXTERNAL_API_DOCS=no)
-AC_SUBST(ENABLE_EXTERNAL_API_DOCS)
-
-AS_IF(
-  [test "$ENABLE_FUNCTIONAL_TESTS" == "yes" || test "$ENABLE_DOC_GEN" == "yes"],
-  [NEED_PROG(jq, jq)])
-
-AS_IF([test "$ENABLE_BUILD" == "yes"],[
-
 # Look for boost, a required dependency.
 # Note that AX_BOOST_BASE only exports *CPP* BOOST_CPPFLAGS, no CXX flags,
 # and CPPFLAGS are not passed to the C++ compiler automatically.
@@ -208,6 +159,18 @@ if test "x$GCC_ATOMIC_BUILTINS_NEED_LIBATOMIC" = xyes; then
     LDFLAGS="-latomic $LDFLAGS"
 fi
 
+# Running the functional tests without building Nix is useful for testing
+# different pre-built versions of Nix against each other.
+AC_ARG_ENABLE(build, AS_HELP_STRING([--disable-build],[Do not build nix]),
+  ENABLE_BUILD=$enableval, ENABLE_BUILD=yes)
+AC_SUBST(ENABLE_BUILD)
+# Building without tests is useful for bootstrapping with a smaller footprint
+# or running the tests in a separate derivation. Otherwise, we do compile and
+# run them.
+AC_ARG_ENABLE(tests, AS_HELP_STRING([--disable-tests],[Do not build the tests]),
+  ENABLE_TESTS=$enableval, ENABLE_TESTS=yes)
+AC_SUBST(ENABLE_TESTS)
+
 AC_ARG_ENABLE(install-unit-tests, AS_HELP_STRING([--enable-install-unit-tests],[Install the unit tests for running later (default no)]),
   INSTALL_UNIT_TESTS=$enableval, INSTALL_UNIT_TESTS=no)
 AC_SUBST(INSTALL_UNIT_TESTS)
@@ -220,6 +183,11 @@ AC_ARG_WITH(check-lib-dir, AS_HELP_STRING([--with-check-lib-dir=PATH],[path to i
   checklibdir=$withval, checklibdir=$libdir)
 AC_SUBST(checklibdir)
 
+# Building without API docs is the default as Nix' C++ interfaces are internal and unstable.
+AC_ARG_ENABLE(internal_api_docs, AS_HELP_STRING([--enable-internal-api-docs],[Build API docs for Nix's internal unstable C++ interfaces]),
+  internal_api_docs=$enableval, internal_api_docs=no)
+AC_SUBST(internal_api_docs)
+
 # LTO is currently broken with clang for unknown reasons; ld segfaults in the llvm plugin
 AC_ARG_ENABLE(lto, AS_HELP_STRING([--enable-lto],[Enable LTO (only supported with GCC) [default=no]]),
   lto=$enableval, lto=no)
@@ -263,25 +231,17 @@ PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CX
 # Look for libcurl, a required dependency.
 PKG_CHECK_MODULES([LIBCURL], [libcurl], [CXXFLAGS="$LIBCURL_CFLAGS $CXXFLAGS"])
 
-# Look for editline or readline, a required dependency.
+# Look for editline, a required dependency.
 # The the libeditline.pc file was added only in libeditline >= 1.15.2,
 # see https://github.com/troglobit/editline/commit/0a8f2ef4203c3a4a4726b9dd1336869cd0da8607,
-# Older versions are no longer supported.
-AC_ARG_WITH(
-  [readline-flavor],
-  AS_HELP_STRING([--with-readline-flavor],[Which library to use for nice line editting with the Nix language REPL" [default=editline]]),
-  [readline_flavor=$withval],
-  [readline_flavor=editline])
-AS_CASE(["$readline_flavor"],
-  [editline], [
-    readline_flavor_pc=libeditline
-  ],
-  [readline], [
-    readline_flavor_pc=readline
-    AC_DEFINE([USE_READLINE], [1], [Use readline instead of editline])
-  ],
-  [AC_MSG_ERROR([bad value "$readline_flavor" for --with-readline-flavor, must be one of: editline, readline])])
-PKG_CHECK_MODULES([EDITLINE], [$readline_flavor_pc], [CXXFLAGS="$EDITLINE_CFLAGS $CXXFLAGS"])
+# but e.g. Ubuntu 16.04 has an older version, so we fall back to searching for
+# editline.h when the pkg-config approach fails.
+PKG_CHECK_MODULES([EDITLINE], [libeditline], [CXXFLAGS="$EDITLINE_CFLAGS $CXXFLAGS"], [
+  AC_CHECK_HEADERS([editline.h], [true],
+    [AC_MSG_ERROR([Nix requires libeditline; it was found neither via pkg-config nor its normal header.])])
+  AC_SEARCH_LIBS([readline read_history], [editline], [],
+    [AC_MSG_ERROR([Nix requires libeditline; it was not found via pkg-config, but via its header, but required functions do not work. Maybe it is too old? >= 1.14 is required.])])
+])
 
 # Look for libsodium.
 PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"])
@@ -313,20 +273,9 @@ case "$host_os" in
                                 ]))
     if test "x$enable_seccomp_sandboxing" != "xno"; then
       PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
-                        [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS" CFLAGS="$LIBSECCOMP_CFLAGS $CFLAGS"])
+                        [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
       have_seccomp=1
       AC_DEFINE([HAVE_SECCOMP], [1], [Whether seccomp is available and should be used for sandboxing.])
-      AC_COMPILE_IFELSE([
-        AC_LANG_SOURCE([[
-          #include <seccomp.h>
-          #ifndef __SNR_fchmodat2
-          # error "Missing support for fchmodat2"
-          #endif
-        ]])
-      ], [], [
-        echo "libseccomp is missing __SNR_fchmodat2. Please provide libseccomp 2.5.5 or later"
-        exit 1
-      ])
     else
       have_seccomp=
     fi
@@ -337,14 +286,6 @@ case "$host_os" in
 esac
 AC_SUBST(HAVE_SECCOMP, [$have_seccomp])
 
-# Optional dependencies for better normalizing file system data
-AC_CHECK_HEADERS([sys/xattr.h])
-AS_IF([test "$ac_cv_header_sys_xattr_h" = "yes"],[
-  AC_CHECK_FUNCS([llistxattr lremovexattr])
-  AS_IF([test "$ac_cv_func_llistxattr" = "yes" && test "$ac_cv_func_lremovexattr" = "yes"],[
-    AC_DEFINE([HAVE_ACL_SUPPORT], [1], [Define if we can manipulate file system Access Control Lists])
-  ])
-])
 
 # Look for aws-cpp-sdk-s3.
 AC_LANG_PUSH(C++)
@@ -371,40 +312,47 @@ if test "$gc" = yes; then
   AC_DEFINE(HAVE_BOEHMGC, 1, [Whether to use the Boehm garbage collector.])
 fi
 
-AS_IF([test "$ENABLE_UNIT_TESTS" == "yes"],[
+
+if test "$ENABLE_TESTS" = yes; then
 
 # Look for gtest.
-PKG_CHECK_MODULES([GTEST], [gtest_main gmock_main])
+PKG_CHECK_MODULES([GTEST], [gtest_main])
+
 
 # Look for rapidcheck.
-PKG_CHECK_MODULES([RAPIDCHECK], [rapidcheck rapidcheck_gtest])
+AC_ARG_VAR([RAPIDCHECK_HEADERS], [include path of gtest headers shipped by RAPIDCHECK])
+# No pkg-config yet, https://github.com/emil-e/rapidcheck/issues/302
+AC_LANG_PUSH(C++)
+AC_SUBST(RAPIDCHECK_HEADERS)
+[CXXFLAGS="-I $RAPIDCHECK_HEADERS $CXXFLAGS"]
+[LIBS="-lrapidcheck -lgtest $LIBS"]
+AC_CHECK_HEADERS([rapidcheck/gtest.h], [], [], [#include <gtest/gtest.h>])
+dnl AC_CHECK_LIB doesn't work for C++ libs with mangled symbols
+AC_LINK_IFELSE([
+    AC_LANG_PROGRAM([[
+      #include <gtest/gtest.h>
+      #include <rapidcheck/gtest.h>
+    ]], [[
+      return RUN_ALL_TESTS();
+    ]])
+  ],
+  [],
+  [AC_MSG_ERROR([librapidcheck is not found.])])
+AC_LANG_POP(C++)
 
-])
+fi
 
 # Look for nlohmann/json.
 PKG_CHECK_MODULES([NLOHMANN_JSON], [nlohmann_json >= 3.9])
 
 
+# documentation generation switch
+AC_ARG_ENABLE(doc-gen, AS_HELP_STRING([--disable-doc-gen],[disable documentation generation]),
+  doc_generate=$enableval, doc_generate=yes)
+AC_SUBST(doc_generate)
+
 # Look for lowdown library.
-AC_ARG_ENABLE([markdown], AS_HELP_STRING([--enable-markdown], [Enable Markdown rendering in the Nix binary (requires lowdown) [default=auto]]),
-  enable_markdown=$enableval, enable_markdown=auto)
-AS_CASE(["$enable_markdown"],
-  [yes | auto], [
-    PKG_CHECK_MODULES([LOWDOWN], [lowdown >= 0.9.0], [
-      CXXFLAGS="$LOWDOWN_CFLAGS $CXXFLAGS"
-      have_lowdown=1
-      AC_DEFINE(HAVE_LOWDOWN, 1, [Whether lowdown is available and should be used for Markdown rendering.])
-    ], [
-      AS_IF([test "x$enable_markdown" == "xyes"], [AC_MSG_ERROR([--enable-markdown was specified, but lowdown was not found.])])
-    ])
-  ],
-  [no], [have_lowdown=],
-  [AC_MSG_ERROR([bad value "$enable_markdown" for --enable-markdown, must be one of: yes, no, auto])])
-
-
-# Look for libgit2.
-PKG_CHECK_MODULES([LIBGIT2], [libgit2])
-
+PKG_CHECK_MODULES([LOWDOWN], [lowdown >= 0.9.0], [CXXFLAGS="$LOWDOWN_CFLAGS $CXXFLAGS"])
 
 # Setuid installations.
 AC_CHECK_FUNCS([setresuid setreuid lchown])
@@ -436,8 +384,6 @@ if test "$embedded_sandbox_shell" = yes; then
   AC_DEFINE(HAVE_EMBEDDED_SANDBOX_SHELL, 1, [Include the sandbox shell in the Nix binary.])
 fi
 
-])
-
 
 # Expand all variables in config.status.
 test "$prefix" = NONE && prefix=$ac_default_prefix

dep-patches/boehmgc-traceable_allocator-public.diff

@@ -1,12 +0,0 @@
-diff --git a/include/gc_allocator.h b/include/gc_allocator.h
-index 597c7f13..587286be 100644
---- a/include/gc_allocator.h
-+++ b/include/gc_allocator.h
-@@ -312,6 +312,7 @@ public:
- 
- template<>
- class traceable_allocator<void> {
-+public:
-   typedef size_t      size_type;
-   typedef ptrdiff_t   difference_type;
-   typedef void*       pointer;

doc/external-api/.gitignore

@@ -1,3 +0,0 @@
-/doxygen.cfg
-/html
-/latex

doc/external-api/README.md

@@ -1,121 +0,0 @@
-# Getting started
-
-> **Warning** These bindings are **experimental**, which means they can change
-> at any time or be removed outright; nevertheless the plan is to provide a
-> stable external C API to the Nix language and the Nix store.
-
-The language library allows evaluating Nix expressions and interacting with Nix
-language values. The Nix store API is still rudimentary, and only allows
-initialising and connecting to a store for the Nix language evaluator to
-interact with.
-
-Currently there are two ways to interface with the Nix language evaluator
-programmatically:
-
-1. Embedding the evaluator
-2. Writing language plug-ins
-
-Embedding means you link the Nix C libraries in your program and use them from
-there. Adding a plug-in means you make a library that gets loaded by the Nix
-language evaluator, specified through a configuration option.
-
-Many of the components and mechanisms involved are not yet documented, therefore
-please refer to the [Nix source code](https://github.com/NixOS/nix/) for
-details. Additions to in-code documentation and the reference manual are highly
-appreciated.
-
-The following examples, for simplicity, don't include error handling. See the
-[Handling errors](@ref errors) section for more information.
-
-# Embedding the Nix Evaluator{#nix_evaluator_example}
-
-In this example we programmatically start the Nix language evaluator with a
-dummy store (that has no store paths and cannot be written to), and evaluate the
-Nix expression `builtins.nixVersion`.
-
-**main.c:**
-
-```C
-#include <nix_api_util.h>
-#include <nix_api_expr.h>
-#include <nix_api_value.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-// NOTE: This example lacks all error handling. Production code must check for
-// errors, as some return values will be undefined.
-
-void my_get_string_cb(const char * start, unsigned int n, void * user_data)
-{
-    *((char **) user_data) = strdup(start);
-}
-
-int main()
-{
-    nix_libexpr_init(NULL);
-
-    Store * store = nix_store_open(NULL, "dummy://", NULL);
-    EvalState * state = nix_state_create(NULL, NULL, store); // empty search path (NIX_PATH)
-    Value * value = nix_alloc_value(NULL, state);
-
-    nix_expr_eval_from_string(NULL, state, "builtins.nixVersion", ".", value);
-    nix_value_force(NULL, state, value);
-
-    char * version;
-    nix_get_string(NULL, value, my_get_string_cb, &version);
-    printf("Nix version: %s\n", version);
-
-    free(version);
-    nix_gc_decref(NULL, value);
-    nix_state_free(state);
-    nix_store_free(store);
-    return 0;
-}
-```
-
-**Usage:**
-
-```ShellSession
-$ gcc main.c $(pkg-config nix-expr-c --libs --cflags) -o main
-$ ./main
-Nix version: 2.17
-```
-
-# Writing a Nix language plug-in
-
-In this example we add a custom primitive operation (_primop_) to `builtins`. It
-will increment the argument if it is an integer and throw an error otherwise.
-
-**plugin.c:**
-
-```C
-#include <nix_api_util.h>
-#include <nix_api_expr.h>
-#include <nix_api_value.h>
-
-void increment(void* user_data, nix_c_context* ctx, EvalState* state, Value** args, Value* v) {
-    nix_value_force(NULL, state, args[0]);
-    if (nix_get_type(NULL, args[0]) == NIX_TYPE_INT) {
-      nix_init_int(NULL, v, nix_get_int(NULL, args[0]) + 1);
-    } else {
-      nix_set_err_msg(ctx, NIX_ERR_UNKNOWN, "First argument should be an integer.");
-    }
-}
-
-void nix_plugin_entry() {
-  const char* args[] = {"n", NULL};
-  PrimOp *p = nix_alloc_primop(NULL, increment, 1, "increment", args, "Example custom built-in function: increments an integer", NULL);
-  nix_register_primop(NULL, p);
-  nix_gc_decref(NULL, p);
-}
-```
-
-**Usage:**
-
-```ShellSession
-$ gcc plugin.c $(pkg-config nix-expr-c --libs --cflags) -shared -o plugin.so
-$ nix --plugin-files ./plugin.so repl
-nix-repl> builtins.increment 1
-2
-```

doc/external-api/doxygen.cfg.in

@@ -1,57 +0,0 @@
-# Doxyfile 1.9.5
-
-# The PROJECT_NAME tag is a single word (or a sequence of words surrounded by
-# double-quotes, unless you are using Doxywizard) that should identify the
-# project for which the documentation is generated. This name is used in the
-# title of most generated pages and in a few other places.
-# The default value is: My Project.
-
-PROJECT_NAME           = "Nix"
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number. This
-# could be handy for archiving the generated documentation or if some version
-# control system is used.
-
-PROJECT_NUMBER         = @PACKAGE_VERSION@
-
-# Using the PROJECT_BRIEF tag one can provide an optional one line description
-# for a project that appears at the top of each page and should give viewer a
-# quick idea about the purpose of the project. Keep the description short.
-
-PROJECT_BRIEF          = "Nix, the purely functional package manager: C API (experimental)"
-
-# If the GENERATE_LATEX tag is set to YES, doxygen will generate LaTeX output.
-# The default value is: YES.
-
-GENERATE_LATEX         = NO
-
-# The INPUT tag is used to specify the files and/or directories that contain
-# documented source files. You may enter file names like myfile.cpp or
-# directories like /usr/src/myproject. Separate the files or directories with
-# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
-# Note: If this tag is empty the current directory is searched.
-
-# FIXME Make this list more maintainable somehow. We could maybe generate this
-# in the Makefile, but we would need to change how `.in` files are preprocessed
-# so they can expand variables despite configure variables.
-
-INPUT                  = \
-  src/libutil-c \
-  src/libexpr-c \
-  src/libstore-c \
-  doc/external-api/README.md
-
-FILE_PATTERNS = nix_api_*.h *.md
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that
-# contain include files that are not input files but should be processed by the
-# preprocessor. Note that the INCLUDE_PATH is not recursive, so the setting of
-# RECURSIVE has no effect here.
-# This tag requires that the tag SEARCH_INCLUDES is set to YES.
-
-INCLUDE_PATH           = @RAPIDCHECK_HEADERS@
-EXCLUDE_PATTERNS = *_internal.h
-GENERATE_TREEVIEW = YES
-OPTIMIZE_OUTPUT_FOR_C  = YES
-
-USE_MDFILE_AS_MAINPAGE = doc/external-api/README.md

doc/external-api/local.mk

@@ -1,7 +0,0 @@
-$(docdir)/external-api/html/index.html $(docdir)/external-api/latex: $(d)/doxygen.cfg src/lib*-c/*.h
-	mkdir -p $(docdir)/external-api
-	{ cat $< ; echo "OUTPUT_DIRECTORY=$(docdir)/external-api" ; } | doxygen -
-
-# Generate the HTML API docs for Nix's unstable C bindings
-.PHONY: external-api-html
-external-api-html: $(docdir)/external-api/html/index.html

doc/internal-api/doxygen.cfg.in

@@ -81,7 +81,7 @@ EXPAND_ONLY_PREDEF     = YES
 # RECURSIVE has no effect here.
 # This tag requires that the tag SEARCH_INCLUDES is set to YES.
 
-INCLUDE_PATH           =
+INCLUDE_PATH           = @RAPIDCHECK_HEADERS@
 
 # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then this
 # tag can be used to specify a list of macro names that should be expanded. The

doc/internal-api/local.mk

@@ -1,7 +1,19 @@
-$(docdir)/internal-api/html/index.html $(docdir)/internal-api/latex: $(d)/doxygen.cfg src/**/*.hh
+.PHONY: internal-api-html
+
+ifeq ($(internal_api_docs), yes)
+
+$(docdir)/internal-api/html/index.html $(docdir)/internal-api/latex: $(d)/doxygen.cfg
 	mkdir -p $(docdir)/internal-api
 	{ cat $< ; echo "OUTPUT_DIRECTORY=$(docdir)/internal-api" ; } | doxygen -
 
 # Generate the HTML API docs for Nix's unstable internal interfaces.
-.PHONY: internal-api-html
 internal-api-html: $(docdir)/internal-api/html/index.html
+
+else
+
+# Make a nicer error message
+internal-api-html:
+	@echo "Internal API docs are disabled. Configure with '--enable-internal-api-docs', or avoid calling 'make internal-api-html'."
+	@exit 1
+
+endif

doc/manual/generate-builtin-constants.nix

@@ -1,6 +1,6 @@
 let
   inherit (builtins) concatStringsSep attrValues mapAttrs;
-  inherit (import <nix/utils.nix>) optionalString squash;
+  inherit (import ./utils.nix) optionalString squash;
 in
 
 builtinsInfo:

doc/manual/generate-builtins.nix

@@ -1,6 +1,6 @@
 let
   inherit (builtins) concatStringsSep attrValues mapAttrs;
-  inherit (import <nix/utils.nix>) optionalString squash;
+  inherit (import ./utils.nix) optionalString squash;
 in
 
 builtinsInfo:
@@ -8,15 +8,7 @@ let
   showBuiltin = name: { doc, args, arity, experimental-feature }:
     let
       experimentalNotice = optionalString (experimental-feature != null) ''
-        > **Note**
-        >
-        > This function is only available if the [`${experimental-feature}` experimental feature](@docroot@/contributing/experimental-features.md#xp-feature-${experimental-feature}) is enabled.
-        >
-        > For example, include the following in [`nix.conf`](@docroot@/command-ref/conf-file.md):
-        >
-        > ```
-        > extra-experimental-features = ${experimental-feature}
-        > ```
+        This function is only available if the [${experimental-feature}](@docroot@/contributing/experimental-features.md#xp-feature-${experimental-feature}) experimental feature is enabled.
       '';
     in
     squash ''
@@ -25,9 +17,10 @@ let
       </dt>
       <dd>
 
+      ${doc}
+
       ${experimentalNotice}
 
-      ${doc}
       </dd>
     '';
   listArgs = args: concatStringsSep " " (map (s: "<var>${s}</var>") args);

doc/manual/generate-manpage.nix

@@ -1,28 +1,8 @@
 let
   inherit (builtins)
-    attrNames
-    attrValues
-    concatMap
-    concatStringsSep
-    fromJSON
-    groupBy
-    length
-    lessThan
-    listToAttrs
-    mapAttrs
-    match
-    replaceStrings
-    sort
-    ;
-  inherit (import <nix/utils.nix>)
-    attrsToList
-    concatStrings
-    filterAttrs
-    optionalString
-    squash
-    trim
-    unique
-    ;
+    attrNames attrValues fromJSON listToAttrs mapAttrs groupBy
+    concatStringsSep concatMap length lessThan replaceStrings sort;
+  inherit (import <nix/utils.nix>) attrsToList concatStrings optionalString filterAttrs trim squash unique;
   showStoreDocs = import <nix/generate-store-info.nix>;
 in
 
@@ -51,7 +31,7 @@ let
 
         ${maybeSubcommands}
 
-        ${maybeProse}
+        ${maybeStoreDocs}
 
         ${maybeOptions}
       '';
@@ -91,53 +71,25 @@ let
         * [`${command} ${name}`](./${appendName filename name}.md) - ${subcmd.description}
       '';
 
-      maybeProse =
-        # FIXME: this is a horrible hack to keep `nix help-stores` working.
-        let
-          help-stores = ''
-            ${index}
+      # FIXME: this is a hack.
+      # store parameters should not be part of command documentation to begin
+      # with, but instead be rendered on separate pages.
+      maybeStoreDocs = optionalString (details ? doc)
+        (replaceStrings [ "@stores@" ] [ (showStoreDocs inlineHTML commandInfo.stores) ] details.doc);
 
-            ${allStores}
-          '';
-          index = replaceStrings
-            [ "@store-types@" "./local-store.md" "./local-daemon-store.md" ]
-            [ storesOverview "#local-store" "#local-daemon-store" ]
-            details.doc;
-          storesOverview =
-            let
-              showEntry = store:
-                "- [${store.name}](#${store.slug})";
-            in
-            concatStringsSep "\n" (map showEntry storesList) + "\n";
-          allStores = concatStringsSep "\n" (attrValues storePages);
-          storePages = listToAttrs
-            (map (s: { name = s.filename; value = s.page; }) storesList);
-          storesList = showStoreDocs {
-            storeInfo = commandInfo.stores;
-            inherit inlineHTML;
-          };
-        in
-        optionalString (details ? doc) (
-          if match ".*@store-types@.*" details.doc != null
-          then help-stores
-          else details.doc
-        );
+      maybeOptions = let
+        allVisibleOptions = filterAttrs
+          (_: o: ! o.hiddenCategory)
+          (details.flags // toplevel.flags);
+      in optionalString (allVisibleOptions != {}) ''
+        # Options
 
-      maybeOptions =
-        let
-          allVisibleOptions = filterAttrs
-            (_: o: ! o.hiddenCategory)
-            (details.flags // toplevel.flags);
-        in
-        optionalString (allVisibleOptions != { }) ''
-          # Options
+        ${showOptions inlineHTML allVisibleOptions}
 
-          ${showOptions inlineHTML allVisibleOptions}
-
-          > **Note**
-          >
-          > See [`man nix.conf`](@docroot@/command-ref/conf-file.md#command-line-flags) for overriding configuration settings with command line flags.
-        '';
+        > **Note**
+        >
+        > See [`man nix.conf`](@docroot@/command-ref/conf-file.md#command-line-flags) for overriding configuration settings with command line flags.
+      '';
 
       showOptions = inlineHTML: allOptions:
         let
@@ -145,7 +97,7 @@ let
             ${optionalString (cat != "") "## ${cat}"}
 
             ${concatStringsSep "\n" (attrValues (mapAttrs showOption opts))}
-          '';
+            '';
           showOption = name: option:
             let
               result = trim ''

doc/manual/generate-settings.nix

@@ -20,10 +20,10 @@ let
         else "`${setting}`";
       # separate body to cleanly handle indentation
       body = ''
-          ${experimentalFeatureNote}
-
           ${description}
 
+          ${experimentalFeatureNote}
+
           **Default:** ${showDefault documentDefault defaultValue}
 
