Add nix-pack utility

This transforms a set of Nix expressions into a single file. The
typical use case is to replace the top-level default.nix in Nixpkgs
with a single file that includes (almost) all Nix expressions
reachable from that file. This reduces I/O overhead, especially on
non-SSD systems.

.dir-locals.el

@@ -1,16 +0,0 @@
-((c++-mode . (
-  (c-file-style . "k&r")
-  (c-basic-offset . 4)
-  (indent-tabs-mode . nil)
-  (tab-width . 4)
-  (show-trailing-whitespace . t)
-  (indicate-empty-lines . t)
-  (eval . (c-set-offset 'innamespace 0))
-  (eval . (c-set-offset 'defun-open 0))
-  (eval . (c-set-offset 'inline-open 0))
-  (eval . (c-set-offset 'arglist-intro '+))
-  (eval . (c-set-offset 'arglist-cont 0))
-  (eval . (c-set-offset 'arglist-cont-nonempty '+))
-  (eval . (c-set-offset 'substatement-open 0))
-  (eval . (c-set-offset 'access-label '-))
-  )))

.editorconfig

@@ -1,26 +0,0 @@
-# EditorConfig configuration for nix
-# http://EditorConfig.org
-
-# Top-most EditorConfig file
-root = true
-
-# Unix-style newlines with a newline ending every file, utf-8 charset
-[*]
-end_of_line = lf
-insert_final_newline = true
-trim_trailing_whitespace = true
-charset = utf-8
-
-# Match nix files, set indent to spaces with width of two
-[*.nix]
-indent_style = space
-indent_size = 2
-
-# Match c++/shell/perl, set indent to spaces with width of four
-[*.{hpp,cc,hh,sh,pl}]
-indent_style = space
-indent_size = 4
-
-# Match diffs, avoid to trim trailing whitespace
-[*.{diff,patch}]
-trim_trailing_whitespace = false

.github/ISSUE_TEMPLATE.md

@@ -1,27 +0,0 @@
-<!--
-
-# Filing a Nix issue
-
-*WAIT* Are you sure you're filing your issue in the right repository?
-
-We appreciate you taking the time to tell us about issues you encounter, but routing the issue to the right place will get you help sooner and save everyone time.
-
-This is the Nix repository, and issues here should be about Nix the build and package management *_tool_*.
-
-If you have a problem with a specific package on NixOS or when using Nix, you probably want to file an issue with _nixpkgs_, whose issue tracker is over at https://github.com/NixOS/nixpkgs/issues.
-
-Examples of _Nix_ issues:
-
-- Nix segfaults when I run `nix-build -A blahblah`
-- The Nix language needs a new builtin: `builtins.foobar`
-- Regression in the behavior of `nix-env` in Nix 2.0
-
-Examples of _nixpkgs_ issues:
-
-- glibc is b0rked on aarch64
-- chromium in NixOS doesn't support U2F but google-chrome does!
-- The OpenJDK package on macOS is missing a key component
-
-Chances are if you're a newcomer to the Nix world, you'll probably want the [nixpkgs tracker](https://github.com/NixOS/nixpkgs/issues). It also gets a lot more eyeball traffic so you'll probably get a response a lot more quickly.
-
--->

.gitignore

@@ -1,5 +1,4 @@
 Makefile.config
-perl/Makefile.config
 
 # /
 /aclocal.m4
@@ -13,6 +12,9 @@ perl/Makefile.config
 
 /corepkgs/config.nix
 
+# /corepkgs/buildenv/
+/corepkgs/buildenv/builder.pl
+
 # /corepkgs/channels/
 /corepkgs/channels/unpack.sh
 