           ${showAliases aliases}
@@ -31,19 +31,18 @@ let
 
       experimentalFeatureNote = optionalString (experimentalFeature != null) ''
           > **Warning**
-          >
           > This setting is part of an
           > [experimental feature](@docroot@/contributing/experimental-features.md).
-          >
-          > To change this setting, make sure the
-          > [`${experimentalFeature}` experimental feature](@docroot@/contributing/experimental-features.md#xp-feature-${experimentalFeature})
-          > is enabled.
-          > For example, include the following in [`nix.conf`](@docroot@/command-ref/conf-file.md):
-          >
-          > ```
-          > extra-experimental-features = ${experimentalFeature}
-          > ${setting} = ...
-          > ```
+
+          To change this setting, you need to make sure the corresponding experimental feature,
+          [`${experimentalFeature}`](@docroot@/contributing/experimental-features.md#xp-feature-${experimentalFeature}),
+          is enabled.
+          For example, include the following in [`nix.conf`](#):
+
+          ```
+          extra-experimental-features = ${experimentalFeature}
+          ${setting} = ...
+          ```
         '';
 
       showDefault = documentDefault: defaultValue:

doc/manual/generate-store-info.nix

@@ -1,57 +1,45 @@
 let
-  inherit (builtins) attrNames listToAttrs concatStringsSep readFile replaceStrings;
-  inherit (import <nix/utils.nix>) optionalString filterAttrs trim squash toLower unique indent;
+  inherit (builtins) attrValues mapAttrs;
+  inherit (import <nix/utils.nix>) concatStrings optionalString;
   showSettings = import <nix/generate-settings.nix>;
 in
 
-{
-  # data structure describing all stores and their parameters
-  storeInfo,
-  # whether to add inline HTML tags
-  # `lowdown` does not eat those for one of the output modes
-  inlineHTML,
-}:
+inlineHTML: storesInfo:
 
 let
 
-  showStore = { name, slug }: { settings, doc, experimentalFeature }:
+  showStore = name: { settings, doc, experimentalFeature }:
     let
-      result = squash ''
-        # ${name}
 
-        ${experimentalFeatureNote}
+    result = ''
+      ## ${name}
 
-        ${doc}
+      ${doc}
 
-        ## Settings
+      ${experimentalFeatureNote}
 
-        ${showSettings { prefix = "store-${slug}"; inherit inlineHTML; } settings}
-      '';
+      ### Settings
 
-      experimentalFeatureNote = optionalString (experimentalFeature != null) ''
-        > **Warning**
-        >
-        > This store is part of an
-        > [experimental feature](@docroot@/contributing/experimental-features.md).
-        >
-        > To use this store, make sure the
-        > [`${experimentalFeature}` experimental feature](@docroot@/contributing/experimental-features.md#xp-feature-${experimentalFeature})
-        > is enabled.
-        > For example, include the following in [`nix.conf`](@docroot@/command-ref/conf-file.md):
-        >
-        > ```
-        > extra-experimental-features = ${experimentalFeature}
-        > ```
-      '';
-    in result;
+      ${showSettings { prefix = "store-${slug}"; inherit inlineHTML; } settings}
+    '';
 
-  storesList = map
-    (name: rec {
-      inherit name;
-      slug = replaceStrings [ " " ] [ "-" ] (toLower name);
-      filename = "${slug}.md";
-      page = showStore { inherit name slug; } storeInfo.${name};
-    })
-    (attrNames storeInfo);
+      # markdown doesn't like spaces in URLs
+      slug = builtins.replaceStrings [ " " ] [ "-" ] name;
 
-in storesList
+    experimentalFeatureNote = optionalString (experimentalFeature != null) ''
+      > **Warning**
+      > This store is part of an
+      > [experimental feature](@docroot@/contributing/experimental-features.md).
+
+      To use this store, you need to make sure the corresponding experimental feature,
+      [`${experimentalFeature}`](@docroot@/contributing/experimental-features.md#xp-feature-${experimentalFeature}),
+      is enabled.
+      For example, include the following in [`nix.conf`](#):
+
+      ```
+      extra-experimental-features = ${experimentalFeature}
+      ```
+    '';
+  in result;
+
+in concatStrings (attrValues (mapAttrs showStore storesInfo))

doc/manual/generate-store-types.nix

@@ -1,39 +0,0 @@
-let
-  inherit (builtins) attrNames listToAttrs concatStringsSep readFile replaceStrings;
-  showSettings = import <nix/generate-settings.nix>;
-  showStoreDocs = import <nix/generate-store-info.nix>;
-in
-
-storeInfo:
-
-let
-  storesList = showStoreDocs {
-    inherit storeInfo;
-    inlineHTML = true;
-  };
-
-  index =
-    let
-      showEntry = store:
-        "- [${store.name}](./${store.filename})";
-    in
-    concatStringsSep "\n" (map showEntry storesList);
-
-  "index.md" = replaceStrings
-    [ "@store-types@" ] [ index ]
-    (readFile ./src/store/types/index.md.in);
-
-  tableOfContents =
-    let
-      showEntry = store:
-        "    - [${store.name}](store/types/${store.filename})";
-    in
-    concatStringsSep "\n" (map showEntry storesList) + "\n";
-
-  "SUMMARY.md" = tableOfContents;
-
-  storePages = listToAttrs
-    (map (s: { name = s.filename; value = s.page; }) storesList);
-
-in
-storePages // { inherit "index.md" "SUMMARY.md"; }

doc/manual/generate-xp-features-shortlist.nix

@@ -1,5 +1,5 @@
 with builtins;
-with import <nix/utils.nix>;
+with import ./utils.nix;
 
 let
   showExperimentalFeature = name: doc:

doc/manual/generate-xp-features.nix

@@ -1,5 +1,5 @@
 with builtins;
-with import <nix/utils.nix>;
+with import ./utils.nix;
 
 let
   showExperimentalFeature = name: doc:
@@ -8,6 +8,4 @@ let
 
       ${doc}
     '';
-in
-
-xps: (concatStringsSep "\n" (attrValues (mapAttrs showExperimentalFeature xps)))
+in xps: (concatStringsSep "\n" (attrValues (mapAttrs showExperimentalFeature xps)))

doc/manual/local.mk

@@ -1,7 +1,4 @@
-# The version of Nix used to generate the doc. Can also be
-# `$(nix_INSTALL_PATH)` or just `nix` (to grap ambient from the `PATH`),
-# if one prefers.
-doc_nix = $(nix_PATH)
+ifeq ($(doc_generate),yes)
 
 MANUAL_SRCS := \
 	$(call rwildcard, $(d)/src, *.md) \
@@ -27,7 +24,7 @@ man-pages += $(foreach subcommand, \
 clean-files += $(d)/*.1 $(d)/*.5 $(d)/*.8
 
 # Provide a dummy environment for nix, so that it will not access files outside the macOS sandbox.
-# Set cores to 0 because otherwise `nix config show` resolves the cores based on the current machine
+# Set cores to 0 because otherwise nix show-config resolves the cores based on the current machine
 dummy-env = env -i \
 	HOME=/dummy \
 	NIX_CONF_DIR=/dummy \
@@ -35,7 +32,7 @@ dummy-env = env -i \
 	NIX_STATE_DIR=/dummy \
 	NIX_CONFIG='cores = 0'
 
-nix-eval = $(dummy-env) $(doc_nix) eval --experimental-features nix-command -I nix=doc/manual --store dummy:// --impure --raw
+nix-eval = $(dummy-env) $(bindir)/nix eval --experimental-features nix-command -I nix=doc/manual --store dummy:// --impure --raw
 
 # re-implement mdBook's include directive to make it usable for terminal output and for proper @docroot@ substitution
 define process-includes
@@ -95,101 +92,64 @@ $(d)/nix-profiles.5: $(d)/src/command-ref/files/profiles.md
 	$(trace-gen) lowdown -sT man --nroff-nolinks -M section=5 $^.tmp -o $@
 	@rm $^.tmp
 
-$(d)/src/SUMMARY.md: $(d)/src/SUMMARY.md.in $(d)/src/SUMMARY-rl-next.md $(d)/src/store/types $(d)/src/command-ref/new-cli $(d)/src/contributing/experimental-feature-descriptions.md
+$(d)/src/SUMMARY.md: $(d)/src/SUMMARY.md.in $(d)/src/command-ref/new-cli $(d)/src/contributing/experimental-feature-descriptions.md
 	@cp $< $@
 	@$(call process-includes,$@,$@)
 
-$(d)/src/store/types: $(d)/nix.json $(d)/utils.nix $(d)/generate-store-info.nix  $(d)/generate-store-types.nix $(d)/src/store/types/index.md.in $(doc_nix)
-	@# FIXME: build out of tree!
-	@rm -rf $@.tmp
-	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-store-types.nix (builtins.fromJSON (builtins.readFile $<)).stores'
-	@# do not destroy existing contents
-	@mv $@.tmp/* $@/
-
-$(d)/src/command-ref/new-cli: $(d)/nix.json $(d)/utils.nix $(d)/generate-manpage.nix $(d)/generate-settings.nix $(d)/generate-store-info.nix $(doc_nix)
+$(d)/src/command-ref/new-cli: $(d)/nix.json $(d)/utils.nix $(d)/generate-manpage.nix $(d)/generate-settings.nix $(d)/generate-store-info.nix $(bindir)/nix
 	@rm -rf $@ $@.tmp
 	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-manpage.nix true (builtins.readFile $<)'
 	@mv $@.tmp $@
 
-$(d)/src/command-ref/conf-file.md: $(d)/conf-file.json $(d)/utils.nix $(d)/generate-settings.nix $(d)/src/command-ref/conf-file-prefix.md $(d)/src/command-ref/experimental-features-shortlist.md $(doc_nix)
+$(d)/src/command-ref/conf-file.md: $(d)/conf-file.json $(d)/utils.nix $(d)/generate-settings.nix $(d)/src/command-ref/conf-file-prefix.md $(d)/src/command-ref/experimental-features-shortlist.md $(bindir)/nix
 	@cat doc/manual/src/command-ref/conf-file-prefix.md > $@.tmp
 	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-settings.nix { prefix = "conf"; } (builtins.fromJSON (builtins.readFile $<))' >> $@.tmp;
 	@mv $@.tmp $@
 
-$(d)/nix.json: $(doc_nix)
-	$(trace-gen) $(dummy-env) $(doc_nix) __dump-cli > $@.tmp
+$(d)/nix.json: $(bindir)/nix
+	$(trace-gen) $(dummy-env) $(bindir)/nix __dump-cli > $@.tmp
 	@mv $@.tmp $@
 
-$(d)/conf-file.json: $(doc_nix)
-	$(trace-gen) $(dummy-env) $(doc_nix) config show --json --experimental-features nix-command > $@.tmp
+$(d)/conf-file.json: $(bindir)/nix
+	$(trace-gen) $(dummy-env) $(bindir)/nix show-config --json --experimental-features nix-command > $@.tmp
 	@mv $@.tmp $@
 
-$(d)/src/contributing/experimental-feature-descriptions.md: $(d)/xp-features.json $(d)/utils.nix $(d)/generate-xp-features.nix $(doc_nix)
+$(d)/src/contributing/experimental-feature-descriptions.md: $(d)/xp-features.json $(d)/utils.nix $(d)/generate-xp-features.nix $(bindir)/nix
 	@rm -rf $@ $@.tmp
 	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-xp-features.nix (builtins.fromJSON (builtins.readFile $<))'
 	@mv $@.tmp $@
 
-$(d)/src/command-ref/experimental-features-shortlist.md: $(d)/xp-features.json $(d)/utils.nix $(d)/generate-xp-features-shortlist.nix $(doc_nix)
+$(d)/src/command-ref/experimental-features-shortlist.md: $(d)/xp-features.json $(d)/utils.nix $(d)/generate-xp-features-shortlist.nix $(bindir)/nix
 	@rm -rf $@ $@.tmp
 	$(trace-gen) $(nix-eval) --write-to $@.tmp --expr 'import doc/manual/generate-xp-features-shortlist.nix (builtins.fromJSON (builtins.readFile $<))'
 	@mv $@.tmp $@
 
-$(d)/xp-features.json: $(doc_nix)
-	$(trace-gen) $(dummy-env) $(doc_nix) __dump-xp-features > $@.tmp
+$(d)/xp-features.json: $(bindir)/nix
+	$(trace-gen) $(dummy-env) $(bindir)/nix __dump-xp-features > $@.tmp
 	@mv $@.tmp $@
 
-$(d)/src/language/builtins.md: $(d)/language.json $(d)/generate-builtins.nix $(d)/src/language/builtins-prefix.md $(doc_nix)
+$(d)/src/language/builtins.md: $(d)/language.json $(d)/generate-builtins.nix $(d)/src/language/builtins-prefix.md $(bindir)/nix
 	@cat doc/manual/src/language/builtins-prefix.md > $@.tmp
 	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtins.nix (builtins.fromJSON (builtins.readFile $<)).builtins' >> $@.tmp;
 	@cat doc/manual/src/language/builtins-suffix.md >> $@.tmp
 	@mv $@.tmp $@
 
-$(d)/src/language/builtin-constants.md: $(d)/language.json $(d)/generate-builtin-constants.nix $(d)/src/language/builtin-constants-prefix.md $(doc_nix)
+$(d)/src/language/builtin-constants.md: $(d)/language.json $(d)/generate-builtin-constants.nix $(d)/src/language/builtin-constants-prefix.md $(bindir)/nix
 	@cat doc/manual/src/language/builtin-constants-prefix.md > $@.tmp
 	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtin-constants.nix (builtins.fromJSON (builtins.readFile $<)).constants' >> $@.tmp;
 	@cat doc/manual/src/language/builtin-constants-suffix.md >> $@.tmp
 	@mv $@.tmp $@
 
-$(d)/language.json: $(doc_nix)
-	$(trace-gen) $(dummy-env) $(doc_nix) __dump-language > $@.tmp
+$(d)/language.json: $(bindir)/nix
+	$(trace-gen) $(dummy-env) $(bindir)/nix __dump-language > $@.tmp
 	@mv $@.tmp $@
 
-# Generate "Upcoming release" notes (or clear it and remove from menu)
-$(d)/src/release-notes/rl-next.md: $(d)/rl-next $(d)/rl-next/*
-	@if type -p changelog-d > /dev/null; then \
-		echo "  GEN   " $@; \
-		changelog-d doc/manual/rl-next > $@; \
-	else \
-		echo "  NULL  " $@; \
-		true > $@; \
-	fi
-
-$(d)/src/SUMMARY-rl-next.md: $(d)/src/release-notes/rl-next.md
-	$(trace-gen) true
-	@if [ -s $< ]; then \
-		echo '  - [Upcoming release](release-notes/rl-next.md)' > $@; \
-	else \
-	  true > $@; \
-	fi
-
 # Generate the HTML manual.
 .PHONY: manual-html
 manual-html: $(docdir)/manual/index.html
-
-# Open the built HTML manual in the default browser.
-manual-html-open: $(docdir)/manual/index.html
-	@echo "  OPEN  " $<; \
-	  xdg-open $< \
-		  || open $< \
-			|| { \
-		echo "Could not open the manual in a browser. Please open '$<'" >&2; \
-		false; \
-		}
 install: $(docdir)/manual/index.html
 
 # Generate 'nix' manpages.
-.PHONY: manpages
-manpages: $(mandir)/man1/nix3-manpages
 install: $(mandir)/man1/nix3-manpages
 man: doc/manual/generated/man1/nix3-manpages
 all: doc/manual/generated/man1/nix3-manpages
@@ -217,7 +177,7 @@ doc/manual/generated/man1/nix3-manpages: $(d)/src/command-ref/new-cli
 # `@docroot@` is to be preserved for documenting the mechanism
 # FIXME: maybe contributing guides should live right next to the code
 # instead of in the manual
-$(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/anchors.jq $(d)/custom.css $(d)/src/SUMMARY.md $(d)/src/store/types $(d)/src/command-ref/new-cli $(d)/src/contributing/experimental-feature-descriptions.md $(d)/src/command-ref/conf-file.md $(d)/src/language/builtins.md $(d)/src/language/builtin-constants.md $(d)/src/release-notes/rl-next.md $(d)/src/figures $(d)/src/favicon.png $(d)/src/favicon.svg
+$(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/anchors.jq $(d)/custom.css $(d)/src/SUMMARY.md $(d)/src/command-ref/new-cli $(d)/src/contributing/experimental-feature-descriptions.md $(d)/src/command-ref/conf-file.md $(d)/src/language/builtins.md $(d)/src/language/builtin-constants.md $(d)/src/favicon.png $(d)/src/favicon.svg
 	$(trace-gen) \
 		tmp="$$(mktemp -d)"; \
 		cp -r doc/manual "$$tmp"; \
@@ -235,3 +195,5 @@ $(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/anchors.jq $(d)/
 	@rm -rf $(DESTDIR)$(docdir)/manual
 	@mv $(DESTDIR)$(docdir)/manual.tmp/html $(DESTDIR)$(docdir)/manual
 	@rm -rf $(DESTDIR)$(docdir)/manual.tmp
+
+endif

doc/manual/redirects.js

@@ -14,15 +14,15 @@
 
 const redirects = {
  "index.html": {
-    "part-advanced-topics": "advanced-topics/index.html",
+    "part-advanced-topics": "advanced-topics/advanced-topics.html",
     "chap-tuning-cores-and-jobs": "advanced-topics/cores-vs-jobs.html",
     "chap-diff-hook": "advanced-topics/diff-hook.html",
     "check-dirs-are-unregistered": "advanced-topics/diff-hook.html#check-dirs-are-unregistered",
-    "chap-distributed-builds": "command-ref/conf-file.html#conf-builders",
+    "chap-distributed-builds": "advanced-topics/distributed-builds.html",
     "chap-post-build-hook": "advanced-topics/post-build-hook.html",
     "chap-post-build-hook-caveats": "advanced-topics/post-build-hook.html#implementation-caveats",
     "chap-writing-nix-expressions": "language/index.html",
-    "part-command-ref": "command-ref/index.html",
+    "part-command-ref": "command-ref/command-ref.html",
     "conf-allow-import-from-derivation": "command-ref/conf-file.html#conf-allow-import-from-derivation",
     "conf-allow-new-privileges": "command-ref/conf-file.html#conf-allow-new-privileges",
     "conf-allowed-uris": "command-ref/conf-file.html#conf-allowed-uris",
@@ -261,7 +261,7 @@ const redirects = {
     "sec-installer-proxy-settings": "installation/env-variables.html#proxy-environment-variables",
     "sec-nix-ssl-cert-file": "installation/env-variables.html#nix_ssl_cert_file",
     "sec-nix-ssl-cert-file-with-nix-daemon-and-macos": "installation/env-variables.html#nix_ssl_cert_file-with-macos-and-the-nix-daemon",
-    "chap-installation": "installation/index.html",
+    "chap-installation": "installation/installation.html",
     "ch-installing-binary": "installation/installing-binary.html",
     "sect-macos-installation": "installation/installing-binary.html#macos-installation",
     "sect-macos-installation-change-store-prefix": "installation/installing-binary.html#macos-installation",
@@ -285,10 +285,10 @@ const redirects = {
     "ch-basic-package-mgmt": "package-management/basic-package-mgmt.html",
     "ssec-binary-cache-substituter": "package-management/binary-cache-substituter.html",
     "sec-channels": "command-ref/nix-channel.html",
-    "ssec-copy-closure": "command-ref/nix-copy-closure.html",
+    "ssec-copy-closure": "package-management/copy-closure.html",
     "sec-garbage-collection": "package-management/garbage-collection.html",
     "ssec-gc-roots": "package-management/garbage-collector-roots.html",
-    "chap-package-management": "package-management/index.html",
+    "chap-package-management": "package-management/package-management.html",
     "sec-profiles": "package-management/profiles.html",
     "ssec-s3-substituter": "store/types/s3-substituter.html",
     "ssec-s3-substituter-anonymous-reads": "store/types/s3-substituter.html#anonymous-reads-to-your-s3-compatible-binary-cache",
@@ -297,7 +297,7 @@ const redirects = {
     "sec-sharing-packages": "package-management/sharing-packages.html",
     "ssec-ssh-substituter": "package-management/ssh-substituter.html",
     "chap-quick-start": "quick-start.html",
-    "sec-relnotes": "release-notes/index.html",
+    "sec-relnotes": "release-notes/release-notes.html",
     "ch-relnotes-0.10.1": "release-notes/rl-0.10.1.html",
     "ch-relnotes-0.10": "release-notes/rl-0.10.html",
     "ssec-relnotes-0.11": "release-notes/rl-0.11.html",
@@ -358,11 +358,7 @@ const redirects = {
     "one-time-setup": "testing.html#one-time-setup",
     "using-the-ci-generated-installer-for-manual-testing": "testing.html#using-the-ci-generated-installer-for-manual-testing",
     "characterization-testing": "#characterisation-testing-unit",
-  },
-  "glossary.html": {
-    "gloss-local-store": "store/types/local-store.html",
-    "gloss-chroot-store": "store/types/local-store.html",
-  },
+  }
 };
 
 // the following code matches the current page's URL against the set of redirects.

doc/manual/rl-next/allowed-uris-can-now-match-whole-schemes.md

@@ -0,0 +1,7 @@
+---
+synopsis: Option `allowed-uris` can now match whole schemes in URIs without slashes
+prs: 9547
+---
+
+If a scheme, such as `github:` is specified in the `allowed-uris` option, all URIs starting with `github:` are allowed.
+Previously this only worked for schemes whose URIs used the `://` syntax.

doc/manual/rl-next/config

@@ -1,2 +0,0 @@
-organization: NixOS
-repository: nix

doc/manual/rl-next/consistent-nix-build.md

@@ -1,6 +0,0 @@
----
-synopsis: Show all FOD errors with `nix build --keep-going`
----
-
-`nix build --keep-going` now behaves consistently with `nix-build --keep-going`. This means
-that if e.g. multiple FODs fail to build, all hash mismatches are displayed.

doc/manual/rl-next/derivation-json-change.md

@@ -1,12 +0,0 @@
----
-synopsis: Modify `nix derivation {add,show}` JSON format
-issues: 9866
-prs: 10722
----
-
-The JSON format for derivations has been slightly revised to better conform to our [JSON guidelines](@docroot@contributing/cli-guideline#returning-future-proof-json).
-In particular, the hash algorithm and content addressing method of content-addresed derivation outputs is now separated into two fields `hashAlgo` and `method`,
-rather than one field with an arcane `:`-separated format.
-
-This JSON format is only used by the experimental `nix derivation` family of commands, at this time.
-Future revisions are expected as the JSON format is still not entirely in compliance even after these changes.

doc/manual/rl-next/fix-silent-unknown-options

@@ -1,28 +0,0 @@
----
-synopsis: Warn on unknown settings anywhere in the command line
-prs: 10701
----
-
-All `nix` commands will now properly warn when an unknown option is specified anywhere in the command line.
-
-Before:
-
-```console
-$ nix-instantiate --option foobar baz --expr '{}'
-warning: unknown setting 'foobar'
-$ nix-instantiate '{}' --option foobar baz --expr
-$ nix eval --expr '{}' --option foobar baz
-{ }
-```
-
-After:
-
-```console
-$ nix-instantiate --option foobar baz --expr '{}'
-warning: unknown setting 'foobar'
-$ nix-instantiate '{}' --option foobar baz --expr
-warning: unknown setting 'foobar'
-$ nix eval --expr '{}' --option foobar baz
-warning: unknown setting 'foobar'
-{ }
-```

doc/manual/rl-next/fod-sandbox-escape.md

@@ -0,0 +1,14 @@
+---
+synopsis: Fix a FOD sandbox escape
+issues:
+prs:
+---
+
+Cooperating Nix derivations could send file descriptors to files in the Nix
+store to each other via Unix domain sockets in the abstract namespace. This
+allowed one derivation to modify the output of the other derivation, after Nix
+has registered the path as "valid" and immutable in the Nix database.
+In particular, this allowed the output of fixed-output derivations to be
+modified from their expected content.
+
+This isn't the case any more.

doc/manual/rl-next/harden-user-sandboxing.md

@@ -0,0 +1,8 @@
+---
+synopsis: Harden the user sandboxing
+significance: significant
+issues:
+prs: <only provided once merged>
+---
+
+The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.

doc/manual/rl-next/verify-tls.md

@@ -0,0 +1,8 @@
+---
+synopsis: "`<nix/fetchurl.nix>` uses TLS verification"
+prs: [11585]
+---
+
+Previously `<nix/fetchurl.nix>` did not do TLS verification. This was because the Nix sandbox in the past did not have access to TLS certificates, and Nix checks the hash of the fetched file anyway. However, this can expose authentication data from `netrc` and URLs to man-in-the-middle attackers. In addition, Nix now in some cases (such as when using impure derivations) does *not* check the hash. Therefore we have now enabled TLS verification. This means that downloads by `<nix/fetchurl.nix>` will now fail if you're fetching from a HTTPS server that does not have a valid certificate.
+
+`<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It's not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue.

doc/manual/src/SUMMARY.md.in

@@ -2,7 +2,7 @@
 
 - [Introduction](introduction.md)
 - [Quick Start](quick-start.md)
-- [Installation](installation/index.md)
+- [Installation](installation/installation.md)
   - [Supported Platforms](installation/supported-platforms.md)
   - [Installing a Binary Distribution](installation/installing-binary.md)
   - [Installing Nix from Source](installation/installing-source.md)
@@ -18,37 +18,33 @@
   - [Uninstalling Nix](installation/uninstall.md)
 - [Nix Store](store/index.md)
   - [File System Object](store/file-system-object.md)
-    - [Content-Addressing File System Objects](store/file-system-object/content-address.md)
   - [Store Object](store/store-object.md)
-    - [Content-Addressing Store Objects](store/store-object/content-address.md)
   - [Store Path](store/store-path.md)
-  - [Store Types](store/types/index.md)
-{{#include ./store/types/SUMMARY.md}}
 - [Nix Language](language/index.md)
   - [Data Types](language/values.md)
   - [Language Constructs](language/constructs.md)
     - [String interpolation](language/string-interpolation.md)
     - [Lookup path](language/constructs/lookup-path.md)
-    - [String context](language/string-context.md)
   - [Operators](language/operators.md)
   - [Derivations](language/derivations.md)
     - [Advanced Attributes](language/advanced-attributes.md)
     - [Import From Derivation](language/import-from-derivation.md)
   - [Built-in Constants](language/builtin-constants.md)
   - [Built-in Functions](language/builtins.md)
-- [Package Management](package-management/index.md)
+- [Package Management](package-management/package-management.md)
   - [Profiles](package-management/profiles.md)
   - [Garbage Collection](package-management/garbage-collection.md)
     - [Garbage Collector Roots](package-management/garbage-collector-roots.md)
-- [Advanced Topics](advanced-topics/index.md)
+- [Advanced Topics](advanced-topics/advanced-topics.md)
   - [Sharing Packages Between Machines](package-management/sharing-packages.md)
     - [Serving a Nix store via HTTP](package-management/binary-cache-substituter.md)
+    - [Copying Closures via SSH](package-management/copy-closure.md)
     - [Serving a Nix store via SSH](package-management/ssh-substituter.md)
   - [Remote Builds](advanced-topics/distributed-builds.md)
   - [Tuning Cores and Jobs](advanced-topics/cores-vs-jobs.md)
   - [Verifying Build Reproducibility](advanced-topics/diff-hook.md)
   - [Using the `post-build-hook`](advanced-topics/post-build-hook.md)
-- [Command Reference](command-ref/index.md)
+- [Command Reference](command-ref/command-ref.md)
   - [Common Options](command-ref/opt-common.md)
   - [Common Environment Variables](command-ref/env-common.md)
   - [Main Commands](command-ref/main-commands.md)
@@ -105,28 +101,18 @@
     - [Channels](command-ref/files/channels.md)
     - [Default Nix expression](command-ref/files/default-nix-expression.md)
 - [Architecture and Design](architecture/architecture.md)
-- [Formats and Protocols](protocols/index.md)
-  - [JSON Formats](protocols/json/index.md)
-    - [Store Object Info](protocols/json/store-object-info.md)
-    - [Derivation](protocols/json/derivation.md)
+- [Protocols](protocols/protocols.md)
   - [Serving Tarball Flakes](protocols/tarball-fetcher.md)
-  - [Store Path Specification](protocols/store-path.md)
-  - [Nix Archive (NAR) Format](protocols/nix-archive.md)
   - [Derivation "ATerm" file format](protocols/derivation-aterm.md)
-- [C API](c-api.md)
 - [Glossary](glossary.md)
-- [Contributing](contributing/index.md)
+- [Contributing](contributing/contributing.md)
   - [Hacking](contributing/hacking.md)
   - [Testing](contributing/testing.md)
   - [Documentation](contributing/documentation.md)
   - [Experimental Features](contributing/experimental-features.md)
   - [CLI guideline](contributing/cli-guideline.md)
   - [C++ style guide](contributing/cxx.md)
-- [Releases](release-notes/index.md)
-{{#include ./SUMMARY-rl-next.md}}
-  - [Release 2.22 (2024-04-23)](release-notes/rl-2.22.md)
-  - [Release 2.21 (2024-03-11)](release-notes/rl-2.21.md)
-  - [Release 2.20 (2024-01-29)](release-notes/rl-2.20.md)
+- [Release Notes](release-notes/release-notes.md)
   - [Release 2.19 (2023-11-17)](release-notes/rl-2.19.md)
   - [Release 2.18 (2023-09-20)](release-notes/rl-2.18.md)
   - [Release 2.17 (2023-07-24)](release-notes/rl-2.17.md)

doc/manual/src/_redirects

@@ -13,31 +13,18 @@
 # conventions:
 # - always force (<CODE>!) since this allows re-using file names
 # - group related paths to ease readability
-# - keep in alphabetical/wildcards-last order, which will reduce version control conflicts
+# - always append new redirects to the end of the file
 # - redirects that should have been there but are missing can be inserted where they belong
 
-/advanced-topics/advanced-topics /advanced-topics 301!
-
-/command-ref/command-ref /command-ref 301!
-
-/contributing/contributing /contributing 301!
-
 /expressions/expression-language /language/ 301!
+/expressions/language-values /language/values 301!
 /expressions/language-constructs /language/constructs 301!
 /expressions/language-operators /language/operators 301!
-/expressions/language-values /language/values 301!
 /expressions/* /language/:splat 301!
 
-/installation/installation /installation 301!
-
 /package-management/basic-package-mgmt /command-ref/nix-env 301!
-/package-management/channels /command-ref/nix-channel 301!
-/package-management/package-management /package-management 301!
-/package-management/s3-substituter /store/types/s3-binary-cache-store 301!
 
-/protocols/protocols /protocols 301!
-/json/* /protocols/json/:splat 301!
+/package-management/channels* /command-ref/nix-channel 301!
 
-/release-notes/release-notes /release-notes 301!
+/package-management/s3-substituter* /command-ref/new-cli/nix3-help-stores#s3-binary-cache-store 301!
 
-/package-management/copy-closure /command-ref/nix-copy-closure 301!

doc/manual/src/advanced-topics/distributed-builds.md

@@ -12,14 +12,14 @@ machine is accessible via SSH and that it has Nix installed. You can
 test whether connecting to the remote Nix instance works, e.g.
 
 ```console
-$ nix store ping --store ssh://mac
+$ nix store info --store ssh://mac
 ```
 
 will try to connect to the machine named `mac`. It is possible to
 specify an SSH identity file as part of the remote store URI, e.g.
 
 ```console
-$ nix store ping --store ssh://mac?ssh-key=/home/alice/my-key
+$ nix store info --store ssh://mac?ssh-key=/home/alice/my-key
 ```
 
 Since builds should be non-interactive, the key should not have a
@@ -36,8 +36,16 @@ error: cannot connect to 'mac'
 then you need to ensure that the `PATH` of non-interactive login shells
 contains Nix.
 
-The [list of remote build machines](@docroot@/command-ref/conf-file.md#conf-builders) can be specified on the command line or in the Nix configuration file.
-For example, the following command allows you to build a derivation for `x86_64-darwin` on a Linux machine:
+> **Warning**
+>
+> If you are building via the Nix daemon, it is the Nix daemon user account (that is, `root`) that should have SSH access to a user (not necessarily `root`) on the remote machine.
+>
+> If you can’t or don’t want to configure `root` to be able to access the remote machine, you can use a private Nix store instead by passing e.g. `--store ~/my-nix` when running a Nix command from the local machine.
+
+The list of remote machines can be specified on the command line or in
+the Nix configuration file. The former is convenient for testing. For
+example, the following command allows you to build a derivation for
+`x86_64-darwin` on a Linux machine:
 
 ```console
 $ uname
@@ -52,20 +60,97 @@ $ cat ./result
 Darwin
 ```
 
-It is possible to specify multiple build machines separated by a semicolon or a newline, e.g.
+It is possible to specify multiple builders separated by a semicolon or
+a newline, e.g.
 
 ```console
   --builders 'ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd'
 ```
 
-Remote build machines can also be configured in [`nix.conf`](@docroot@/command-ref/conf-file.md), e.g.
+Each machine specification consists of the following elements, separated
+by spaces. Only the first element is required. To leave a field at its
+default, set it to `-`.
+
+1.  The URI of the remote store in the format
+    `ssh://[username@]hostname`, e.g. `ssh://nix@mac` or `ssh://mac`.
+    For backward compatibility, `ssh://` may be omitted. The hostname
+    may be an alias defined in your `~/.ssh/config`.
+
+2.  A comma-separated list of Nix platform type identifiers, such as
+    `x86_64-darwin`. It is possible for a machine to support multiple
+    platform types, e.g., `i686-linux,x86_64-linux`. If omitted, this
+    defaults to the local platform type.
+
+3.  The SSH identity file to be used to log in to the remote machine. If
+    omitted, SSH will use its regular identities.
+
+4.  The maximum number of builds that Nix will execute in parallel on
+    the machine. Typically this should be equal to the number of CPU
+    cores. For instance, the machine `itchy` in the example will execute
+    up to 8 builds in parallel.
+
+5.  The “speed factor”, indicating the relative speed of the machine. If
+    there are multiple machines of the right type, Nix will prefer the
+    fastest, taking load into account.
+
+6.  A comma-separated list of *supported features*. If a derivation has
+    the `requiredSystemFeatures` attribute, then Nix will only perform
+    the derivation on a machine that has the specified features. For
+    instance, the attribute
+
+    ```nix
+    requiredSystemFeatures = [ "kvm" ];
+    ```
+
+    will cause the build to be performed on a machine that has the `kvm`
+    feature.
+
+7.  A comma-separated list of *mandatory features*. A machine will only
+    be used to build a derivation if all of the machine’s mandatory
+    features appear in the derivation’s `requiredSystemFeatures`
+    attribute.
+
+8.  The (base64-encoded) public host key of the remote machine. If omitted, SSH
+    will use its regular known-hosts file. Specifically, the field is calculated
+    via `base64 -w0 /etc/ssh/ssh_host_ed25519_key.pub`.
+
+For example, the machine specification
+
+    nix@scratchy.labs.cs.uu.nl  i686-linux      /home/nix/.ssh/id_scratchy_auto        8 1 kvm
+    nix@itchy.labs.cs.uu.nl     i686-linux      /home/nix/.ssh/id_scratchy_auto        8 2
+    nix@poochie.labs.cs.uu.nl   i686-linux      /home/nix/.ssh/id_scratchy_auto        1 2 kvm benchmark
+
+specifies several machines that can perform `i686-linux` builds.
+However, `poochie` will only do builds that have the attribute
+
+```nix
+requiredSystemFeatures = [ "benchmark" ];
+```
+
+or
+
+```nix
+requiredSystemFeatures = [ "benchmark" "kvm" ];
+```
+
+`itchy` cannot do builds that require `kvm`, but `scratchy` does support
+such builds. For regular builds, `itchy` will be preferred over
+`scratchy` because it has a higher speed factor.
+
+Remote builders can also be configured in `nix.conf`, e.g.
 
     builders = ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd
 
-Finally, remote build machines can be configured in a separate configuration
-file included in `builders` via the syntax `@/path/to/file`. For example,
+Finally, remote builders can be configured in a separate configuration
+file included in `builders` via the syntax `@file`. For example,
 
     builders = @/etc/nix/machines
 
-causes the list of machines in `/etc/nix/machines` to be included.
-(This is the default.)
+causes the list of machines in `/etc/nix/machines` to be included. (This
+is the default.)
+
+If you want the builders to use caches, you likely want to set the
+option `builders-use-substitutes` in your local `nix.conf`.
+
+To build only on remote builders and disable building on the local
+machine, you can use the option `--max-jobs 0`.

doc/manual/src/architecture/architecture.md

@@ -52,7 +52,7 @@ The following [concept map] shows its main components (rectangles), the objects
                                             '---------------'
 ```
 
-At the top is the [command line interface](../command-ref/index.md) that drives the underlying layers.
+At the top is the [command line interface](../command-ref/command-ref.md) that drives the underlying layers.
 
 The [Nix language](../language/index.md) evaluator transforms Nix expressions into self-contained *build plans*, which are used to derive *build results* from referenced *build inputs*.
 
@@ -69,7 +69,7 @@ It can also execute build plans to produce new data, which are made available to
 A build plan itself is a series of *build tasks*, together with their build inputs.
 
 > **Important**
-> A build task in Nix is called [derivation](@docroot@/glossary.md#gloss-derivation).
+> A build task in Nix is called [derivation](../glossary.md#gloss-derivation).
 
 Each build task has a special build input executed as *build instructions* in order to perform the build.
 The result of a build task can be input to another build task.

doc/manual/src/c-api.md

@@ -1,16 +0,0 @@
-# C API
-
-Nix provides a C API with the intent of [_becoming_](https://github.com/NixOS/nix/milestone/52) a stable API, which it is currently not.
-It is in development.
-
-See:
-- C API documentation for a recent build of master
-  - [Getting Started]
-  - [Index]
-- [Matrix Room *Nix Bindings*](https://matrix.to/#/#nix-bindings:nixos.org) for discussion and questions.
-- [Stabilisation Milestone](https://github.com/NixOS/nix/milestone/52)
-- [Other C API PRs and issues](https://github.com/NixOS/nix/labels/c%20api)
-- [Contributing C API Documentation](contributing/documentation.md#c-api-documentation), including how to build it locally.
-
-[Getting Started]: https://hydra.nixos.org/job/nix/master/external-api-docs/latest/download-by-type/doc/external-api-docs
-[Index]: https://hydra.nixos.org/job/nix/master/external-api-docs/latest/download-by-type/doc/external-api-docs/globals.html

doc/manual/src/command-ref/conf-file-prefix.md

@@ -66,12 +66,5 @@ Configuration options can be set on the command line, overriding the values set
 
 The `extra-` prefix is supported for settings that take a list of items (e.g. `--extra-trusted users alice` or `--option extra-trusted-users alice`).
 
-## Integer settings
-
-Settings that have an integer type support the suffixes `K`, `M`, `G`
-and `T`. These cause the specified value to be multiplied by 2^10,
-2^20, 2^30 and 2^40, respectively. For instance, `--min-free 1M` is
-equivalent to `--min-free 1048576`.
-
 # Available settings
 

doc/manual/src/command-ref/nix-build.md

@@ -41,7 +41,7 @@ expression to a low-level [store derivation]) and [`nix-store
 --realise`](@docroot@/command-ref/nix-store/realise.md) (to build the store
 derivation).
 
-[store derivation]: @docroot@/glossary.md#gloss-store-derivation
+[store derivation]: ../glossary.md#gloss-store-derivation
 
 > **Warning**
 >

doc/manual/src/command-ref/nix-collect-garbage.md

@@ -51,7 +51,7 @@ These options are for deleting old [profiles] prior to deleting unreachable [sto
 - <span id="opt-delete-old">[`--delete-old`](#opt-delete-old)</span> / `-d`\
   Delete all old generations of profiles.
 
-  This is the equivalent of invoking [`nix-env --delete-generations old`](@docroot@/command-ref/nix-env/delete-generations.md#generations-old) on each found profile.
+  This is the equivalent of invoking `nix-env --delete-generations old` on each found profile.
 
 - <span id="opt-delete-older-than">[`--delete-older-than`](#opt-delete-older-than)</span> *period*\
   Delete all generations of profiles older than the specified amount (except for the generations that were active at that point in time).
@@ -74,4 +74,4 @@ $ nix-collect-garbage -d
 ```
 
 [profiles]: @docroot@/command-ref/files/profiles.md
-[store objects]: @docroot@/store/store-object.md
+[store objects]: @docroot@/glossary.md#gloss-store-object

doc/manual/src/command-ref/nix-copy-closure.md

@@ -1,91 +1,91 @@
 # Name
 
-`nix-copy-closure` - copy store objects to or from a remote machine via SSH
+`nix-copy-closure` - copy a closure to or from a remote machine via SSH
 
 # Synopsis
 
 `nix-copy-closure`
-  [`--to` | `--from` ]
+  [`--to` | `--from`]
   [`--gzip`]
   [`--include-outputs`]
   [`--use-substitutes` | `-s`]
   [`-v`]
-  [_user_@]_machine_[:_port_] _paths_
+  _user@machine_ _paths_
 
 # Description
 
-Given _paths_ from one machine, `nix-copy-closure` computes the [closure](@docroot@/glossary.md#gloss-closure) of those paths (i.e. all their dependencies in the Nix store), and copies [store objects](@docroot@/glossary.md#gloss-store-object) in that closure to another machine via SSH.
-It doesn’t copy store objects that are already present on the other machine.
+`nix-copy-closure` gives you an easy and efficient way to exchange
+software between machines.  Given one or more Nix store _paths_ on the
+local machine, `nix-copy-closure` computes the closure of those paths
+(i.e. all their dependencies in the Nix store), and copies all paths
+in the closure to the remote machine via the `ssh` (Secure Shell)
+command.  With the `--from` option, the direction is reversed: the
+closure of _paths_ on a remote machine is copied to the Nix store on
+the local machine.
 
-> **Note**
->
-> While the Nix store to use on the local machine can be specified on the command line with the [`--store`](@docroot@/command-ref/conf-file.md#conf-store) option, the Nix store to be accessed on the remote machine can only be [configured statically](@docroot@/command-ref/conf-file.md#configuration-file) on that remote machine.
+This command is efficient because it only sends the store paths
+that are missing on the target machine.
 
-Since `nix-copy-closure` calls `ssh`, you may need to authenticate with the remote machine.
-In fact, you may be asked for authentication _twice_ because `nix-copy-closure` currently connects twice to the remote machine: first to get the set of paths missing on the target machine, and second to send the dump of those paths.
-When using public key authentication, you can avoid typing the passphrase with `ssh-agent`.
+Since `nix-copy-closure` calls `ssh`, you may be asked to type in the
+appropriate password or passphrase.  In fact, you may be asked _twice_
+because `nix-copy-closure` currently connects twice to the remote
+machine, first to get the set of paths missing on the target machine,
+and second to send the dump of those paths.  When using public key
+authentication, you can avoid typing the passphrase with `ssh-agent`.
 
 # Options
 
-  - `--to`
+  - `--to`\
+    Copy the closure of _paths_ from the local Nix store to the Nix
+    store on _machine_. This is the default.
 
-    Copy the closure of _paths_ from a Nix store accessible from the local machine to the Nix store on the remote _machine_.
-    This is the default behavior.
-
-  - `--from`
-
-    Copy the closure of _paths_ from the Nix store on the remote _machine_ to the local machine's specified Nix store.
-
-  - `--gzip`
+  - `--from`\
+    Copy the closure of _paths_ from the Nix store on _machine_ to the
+    local Nix store.
 
+  - `--gzip`\
     Enable compression of the SSH connection.
 
-  - `--include-outputs`
-
+  - `--include-outputs`\
     Also copy the outputs of [store derivation]s included in the closure.
 
-    [store derivation]: @docroot@/glossary.md#gloss-store-derivation
+    [store derivation]: ../glossary.md#gloss-store-derivation
 
-  - `--use-substitutes` / `-s`
+  - `--use-substitutes` / `-s`\
+    Attempt to download missing paths on the target machine using Nix’s
+    substitute mechanism.  Any paths that cannot be substituted on the
+    target are still copied normally from the source.  This is useful,
+    for instance, if the connection between the source and target
+    machine is slow, but the connection between the target machine and
+    `nixos.org` (the default binary cache server) is
+    fast.
 
-    Attempt to download missing store objects on the target from [substituters](@docroot@/command-ref/conf-file.md#conf-substituters).
-    Any store objects that cannot be substituted on the target are still copied normally from the source.
-    This is useful, for instance, if the connection between the source and target machine is slow, but the connection between the target machine and `cache.nixos.org` (the default binary cache server) is fast.
+  - `-v`\
+    Show verbose output.
 
 {{#include ./opt-common.md}}
 
 # Environment variables
 
-  - `NIX_SSHOPTS`
-
-    Additional options to be passed to `ssh` on the command line.
+  - `NIX_SSHOPTS`\
+    Additional options to be passed to `ssh` on the command
+    line.
 
 {{#include ./env-common.md}}
 
 # Examples
 
-> **Example**
->
-> Copy GNU Hello with all its dependencies to a remote machine:
->
-> ```shell-session
-> $ storePath="$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)"
-> $ nix-copy-closure --to alice@itchy.example.org "$storePath"
-> copying 5 paths...
-> copying path '/nix/store/nrwkk6ak3rgkrxbqhsscb01jpzmslf2r-xgcc-13.2.0-libgcc' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/gm61h1y42pqyl6178g90x8zm22n6pyy5-libunistring-1.1' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/ddfzjdykw67s20c35i7a6624by3iz5jv-libidn2-2.3.7' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/apab5i73dqa09wx0q27b6fbhd1r18ihl-glibc-2.39-31' to 'ssh://alice@itchy.example.org'...
-> copying path '/nix/store/g1n2vryg06amvcc1avb2mcq36faly0mh-hello-2.12.1' to 'ssh://alice@itchy.example.org'...
-> ```
+Copy Firefox with all its dependencies to a remote machine:
 
-> **Example**
->
-> Copy GNU Hello from a remote machine using a known store path, and run it:
->
-> ```shell-session
-> $ storePath="$(nix-instantiate --eval '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello.outPath | tr -d '"')"
-> $ nix-copy-closure --from alice@itchy.example.org "$storePath"
-> $ "$storePath"/bin/hello
-> Hello, world!
-> ```
+```console
+$ nix-copy-closure --to alice@itchy.labs $(type -tP firefox)
+```
+
+Copy Subversion from a remote machine and then install it into a user
+environment:
+
+```console
+$ nix-copy-closure --from alice@itchy.labs \
+    /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
+$ nix-env --install /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
+```

doc/manual/src/command-ref/nix-env.md

@@ -47,83 +47,39 @@ These pages can be viewed offline:
 
   Example: `nix-env --help --install`
 
-# Package sources
-
-`nix-env` can obtain packages from multiple sources:
-
-- An attribute set of derivations from:
-  - The [default Nix expression](@docroot@/command-ref/files/default-nix-expression.md) (by default)
-  - A Nix file, specified via `--file`
-  - A [profile](@docroot@/command-ref/files/profiles.md), specified via `--from-profile`
-  - A Nix expression that is a function which takes default expression as argument, specified via `--from-expression`
-- A [store path](@docroot@/store/store-path.md)
-
 # Selectors
 
-Several operations, such as [`nix-env --query`](./nix-env/query.md) and [`nix-env --install`](./nix-env/install.md), take a list of *arguments* that specify the packages on which to operate.
+Several commands, such as `nix-env --query ` and `nix-env --install `, take a list of
+arguments that specify the packages on which to operate. These are
+extended regular expressions that must match the entire name of the
+package. (For details on regular expressions, see **regex**(7).) The match is
+case-sensitive. The regular expression can optionally be followed by a
+dash and a version number; if omitted, any version of the package will
+match. Here are some examples:
 
-Packages are identified based on a `name` part and a `version` part of a [symbolic derivation name](@docroot@/language/derivations.md#attr-names):
+  - `firefox`\
+    Matches the package name `firefox` and any version.
 
-- `name`: Everything up to but not including the first dash (`-`) that is *not* followed by a letter.
-- `version`: The rest, excluding the separating dash.
+  - `firefox-32.0`\
+    Matches the package name `firefox` and version `32.0`.
 
-> **Example**
->
-> `nix-env` parses the symbolic derivation name `apache-httpd-2.0.48` as:
->
-> ```json
-> {
->   "name": "apache-httpd",
->   "version": "2.0.48"
-> }
-> ```
+  - `gtk\\+`\
+    Matches the package name `gtk+`. The `+` character must be escaped
+    using a backslash to prevent it from being interpreted as a
+    quantifier, and the backslash must be escaped in turn with another
+    backslash to ensure that the shell passes it on.
 
-> **Example**
->
-> `nix-env` parses the symbolic derivation name `firefox.*` as:
->
-> ```json
-> {
->   "name": "firefox.*",
->   "version": ""
-> }
-> ```
+  - `.\*`\
+    Matches any package name. This is the default for most commands.
 
-The `name` parts of the *arguments* to `nix-env` are treated as extended regular expressions and matched against the `name` parts of derivation names in the package source.
-The match is case-sensitive.
-The regular expression can optionally be followed by a dash (`-`) and a version number; if omitted, any version of the package will match.
-For details on regular expressions, see [**regex**(7)](https://linux.die.net/man/7/regex).
+  - `'.*zip.*'`\
+    Matches any package name containing the string `zip`. Note the dots:
+    `'*zip*'` does not work, because in a regular expression, the
+    character `*` is interpreted as a quantifier.
 
-> **Example**
->
-> Common patterns for finding package names with `nix-env`:
->
-> - `firefox`
->
->   Matches the package name `firefox` and any version.
->
-> - `firefox-32.0`
->
->   Matches the package name `firefox` and version `32.0`.
->
-> - `gtk\\+`
->
->   Matches the package name `gtk+`.
->   The `+` character must be escaped using a backslash (`\`) to prevent it from being interpreted as a quantifier, and the backslash must be escaped in turn with another backslash to ensure that the shell passes it on.
->
-> - `.\*`
->
->   Matches any package name.
->   This is the default for most commands.
->
-> - `'.*zip.*'`
->
->   Matches any package name containing the string `zip`.
->   Note the dots: `'*zip*'` does not work, because in a regular expression, the character `*` is interpreted as a quantifier.
->
-> - `'.*(firefox|chromium).*'`
->
->   Matches any package name containing the strings `firefox` or `chromium`.
+  - `'.*(firefox|chromium).*'`\
+    Matches any package name containing the strings `firefox` or
+    `chromium`.
 
 # Files
 

doc/manual/src/command-ref/nix-env/delete-generations.md

@@ -12,13 +12,13 @@ This operation deletes the specified generations of the current profile.
 
 *generations* can be a one of the following:
 
-- <span id="generations-list">[`<number>...`](#generations-list)</span>:\
+- <span id="generations-list">`<number>...`</span>:\
   A list of generation numbers, each one a separate command-line argument.
 
   Delete exactly the profile generations given by their generation number.
   Deleting the current generation is not allowed.
 
-- <span id="generations-old">[The special value `old`](#generations-old)</span>
+- The special value <span id="generations-old">`old`</span>
 
   Delete all generations except the current one.
 
@@ -30,7 +30,7 @@ This operation deletes the specified generations of the current profile.
   > Because one can roll back to a previous generation, it is possible to have generations newer than the current one.
   > They will also be deleted.
 
-- <span id="generations-time">[`<number>d`](#generations-time)</span>:\
+- <span id="generations-time">`<number>d`</span>:\
   The last *number* days
 
   *Example*: `30d`
@@ -38,7 +38,7 @@ This operation deletes the specified generations of the current profile.
   Delete all generations created more than *number* days ago, except the most recent one of them.
   This allows rolling back to generations that were available within the specified period.
 
-- <span id="generations-count">[`+<number>`](#generations-count)</span>:\
+- <span id="generations-count">`+<number>`</span>:\
   The last *number* generations up to the present
 
   *Example*: `+5`
@@ -49,7 +49,7 @@ Periodically deleting old generations is important to make garbage collection
 effective.
 The is because profiles are also garbage collection roots — any [store object] reachable from a profile is "alive" and ineligible for deletion.
 
-[store object]: @docroot@/store/store-object.md
+[store object]: @docroot@/glossary.md#gloss-store-object
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-env/install.md

@@ -14,13 +14,14 @@
 
 # Description
 
-The `--install` operation creates a new user environment.
+The install operation creates a new user environment.
 It is based on the current generation of the active [profile](@docroot@/command-ref/files/profiles.md), to which a set of [store paths] described by *args* is added.
 
-[store paths]: @docroot@/store/store-path.md
+[store paths]: @docroot@/glossary.md#gloss-store-path
 
 The arguments *args* map to store paths in a number of possible ways:
 
+
   - By default, *args* is a set of [derivation] names denoting derivations in the [default Nix expression].
     These are [realised], and the resulting output paths are installed.
     Currently installed derivations with a name equal to the name of a derivation being added are removed unless the option `--preserve-installed` is specified.
@@ -49,7 +50,7 @@ The arguments *args* map to store paths in a number of possible ways:
     Show the attribute paths of available packages with [`nix-env --query`](./query.md):
 
     ```console
-    nix-env --query --available --attr-path
+    nix-env --query --available --attr-path`
     ```
 
   - If `--from-profile` *path* is given, *args* is a set of names

doc/manual/src/command-ref/nix-hash.md

@@ -20,21 +20,16 @@ an example.
 The hash is computed over a *serialisation* of each path: a dump of
 the file system tree rooted at the path. This allows directories and
 symlinks to be hashed as well as regular files. The dump is in the
-*[Nix Archive (NAR)][Nix Archive] format* produced by [`nix-store
+*NAR format* produced by [`nix-store
 --dump`](@docroot@/command-ref/nix-store/dump.md).  Thus, `nix-hash path`
 yields the same cryptographic hash as `nix-store --dump path |
 md5sum`.
 
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
-
 # Options
 
   - `--flat`\
-    Print the cryptographic hash of the contents of each regular file *path*.
-    That is, instead of computing
-    the hash of the [Nix Archive (NAR)](@docroot@/store/file-system-object/content-address.md#serial-nix-archive) of *path*,
-    just [directly hash]((@docroot@/store/file-system-object/content-address.md#serial-flat) *path* as is.
-    This requires *path* to resolve to a regular file rather than directory.
+    Print the cryptographic hash of the contents of each regular file
+    *path*. That is, do not compute the hash over the dump of *path*.
     The result is identical to that produced by the GNU commands
     `md5sum` and `sha1sum`.
 

doc/manual/src/command-ref/nix-instantiate.md

@@ -23,7 +23,7 @@ It evaluates the Nix expressions in each of *files* (which defaults to
 derivation, a list of derivations, or a set of derivations. The paths
 of the resulting store derivations are printed on standard output.
 
-[store derivation]: @docroot@/glossary.md#gloss-store-derivation
+[store derivation]: ../glossary.md#gloss-store-derivation
 
 If *files* is the character `-`, then a Nix expression will be read from
 standard input.
@@ -35,51 +35,13 @@ standard input.
 
   - `--parse`\
     Just parse the input files, and print their abstract syntax trees on
-    standard output as a Nix expression.
+    standard output in ATerm format.
 
   - `--eval`\
     Just parse and evaluate the input files, and print the resulting
     values on standard output. No instantiation of store derivations
     takes place.
 
-    > **Warning**
-    >
-    > This option produces output which can be parsed as a Nix expression which
-    > will produce a different result than the input expression when evaluated.
-    > For example, these two Nix expressions print the same result despite
-    > having different meaning:
-    >
-    > ```console
-    > $ nix-instantiate --eval --expr '{ a = {}; }'
-    > { a = <CODE>; }
-    > $ nix-instantiate --eval --expr '{ a = <CODE>; }'
-    > { a = <CODE>; }
-    > ```
-    >
-    > For human-readable output, `nix eval` (experimental) is more informative:
-    >
-    > ```console
-    > $ nix-instantiate --eval --expr 'a: a'
-    > <LAMBDA>
-    > $ nix eval --expr 'a: a'
-    > «lambda @ «string»:1:1»
-    > ```
-    >
-    > For machine-readable output, the `--xml` option produces unambiguous
-    > output:
-    >
-    > ```console
-    > $ nix-instantiate --eval --xml --expr '{ foo = <CODE>; }'
-    > <?xml version='1.0' encoding='utf-8'?>
-    > <expr>
-    >   <attrs>
-    >     <attr column="3" line="1" name="foo">
-    >       <unevaluated />
-    >     </attr>
-    >   </attrs>
-    > </expr>
-    > ```
-
   - `--find-file`\
     Look up the given files in Nix’s search path (as specified by the
     `NIX_PATH` environment variable). If found, print the corresponding
@@ -99,11 +61,11 @@ standard input.
 
   - `--json`\
     When used with `--eval`, print the resulting value as an JSON
-    representation of the abstract syntax tree rather than as a Nix expression.
+    representation of the abstract syntax tree rather than as an ATerm.
 
   - `--xml`\
     When used with `--eval`, print the resulting value as an XML
-    representation of the abstract syntax tree rather than as a Nix expression.
+    representation of the abstract syntax tree rather than as an ATerm.
     The schema is the same as that used by the [`toXML`
     built-in](../language/builtins.md).
 
@@ -171,24 +133,28 @@ $ nix-instantiate --eval --xml --expr '1 + 2'
 The difference between non-strict and strict evaluation:
 
 ```console
-$ nix-instantiate --eval --xml --expr '{ x = {}; }'
-<?xml version='1.0' encoding='utf-8'?>
-<expr>
-  <attrs>
-    <attr column="3" line="1" name="x">
-      <unevaluated />
-    </attr>
-  </attrs>
-</expr>
-
-$ nix-instantiate --eval --xml --strict --expr '{ x = {}; }'
-<?xml version='1.0' encoding='utf-8'?>
-<expr>
-  <attrs>
-    <attr column="3" line="1" name="x">
-      <attrs>
-      </attrs>
-    </attr>
-  </attrs>
-</expr>
+$ nix-instantiate --eval --xml --expr 'rec { x = "foo"; y = x; }'
+...
+  <attr name="x">
+    <string value="foo" />
+  </attr>
+  <attr name="y">
+    <unevaluated />
+  </attr>
+...
+```
+
+Note that `y` is left unevaluated (the XML representation doesn’t
+attempt to show non-normal forms).
+
+```console
+$ nix-instantiate --eval --xml --strict --expr 'rec { x = "foo"; y = x; }'
+...
+  <attr name="x">
+    <string value="foo" />
+  </attr>
+  <attr name="y">
+    <string value="foo" />
+  </attr>
+...
 ```

doc/manual/src/command-ref/nix-store/dump.md

@@ -1,6 +1,6 @@
 # Name
 
-`nix-store --dump` - write a single path to a [Nix Archive]
+`nix-store --dump` - write a single path to a Nix Archive
 
 ## Synopsis
 
@@ -8,7 +8,7 @@
 
 ## Description
 
-The operation `--dump` produces a [Nix archive](@docroot@/glossary.md#gloss-nar) (NAR) file containing the
+The operation `--dump` produces a NAR (Nix ARchive) file containing the
 contents of the file system tree rooted at *path*. The archive is
 written to standard output.
 
@@ -30,9 +30,8 @@ NAR archives support filenames of unlimited length and 64-bit file
 sizes. They can contain regular files, directories, and symbolic links,
 but not other types of files (such as device nodes).
 
-A Nix archive can be unpacked using [`nix-store --restore`](@docroot@/command-ref/nix-store/restore.md).
-
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
+A Nix archive can be unpacked using `nix-store
+--restore`.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-store/export.md

@@ -1,6 +1,6 @@
 # Name
 
-`nix-store --export` - export store paths to a [Nix Archive]
+`nix-store --export` - export store paths to a Nix Archive
 
 ## Synopsis
 
@@ -8,22 +8,16 @@
 
 ## Description
 
-The operation `--export` writes a serialisation of the given [store objects](@docroot@/glossary.md#gloss-store-object) to standard output in a format that can be imported into another [Nix store](@docroot@/store/index.md) with [`nix-store --import`](./import.md).
+The operation `--export` writes a serialisation of the specified store
+paths to standard output in a format that can be imported into another
+Nix store with `nix-store --import`. This is like `nix-store
+--dump`, except that the NAR archive produced by that command doesn’t
+contain the necessary meta-information to allow it to be imported into
+another Nix store (namely, the set of references of the path).
 
-> **Warning**
->
-> This command *does not* produce a [closure](@docroot@/glossary.md#gloss-closure) of the specified store paths.
-> Trying to import a store object that refers to store paths not available in the target Nix store will fail.
->
-> Use [`nix-store --query`](@docroot@/command-ref/nix-store/query.md) to obtain the closure of a store path.
-
-This command is different from [`nix-store --dump`](./dump.md), which produces a [Nix archive](@docroot@/glossary.md#gloss-nar) that *does not* contain the set of [references](@docroot@/glossary.md#gloss-reference) of a given store path.
-
-> **Note**
->
-> For efficient transfer of closures to remote machines over SSH, use [`nix-copy-closure`](@docroot@/command-ref/nix-copy-closure.md).
-
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
+This command does not produce a *closure* of the specified paths, so if
+a store path references other store paths that are missing in the target
+Nix store, the import will fail.
 
 {{#include ./opt-common.md}}
 
@@ -33,21 +27,15 @@ This command is different from [`nix-store --dump`](./dump.md), which produces a
 
 # Examples
 
-> **Example**
->
-> Deploy GNU Hello to an airgapped machine via USB stick.
->
-> Write the closure to the block device on a machine with internet connection:
->
-> ```shell-session
-> [alice@itchy]$ storePath=$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)
-> [alice@itchy]$ nix-store --export $(nix-store --query --requisites $storePath) | sudo dd of=/dev/usb
-> ```
->
-> Read the closure from the block device on the machine without internet connection:
->
-> ```shell-session
-> [bob@scratchy]$ hello=$(sudo dd if=/dev/usb | nix-store --import | tail -1)
-> [bob@scratchy]$ $hello/bin/hello
-> Hello, world!
-> ```
+To copy a whole closure, do something
+like:
+
+```console
+$ nix-store --export $(nix-store --query --requisites paths) > out
+```
+
+To import the whole closure again, run:
+
+```console
+$ nix-store --import < out
+```

doc/manual/src/command-ref/nix-store/import.md

@@ -1,8 +1,6 @@
 # Name
 
-`nix-store --import` - import [Nix Archive] into the store
-
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
+`nix-store --import` - import Nix Archive into the store
 
 # Synopsis
 
@@ -10,34 +8,14 @@
 
 # Description
 
-The operation `--import` reads a serialisation of a set of [store objects](@docroot@/glossary.md#gloss-store-object) produced by [`nix-store --export`](./export.md) from standard input, and adds those store objects to the specified [Nix store](@docroot@/store/index.md).
-Paths that already exist in the target Nix store are ignored.
-If a path [refers](@docroot@/glossary.md#gloss-reference) to another path that doesn’t exist in the target Nix store, the import fails.
-
-> **Note**
->
-> For efficient transfer of closures to remote machines over SSH, use [`nix-copy-closure`](@docroot@/command-ref/nix-copy-closure.md).
+The operation `--import` reads a serialisation of a set of store paths
+produced by `nix-store --export` from standard input and adds those
+store paths to the Nix store. Paths that already exist in the Nix store
+are ignored. If a path refers to another path that doesn’t exist in the
+Nix store, the import fails.
 
 {{#include ./opt-common.md}}
 
 {{#include ../opt-common.md}}
 
 {{#include ../env-common.md}}
-
-# Examples
-
-> **Example**
->
-> Given a closure of GNU Hello as a file:
->
-> ```shell-session
-> $ storePath="$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)"
-> $ nix-store --export $(nix-store --query --requisites $storePath) > hello.closure
-> ```
->
-> Import the closure into a [remote SSH store](@docroot@/store/types/ssh-store.md) using the [`--store`](@docroot@/command-ref/conf-file.md#conf-store) option:
->
-> ```console
-> $ nix-store --import --store ssh://alice@itchy.example.org < hello.closure
-> ```
-

doc/manual/src/command-ref/nix-store/optimise.md

@@ -12,7 +12,7 @@ The operation `--optimise` reduces Nix store disk space usage by finding
 identical files in the store and hard-linking them to each other. It
 typically reduces the size of the store by something like 25-35%. Only
 regular files and symlinks are hard-linked in this manner. Files are
-considered identical when they have the same [Nix Archive (NAR)][Nix Archive] serialisation:
+considered identical when they have the same NAR archive serialisation:
 that is, regular files must have the same contents and permission
 (executable or non-executable), and symlinks must have the same
 contents.
@@ -38,4 +38,3 @@ hashing files in `/nix/store/qhqx7l2f1kmwihc9bnxs7rc159hsxnf3-gcc-4.1.1'
 there are 114486 files with equal contents out of 215894 files in total
 ```
 
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive

doc/manual/src/command-ref/nix-store/query.md

@@ -40,12 +40,12 @@ symlink.
     derivations *paths*. These are the paths that will be produced when
     the derivation is built.
 
-    [output paths]: @docroot@/glossary.md#gloss-output-path
+    [output paths]: ../../glossary.md#gloss-output-path
 
   - `--requisites`; `-R`\
     Prints out the [closure] of the store path *paths*.
 
-    [closure]: @docroot@/glossary.md#gloss-closure
+    [closure]: ../../glossary.md#gloss-closure
 
     This query has one option:
 
@@ -66,7 +66,7 @@ symlink.
     *paths*, that is, their immediate dependencies. (For *all*
     dependencies, use `--requisites`.)
 
-    [references]: @docroot@/glossary.md#gloss-reference
+    [references]: ../../glossary.md#gloss-reference
 
   - `--referrers`\
     Prints the set of *referrers* of the store paths *paths*, that is,
@@ -90,7 +90,7 @@ symlink.
     example when *paths* were substituted from a binary cache.
     Use `--valid-derivers` instead to obtain valid paths only.
 
-    [deriver]: @docroot@/glossary.md#gloss-deriver
+    [deriver]: ../../glossary.md#gloss-deriver
 
   - `--valid-derivers`\
     Prints a set of derivation files (`.drv`) which are supposed produce

doc/manual/src/command-ref/nix-store/realise.md

@@ -25,11 +25,11 @@ Each of *paths* is processed as follows:
 
 If no substitutes are available and no store derivation is given, realisation fails.
 
-[store paths]: @docroot@/store/store-path.md
+[store paths]: @docroot@/glossary.md#gloss-store-path
 [valid]: @docroot@/glossary.md#gloss-validity
 [store derivation]: @docroot@/glossary.md#gloss-store-derivation
 [output paths]: @docroot@/glossary.md#gloss-output-path
-[store objects]: @docroot@/store/store-object.md
+[store objects]: @docroot@/glossary.md#gloss-store-object
 [closure]: @docroot@/glossary.md#gloss-closure
 [substituters]: @docroot@/command-ref/conf-file.md#conf-substituters
 [content-addressed derivations]: @docroot@/contributing/experimental-features.md#xp-feature-ca-derivations

doc/manual/src/command-ref/nix-store/restore.md

@@ -8,11 +8,9 @@
 
 ## Description
 
-The operation `--restore` unpacks a [Nix Archive (NAR)][Nix Archive] to *path*, which must
+The operation `--restore` unpacks a NAR archive to *path*, which must
 not already exist. The archive is read from standard input.
 
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
-
 {{#include ./opt-common.md}}
 
 {{#include ../opt-common.md}}

doc/manual/src/contributing/cli-guideline.md

@@ -87,7 +87,7 @@ impacted the most by bad user experience.
       and [aligning of text](#text-alignment).
     - [Autocomplete](#shell-completion) of options.
 
-  Examples of such commands: `nix edit`, `nix eval`, ...
+  Examples of such commands: `nix doctor`, `nix edit`, `nix eval`, ...
 
 - **Utility and scripting commands**
 
@@ -426,7 +426,7 @@ This leads to the following guidelines:
 ### Examples
 
 
-This is bad, because all keys must be assumed to be store types:
+This is bad, because all keys must be assumed to be store implementations:
 
 ```json
 {

doc/manual/src/contributing/documentation.md

@@ -27,9 +27,11 @@ and open `./result-doc/share/doc/nix/manual/index.html`.
 To build the manual incrementally, [enter the development shell](./hacking.md) and run:
 
 ```console
-make manual-html-open -j $NIX_BUILD_CORES
+make manual-html -j $NIX_BUILD_CORES
 ```
 
+and open `./outputs/out/share/doc/nix/manual/language/index.html`.
+
 In order to reflect changes to the [Makefile for the manual], clear all generated files before re-building:
 
 [Makefile for the manual]: https://github.com/NixOS/nix/blob/master/doc/manual/local.mk
@@ -147,7 +149,7 @@ Please observe these guidelines to ease reviews:
   ```
   A [store object] contains a [file system object] and [references] to other store objects.
 
-  [store object]: @docroot@/store/store-object.md
+  [store object]: @docroot@/glossary.md#gloss-store-object
   [file system object]: @docroot@/architecture/file-system-object.md
   [references]: @docroot@/glossary.md#gloss-reference
   ```
@@ -170,7 +172,7 @@ Please observe these guidelines to ease reviews:
   > ```
   ````
 
-  Highlight syntax definitions as such, using [EBNF](https://en.wikipedia.org/wiki/Extended_Backus%E2%80%93Naur_form) notation:
+  Highlight syntax definiions as such, using [EBNF](https://en.wikipedia.org/wiki/Extended_Backus%E2%80%93Naur_form) notation:
 
   ````
   > **Syntax**
@@ -206,23 +208,3 @@ or inside `nix-shell` or `nix develop`:
 # make internal-api-html
 # xdg-open ./outputs/doc/share/doc/nix/internal-api/html/index.html
 ```
-
-## C API documentation
-
-Note that the C API is not yet stable.
-[C API documentation] is available online.
-You can also build and view it yourself:
-
-[C API documentation]: https://hydra.nixos.org/job/nix/master/external-api-docs/latest/download-by-type/doc/external-api-docs
-
-```console
-# nix build .#hydraJobs.external-api-docs
-# xdg-open ./result/share/doc/nix/external-api/html/index.html
-```
-
-or inside `nix-shell` or `nix develop`:
-
-```
-# make external-api-html
-# xdg-open ./outputs/doc/share/doc/nix/external-api/html/index.html
-```

doc/manual/src/contributing/hacking.md

@@ -10,7 +10,7 @@ $ cd nix
 
 The following instructions assume you already have some version of Nix installed locally, so that you can use it to set up the development environment. If you don't have it installed, follow the [installation instructions].
 
-[installation instructions]: ../installation/index.md
+[installation instructions]: ../installation/installation.md
 
 ## Building Nix with flakes
 
@@ -31,7 +31,7 @@ This shell also adds `./outputs/bin/nix` to your `$PATH` so you can run `nix` im
 To get a shell with one of the other [supported compilation environments](#compilation-environments):
 
 ```console
-$ nix develop .#native-clangStdenvPackages
+$ nix develop .#native-clang11StdenvPackages
 ```
 
 > **Note**
@@ -44,21 +44,18 @@ To build Nix itself in this shell:
 ```console
 [nix-shell]$ autoreconfPhase
 [nix-shell]$ configurePhase
-[nix-shell]$ make -j $NIX_BUILD_CORES OPTIMIZE=0
+[nix-shell]$ make -j $NIX_BUILD_CORES
 ```
 
 To install it in `$(pwd)/outputs` and test it:
 
 ```console
-[nix-shell]$ make install OPTIMIZE=0
-[nix-shell]$ make installcheck check -j $NIX_BUILD_CORES
+[nix-shell]$ make install
+[nix-shell]$ make installcheck -j $NIX_BUILD_CORES
 [nix-shell]$ nix --version
 nix (Nix) 2.12
 ```
 
-For more information on running and filtering tests, see
-[`testing.md`](./testing.md).
-
 To build a release version of Nix for the current operating system and CPU architecture:
 
 ```console
@@ -78,7 +75,7 @@ $ nix-shell
 To get a shell with one of the other [supported compilation environments](#compilation-environments):
 
 ```console
-$ nix-shell --attr devShells.x86_64-linux.native-clangStdenvPackages
+$ nix-shell --attr devShells.x86_64-linux.native-clang11StdenvPackages
 ```
 
 > **Note**
@@ -111,26 +108,6 @@ $ nix-build
 
 You can also build Nix for one of the [supported platforms](#platforms).
 
-## Makefile variables
-
-You may need `profiledir=$out/etc/profile.d` and `sysconfdir=$out/etc` to run `make install`.
-
-Run `make` with [`-e` / `--environment-overrides`](https://www.gnu.org/software/make/manual/make.html#index-_002de) to allow environment variables to override `Makefile` variables:
-
-- `ENABLE_BUILD=yes` to enable building the C++ code.
-- `ENABLE_DOC_GEN=yes` to enable building the documentation (manual, man pages, etc.).
-
-  The docs can take a while to build, so you may want to disable this for local development.
-- `ENABLE_FUNCTIONAL_TESTS=yes` to enable building the functional tests.
-- `ENABLE_UNIT_TESTS=yes` to enable building the unit tests.
-- `OPTIMIZE=1` to enable optimizations.
-- `libraries=libutil programs=` to only build a specific library.
-
-  This will fail in the linking phase if the other libraries haven't been built, but is useful for checking types.
-- `libraries= programs=nix` to only build a specific program.
-
-  This will not work in general, because the programs need the libraries.
-
 ## Platforms
 
 Nix can be built for various platforms, as specified in [`flake.nix`]:
@@ -144,14 +121,13 @@ Nix can be built for various platforms, as specified in [`flake.nix`]:
 - `aarch64-darwin`
 - `armv6l-linux`
 - `armv7l-linux`
-- `riscv64-linux`
 
 In order to build Nix for a different platform than the one you're currently
 on, you need a way for your current Nix installation to build code for that
-platform. Common solutions include [remote build machines] and [binary format emulation]
+platform. Common solutions include [remote builders] and [binary format emulation]
 (only supported on NixOS).
 
-[remote builders]: @docroot@/language/derivations.md#attr-builder
+[remote builders]: ../advanced-topics/distributed-builds.md
 [binary format emulation]: https://nixos.org/manual/nixos/stable/options.html#opt-boot.binfmt.emulatedSystems
 
 Given such a setup, executing the build only requires selecting the respective attribute.
@@ -167,40 +143,12 @@ or for Nix with the [`flakes`] and [`nix-command`] experimental features enabled
 $ nix build .#packages.aarch64-linux.default
 ```
 
-Cross-compiled builds are available for:
-- `armv6l-linux`
-- `armv7l-linux`
-- `riscv64-linux`
+Cross-compiled builds are available for ARMv6 (`armv6l-linux`) and ARMv7 (`armv7l-linux`).
 Add more [system types](#system-type) to `crossSystems` in `flake.nix` to bootstrap Nix on unsupported platforms.
 
-### Building for multiple platforms at once
-
-It is useful to perform multiple cross and native builds on the same source tree,
-for example to ensure that better support for one platform doesn't break the build for another.
-In order to facilitate this, Nix has some support for being built out of tree – that is, placing build artefacts in a different directory than the source code:
-
-1. Create a directory for the build, e.g.
-
-   ```bash
-   mkdir build
-   ```
-
-2. Run the configure script from that directory, e.g.
-
-   ```bash
-   cd build
-   ../configure <configure flags>
-   ```
-
-3. Run make from the source directory, but with the build directory specified, e.g.
-
-   ```bash
-   make builddir=build <make flags>
-   ```
-
 ## System type
 
-Nix uses a string with the following format to identify the *system type* or *platform* it runs on:
+Nix uses a string with he following format to identify the *system type* or *platform* it runs on:
 
 ```
 <cpu>-<os>[-<abi>]
@@ -262,114 +210,13 @@ See [supported compilation environments](#compilation-environments) and instruct
 To use the LSP with your editor, you first need to [set up `clangd`](https://clangd.llvm.org/installation#project-setup) by running:
 
 ```console
-make compile_commands.json
+make clean && bear -- make -j$NIX_BUILD_CORES default check install
 ```
 
-Configure your editor to use the `clangd` from the `.#native-clangStdenvPackages` shell. You can do that either by running it inside the development shell, or by using [nix-direnv](https://github.com/nix-community/nix-direnv) and [the appropriate editor plugin](https://github.com/direnv/direnv/wiki#editor-integration).
+Configure your editor to use the `clangd` from the shell, either by running it inside the development shell, or by using [nix-direnv](https://github.com/nix-community/nix-direnv) and [the appropriate editor plugin](https://github.com/direnv/direnv/wiki#editor-integration).
 
 > **Note**
 >
 > For some editors (e.g. Visual Studio Code), you may need to install a [special extension](https://open-vsx.org/extension/llvm-vs-code-extensions/vscode-clangd) for the editor to interact with `clangd`.
 > Some other editors (e.g. Emacs, Vim) need a plugin to support LSP servers in general (e.g. [lsp-mode](https://github.com/emacs-lsp/lsp-mode) for Emacs and [vim-lsp](https://github.com/prabirshrestha/vim-lsp) for vim).
 > Editor-specific setup is typically opinionated, so we will not cover it here in more detail.
-
-## Formatting and pre-commit hooks
-
-You may run the formatters as a one-off using:
-
-```console
-make format
-```
-
-If you'd like to run the formatters before every commit, install the hooks:
-
-```
-pre-commit-hooks-install
-```
-
-This installs [pre-commit](https://pre-commit.com) using [cachix/git-hooks.nix](https://github.com/cachix/git-hooks.nix).
-
-When making a commit, pay attention to the console output.
-If it fails, run `git add --patch` to approve the suggestions _and commit again_.
-
-To refresh pre-commit hook's config file, do the following:
-1. Exit the development shell and start it again by running `nix develop`.
-2. If you also use the pre-commit hook, also run `pre-commit-hooks-install` again.
-
-## Add a release note
-
-`doc/manual/rl-next` contains release notes entries for all unreleased changes.
-
-User-visible changes should come with a release note.
-
-### Add an entry
-
-Here's what a complete entry looks like. The file name is not incorporated in the document.
-
-```
----
-synopsis: Basically a title
-issues: 1234
-prs: 1238
----
-
-Here's one or more paragraphs that describe the change.
-
-- It's markdown
-- Add references to the manual using @docroot@
-```
-
-Significant changes should add the following header, which moves them to the top.
-
-```
-significance: significant
-```
-
-<!-- Keep an eye on https://codeberg.org/fgaz/changelog-d/issues/1 -->
-See also the [format documentation](https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#changelog).
-
-### Build process
-
-Releases have a precomputed `rl-MAJOR.MINOR.md`, and no `rl-next.md`.
-
-## Branches
-
-- [`master`](https://github.com/NixOS/nix/commits/master)
-
-  The main development branch. All changes are approved and merged here.
-  When developing a change, create a branch based on the latest `master`.
-
-  Maintainers try to [keep it in a release-worthy state](#reverting).
-
-- [`maintenance-*.*`](https://github.com/NixOS/nix/branches/all?query=maintenance)
-
-  These branches are the subject of backports only, and are
-  also [kept](#reverting) in a release-worthy state.
-
-  See [`maintainers/backporting.md`](https://github.com/NixOS/nix/blob/master/maintainers/backporting.md)
-
-- [`latest-release`](https://github.com/NixOS/nix/tree/latest-release)
-
-  The latest patch release of the latest minor version.
-
-  See [`maintainers/release-process.md`](https://github.com/NixOS/nix/blob/master/maintainers/release-process.md)
-
-- [`backport-*-to-*`](https://github.com/NixOS/nix/branches/all?query=backport)
-
-  Generally branches created by the backport action.
-
-  See [`maintainers/backporting.md`](https://github.com/NixOS/nix/blob/master/maintainers/backporting.md)
-
-- [_other_](https://github.com/NixOS/nix/branches/all)
-
-  Branches that do not conform to the above patterns should be feature branches.
-
-## Reverting
-
-If a change turns out to be merged by mistake, or contain a regression, it may be reverted.
-A revert is not a rejection of the contribution, but merely part of an effective development process.
-It makes sure that development keeps running smoothly, with minimal uncertainty, and less overhead.
-If maintainers have to worry too much about avoiding reverts, they would not be able to merge as much.
-By embracing reverts as a good part of the development process, everyone wins.
-
-However, taking a step back may be frustrating, so maintainers will be extra supportive on the next try.

doc/manual/src/contributing/testing.md

@@ -60,7 +60,7 @@ The unit tests are defined using the [googletest] and [rapidcheck] frameworks.
 > ```
 
 The tests for each Nix library (`libnixexpr`, `libnixstore`, etc..) live inside a directory `tests/unit/${library_name_without-nix}`.
-Given an interface (header) and implementation pair in the original library, say, `src/libexpr/value/context.{hh,cc}`, we write tests for it in `tests/unit/libexpr/tests/value/context.cc`, and (possibly) declare/define additional interfaces for testing purposes in `tests/unit/libexpr-support/tests/value/context.{hh,cc}`.
+Given a interface (header) and implementation pair in the original library, say, `src/libexpr/value/context.{hh,cc}`, we write tests for it in `tests/unit/libexpr/tests/value/context.cc`, and (possibly) declare/define additional interfaces for testing purposes in `tests/unit/libexpr-support/tests/value/context.{hh,cc}`.
 
 Data for unit tests is stored in a `data` subdir of the directory for each unit test executable.
 For example, `libnixstore` code is in `src/libstore`, and its test data is in `tests/unit/libstore/data`.
@@ -77,7 +77,7 @@ there is no risk of any build-system wildcards for the library accidentally pick
 ### Running tests
 
 You can run the whole testsuite with `make check`, or the tests for a specific component with `make libfoo-tests_RUN`.
-Finer-grained filtering is also possible using the [--gtest_filter](https://google.github.io/googletest/advanced.html#running-a-subset-of-the-tests) command-line option, or the `GTEST_FILTER` environment variable, e.g. `GTEST_FILTER='ErrorTraceTest.*' make check`.
+Finer-grained filtering is also possible using the [--gtest_filter](https://google.github.io/googletest/advanced.html#running-a-subset-of-the-tests) command-line option, or the `GTEST_FILTER` environment variable.
 
 ### Characterisation testing { #characaterisation-testing-unit }
 
@@ -162,14 +162,14 @@ ran test tests/functional/${testName}.sh... [PASS]
 or without `make`:
 
 ```shell-session
-$ ./mk/run-test.sh tests/functional/${testName}.sh
+$ ./mk/run-test.sh tests/functional/${testName}.sh tests/functional/init.sh
 ran test tests/functional/${testName}.sh... [PASS]
 ```
 
 To see the complete output, one can also run:
 
 ```shell-session
-$ ./mk/debug-test.sh tests/functional/${testName}.sh
+$ ./mk/debug-test.sh tests/functional/${testName}.sh tests/functional/init.sh
 +(${testName}.sh:1) foo
 output from foo
 +(${testName}.sh:2) bar
@@ -204,7 +204,7 @@ edit it like so:
 Then, running the test with `./mk/debug-test.sh` will drop you into GDB once the script reaches that point:
 
 ```shell-session
-$ ./mk/debug-test.sh tests/functional/${testName}.sh
+$ ./mk/debug-test.sh tests/functional/${testName}.sh tests/functional/init.sh
 ...
 + gdb blash blub
 GNU gdb (GDB) 12.1

doc/manual/src/glossary.md

@@ -1,31 +1,12 @@
 # Glossary
 
-- [content address]{#gloss-content-address}
-
-  A
-  [*content address*](https://en.wikipedia.org/wiki/Content-addressable_storage)
-  is a secure way to reference immutable data.
-  The reference is calculated directly from the content of the data being referenced, which means the reference is
-  [*tamper proof*](https://en.wikipedia.org/wiki/Tamperproofing)
-  --- variations of the data should always calculate to distinct content addresses.
-
-  For how Nix uses content addresses, see:
-
-    - [Content-Addressing File System Objects](@docroot@/store/file-system-object/content-address.md)
-    - [content-addressed store object](#gloss-content-addressed-store-object)
-    - [content-addressed derivation](#gloss-content-addressed-derivation)
-
-  Software Heritage's writing on [*Intrinsic and Extrinsic identifiers*](https://www.softwareheritage.org/2020/07/09/intrinsic-vs-extrinsic-identifiers) is also a good introduction to the value of content-addressing over other referencing schemes.
-
-  Besides content addressing, the Nix store also uses [input addressing](#gloss-input-addressed-store-object).
-
 - [derivation]{#gloss-derivation}
 
   A description of a build task. The result of a derivation is a
-  store object. Derivations declared in Nix expressions are specified
+  store object. Derivations are typically specified in Nix expressions
   using the [`derivation` primitive](./language/derivations.md). These are
   translated into low-level *store derivations* (implicitly by
-  `nix-build`, or explicitly by `nix-instantiate`).
+  `nix-env` and `nix-build`, or explicitly by `nix-instantiate`).
 
   [derivation]: #gloss-derivation
 
@@ -33,7 +14,6 @@
 
   A [derivation] represented as a `.drv` file in the [store].
   It has a [store path], like any [store object].
-  It is the [instantiated][instantiate] form of a derivation.
 
   Example: `/nix/store/g946hcz4c8mdvq2g8vxx42z51qb71rvp-git-2.38.1.drv`
 
@@ -43,9 +23,9 @@
 
 - [instantiate]{#gloss-instantiate}, instantiation
 
-  Save an evaluated [derivation] as a [store derivation] in the Nix [store].
+  Translate a [derivation] into a [store derivation].
 
-  See [`nix-instantiate`](./command-ref/nix-instantiate.md), which produces a store derivation from a Nix expression that evaluates to a derivation.
+  See [`nix-instantiate`](./command-ref/nix-instantiate.md).
 
   [instantiate]: #gloss-instantiate
 
@@ -56,7 +36,7 @@
   This can be achieved by:
   - Fetching a pre-built [store object] from a [substituter]
   - Running the [`builder`](@docroot@/language/derivations.md#attr-builder) executable as specified in the corresponding [derivation]
-  - Delegating to a [remote machine](@docroot@/command-ref/conf-file.md#conf-builders) and retrieving the outputs
+  - Delegating to a [remote builder](@docroot@/advanced-topics/distributed-builds.html) and retrieving the outputs
   <!-- TODO: link [running] to build process page, #8888 -->
 
   See [`nix-store --realise`](@docroot@/command-ref/nix-store/realise.md) for a detailed description of the algorithm.
@@ -78,12 +58,23 @@
 
 - [store]{#gloss-store}
 
-  A collection of [store objects][store object], with operations to manipulate that collection.
-  See [Nix Store](./store/index.md) for details.
+  A collection of store objects, with operations to manipulate that collection.
+  See [Nix store](./store/index.md) for details.
 
-  There are many types of stores, see [Store Types](./store/types/index.md) for details.
+  There are many types of stores.
+  See [`nix help-stores`](@docroot@/command-ref/new-cli/nix3-help-stores.md) for a complete list.
+
+  From the perspective of the location where Nix is invoked, the Nix store can be  referred to _local_ or _remote_.
+  Only a [local store]{#gloss-local-store} exposes a location in the file system of the machine where Nix is invoked that allows access to store objects, typically `/nix/store`.
+  Local stores can be used for building [derivations](#derivation).
+  See [Local Store](@docroot@/command-ref/new-cli/nix3-help-stores.md#local-store) for details.
 
   [store]: #gloss-store
+  [local store]: #gloss-local-store
+
+- [chroot store]{#gloss-chroot-store}
+
+  A [local store] whose canonical path is anything other than `/nix/store`.
 
 - [binary cache]{#gloss-binary-cache}
 
@@ -95,7 +86,7 @@
 
 - [store path]{#gloss-store-path}
 
-  The location of a [store object] in the file system, i.e., an immediate child of the Nix store directory.
+  The location of a [store object](@docroot@/store/index.md#store-object) in the file system, i.e., an immediate child of the Nix store directory.
 
   > **Example**
   >
@@ -105,7 +96,7 @@
 
   [store path]: #gloss-store-path
 
-- [file system object]{#gloss-file-system-object}
+- [file system object]{#gloss-store-object}
 
   The Nix data model for representing simplified file system data.
 
@@ -135,7 +126,7 @@
   non-[fixed-output](#gloss-fixed-output-derivation)
   derivation.
 
-- [content-addressed store object]{#gloss-content-addressed-store-object}
+- [output-addressed store object]{#gloss-output-addressed-store-object}
 
   A [store object] whose [store path] is determined by its contents.
   This includes derivations, the outputs of [content-addressed derivations](#gloss-content-addressed-derivation), and the outputs of [fixed-output derivations](#gloss-fixed-output-derivation).
@@ -164,11 +155,6 @@
   builder can rely on external inputs such as the network or the
   system time) but the Nix model assumes it.
 
-- [impure derivation]{#gloss-impure-derivation}
-
-  [An experimental feature](#@docroot@/contributing/experimental-features.md#xp-feature-impure-derivations) that allows derivations to be explicitly marked as impure,
-  so that they are always rebuilt, and their outputs not reused by subsequent calls to realise them.
-
 - [Nix database]{#gloss-nix-database}
 
   An SQlite database to track [reference]s between [store object]s.
@@ -180,13 +166,11 @@
 
 - [Nix expression]{#gloss-nix-expression}
 
-  1. Commonly, a high-level description of software packages and compositions
-    thereof. Deploying software using Nix entails writing Nix
-    expressions for your packages. Nix expressions specify [derivations][derivation],
-    which are [instantiated][instantiate] into the Nix store as [store derivations][store derivation].
-    These derivations can then be [realised][realise] to produce [outputs][output].
-
-  2. A syntactically valid use of the [Nix language]. For example, the contents of a `.nix` file form an expression.
+  A high-level description of software packages and compositions
+  thereof. Deploying software using Nix entails writing Nix
+  expressions for your packages. Nix expressions are translated to
+  derivations that are stored in the Nix store. These derivations can
+  then be built.
 
 - [reference]{#gloss-reference}
 
@@ -234,27 +218,10 @@
 
   [output path]: #gloss-output-path
 
-- [output closure]{#gloss-output-closure}\
-  The [closure] of an [output path]. It only contains what is [reachable] from the output.
-
-- [deriving path]{#gloss-deriving-path}
-
-  Deriving paths are a way to refer to [store objects][store object] that ar not yet [realised][realise].
-  This is necessary because, in general and particularly for [content-addressed derivations][content-addressed derivation], the [output path] of an [output] is not known in advance.
-  There are two forms:
-
-  - *constant*: just a [store path]
-    It can be made [valid][validity] by copying it into the store: from the evaluator, command line interface or another store.
-
-  - *output*: a pair of a [store path] to a [derivation] and an [output] name.
-
 - [deriver]{#gloss-deriver}
 
   The [store derivation] that produced an [output path].
 
-  The deriver for an output path can be queried with the `--deriver` option to
-  [`nix-store --query`](@docroot@/command-ref/nix-store/query.md).
-
 - [validity]{#gloss-validity}
 
   A store path is valid if all [store object]s in its [closure] can be read from the [store].
@@ -265,7 +232,6 @@
   - All paths in the store path's [closure] are valid.
 
   [validity]: #gloss-validity
-  [local store]: @docroot@/store/types/local-store.md
 
 - [user environment]{#gloss-user-env}
 
@@ -285,15 +251,13 @@
 
   See [installables](./command-ref/new-cli/nix.md#installables) for [`nix` commands](./command-ref/new-cli/nix.md) (experimental) for details.
 
-- [Nix Archive (NAR)]{#gloss-nar}
+- [NAR]{#gloss-nar}
 
   A *N*ix *AR*chive. This is a serialisation of a path in the Nix
   store. It can contain regular files, directories and symbolic
   links.  NARs are generated and unpacked using `nix-store --dump`
   and `nix-store --restore`.
 
-  See [Nix Archive](store/file-system-object/content-address.html#serial-nix-archive) for details.
-
 - [`∅`]{#gloss-emtpy-set}
 
   The empty set symbol. In the context of profile history, this denotes a package is not present in a particular version of the profile.
@@ -302,21 +266,6 @@
 
   The epsilon symbol. In the context of a package, this means the version is empty. More precisely, the derivation does not have a version attribute.
 
-- [package]{#package}
-
-  1. A software package; a collection of files and other data.
-
-  2. A [package attribute set].
-
-- [package attribute set]{#package-attribute-set}
-
-  An [attribute set](@docroot@/language/values.md#attribute-set) containing the attribute `type = "derivation";` (derivation for historical reasons), as well as other attributes, such as
-  - attributes that refer to the files of a [package], typically in the form of [derivation outputs](#output),
-  - attributes that declare something about how the package is supposed to be installed or used,
-  - other metadata or arbitrary attributes.
-
-  [package attribute set]: #package-attribute-set
-
 - [string interpolation]{#gloss-string-interpolation}
 
   Expanding expressions enclosed in `${ }` within a [string], [path], or [attribute name].
@@ -327,31 +276,9 @@
   [path]: ./language/values.md#type-path
   [attribute name]: ./language/values.md#attribute-set
 
-- [base directory]{#gloss-base-directory}
-
-  The location from which relative paths are resolved.
-
-  - For expressions in a file, the base directory is the directory containing that file.
-    This is analogous to the directory of a [base URL](https://datatracker.ietf.org/doc/html/rfc1808#section-3.3).
-    <!-- which is sufficient for resolving non-empty URLs -->
-
-  <!--
-    The wording here may look awkward, but it's for these reasons:
-      * "with --expr": it's a flag, and not an option with an accompanying value
-      * "written in": the expression itself must be written as an argument,
-        whereas the more natural "passed as an argument" allows an interpretation
-        where the expression could be passed by file name.
-    -->
-  - For expressions written in command line arguments with [`--expr`](@docroot@/command-ref/opt-common.html#opt-expr), the base directory is the current working directory.
-
-  [base directory]: #gloss-base-directory
-
 - [experimental feature]{#gloss-experimental-feature}
 
   Not yet stabilized functionality guarded by named experimental feature flags.
   These flags are enabled or disabled with the [`experimental-features`](./command-ref/conf-file.html#conf-experimental-features) setting.
 
   See the contribution guide on the [purpose and lifecycle of experimental feaures](@docroot@/contributing/experimental-features.md).
-
-
-[Nix language]: ./language/index.md

doc/manual/src/installation/env-variables.md

@@ -53,8 +53,7 @@ ssl-cert-file = /etc/ssl/my-certificate-bundle.crt
 
 The Nix installer has special handling for these proxy-related
 environment variables: `http_proxy`, `https_proxy`, `ftp_proxy`,
-`all_proxy`, `no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`,
-`ALL_PROXY`, `NO_PROXY`.
+`no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`, `NO_PROXY`.
 
 If any of these variables are set when running the Nix installer, then
 the installer will create an override file at

doc/manual/src/installation/installing-binary.md

@@ -1,111 +1,89 @@
 # Installing a Binary Distribution
 
-To install the latest version Nix, run the following command:
+The easiest way to install Nix is to run the following command:
 
 ```console
 $ curl -L https://nixos.org/nix/install | sh
 ```
 
-This performs the default type of installation for your platform:
+This will run the installer interactively (causing it to explain what
+it is doing more explicitly), and perform the default "type" of install
+for your platform:
+- single-user on Linux
+- multi-user on macOS
 
-- [Multi-user](#multi-user-installation):
-  - Linux with systemd and without SELinux
-  - macOS
-- [Single-user](#single-user-installation):
-  - Linux without systemd
-  - Linux with SELinux
+  > **Notes on read-only filesystem root in macOS 10.15 Catalina +**
+  >
+  > - It took some time to support this cleanly. You may see posts,
+  >   examples, and tutorials using obsolete workarounds.
+  > - Supporting it cleanly made macOS installs too complex to qualify
+  >   as single-user, so this type is no longer supported on macOS.
 
-We recommend the multi-user installation if it supports your platform and you can authenticate with `sudo`.
-
-The installer can configured with various command line arguments and environment variables.
-To show available command line flags:
-
-```console
-$ curl -L https://nixos.org/nix/install | sh -s -- --help
-```
-
-To check what it does and how it can be customised further, [download and edit the second-stage installation script](#installing-from-a-binary-tarball).
-
-# Installing a pinned Nix version from a URL
-
-Version-specific installation URLs for all Nix versions since 1.11.16 can be found at [releases.nixos.org](https://releases.nixos.org/?prefix=nix/).
-The directory for each version contains the corresponding SHA-256 hash.
-
-All installation scripts are invoked the same way:
-
-```console
-$ export VERSION=2.19.2 
-$ curl -L https://releases.nixos.org/nix/nix-$VERSION/install | sh
-```
-
-# Multi User Installation
-
-The multi-user Nix installation creates system users and a system service for the Nix daemon.
-
-Supported systems:
-
-- Linux running systemd, with SELinux disabled
-- macOS
-
-To explicitly instruct the installer to perform a multi-user installation on your system:
-
-```console
-$ bash <(curl -L https://nixos.org/nix/install) --daemon
-```
-
-You can run this under your usual user account or `root`.
-The script will invoke `sudo` as needed.
+We recommend the multi-user install if it supports your platform and
+you can authenticate with `sudo`.
 
 # Single User Installation
 
 To explicitly select a single-user installation on your system:
 
 ```console
-$ bash <(curl -L https://nixos.org/nix/install) --no-daemon
+$ curl -L https://nixos.org/nix/install | sh -s -- --no-daemon
 ```
 
-In a single-user installation, `/nix` is owned by the invoking user.
-The script will invoke `sudo` to create `/nix` if it doesn’t already exist.
-If you don’t have `sudo`, manually create `/nix` as `root`:
+This will perform a single-user installation of Nix, meaning that `/nix`
+is owned by the invoking user. You can run this under your usual user
+account or root. The script will invoke `sudo` to create `/nix`
+if it doesn’t already exist. If you don’t have `sudo`, you should
+manually create `/nix` first as root, e.g.:
 
 ```console
-$ su root
-# mkdir /nix
-# chown alice /nix
+$ mkdir /nix
+$ chown alice /nix
 ```
 
-# Installing from a binary tarball
+The install script will modify the first writable file from amongst
+`.bash_profile`, `.bash_login` and `.profile` to source
+`~/.nix-profile/etc/profile.d/nix.sh`. You can set the
+`NIX_INSTALLER_NO_MODIFY_PROFILE` environment variable before executing
+the install script to disable this behaviour.
 
-You can also download a binary tarball that contains Nix and all its dependencies:
-- Choose a [version](https://releases.nixos.org/?prefix=nix/) and [system type](../contributing/hacking.md#platforms)
-- Download and unpack the tarball
-- Run the installer
+# Multi User Installation
 
-> **Example**
+The multi-user Nix installation creates system users, and a system
+service for the Nix daemon.
+
+**Supported Systems**
+- Linux running systemd, with SELinux disabled
+- macOS
+
+You can instruct the installer to perform a multi-user installation on
+your system:
+
+```console
+$ curl -L https://nixos.org/nix/install | sh -s -- --daemon
+```
+
+The multi-user installation of Nix will create build users between the
+user IDs 30001 and 30032, and a group with the group ID 30000. You
+can run this under your usual user account or root. The script
+will invoke `sudo` as needed.
+
+> **Note**
 >
-> ```console
-> $ pushd $(mktemp -d)
-> $ export VERSION=2.19.2
-> $ export SYSTEM=x86_64-linux
-> $ curl -LO https://releases.nixos.org/nix/nix-$VERSION/nix-$VERSION-$SYSTEM.tar.xz
-> $ tar xfj nix-$VERSION-$SYSTEM.tar.xz
-> $ cd nix-$VERSION-$SYSTEM
-> $ ./install
-> $ popd
-> ```
+> If you need Nix to use a different group ID or user ID set, you will
+> have to download the tarball manually and [edit the install
+> script](#installing-from-a-binary-tarball).
 
-The installer can be customised with the environment variables declared in the file named `install-multi-user`.
-
-## Native packages for Linux distributions
-
-The Nix community maintains installers for some Linux distributions in their native packaging format(https://nix-community.github.io/nix-installers/).
+The installer will modify `/etc/bashrc`, and `/etc/zshrc` if they exist.
+The installer will first back up these files with a `.backup-before-nix`
+extension. The installer will also create `/etc/profile.d/nix.sh`.
 
 # macOS Installation
 
-<!-- anchors to catch existing links -->
 []{#sect-macos-installation-change-store-prefix}[]{#sect-macos-installation-encrypted-volume}[]{#sect-macos-installation-symlink}[]{#sect-macos-installation-recommended-notes}
+<!-- Note: anchors above to catch permalinks to old explanations -->
 
-We believe we have ironed out how to cleanly support the read-only root file system
+We believe we have ironed out how to cleanly support the read-only root
 on modern macOS. New installs will do this automatically.
 
 This section previously detailed the situation, options, and trade-offs,
@@ -148,3 +126,33 @@ this to run the installer, but it may help if you run into trouble:
   boot process to avoid problems loading or restoring any programs that
   need access to your Nix store
 
+# Installing a pinned Nix version from a URL
+
+Version-specific installation URLs for all Nix versions
+since 1.11.16 can be found at [releases.nixos.org](https://releases.nixos.org/?prefix=nix/).
+The corresponding SHA-256 hash can be found in the directory for the given version.
+
+These install scripts can be used the same as usual:
+
+```console
+$ curl -L https://releases.nixos.org/nix/nix-<version>/install | sh
+```
+
+# Installing from a binary tarball
+
+You can also download a binary tarball that contains Nix and all its
+dependencies. (This is what the install script at
+<https://nixos.org/nix/install> does automatically.) You should unpack
+it somewhere (e.g. in `/tmp`), and then run the script named `install`
+inside the binary tarball:
+
+```console
+$ cd /tmp
+$ tar xfj nix-1.8-x86_64-darwin.tar.bz2
+$ cd nix-1.8-x86_64-darwin
+$ ./install
+```
+
+If you need to edit the multi-user installation script to use different
+group ID or a different user ID range, modify the variables set in the
+file named `install-multi-user`.

doc/manual/src/installation/prerequisites-source.md

@@ -32,15 +32,11 @@
     your distribution does not provide it, please install it from
     <http://www.sqlite.org/>.
 
-  - The [Boehm garbage collector (`bdw-gc`)](http://www.hboehm.info/gc/) to reduce
-    the evaluator’s memory consumption (optional).
-
-    To enable it, install
+  - The [Boehm garbage collector](http://www.hboehm.info/gc/) to reduce
+    the evaluator’s memory consumption (optional). To enable it, install
     `pkgconfig` and the Boehm garbage collector, and pass the flag
     `--enable-gc` to `configure`.
 
-    For `bdw-gc` <= 8.2.4 Nix needs a [small patch](https://github.com/NixOS/nix/blob/ac4d2e7b857acdfeac35ac8a592bdecee2d29838/boehmgc-traceable_allocator-public.diff) to be applied.
-
   - The `boost` library of version 1.66.0 or higher. It can be obtained
     from the official web site <https://www.boost.org/>.
 
@@ -76,7 +72,7 @@
     This is an optional dependency and can be disabled
     by providing a `--disable-cpuid` to the `configure` script.
 
-  - Unless `./configure --disable-unit-tests` is specified, GoogleTest (GTest) and
+  - Unless `./configure --disable-tests` is specified, GoogleTest (GTest) and
     RapidCheck are required, which are available at
     <https://google.github.io/googletest/> and
     <https://github.com/emil-e/rapidcheck> respectively.

doc/manual/src/installation/uninstall.md

@@ -1,8 +1,16 @@
 # Uninstalling Nix
 
+## Single User
+
+If you have a [single-user installation](./installing-binary.md#single-user-installation) of Nix, uninstall it by running:
+
+```console
+$ rm -rf /nix
+```
+
 ## Multi User
 
-Removing a [multi-user installation](./installing-binary.md#multi-user-installation) depends on the operating system.
+Removing a [multi-user installation](./installing-binary.md#multi-user-installation) of Nix is more involved, and depends on the operating system.
 
 ### Linux
 
@@ -43,15 +51,7 @@ which you may remove.
 
 ### macOS
 
-1. If system-wide shell initialisation files haven't been altered since installing Nix, use the backups made by the installer:
-
-   ```console
-   sudo mv /etc/zshrc.backup-before-nix /etc/zshrc
-   sudo mv /etc/bashrc.backup-before-nix /etc/bashrc
-   sudo mv /etc/bash.bashrc.backup-before-nix /etc/bash.bashrc
-   ```
-
-   Otherwise, edit `/etc/zshrc`, `/etc/bashrc`, and `/etc/bash.bashrc` to remove the lines sourcing `nix-daemon.sh`, which should look like this:
+1. Edit `/etc/zshrc`, `/etc/bashrc`, and `/etc/bash.bashrc` to remove the lines sourcing `nix-daemon.sh`, which should look like this:
 
    ```bash
    # Nix
@@ -61,6 +61,18 @@ which you may remove.
    # End Nix
    ```
 
+   If these files haven't been altered since installing Nix you can simply put
+   the backups back in place:
+
+   ```console
+   sudo mv /etc/zshrc.backup-before-nix /etc/zshrc
+   sudo mv /etc/bashrc.backup-before-nix /etc/bashrc
+   sudo mv /etc/bash.bashrc.backup-before-nix /etc/bash.bashrc
+   ```
+
+   This will stop shells from sourcing the file and bringing everything you
+   installed using Nix in scope.
+
 2. Stop and remove the Nix daemon services:
 
    ```console
@@ -70,7 +82,8 @@ which you may remove.
    sudo rm /Library/LaunchDaemons/org.nixos.darwin-store.plist
    ```
 
-   This stops the Nix daemon and prevents it from being started next time you boot the system.
+   This stops the Nix daemon and prevents it from being started next time you
+   boot the system.
 
 3. Remove the `nixbld` group and the `_nixbuildN` users:
 
@@ -81,42 +94,25 @@ which you may remove.
 
    This will remove all the build users that no longer serve a purpose.
 
-4. Edit fstab using `sudo vifs` to remove the line mounting the Nix Store volume on `/nix`, which looks like
+4. Edit fstab using `sudo vifs` to remove the line mounting the Nix Store
+   volume on `/nix`, which looks like
+   `UUID=<uuid> /nix apfs rw,noauto,nobrowse,suid,owners` or
+   `LABEL=Nix\040Store /nix apfs rw,nobrowse`. This will prevent automatic
+   mounting of the Nix Store volume.
 
-   ```
-   UUID=<uuid> /nix apfs rw,noauto,nobrowse,suid,owners
-   ```
-   or
+5. Edit `/etc/synthetic.conf` to remove the `nix` line. If this is the only
+   line in the file you can remove it entirely, `sudo rm /etc/synthetic.conf`.
+   This will prevent the creation of the empty `/nix` directory to provide a
+   mountpoint for the Nix Store volume.
 
-   ```
-   LABEL=Nix\040Store /nix apfs rw,nobrowse
-   ```
-
-   by setting the cursor on the respective line using the error keys, and pressing `dd`, and then `:wq` to save the file.
-
-   This will prevent automatic mounting of the Nix Store volume.
-
-5. Edit `/etc/synthetic.conf` to remove the `nix` line.
-   If this is the only line in the file you can remove it entirely:
-
-   ```bash
-   if [ -f /etc/synthetic.conf ]; then
-     if [ "$(cat /etc/synthetic.conf)" = "nix" ]; then
-       sudo rm /etc/synthetic.conf
-     else
-       sudo vi /etc/synthetic.conf
-     fi
-   fi
-   ```
-
-   This will prevent the creation of the empty `/nix` directory.
-
-6. Remove the files Nix added to your system, except for the store:
+6. Remove the files Nix added to your system:
 
    ```console
    sudo rm -rf /etc/nix /var/root/.nix-profile /var/root/.nix-defexpr /var/root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
    ```
 
+   This gets rid of any data Nix may have created except for the store which is
+   removed next.
 
 7. Remove the Nix Store volume:
 
@@ -124,32 +120,29 @@ which you may remove.
    sudo diskutil apfs deleteVolume /nix
    ```
 
-   This will remove the Nix Store volume and everything that was added to the store.
+   This will remove the Nix Store volume and everything that was added to the
+   store.
 
-   If the output indicates that the command couldn't remove the volume, you should make sure you don't have an _unmounted_ Nix Store volume.
-   Look for a "Nix Store" volume in the output of the following command:
+   If the output indicates that the command couldn't remove the volume, you should
+   make sure you don't have an _unmounted_ Nix Store volume. Look for a
+   "Nix Store" volume in the output of the following command:
 
    ```console
    diskutil list
    ```
 
-   If you _do_ find a "Nix Store" volume, delete it by running `diskutil deleteVolume` with the store volume's `diskXsY` identifier.
+   If you _do_ see a "Nix Store" volume, delete it by re-running the diskutil
+   deleteVolume command, but replace `/nix` with the store volume's `diskXsY`
+   identifier.
 
 > **Note**
 >
-> After you complete the steps here, you will still have an empty `/nix` directory.
-> This is an expected sign of a successful uninstall.
-> The empty `/nix` directory will disappear the next time you reboot.
+> After you complete the steps here, you will still have an empty `/nix`
+> directory. This is an expected sign of a successful uninstall. The empty
+> `/nix` directory will disappear the next time you reboot.
 >
-> You do not have to reboot to finish uninstalling Nix.
-> The uninstall is complete.
-> macOS (Catalina+) directly controls root directories, and its read-only root will prevent you from manually deleting the empty `/nix` mountpoint.
+> You do not have to reboot to finish uninstalling Nix. The uninstall is
+> complete. macOS (Catalina+) directly controls root directories and its
+> read-only root will prevent you from manually deleting the empty `/nix`
+> mountpoint.
 
-## Single User
-
-To remove a [single-user installation](./installing-binary.md#single-user-installation) of Nix, run:
-
-```console
-$ rm -rf /nix ~/.nix-channels ~/.nix-defexpr ~/.nix-profile
-```
-You might also want to manually remove references to Nix from your `~/.profile`.

doc/manual/src/installation/upgrading.md

@@ -1,40 +1,14 @@
 # Upgrading Nix
 
-> **Note**
->
-> These upgrade instructions apply where Nix was installed following the [installation instructions in this manual](./index.md).
+Multi-user Nix users on macOS can upgrade Nix by running: `sudo -i sh -c
+'nix-channel --update &&
+nix-env --install --attr nixpkgs.nix &&
+launchctl remove org.nixos.nix-daemon &&
+launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist'`
 
-Check which Nix version will be installed, for example from one of the [release channels](http://channels.nixos.org/) such as `nixpkgs-unstable`:
+Single-user installations of Nix should run this: `nix-channel --update;
+nix-env --install --attr nixpkgs.nix nixpkgs.cacert`
 
-```console
-$ nix-shell -p nix -I nixpkgs=channel:nixpkgs-unstable --run "nix --version"
-nix (Nix) 2.18.1
-```
-
-> **Warning**
->
-> Writing to the [local store](@docroot@/store/types/local-store.md) with a newer version of Nix, for example by building derivations with [`nix-build`](@docroot@/command-ref/nix-build.md) or [`nix-store --realise`](@docroot@/command-ref/nix-store/realise.md), may change the database schema!
-> Reverting to an older version of Nix may therefore require purging the store database before it can be used.
-
-## Linux multi-user
-
-```console
-$ sudo su
-# nix-env --install --file '<nixpkgs>' --attr nix cacert -I nixpkgs=channel:nixpkgs-unstable
-# systemctl daemon-reload
-# systemctl restart nix-daemon
-```
-
-## macOS multi-user
-
-```console
-$ sudo nix-env --install --file '<nixpkgs>' --attr nix cacert -I nixpkgs=channel:nixpkgs-unstable
-$ sudo launchctl remove org.nixos.nix-daemon
-$ sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-```
-
-## Single-user all platforms
-
-```console
-$ nix-env --install --file '<nixpkgs>' --attr nix cacert -I nixpkgs=channel:nixpkgs-unstable
-```
+Multi-user Nix users on Linux should run this with sudo: `nix-channel
+--update; nix-env --install --attr nixpkgs.nix nixpkgs.cacert; systemctl
+daemon-reload; systemctl restart nix-daemon`

doc/manual/src/language/advanced-attributes.md

@@ -188,49 +188,38 @@ Derivations can declare some infrequently used optional attributes.
     }
     ```
 
-    The `outputHash` attribute must be a string containing the hash in either hexadecimal or "nix32" encoding, or following the format for integrity metadata as defined by [SRI](https://www.w3.org/TR/SRI/).
-    The "nix32" encoding is an adaptation of base-32 encoding.
-    The [`convertHash`](@docroot@/language/builtins.md#builtins-convertHash) function shows how to convert between different encodings, and the [`nix-hash` command](../command-ref/nix-hash.md) has information about obtaining the hash for some contents, as well as converting to and from encodings.
-
-    The `outputHashAlgo` attribute specifies the hash algorithm used to compute the hash.
-    It can currently be `"sha1"`, `"sha256"`, `"sha512"`, or `null`.
-    `outputHashAlgo` can only be `null` when `outputHash` follows the SRI format.
+    The `outputHashAlgo` attribute specifies the hash algorithm used to
+    compute the hash. It can currently be `"sha1"`, `"sha256"` or
+    `"sha512"`.
 
     The `outputHashMode` attribute determines how the hash is computed.
-    It must be one of the following values:
+    It must be one of the following two values:
 
-      - [`"flat"`](@docroot@/store/store-object/content-address.md#method-flat)
+      - `"flat"`\
+        The output must be a non-executable regular file. If it isn’t,
+        the build fails. The hash is simply computed over the contents
+        of that file (so it’s equal to what Unix commands like
+        `sha256sum` or `sha1sum` produce).
 
         This is the default.
 
-      - [`"recursive"` or `"nar"`](@docroot@/store/store-object/content-address.md#method-nix-archive)
+      - `"recursive"`\
+        The hash is computed over the NAR archive dump of the output
+        (i.e., the result of [`nix-store --dump`](@docroot@/command-ref/nix-store/dump.md)). In
+        this case, the output can be anything, including a directory
+        tree.
 
-        > **Compatibility**
-        >
-        > `"recursive"` is the traditional way of indicating this,
-        > and is supported since 2005 (virtually the entire history of Nix).
-        > `"nar"` is more clear, and consistent with other parts of Nix (such as the CLI),
-        > however support for it is only added in Nix version 2.21.
-
-      - [`"text"`](@docroot@/store/store-object/content-address.md#method-text)
-
-        > **Warning**
-        >
-        > The use of this method for derivation outputs is part of the [`dynamic-derivations`][xp-feature-dynamic-derivations] experimental feature.
-
-      - [`"git"`](@docroot@/store/store-object/content-address.md#method-git)
-
-        > **Warning**
-        >
-        > This method is part of the [`git-hashing`][xp-feature-git-hashing] experimental feature.
+    The `outputHash` attribute, finally, must be a string containing
+    the hash in either hexadecimal or base-32 notation. (See the
+    [`nix-hash` command](../command-ref/nix-hash.md) for information
+    about converting to and from base-32 notation.)
 
   - [`__contentAddressed`]{#adv-attr-__contentAddressed}
-
     > **Warning**
     > This attribute is part of an [experimental feature](@docroot@/contributing/experimental-features.md).
     >
     > To use this attribute, you must enable the
-    > [`ca-derivations`][xp-feature-ca-derivations] experimental feature.
+    > [`ca-derivations`](@docroot@/contributing/experimental-features.md#xp-feature-ca-derivations) experimental feature.
     > For example, in [nix.conf](../command-ref/conf-file.md) you could add:
     >
     > ```
@@ -268,18 +257,29 @@ Derivations can declare some infrequently used optional attributes.
     of the environment (typically, a few hundred kilobyte).
 
   - [`preferLocalBuild`]{#adv-attr-preferLocalBuild}\
-    If this attribute is set to `true` and [distributed building is enabled](@docroot@/command-ref/conf-file.md#conf-builders), then, if possible, the derivation will be built locally instead of being forwarded to a remote machine.
-    This is useful for derivations that are cheapest to build locally.
+    If this attribute is set to `true` and [distributed building is
+    enabled](../advanced-topics/distributed-builds.md), then, if
+    possible, the derivation will be built locally instead of forwarded
+    to a remote machine. This is appropriate for trivial builders
+    where the cost of doing a download or remote build would exceed
+    the cost of building locally.
 
   - [`allowSubstitutes`]{#adv-attr-allowSubstitutes}\
-    If this attribute is set to `false`, then Nix will always build this derivation (locally or remotely); it will not try to substitute its outputs.
-    This is useful for derivations that are cheaper to build than to substitute.
+    If this attribute is set to `false`, then Nix will always build this
+    derivation; it will not try to substitute its outputs. This is
+    useful for very trivial derivations (such as `writeText` in Nixpkgs)
+    that are cheaper to build than to substitute from a binary cache.
 
-    This attribute can be ignored by setting [`always-allow-substitutes`](@docroot@/command-ref/conf-file.md#conf-always-allow-substitutes) to `true`.
+    You may disable the effects of this attibute by enabling the
+    `always-allow-substitutes` configuration option in Nix.
 
     > **Note**
     >
-    > If set to `false`, the [`builder`](./derivations.md#attr-builder) should be able to run on the system type specified in the [`system` attribute](./derivations.md#attr-system), since the derivation cannot be substituted.
+    > You need to have a builder configured which satisfies the
+    > derivation’s `system` attribute, since the derivation cannot be
+    > substituted. Thus it is usually a good idea to align `system` with
+    > `builtins.currentSystem` when setting `allowSubstitutes` to
+    > `false`. For most trivial derivations this should be the case.
 
   - [`__structuredAttrs`]{#adv-attr-structuredAttrs}\
     If the special attribute `__structuredAttrs` is set to `true`, the other derivation
@@ -310,7 +310,7 @@ Derivations can declare some infrequently used optional attributes.
     [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites),
     the following attributes are available:
 
-    - `maxSize` defines the maximum size of the resulting [store object](@docroot@/store/store-object.md).
+    - `maxSize` defines the maximum size of the resulting [store object](../glossary.md#gloss-store-object).
     - `maxClosureSize` defines the maximum size of the output's closure.
     - `ignoreSelfRefs` controls whether self-references should be considered when
       checking for allowed references/requisites.
@@ -362,7 +362,3 @@ Derivations can declare some infrequently used optional attributes.
   ```
 
   ensures that the derivation can only be built on a machine with the `kvm` feature.
-
-[xp-feature-ca-derivations]: @docroot@/contributing/experimental-features.md#xp-feature-ca-derivations
-[xp-feature-dynamic-derivations]: @docroot@/contributing/experimental-features.md#xp-feature-dynamic-derivations
-[xp-feature-git-hashing]: @docroot@/contributing/experimental-features.md#xp-feature-git-hashing

doc/manual/src/language/constructs.md

@@ -402,85 +402,7 @@ establishes the same scope as
 let a = 1; in let a = 2; in let a = 3; in let a = 4; in ...
 ```
 
-Variables coming from outer `with` expressions *are* shadowed:
-
-```nix
-with { a = "outer"; };
-with { a = "inner"; };
-a
-```
-
-Does evaluate to `"inner"`.
-
 ## Comments
 
-- Inline comments start with `#` and run until the end of the line.
-
-  > **Example**
-  >
-  > ```nix
-  > # A number
-  > 2 # Equals 1 + 1
-  > ```
-  >
-  > ```console
-  > 2
-  > ```
-
-- Block comments start with `/*` and run until the next occurrence of `*/`.
-
-  > **Example**
-  >
-  > ```nix
-  > /*
-  > Block comments
-  > can span multiple lines.
-  > */ "hello"
-  > ```
-  >
-  > ```console
-  > "hello"
-  > ```
-
-  This means that block comments cannot be nested.
-
-  > **Example**
-  >
-  > ```nix
-  > /* /* nope */ */ 1
-  > ```
-  >
-  > ```console
-  > error: syntax error, unexpected '*'
-  >
-  >        at «string»:1:15:
-  >
-  >             1| /* /* nope */ *
-  >              |               ^
-  > ```
-
-  Consider escaping nested comments and unescaping them in post-processing.
-
-  > **Example**
-  >
-  > ```nix
-  > /* /* nested *\/ */ 1
-  > ```
-  >
-  > ```console
-  > 1
-  > ```
-
-## Scoping rules
-
-Nix is [statically scoped](https://en.wikipedia.org/wiki/Scope_(computer_science)#Lexical_scope), but with multiple scopes and shadowing rules.
-
-* primary scope --- explicitly-bound variables
-  * [`let`](#let-expressions)
-  * [`inherit`](#inheriting-attributes)
-  * function arguments
-
-* secondary scope --- implicitly-bound variables
-  * [`with`](#with-expressions)
-Primary scope takes precedence over secondary scope.
-See [`with`](#with-expressions) for a detailed example.
+Comments can be single-line, started with a `#` character, or
+inline/multi-line, enclosed within `/* ... */`.

doc/manual/src/language/derivations.md

@@ -17,7 +17,7 @@ It outputs an attribute set, and produces a [store derivation] as a side effect
   A symbolic name for the derivation.
   It is added to the [store path] of the corresponding [store derivation] as well as to its [output paths](@docroot@/glossary.md#gloss-output-path).
 
-  [store path]: @docroot@/store/store-path.md
+  [store path]: @docroot@/glossary.md#gloss-store-path
 
   > **Example**
   >
@@ -36,7 +36,7 @@ It outputs an attribute set, and produces a [store derivation] as a side effect
   The system type on which the [`builder`](#attr-builder) executable is meant to be run.
 
   A necessary condition for Nix to build derivations locally is that the `system` attribute matches the current [`system` configuration option].
-  It can automatically [build on other platforms](@docroot@/language/derivations.md#attr-builder) by forwarding build requests to other machines.
+  It can automatically [build on other platforms](../advanced-topics/distributed-builds.md) by forwarding build requests to other machines.
 
   [`system` configuration option]: @docroot@/command-ref/conf-file.md#conf-system
 
@@ -141,7 +141,7 @@ It outputs an attribute set, and produces a [store derivation] as a side effect
 
   By default, a derivation produces a single output called `out`.
   However, derivations can produce multiple outputs.
-  This allows the associated [store objects](@docroot@/store/store-object.md) and their [closures](@docroot@/glossary.md#gloss-closure) to be copied or garbage-collected separately.
+  This allows the associated [store objects](@docroot@/glossary.md#gloss-store-object) and their [closures](@docroot@/glossary.md#gloss-closure) to be copied or garbage-collected separately.
 
   > **Example**
   >
@@ -274,7 +274,7 @@ The [`builder`](#attr-builder) is executed as follows:
     directory (typically, `/nix/store`).
 
   - `NIX_ATTRS_JSON_FILE` & `NIX_ATTRS_SH_FILE` if `__structuredAttrs`
-    is set to `true` for the derivation. A detailed explanation of this
+    is set to `true` for the dervation. A detailed explanation of this
     behavior can be found in the
     [section about structured attrs](./advanced-attributes.md#adv-attr-structuredAttrs).
 

doc/manual/src/language/import-from-derivation.md

@@ -1,10 +1,8 @@
 # Import From Derivation
 
-The value of a Nix expression can depend on the contents of a [store object].
+The value of a Nix expression can depend on the contents of a [store object](@docroot@/glossary.md#gloss-store-object).
 
-[store object]: @docroot@/store/store-object.md
-
-Passing an expression `expr` that evaluates to a [store path](@docroot@/store/store-path.md) to any built-in function which reads from the filesystem constitutes Import From Derivation (IFD):
+Passing an expression `expr` that evaluates to a [store path](@docroot@/glossary.md#gloss-store-path) to any built-in function which reads from the filesystem constitutes Import From Derivation (IFD):
 
 - [`import`](./builtins.md#builtins-import)` expr`
 - [`builtins.readFile`](./builtins.md#builtins-readFile)` expr`

doc/manual/src/language/index.md

@@ -1,13 +1,7 @@
 # Nix Language
 
 The Nix language is designed for conveniently creating and composing *derivations* – precise descriptions of how contents of existing files are used to derive new files.
-
-> **Tip**
->
-> These pages are written as a reference.
-> If you are learning Nix, nix.dev has a good [introduction to the Nix language](https://nix.dev/tutorials/nix-language).
-
-The language is:
+It is:
 
 - *domain-specific*
 
@@ -53,7 +47,7 @@ This is an incomplete overview of language features, by example.
   <td>
 
 
-   *Basic values ([primitives](@docroot@/language/values.md#primitives))*
+   *Basic values*
 
 
   </td>
@@ -71,7 +65,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [string](@docroot@/language/values.md#type-string)
+   A string
 
   </td>
  </tr>
@@ -94,18 +88,6 @@ This is an incomplete overview of language features, by example.
 
   </td>
  </tr>
- <tr>
-  <td>
-
-   `# Explanation`
-
-  </td>
-  <td>
-
-   A [comment](@docroot@/language/constructs.md#comments).
-
-  </td>
- </tr>
  <tr>
   <td>
 
@@ -118,7 +100,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   [String interpolation](@docroot@/language/string-interpolation.md) (expands to `"hello world"`, `"1 2 3"`, `"/nix/store/<hash>-bash-<version>/bin/sh"`)
+   String interpolation (expands to `"hello world"`, `"1 2 3"`, `"/nix/store/<hash>-bash-<version>/bin/sh"`)
 
   </td>
  </tr>
@@ -130,7 +112,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   [Booleans](@docroot@/language/values.md#type-boolean)
+   Booleans
 
   </td>
  </tr>
@@ -142,7 +124,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   [Null](@docroot@/language/values.md#type-null) value
+   Null value
 
   </td>
  </tr>
@@ -154,7 +136,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   An [integer](@docroot@/language/values.md#type-number)
+   An integer
 
   </td>
  </tr>
@@ -166,7 +148,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [floating point number](@docroot@/language/values.md#type-number)
+   A floating point number
 
   </td>
  </tr>
@@ -178,7 +160,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   An absolute [path](@docroot@/language/values.md#type-path)
+   An absolute path
 
   </td>
  </tr>
@@ -190,7 +172,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [path](@docroot@/language/values.md#type-path) relative to the file containing this Nix expression
+   A path relative to the file containing this Nix expression
 
   </td>
  </tr>
@@ -202,7 +184,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A home [path](@docroot@/language/values.md#type-path). Evaluates to the `"<user's home directory>/.config"`.
+   A home path. Evaluates to the `"<user's home directory>/.config"`.
 
   </td>
  </tr>
@@ -214,7 +196,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [lookup path](@docroot@/language/constructs/lookup-path.md) for Nix files. Value determined by [`$NIX_PATH` environment variable](../command-ref/env-common.md#env-NIX_PATH).
+   Search path for Nix files. Value determined by [`$NIX_PATH` environment variable](../command-ref/env-common.md#env-NIX_PATH).
 
   </td>
  </tr>
@@ -238,7 +220,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   An [attribute set](@docroot@/language/values.md#attribute-set) with attributes named `x` and `y`
+   A set with attributes named `x` and `y`
 
   </td>
  </tr>
@@ -262,7 +244,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [recursive set](@docroot@/language/constructs.md#recursive-sets), equivalent to `{ x = "foo"; y = "foobar"; }`.
+   A recursive set, equivalent to `{ x = "foo"; y = "foobar"; }`
 
   </td>
  </tr>
@@ -278,7 +260,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   [Lists](@docroot@/language/values.md#list) with three elements.
+   Lists with three elements.
 
   </td>
  </tr>
@@ -362,7 +344,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   [Attribute selection](@docroot@/language/values.md#attribute-set) (evaluates to `1`)
+   Attribute selection (evaluates to `1`)
 
   </td>
  </tr>
@@ -374,7 +356,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   [Attribute selection](@docroot@/language/values.md#attribute-set) with default (evaluates to `3`)
+   Attribute selection with default (evaluates to `3`)
 
   </td>
  </tr>
@@ -410,7 +392,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   [Conditional expression](@docroot@/language/constructs.md#conditionals).
+   Conditional expression
 
   </td>
  </tr>
@@ -422,7 +404,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   [Assertion](@docroot@/language/constructs.md#assertions) check (evaluates to `"yes!"`).
+   Assertion check (evaluates to `"yes!"`).
 
   </td>
  </tr>
@@ -434,7 +416,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Variable definition. See [`let`-expressions](@docroot@/language/constructs.md#let-expressions).
+   Variable definition
 
   </td>
  </tr>
@@ -446,44 +428,14 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Add all attributes from the given set to the scope (evaluates to `1`).
-
-   See [`with`-expressions](@docroot@/language/constructs.md#with-expressions) for details and shadowing caveats.
+   Add all attributes from the given set to the scope (evaluates to `1`)
 
   </td>
  </tr>
  <tr>
   <td>
 
-   `inherit pkgs src;`
-
-  </td>
-  <td>
-
-   Adds the variables to the current scope (attribute set or `let` binding).
-   Desugars to `pkgs = pkgs; src = src;`.
-   See [Inheriting attributes](@docroot@/language/constructs.md#inheriting-attributes).
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   `inherit (pkgs) lib stdenv;`
-
-  </td>
-  <td>
-
-   Adds the attributes, from the attribute set in parentheses, to the current scope (attribute set or `let` binding).
-   Desugars to `lib = pkgs.lib; stdenv = pkgs.stdenv;`.
-   See [Inheriting attributes](@docroot@/language/constructs.md#inheriting-attributes).
-
-  </td>
- </tr>
- <tr>
-  <td>
-
-   *[Functions](@docroot@/language/constructs.md#functions) (lambdas)*
+   *Functions (lambdas)*
 
   </td>
   <td>
@@ -500,7 +452,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [function](@docroot@/language/constructs.md#functions) that expects an integer and returns it increased by 1.
+   A function that expects an integer and returns it increased by 1
 
   </td>
  </tr>
@@ -512,7 +464,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Curried [function](@docroot@/language/constructs.md#functions), equivalent to `x: (y: x + y)`. Can be used like a function that takes two arguments and returns their sum.
+   Curried function, equivalent to `x: (y: x + y)`. Can be used like a function that takes two arguments and returns their sum.
 
   </td>
  </tr>
@@ -524,7 +476,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [function](@docroot@/language/constructs.md#functions) call (evaluates to 101)
+   A function call (evaluates to 101)
 
   </td>
  </tr>
@@ -536,7 +488,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [function](@docroot@/language/constructs.md#functions) bound to a variable and subsequently called by name (evaluates to 103)
+   A function bound to a variable and subsequently called by name (evaluates to 103)
 
   </td>
  </tr>
@@ -548,7 +500,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [function](@docroot@/language/constructs.md#functions) that expects a set with required attributes `x` and `y` and concatenates them
+   A function that expects a set with required attributes `x` and `y` and concatenates them
 
   </td>
  </tr>
@@ -560,7 +512,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [function](@docroot@/language/constructs.md#functions) that expects a set with required attribute `x` and optional `y`, using `"bar"` as default value for `y`
+   A function that expects a set with required attribute `x` and optional `y`, using `"bar"` as default value for `y`
 
   </td>
  </tr>
@@ -572,7 +524,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [function](@docroot@/language/constructs.md#functions) that expects a set with required attributes `x` and `y` and ignores any other attributes
+   A function that expects a set with required attributes `x` and `y` and ignores any other attributes
 
   </td>
  </tr>
@@ -586,7 +538,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A [function](@docroot@/language/constructs.md#functions) that expects a set with required attributes `x` and `y`, and binds the whole set to `args`
+   A function that expects a set with required attributes `x` and `y`, and binds the whole set to `args`
 
   </td>
  </tr>
@@ -610,8 +562,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Load and return Nix expression in given file.
-   See [import](@docroot@/language/builtins.md#builtins-import).
+   Load and return Nix expression in given file
 
   </td>
  </tr>
@@ -623,8 +574,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Apply a function to every element of a list (evaluates to `[ 2 4 6 ]`).
-   See [`map`](@docroot@/language/builtins.md#builtins-map).
+   Apply a function to every element of a list (evaluates to `[ 2 4 6 ]`)
 
   </td>
  </tr>

doc/manual/src/language/operators.md

@@ -84,7 +84,7 @@ The `+` operator is overloaded to also work on strings and paths.
 >
 > *string* `+` *string*
 
-Concatenate two [strings][string] and merge their string contexts.
+Concatenate two [string]s and merge their string contexts.
 
 [String concatenation]: #string-concatenation
 
@@ -94,7 +94,7 @@ Concatenate two [strings][string] and merge their string contexts.
 >
 > *path* `+` *path*
 
-Concatenate two [paths][path].
+Concatenate two [path]s.
 The result is a path.
 
 [Path concatenation]: #path-concatenation
@@ -128,8 +128,8 @@ The result is a string.
 > The file or directory at *path* must exist and is copied to the [store].
 > The path appears in the result as the corresponding [store path].
 
-[store path]: @docroot@/store/store-path.md
-[store]: @docroot@/glossary.md#gloss-store
+[store path]: ../glossary.md#gloss-store-path
+[store]: ../glossary.md#gloss-store
 
 [String and path concatenation]: #string-and-path-concatenation
 
@@ -150,9 +150,9 @@ If an attribute name is present in both, the attribute value from the latter is
 
 Comparison is
 
-- [arithmetic] for [numbers][number]
-- lexicographic for [strings][string] and [paths][path]
-- item-wise lexicographic for [lists][list]:
+- [arithmetic] for [number]s
+- lexicographic for [string]s and [path]s
+- item-wise lexicographic for [list]s:
   elements at the same index in both lists are compared according to their type and skipped if they are equal.
 
 All comparison operators are implemented in terms of `<`, and the following equivalencies hold:
@@ -163,12 +163,12 @@ All comparison operators are implemented in terms of `<`, and the following equi
 | *a* `>`  *b* |       *b* `<` *a*     |
 | *a* `>=` *b* | `! (` *a* `<` *b* `)` |
 
-[Comparison]: #comparison
+[Comparison]: #comparison-operators
 
 ## Equality
 
-- [Attribute sets][attribute set] and [lists][list] are compared recursively, and therefore are fully evaluated.
-- Comparison of [functions][function] always returns `false`.
+- [Attribute sets][attribute set] and [list]s are compared recursively, and therefore are fully evaluated.
+- Comparison of [function]s always returns `false`.
 - Numbers are type-compatible, see [arithmetic] operators.
 - Floating point numbers only differ up to a limited precision.
 

doc/manual/src/language/string-context.md

@@ -1,134 +0,0 @@
-# String context
-
-> **Note**
->
-> This is an advanced topic.
-> The Nix language is designed to be used without the programmer consciously dealing with string contexts or even knowing what they are.
-
-A string in the Nix language is not just a sequence of characters like strings in other languages.
-It is actually a pair of a sequence of characters and a *string context*.
-The string context is an (unordered) set of *string context elements*.
-
-The purpose of string contexts is to collect non-string values attached to strings via
-[string concatenation](./operators.md#string-concatenation),
-[string interpolation](./string-interpolation.md),
-and similar operations.
-The idea is that a user can combine together values to create a build instructions for derivations without manually keeping track of where they come from.
-Then the Nix language implicitly does that bookkeeping to efficiently obtain the closure of derivation inputs.
-
-> **Note**
->
-> String contexts are *not* explicitly manipulated in idiomatic Nix language code.
-
-String context elements come in different forms:
-
-- [deriving path]{#string-context-element-derived-path}
-
-  A string context element of this type is a [deriving path](@docroot@/glossary.md#gloss-deriving-path).
-  They can be either of type [constant](#string-context-constant) or [output](#string-context-output), which correspond to the types of deriving paths.
-
-  - [Constant string context elements]{#string-context-constant}
-
-    > **Example**
-    >
-    > [`builtins.storePath`] creates a string with a single constant string context element:
-    >
-    > ```nix
-    > builtins.getContext (builtins.storePath "/nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10")
-    > ```
-    > evaluates to
-    > ```nix
-    > {
-    >   "/nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10" = {
-    >     path = true;
-    >   };
-    > }
-    > ```
-
-    [deriving path]: @docroot@/glossary.md#gloss-deriving-path
-    [store path]: @docroot@/glossary.md#gloss-store-path
-    [`builtins.storePath`]: ./builtins.md#builtins-storePath
-
-  - [Output string context elements]{#string-context-output}
-
-    > **Example**
-    >
-    > The behavior of string contexts are best demonstrated with a built-in function that is still experimental: [`builtins.outputOf`].
-    > This example will *not* work with stable Nix!
-    >
-    > ```nix
-    > builtins.getContext
-    >   (builtins.outputOf
-    >     (builtins.storePath "/nix/store/fvchh9cvcr7kdla6n860hshchsba305w-hello-2.12.drv")
-    >     "out")
-    > ```
-    > evaluates to
-    > ```nix
-    > {
-    >   "/nix/store/fvchh9cvcr7kdla6n860hshchsba305w-hello-2.12.drv" = {
-    >     outputs = [ "out" ];
-    >   };
-    > }
-    > ```
-
-    [`builtins.outputOf`]: ./builtins.md#builtins-outputOf
-
-- [*derivation deep*]{#string-context-element-derivation-deep}
-
-  *derivation deep* is an advanced feature intended to be used with the
-  [`exportReferencesGraph` derivation attribute](./advanced-attributes.html#adv-attr-exportReferencesGraph).
-  A *derivation deep* string context element is a derivation path, and refers to both its outputs and the entire build closure of that derivation:
-  all its outputs, all the other derivations the given derivation depends on, and all the outputs of those.
-
-  > **Example**
-  >
-  > The best way to illustrate *derivation deep* string contexts is with [`builtins.addDrvOutputDependencies`].
-  > Take a regular constant string context element pointing to a derivation, and transform it into a "Derivation deep" string context element.
-  >
-  > ```nix
-  > builtins.getContext
-  >   (builtins.addDrvOutputDependencies
-  >     (builtins.storePath "/nix/store/fvchh9cvcr7kdla6n860hshchsba305w-hello-2.12.drv"))
-  > ```
-  > evaluates to
-  > ```nix
-  > {
-  >   "/nix/store/fvchh9cvcr7kdla6n860hshchsba305w-hello-2.12.drv" = {
-  >     allOutputs = true;
-  >   };
-  > }
-  > ```
-
-  [`builtins.addDrvOutputDependencies`]: ./builtins.md#builtins-addDrvOutputDependencies
-  [`builtins.unsafeDiscardOutputDependency`]: ./builtins.md#builtins-unsafeDiscardOutputDependency
-
-## Inspecting string contexts
-
-Most basically, [`builtins.hasContext`] will tell whether a string has a non-empty context.
-
-When more granular information is needed, [`builtins.getContext`] can be used.
-It creates an [attribute set] representing the string context, which can be inspected as usual.
-
-[`builtins.hasContext`]: ./builtins.md#builtins-hasContext
-[`builtins.getContext`]: ./builtins.md#builtins-getContext
-[attribute set]: ./values.md#attribute-set
-
-## Clearing string contexts
-
-[`buitins.unsafeDiscardStringContext`](./builtins.md#builtins-unsafeDiscardStringContext) will make a copy of a string, but with an empty string context.
-The returned string can be used in more ways, e.g. by operators that require the string context to be empty.
-The requirement to explicitly discard the string context in such use cases helps ensure that string context elements are not lost by mistake.
-The "unsafe" marker is only there to remind that Nix normally guarantees that dependencies are tracked, whereas the returned string has lost them.
-
-## Constructing string contexts
-
-[`builtins.appendContext`] will create a copy of a string, but with additional string context elements.
-The context is specified explicitly by an [attribute set] in the format that [`builtins.hasContext`] produces.
-A string with arbitrary contexts can be made like this:
-
-1. Create a string with the desired string context elements.
-   (The contents of the string do not matter.)
-2. Dump its context with [`builtins.getContext`].
-3. Combine it with a base string and repeated [`builtins.appendContext`] calls.
-
-[`builtins.appendContext`]: ./builtins.md#builtins-appendContext

doc/manual/src/language/string-interpolation.md

@@ -20,8 +20,6 @@ Rather than writing
 
 (where `freetype` is a [derivation]), you can instead write
 
-[derivation]: @docroot@/glossary.md#gloss-derivation
-
 ```nix
 "--with-freetype2-library=${freetype}/lib"
 ```
@@ -107,9 +105,9 @@ An expression that is interpolated must evaluate to one of the following:
 
 A string interpolates to itself.
 
-A path in an interpolated expression is first copied into the Nix store, and the resulting string is the [store path] of the newly created [store object](@docroot@/store/store-object.md).
+A path in an interpolated expression is first copied into the Nix store, and the resulting string is the [store path] of the newly created [store object](../glossary.md#gloss-store-object).
 
-[store path]: @docroot@/store/store-path.md
+[store path]: ../glossary.md#gloss-store-path
 
 > **Example**
 >
@@ -191,7 +189,7 @@ If neither is present, an error is thrown.
 > "${a}"
 > ```
 >
->     error: cannot coerce a set to a string: { }
+>     error: cannot coerce a set to a string
 >
 >            at «string»:4:2:
 >

doc/manual/src/language/values.md

@@ -92,50 +92,38 @@
 
 - <a id="type-path" href="#type-path">Path</a>
 
-  *Paths* are distinct from strings and can be expressed by path literals such as `./builder.sh`.
+  *Paths*, e.g., `/bin/sh` or `./builder.sh`. A path must contain at
+  least one slash to be recognised as such. For instance, `builder.sh`
+  is not a path: it's parsed as an expression that selects the
+  attribute `sh` from the variable `builder`. If the file name is
+  relative, i.e., if it does not begin with a slash, it is made
+  absolute at parse time relative to the directory of the Nix
+  expression that contained it. For instance, if a Nix expression in
+  `/foo/bar/bla.nix` refers to `../xyzzy/fnord.nix`, the absolute path
+  is `/foo/xyzzy/fnord.nix`.
 
-  Paths are suitable for referring to local files, and are often preferable over strings.
-  - Path values do not contain trailing slashes, `.` and `..`, as they are resolved when evaluating a path literal.
-  - Path literals are automatically resolved relative to their [base directory](@docroot@/glossary.md#gloss-base-directory).
-  - The files referred to by path values are automatically copied into the Nix store when used in a string interpolation or concatenation.
-  - Tooling can recognize path literals and provide additional features, such as autocompletion, refactoring automation and jump-to-file.
+  If the first component of a path is a `~`, it is interpreted as if
+  the rest of the path were relative to the user's home directory.
+  e.g. `~/foo` would be equivalent to `/home/edolstra/foo` for a user
+  whose home directory is `/home/edolstra`.
 
-  A path literal must contain at least one slash to be recognised as such.
-  For instance, `builder.sh` is not a path:
-  it's parsed as an expression that selects the attribute `sh` from the variable `builder`.
+  For instance, evaluating `"${./foo.txt}"` will cause `foo.txt` in the current directory to be copied into the Nix store and result in the string `"/nix/store/<hash>-foo.txt"`.
 
-  Path literals may also refer to absolute paths by starting with a slash.
-
-  > **Note**
-  >
-  > Absolute paths make expressions less portable.
-  > In the case where a function translates a path literal into an absolute path string for a configuration file, it is recommended to write a string literal instead.
-  > This avoids some confusion about whether files at that location will be used during evaluation.
-  > It also avoids unintentional situations where some function might try to copy everything at the location into the store.
-
-  If the first component of a path is a `~`, it is interpreted such that the rest of the path were relative to the user's home directory.
-  For example, `~/foo` would be equivalent to `/home/edolstra/foo` for a user whose home directory is `/home/edolstra`.
-  Path literals that start with `~` are not allowed in [pure](@docroot@/command-ref/conf-file.md#conf-pure-eval) evaluation.
-
-  Paths can be used in [string interpolation] and string concatenation.
-  For instance, evaluating `"${./foo.txt}"` will cause `foo.txt` from the same directory to be copied into the Nix store and result in the string `"/nix/store/<hash>-foo.txt"`.
-
-  Note that the Nix language assumes that all input files will remain _unchanged_ while evaluating a Nix expression.
+  Note that the Nix language assumes that all input files will remain _unchanged_ while  evaluating a Nix expression.
   For example, assume you used a file path in an interpolated string during a `nix repl` session.
-  Later in the same session, after having changed the file contents, evaluating the interpolated string with the file path again might not return a new [store path], since Nix might not re-read the file contents. Use `:r` to reset the repl as needed.
+  Later in the same session, after having changed the file contents, evaluating the interpolated string with the file path again might not return a new [store path], since Nix might not re-read the file contents.
 
-  [store path]: @docroot@/store/store-path.md
+  [store path]: ../glossary.md#gloss-store-path
 
-  Path literals can also include [string interpolation], besides being [interpolated into other expressions].
-
-  [interpolated into other expressions]: ./string-interpolation.md#interpolated-expressions
+  Paths can include [string interpolation] and can themselves be [interpolated in other expressions].
+  [interpolated in other expressions]: ./string-interpolation.md#interpolated-expressions
 
   At least one slash (`/`) must appear *before* any interpolated expression for the result to be recognized as a path.
 
-  `a.${foo}/b.${bar}` is a syntactically valid number division operation.
+  `a.${foo}/b.${bar}` is a syntactically valid division operation.
   `./a.${foo}/b.${bar}` is a path.
 
-  [Lookup path](./constructs/lookup-path.md) literals such as `<nixpkgs>` also resolve to path values.
+  [Lookup paths](./constructs/lookup-path.md) such as `<nixpkgs>` resolve to path values.
 
 - <a id="type-boolean" href="#type-boolean">Boolean</a>
 
@@ -167,8 +155,6 @@ function and the fifth being a set.
 
 Note that lists are only lazy in values, and they are strict in length.
 
-Elements in a list can be accessed using [`builtins.elemAt`](./builtins.md#builtins-elemAt). 
-
 ## Attribute Set
 
 An attribute set is a collection of name-value-pairs (called *attributes*) enclosed in curly brackets (`{ }`).

doc/manual/src/package-management/copy-closure.md

@@ -0,0 +1,34 @@
+# Copying Closures via SSH
+
+The command `nix-copy-closure` copies a Nix store path along with all
+its dependencies to or from another machine via the SSH protocol. It
+doesn’t copy store paths that are already present on the target machine.
+For example, the following command copies Firefox with all its
+dependencies:
+
+    $ nix-copy-closure --to alice@itchy.example.org $(type -p firefox)
+
+See the [manpage for `nix-copy-closure`](../command-ref/nix-copy-closure.md) for details.
+
+With `nix-store
+--export` and `nix-store --import` you can write the closure of a store
+path (that is, the path and all its dependencies) to a file, and then
+unpack that file into another Nix store. For example,
+
+    $ nix-store --export $(nix-store --query --requisites $(type -p firefox)) > firefox.closure
+
+writes the closure of Firefox to a file. You can then copy this file to
+another machine and install the closure:
+
+    $ nix-store --import < firefox.closure
+
+Any store paths in the closure that are already present in the target
+store are ignored. It is also possible to pipe the export into another
+command, e.g. to copy and install a closure directly to/on another
+machine:
+
+    $ nix-store --export $(nix-store --query --requisites $(type -p firefox)) | bzip2 | \
+        ssh alice@itchy.example.org "bunzip2 | nix-store --import"
+
+However, `nix-copy-closure` is generally more efficient because it only
+copies paths that are not already present in the target Nix store.

doc/manual/src/protocols/json/derivation.md

@@ -1,92 +0,0 @@
-# Derivation JSON Format
-
-> **Warning**
->
-> This JSON format is currently
-> [**experimental**](@docroot@/contributing/experimental-features.md#xp-feature-nix-command)
-> and subject to change.
-
-The JSON serialization of a
-[derivations](@docroot@/glossary.md#gloss-store-derivation)
-is a JSON object with the following fields:
-
-* `name`:
-  The name of the derivation.
-  This is used when calculating the store paths of the derivation's outputs.
-
-* `outputs`:
-  Information about the output paths of the derivation.
-  This is a JSON object with one member per output, where the key is the output name and the value is a JSON object with these fields:
-
-  * `path`:
-    The output path, if it is known in advanced.
-    Otherwise, `null`.
-
-
-  * `method`:
-    For an output which will be [content addresed], a string representing the [method](@docroot@/store/store-object/content-address.md) of content addressing that is chosen.
-    Valid method strings are:
-
-    - [`flat`](@docroot@/store/store-object/content-address.md#method-flat)
-    - [`nar`](@docroot@/store/store-object/content-address.md#method-nix-archive)
-    - [`text`](@docroot@/store/store-object/content-address.md#method-text)
-    - [`git`](@docroot@/store/store-object/content-address.md#method-git)
-
-    Otherwise, `null`.
-
-  * `hashAlgo`:
-    For an output which will be [content addresed], the name of the hash algorithm used.
-    Valid algorithm strings are:
-
-    - `md5`
-    - `sha1`
-    - `sha256`
-    - `sha512`
-
-  * `hash`:
-    For fixed-output derivations, the expected content hash in base-16.
-
-  > **Example**
-  >
-  > ```json
-  > "outputs": {
-  >   "out": {
-  >     "path": "/nix/store/2543j7c6jn75blc3drf4g5vhb1rhdq29-source",
-  >     "method": "nar",
-  >     "hashAlgo": "sha256",
-  >     "hash": "6fc80dcc62179dbc12fc0b5881275898f93444833d21b89dfe5f7fbcbb1d0d62"
-  >   }
-  > }
-  > ```
-
-* `inputSrcs`:
-  A list of store paths on which this derivation depends.
-
-* `inputDrvs`:
-  A JSON object specifying the derivations on which this derivation depends, and what outputs of those derivations.
-
-  > **Example**
-  >
-  > ```json
-  > "inputDrvs": {
-  >   "/nix/store/6lkh5yi7nlb7l6dr8fljlli5zfd9hq58-curl-7.73.0.drv": ["dev"],
-  >   "/nix/store/fn3kgnfzl5dzym26j8g907gq3kbm8bfh-unzip-6.0.drv": ["out"]
-  > }
-  > ```
-
-  specifies that this derivation depends on the `dev` output of `curl`, and the `out` output of `unzip`.
-
-* `system`:
-  The system type on which this derivation is to be built
-  (e.g. `x86_64-linux`).
-
-* `builder`:
-  The absolute path of the program to be executed to run the build.
-  Typically this is the `bash` shell
-  (e.g. `/nix/store/r3j288vpmczbl500w6zz89gyfa4nr0b1-bash-4.4-p23/bin/bash`).
-
-* `args`:
-  The command-line arguments passed to the `builder`.
-
-* `env`:
-  The environment passed to the `builder`.

doc/manual/src/protocols/json/store-object-info.md

@@ -1,98 +0,0 @@
-# Store object info JSON format
-
-> **Warning**
->
-> This JSON format is currently
-> [**experimental**](@docroot@/contributing/experimental-features.md#xp-feature-nix-command)
-> and subject to change.
-
-Info about a [store object].
-
-* `path`:
-
-  [Store path][store path] to the given store object.
-
-* `narHash`:
-
-  Hash of the [file system object] part of the store object when serialized as a [Nix Archive].
-
-* `narSize`:
-
-  Size of the [file system object] part of the store object when serialized as a [Nix Archive].
-
-* `references`:
-
-  An array of [store paths][store path], possibly including this one.
-
-* `ca` (optional):
-
-  Content address of this store object's file system object, used to compute its store path.
-
-[store path]: @docroot@/store/store-path.md
-[file system object]: @docroot@/store/file-system-object.md
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
-
-## Impure fields
-
-These are not intrinsic properties of the store object.
-In other words, the same store object residing in different store could have different values for these properties.
-
-* `deriver` (optional):
-
-  The path to the [derivation] from which this store object is produced.
-
-  [derivation]: @docroot@/glossary.md#gloss-store-derivation
-
-* `registrationTime` (optional):
-
-  When this derivation was added to the store.
-
-* `ultimate` (optional):
-
-  Whether this store object is trusted because we built it ourselves, rather than substituted a build product from elsewhere.
-
-* `signatures` (optional):
-
-  Signatures claiming that this store object is what it claims to be.
-  Not relevant for [content-addressed] store objects,
-  but useful for [input-addressed] store objects.
-
-  [content-addressed]: @docroot@/glossary.md#gloss-content-addressed-store-object
-  [input-addressed]: @docroot@/glossary.md#gloss-input-addressed-store-object
-
-### `.narinfo` extra fields
-
-This meta data is specific to the "binary cache" family of Nix store types.
-This information is not intrinsic to the store object, but about how it is stored.
-
-* `url`:
-
-  Where to download a compressed archive of the file system objects of this store object.
-
-* `compression`:
-
-  The compression format that the archive is in.
-
-* `fileHash`:
-
-  A digest for the compressed archive itself, as opposed to the data contained within.
-
-* `fileSize`:
-
-  The size of the compressed archive itself.
-
-## Computed closure fields
-
-These fields are not stored at all, but computed by traversing the other fields across all the store objects in a [closure].
-
-* `closureSize`:
-
-  The total size of the compressed archive itself for this object, and the compressed archive of every object in this object's [closure].
-
-### `.narinfo` extra fields
-
-* `closureSize`:
-
-  The total size of this store object and every other object in its [closure].
-
-[closure]: @docroot@/glossary.md#gloss-closure

doc/manual/src/protocols/nix-archive.md

@@ -1,43 +0,0 @@
-# Nix Archive (NAR) format
-
-This is the complete specification of the [Nix Archive] format.
-The Nix Archive format closely follows the abstract specification of a [file system object] tree,
-because it is designed to serialize exactly that data structure.
-
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#nix-archive
-[file system object]: @docroot@/store/file-system-object.md
-
-The format of this specification is close to [Extended Backus–Naur form](https://en.wikipedia.org/wiki/Extended_Backus%E2%80%93Naur_form), with the exception of the `str(..)` function / parameterized rule, which length-prefixes and pads strings.
-This makes the resulting binary format easier to parse.
-
-Regular users do *not* need to know this information.
-But for those interested in exactly how Nix works, e.g. if they are reimplementing it, this information can be useful.
-
-```ebnf
-nar = str("nix-archive-1"), nar-obj;
-
-nar-obj = str("("), nar-obj-inner, str(")");
-
-nar-obj-inner
-  = str("type"), str("regular") regular
-  | str("type"), str("symlink") symlink
-  | str("type"), str("directory") directory
-  ;
-
-regular = [ str("executable"), str("") ], str("contents"), str(contents);
-
-symlink = str("target"), str(target);
-
-(* side condition: directory entries must be ordered by their names *)
-directory = str("type"), str("directory") { directory-entry };
-
-directory-entry = str("entry"), str("("), str("name"), str(name), str("node"), nar-obj, str(")");
-```
-
-The `str` function / parameterized rule is defined as follows:
-
-- `str(s)` = `int(|s|), pad(s);`
-
-- `int(n)` = the 64-bit little endian representation of the number `n`
-
-- `pad(s)` = the byte sequence `s`, padded with 0s to a multiple of 8 byte

doc/manual/src/protocols/store-path.md

@@ -1,142 +0,0 @@
-# Complete Store Path Calculation
-
-This is the complete specification for how [store path]s are calculated.
-
-The format of this specification is close to [Extended Backus–Naur form](https://en.wikipedia.org/wiki/Extended_Backus%E2%80%93Naur_form), but must deviate for a few things such as hash functions which we treat as bidirectional for specification purposes.
-
-Regular users do *not* need to know this information --- store paths can be treated as black boxes computed from the properties of the store objects they refer to.
-But for those interested in exactly how Nix works, e.g. if they are reimplementing it, this information can be useful.
-
-[store path](@docroot@/store/store-path.md)
-
-## Store path proper
-
-```ebnf
-store-path = store-dir "/" digest "-" name
-```
-where
-
-- `name` = the name of the store object.
-
-- `store-dir` = the [store directory](@docroot@/store/store-path.md#store-directory)
-
-- `digest` = base-32 representation of the first 160 bits of a [SHA-256] hash of `fingerprint`
-
-  This the hash part of the store name
-
-## Fingerprint
-
-- ```ebnf
-  fingerprint = type ":" sha256 ":" inner-digest ":" store ":" name
-  ```
-
-  Note that it includes the location of the store as well as the name to make sure that changes to either of those are reflected in the hash
-  (e.g. you won't get `/nix/store/<digest>-name1` and `/nix/store/<digest>-name2`, or `/gnu/store/<digest>-name1`, with equal hash parts).
-
-- `type` = one of:
-
-  - ```ebnf
-    | "text" { ":" store-path }
-    ```
-
-    This is for the
-    ["Text"](@docroot@/store/store-object/content-address.md#method-text)
-    method of content addressing store objects.
-    The optional trailing store paths are the references of the store object.
-
-  - ```ebnf
-    | "source" { ":" store-path } [ ":self" ]
-    ```
-
-    This is for the
-    ["Nix Archive"](@docroot@/store/store-object/content-address.md#method-nix-archive)
-    method of content addressing store objects,
-    if the hash algorithm is [SHA-256].
-    Just like in the "Text" case, we can have the store objects referenced by their paths.
-    Additionally, we can have an optional `:self` label to denote self reference.
-
-  - ```ebnf
-    | "output:" id
-    ```
-
-    For either the outputs built from derivations,
-    or content-addressed store objects that are not using one of the two above cases.
-    To be explicit about the latter, that is currently these methods:
-
-    - ["Flat"](@docroot@/store/store-object/content-address.md#method-flat)
-    - ["Git"](@docroot@/store/store-object/content-address.md#method-git)
-    - ["Nix Archive"](@docroot@/store/store-object/content-address.md#method-nix-archive) if the hash algorithm is not [SHA-256].
-
-    `id` is the name of the output (usually, "out").
-    For content-addressed store objects, `id`, is always "out".
-
-- `inner-digest` = base-16 representation of a SHA-256 hash of `inner-fingerprint`
-
-## Inner fingerprint
-
-- `inner-fingerprint` = one of the following based on `type`:
-
-  - if `type` = `"text:" ...`:
-
-    the string written to the resulting store path.
-
-  - if `type` = `"source:" ...`:
-
-    the the hash of the [Nix Archive (NAR)] serialization of the [file system object](@docroot@/store/file-system-object.md) of the store object.
-
-  - if `type` = `"output:" id`:
-
-    - For input-addressed derivation outputs:
-
-      the [ATerm](@docroot@/protocols/derivation-aterm.md) serialization of the derivation modulo fixed output derivations.
-
-    - For content-addressed store paths:
-
-      ```ebnf
-      "fixed:out:" rec algo ":" hash ":"
-      ```
-
-      where
-
-      - `rec` = one of:
-
-        - ```ebnf
-          | ""
-          ```
-          (empty string) for hashes of the flat (single file) serialization
-
-        - ```ebnf
-          | "r:"
-          ```
-          hashes of the for [Nix Archive (NAR)] (arbitrary file system object) serialization
-
-        - ```ebnf
-          | "git:"
-          ```
-          hashes of the [Git blob/tree](https://git-scm.com/book/en/v2/Git-Internals-Git-Objects) [Merkel tree](https://en.wikipedia.org/wiki/Merkle_tree) format
-
-      - ```ebnf
-        algo = "md5" | "sha1" | "sha256"
-        ```
-
-      - `hash` = base-16 representation of the path or flat hash of the contents of the path (or expected contents of the path for fixed-output derivations).
-
-      Note that `id` = `"out"`, regardless of the name part of the store path.
-      Also note that NAR + SHA-256 must not use this case, and instead must use the `type` = `"source:" ...` case.
-
-[Nix Archive (NAR)]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
-[SHA-256]: https://en.m.wikipedia.org/wiki/SHA-256
-
-### Historical Note
-
-The `type` = `"source:" ...` and `type` = `"output:out"` grammars technically overlap in purpose,
-in that both can represent data hashed by its SHA-256 NAR serialization.
-
-The original reason for this way of computing names was to prevent name collisions (for security).
-For instance, the thinking was that it shouldn't be feasible to come up with a derivation whose output path collides with the path for a copied source.
-The former would have an `inner-fingerprint` starting with `output:out:`, while the latter would have an `inner-fingerprint` starting with `source:`.
-
-Since `64519cfd657d024ae6e2bb74cb21ad21b886fd2a` (2008), however, it was decided that separating derivation-produced vs manually-hashed content-addressed data like this was not useful.
-Now, data that is content-addressed with SHA-256 + NAR-serialization always uses the `source:...` construction, regardless of how it was produced (manually or by derivation).
-This allows freely switching between using [fixed-output derivations](@docroot@/glossary.md#gloss-fixed-output-derivation) for fetching, and fetching out-of-band and then manually adding.
-It also removes the ambiguity from the grammar.

doc/manual/src/protocols/tarball-fetcher.md

@@ -22,7 +22,7 @@ Link: <flakeref>; rel="immutable"
 
 *flakeref* must be a tarball flakeref. It can contain the tarball flake attributes
 `narHash`, `rev`, `revCount` and `lastModified`. If `narHash` is included, its
-value must be the [NAR hash][Nix Archive] of the unpacked tarball (as computed via
+value must be the NAR hash of the unpacked tarball (as computed via
 `nix hash path`). Nix checks the contents of the returned tarball
 against the `narHash` attribute. The `rev` and `revCount` attributes
 are useful when the tarball flake is a mirror of a fetcher type that
@@ -40,5 +40,3 @@ Link: <https://example.org/hello/442793d9ec0584f6a6e82fa253850c8085bb150a.tar.gz
 
 For tarball flakes, the value of the `lastModified` flake attribute is
 defined as the timestamp of the newest file inside the tarball.
-
-[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive

doc/manual/src/quick-start.md

@@ -1,43 +1,99 @@
 # Quick Start
 
-This chapter is for impatient people who don't like reading documentation.
-For more in-depth information you are kindly referred to subsequent chapters.
+This chapter is for impatient people who don't like reading
+documentation.  For more in-depth information you are kindly referred
+to subsequent chapters.
 
-1. Install Nix:
+1. Install Nix by running the following:
 
    ```console
    $ curl -L https://nixos.org/nix/install | sh
    ```
 
    The install script will use `sudo`, so make sure you have sufficient rights.
+   On Linux, `--daemon` can be omitted for a single-user install.
 
-   For other installation methods, see the detailed [installation instructions](installation/index.md).
+   For other installation methods, see [here](installation/installation.md).
 
-1. Run software without installing it permanently:
+1. See what installable packages are currently available in the
+   channel:
 
    ```console
-   $ nix-shell --packages cowsay lolcat
+   $ nix-env --query --available --attr-path
+   nixpkgs.docbook_xml_dtd_43                    docbook-xml-4.3
+   nixpkgs.docbook_xml_dtd_45                    docbook-xml-4.5
+   nixpkgs.firefox                               firefox-33.0.2
+   nixpkgs.hello                                 hello-2.9
+   nixpkgs.libxslt                               libxslt-1.1.28
+   …
    ```
 
-   This downloads the specified packages with all their dependencies, and drops you into a Bash shell where the commands provided by those packages are present.
-   This will not affect your normal environment:
+1. Install some packages from the channel:
 
    ```console
-   [nix-shell:~]$ cowsay Hello, Nix! | lolcat
+   $ nix-env --install --attr nixpkgs.hello
    ```
 
-   Exiting the shell will make the programs disappear again:
+   This should download pre-built packages; it should not build them
+   locally (if it does, something went wrong).
+
+1. Test that they work:
 
    ```console
+   $ which hello
+   /home/eelco/.nix-profile/bin/hello
+   $ hello
+   Hello, world!
+   ```
+
+1. Uninstall a package:
+
+   ```console
+   $ nix-env --uninstall hello
+   ```
+
+1. You can also test a package without installing it:
+
+   ```console
+   $ nix-shell --packages hello
+   ```
+
+   This builds or downloads GNU Hello and its dependencies, then drops
+   you into a Bash shell where the `hello` command is present, all
+   without affecting your normal environment:
+
+   ```console
+   [nix-shell:~]$ hello
+   Hello, world!
+
    [nix-shell:~]$ exit
-   $ lolcat
-   lolcat: command not found
+
+   $ hello
+   hello: command not found
    ```
 
-1. Search for more packages on [search.nixos.org](https://search.nixos.org/) to try them out.
-
-1. Free up storage space:
+1. To keep up-to-date with the channel, do:
 
    ```console
-   $ nix-collect-garbage
+   $ nix-channel --update nixpkgs
+   $ nix-env --upgrade '*'
+   ```
+
+   The latter command will upgrade each installed package for which
+   there is a “newer” version (as determined by comparing the version
+   numbers).
+
+1. If you're unhappy with the result of a `nix-env` action (e.g., an
+   upgraded package turned out not to work properly), you can go back:
+
+   ```console
+   $ nix-env --rollback
+   ```
+
+1. You should periodically run the Nix garbage collector to get rid of
+   unused packages, since uninstalls or upgrades don't actually delete
+   them:
+
+   ```console
+   $ nix-collect-garbage --delete-old
    ```

doc/manual/src/release-notes/index.md

@@ -1,13 +0,0 @@
-# Nix Release Notes
-
-The Nix release cycle is calendar-based as follows:
-
-Nix has a release cycle of roughly 6 weeks.
-Notable changes and additions are announced in the release notes for each version.
-
-The supported Nix versions are:
-- The latest release
-- The version used in the stable NixOS release, which is announced in the [NixOS release notes](https://nixos.org/manual/nixos/stable/release-notes.html#ch-release-notes).
-
-Bugfixes and security issues are backported to every supported version.
-Patch releases are published as needed.

doc/manual/src/release-notes/release-notes.md

@@ -0,0 +1,12 @@
+# Nix Release Notes
+
+Nix has a release cycle of roughly 6 weeks.
+Notable changes and additions are announced in the release notes for each version.
+
+Bugfixes can be backported on request to previous Nix releases.
+We typically backport only as far back as the Nix version used in the latest NixOS release, which is announced in the [NixOS release notes](https://nixos.org/manual/nixos/stable/release-notes.html#ch-release-notes).
+
+Backports never skip releases.
+If a feature is backported to version `x.y`, it must also be available in version `x.(y+1)`.
+This ensures that upgrading from an older version with backports is still safe and no backported functionality will go missing.
+

doc/manual/src/release-notes/rl-2.15.md

@@ -11,7 +11,7 @@
   As the choice of hash formats is no longer binary, the `--base16` flag is also added
   to explicitly specify the Base16 format, which is still the default.
 
-* The special handling of an [installable](../command-ref/new-cli/nix.md#installables) with `.drv` suffix being interpreted as all of the given [store derivation](@docroot@/glossary.md#gloss-store-derivation)'s output paths is removed, and instead taken as the literal store path that it represents.
+* The special handling of an [installable](../command-ref/new-cli/nix.md#installables) with `.drv` suffix being interpreted as all of the given [store derivation](../glossary.md#gloss-store-derivation)'s output paths is removed, and instead taken as the literal store path that it represents.
 
   The new `^` syntax for store paths introduced in Nix 2.13 allows explicitly referencing output paths of a derivation.
   Using this is better and more clear than relying on the now-removed `.drv` special handling.

doc/manual/src/release-notes/rl-2.20.md

@@ -1,208 +0,0 @@
-# Release 2.20.0 (2024-01-29)
-
-- Option `allowed-uris` can now match whole schemes in URIs without slashes [#9547](https://github.com/NixOS/nix/pull/9547)
-
-  If a scheme, such as `github:` is specified in the `allowed-uris` option, all URIs starting with `github:` are allowed.
-  Previously this only worked for schemes whose URIs used the `://` syntax.
-
-- Include cgroup stats when building through the daemon [#9598](https://github.com/NixOS/nix/pull/9598)
-
-  Nix now also reports cgroup statistics when building through the Nix daemon and when doing remote builds using `ssh-ng`,
-  if both sides of the connection are using Nix 2.20 or newer.
-
-- Disallow empty search regex in `nix search` [#9481](https://github.com/NixOS/nix/pull/9481)
-
-  [`nix search`](@docroot@/command-ref/new-cli/nix3-search.md) now requires a search regex to be passed. To show all packages, use `^`.
-
-- Add new `eval-system` setting [#4093](https://github.com/NixOS/nix/pull/4093)
-
-  Add a new `eval-system` option.
-  Unlike `system`, it just overrides the value of `builtins.currentSystem`.
-  This is more useful than overriding `system`, because you can build these derivations on remote builders which can work on the given system.
-  In contrast, `system` also affects scheduling which will cause Nix to build those derivations locally even if that doesn't make sense.
-
-  `eval-system` only takes effect if it is non-empty.
-  If empty (the default) `system` is used as before, so there is no breakage.
-
-- Import-from-derivation builds the derivation in the build store [#9661](https://github.com/NixOS/nix/pull/9661)
-
-  When using `--eval-store`, `import`ing from a derivation will now result in the derivation being built on the build store, i.e. the store specified in the `store` Nix option.
-
-  Because the resulting Nix expression must be copied back to the evaluation store in order to be imported, this requires the evaluation store to trust the build store's signatures.
-
-- Mounted SSH Store [#7890](https://github.com/NixOS/nix/issues/7890) [#7912](https://github.com/NixOS/nix/pull/7912)
-
-  Introduced the store [`mounted-ssh-ng://`](@docroot@/command-ref/new-cli/nix3-help-stores.md).
-  This store allows full access to a Nix store on a remote machine and additionally requires that the store be mounted in the local filesystem.
-
-- Rename `nix show-config` to `nix config show` [#7672](https://github.com/NixOS/nix/issues/7672) [#9477](https://github.com/NixOS/nix/pull/9477)
-
-  `nix show-config` was renamed to `nix config show`, and `nix doctor` was renamed to `nix config check`, to be more consistent with the rest of the command line interface.
-
-- Add command `nix hash convert` [#9452](https://github.com/NixOS/nix/pull/9452)
-
-  This replaces the old `nix hash to-*` commands, which are still available but will emit a deprecation warning. Please convert as follows:
-
-  - `nix hash to-base16 $hash1 $hash2`: Use `nix hash convert --to base16 $hash1 $hash2` instead.
-  - `nix hash to-base32 $hash1 $hash2`: Use `nix hash convert --to nix32 $hash1 $hash2` instead.
-  - `nix hash to-base64 $hash1 $hash2`: Use `nix hash convert --to base64 $hash1 $hash2` instead.
-  - `nix hash to-sri $hash1 $hash2`: : Use `nix hash convert --to sri $hash1 $hash2` or even just `nix hash convert $hash1 $hash2` instead.
-
-- Rename hash format `base32` to `nix32` [#9452](https://github.com/NixOS/nix/pull/9452)
-
-  Hash format `base32` was renamed to `nix32` since it used a special Nix-specific character set for
-  [Base32](https://en.wikipedia.org/wiki/Base32).
-
-- `nix profile` now allows referring to elements by human-readable names [#8678](https://github.com/NixOS/nix/pull/8678)
-
-  [`nix profile`](@docroot@/command-ref/new-cli/nix3-profile.md) now uses names to refer to installed packages when running [`list`](@docroot@/command-ref/new-cli/nix3-profile-list.md), [`remove`](@docroot@/command-ref/new-cli/nix3-profile-remove.md) or [`upgrade`](@docroot@/command-ref/new-cli/nix3-profile-upgrade.md) as opposed to indices. Profile element names are generated when a package is installed and remain the same until the package is removed.
-
-  **Warning**: The `manifest.nix` file used to record the contents of profiles has changed. Nix will automatically upgrade profiles to the new version when you modify the profile. After that, the profile can no longer be used by older versions of Nix.
-
-- Give `nix store add` a `--hash-algo` flag [#9809](https://github.com/NixOS/nix/pull/9809)
-
-  Adds a missing feature that was present in the old CLI, and matches our
-  plans to have similar flags for `nix hash convert` and `nix hash path`.
-
-- Coercion errors include the failing value
-
-  The `error: cannot coerce a <TYPE> to a string` message now includes the value
-  which caused the error.
-
-  Before:
-
-  ```
-  error: cannot coerce a set to a string
-  ```
-
-  After:
-
-  ```
-  error: cannot coerce a set to a string: { aesSupport = «thunk»;
-    avx2Support = «thunk»; avx512Support = «thunk»; avxSupport = «thunk»;
-    canExecute = «thunk»; config = «thunk»; darwinArch = «thunk»; darwinMinVersion
-    = «thunk»; darwinMinVersionVariable = «thunk»; darwinPlatform = «thunk»; «84
-    attributes elided»}
-  ```
-
-- Type errors include the failing value
-
-  In errors like `value is an integer while a list was expected`, the message now
-  includes the failing value.
-
-  Before:
-
-  ```
-  error: value is a set while a string was expected
-  ```
-
-  After:
-
-  ```
-  error: expected a string but found a set: { ghc810 = «thunk»;
-    ghc8102Binary = «thunk»; ghc8107 = «thunk»; ghc8107Binary = «thunk»;
-    ghc865Binary = «thunk»; ghc90 = «thunk»; ghc902 = «thunk»; ghc92 = «thunk»;
-    ghc924Binary = «thunk»; ghc925 = «thunk»;  «17 attributes elided»}
-  ```
-
-- Source locations are printed more consistently in errors [#561](https://github.com/NixOS/nix/issues/561) [#9555](https://github.com/NixOS/nix/pull/9555)
-
-  Source location information is now included in error messages more
-  consistently. Given this code:
-
-  ```nix
-  let
-    attr = {foo = "bar";};
-    key = {};
-  in
-    attr.${key}
-  ```
-
-  Previously, Nix would show this unhelpful message when attempting to evaluate
-  it:
-
-  ```
-  error:
-         … while evaluating an attribute name
-
-         error: value is a set while a string was expected
-  ```
-
-  Now, the error message displays where the problematic value was found:
-
-  ```
-  error:
-         … while evaluating an attribute name
-
-           at bad.nix:4:11:
-
-              3|   key = {};
-              4| in attr.${key}
-               |           ^
-              5|
-
-         error: expected a string but found a set
-  ```
-
-- Some stack overflow segfaults are fixed [#9616](https://github.com/NixOS/nix/issues/9616) [#9617](https://github.com/NixOS/nix/pull/9617)
-
-  The number of nested function calls has been restricted, to detect and report
-  infinite function call recursions. The default maximum call depth is 10,000 and
-  can be set with [the `max-call-depth`
-  option](@docroot@/command-ref/conf-file.md#conf-max-call-depth).
-
-  This replaces the `stack overflow (possible infinite recursion)` message.
-
-- Better error reporting for `with` expressions [#9658](https://github.com/NixOS/nix/pull/9658)
-
-  `with` expressions using non-attrset values to resolve variables are now reported with proper positions, e.g.
-
-  ```
-  nix-repl> with 1; a
-  error:
-         … while evaluating the first subexpression of a with expression
-           at «string»:1:1:
-              1| with 1; a
-               | ^
-
-         error: expected a set but found an integer
-  ```
-
-- Functions are printed with more detail [#7145](https://github.com/NixOS/nix/issues/7145) [#9606](https://github.com/NixOS/nix/pull/9606)
-
-  `nix repl`, `nix eval`, `builtins.trace`, and most other places values are
-  printed will now include function names and source location information:
-
-  ```
-  $ nix repl nixpkgs
-  nix-repl> builtins.map
-  «primop map»
-
-  nix-repl> builtins.map lib.id
-  «partially applied primop map»
-
-  nix-repl> builtins.trace lib.id "my-value"
-  trace: «lambda id @ /nix/store/8rrzq23h2zq7sv5l2vhw44kls5w0f654-source/lib/trivial.nix:26:5»
-  "my-value"
-  ```
-
-- Flake operations like `nix develop` will no longer fail when run in a Git
-  repository where the `flake.lock` file is `.gitignore`d
-  [#8854](https://github.com/NixOS/nix/issues/8854)
-  [#9324](https://github.com/NixOS/nix/pull/9324)
-
-- Nix commands will now respect Ctrl-C
-  [#7145](https://github.com/NixOS/nix/issues/7145)
-  [#6995](https://github.com/NixOS/nix/pull/6995)
-  [#9687](https://github.com/NixOS/nix/pull/9687)
-
-  Previously, many Nix commands would hang indefinitely if Ctrl-C was pressed
-  while performing various operations (including `nix develop`, `nix flake
-  update`, and so on). With several fixes to Nix's signal handlers, Nix
-  commands will now exit quickly after Ctrl-C is pressed.
-
-- `nix copy` to a `ssh-ng` store now needs `--substitute-on-destination` (a.k.a. `-s`)
-  in order to substitute paths on the remote store instead of copying them.
-  The behavior is consistent with `nix copy` to a different kind of remote store.
-  Previously this behavior was controlled by the
-  `builders-use-substitutes` setting and `--substitute-on-destination` was ignored.