@@ -32,10 +34,30 @@ perl/Makefile.config
 
 # /scripts/
 /scripts/nix-profile.sh
+/scripts/nix-pull
+/scripts/nix-push
+/scripts/nix-switch
+/scripts/nix-collect-garbage
+/scripts/nix-prefetch-url
+/scripts/nix-install-package
+/scripts/nix-channel
+/scripts/nix-build
 /scripts/nix-copy-closure
+/scripts/nix-generate-patches
+/scripts/NixConfig.pm
+/scripts/NixManifest.pm
+/scripts/GeneratePatches.pm
+/scripts/download-using-manifests.pl
+/scripts/copy-from-other-stores.pl
+/scripts/download-from-binary-cache.pl
+/scripts/find-runtime-roots.pl
+/scripts/build-remote.pl
 /scripts/nix-reduce-build
 /scripts/nix-http-export.cgi
-/scripts/nix-profile-daemon.sh
+
+# /src/bsdiff-4.3/
+/src/bsdiff-4.3/bsdiff
+/src/bsdiff-4.3/bspatch
 
 # /src/libexpr/
 /src/libexpr/lexer-tab.cc
@@ -46,44 +68,34 @@ perl/Makefile.config
 /src/libexpr/nix.tbl
 
 # /src/libstore/
-/src/libstore/*.gen.hh
-
-/src/nix/nix
+/src/libstore/schema.sql.hh
 
 # /src/nix-env/
 /src/nix-env/nix-env
 
+# /src/nix-hash/
+/src/nix-hash/nix-hash
+
 # /src/nix-instantiate/
 /src/nix-instantiate/nix-instantiate
 
+# /src/nix-log2xml/
+/src/nix-log2xml/nix-log2xml
+
 # /src/nix-store/
 /src/nix-store/nix-store
 
-/src/nix-prefetch-url/nix-prefetch-url
-
 # /src/nix-daemon/
 /src/nix-daemon/nix-daemon
 
-/src/nix-collect-garbage/nix-collect-garbage
-
-# /src/nix-channel/
-/src/nix-channel/nix-channel
-
-# /src/nix-build/
-/src/nix-build/nix-build
-
-/src/nix-copy-closure/nix-copy-closure
-
-/src/build-remote/build-remote
+# /src/download-via-ssh/
+/src/download-via-ssh/download-via-ssh
 
 # /tests/
 /tests/test-tmp
 /tests/common.sh
 /tests/dummy
 /tests/result*
-/tests/restricted-innocent
-/tests/shell
-/tests/shell.drv
 
 # /tests/lang/
 /tests/lang/*.out
@@ -97,20 +109,12 @@ perl/Makefile.config
 /misc/systemd/nix-daemon.socket
 /misc/upstart/nix-daemon.conf
 
-/src/resolve-system-dependencies/resolve-system-dependencies
-
-inst/
-
 *.a
 *.o
 *.so
-*.dylib
-*.dll
-*.exe
 *.dep
 *~
 *.pc
-*.plist
 
 # GNU Global
 GPATH

.travis.yml

@@ -1,2 +0,0 @@
-os: osx
-script: ./tests/install-darwin.sh

.version

@@ -1 +0,0 @@
-2.3

INSTALL

@@ -0,0 +1,229 @@
+Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
+Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   These are generic installation instructions.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  (Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.)
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You only need
+`configure.ac' if you want to change it or regenerate `configure' using
+a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.  If you're
+     using `csh' on an old version of System V, you might need to type
+     `sh ./configure' instead to prevent `csh' from trying to execute
+     `configure' itself.
+
+     Running `configure' takes awhile.  While running, it prints some
+     messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   If you have to use a `make' that does not support the `VPATH'
+variable, you have to compile the package for one architecture at a
+time in the source code directory.  After you have installed the
+package for one architecture, use `make distclean' before reconfiguring
+for another architecture.
+
+Installation Names
+==================
+
+   By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc.  You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the `--target=TYPE' option to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+will cause the specified gcc to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of the options to `configure', and exit.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+

Makefile

@@ -1,23 +1,31 @@
 makefiles = \
   local.mk \
+  src/boost/format/local.mk \
   src/libutil/local.mk \
   src/libstore/local.mk \
   src/libmain/local.mk \
   src/libexpr/local.mk \
-  src/nix/local.mk \
-  src/resolve-system-dependencies/local.mk \
+  src/nix-hash/local.mk \
+  src/nix-store/local.mk \
+  src/nix-instantiate/local.mk \
+  src/nix-env/local.mk \
+  src/nix-daemon/local.mk \
+  src/download-via-ssh/local.mk \
+  src/nix-log2xml/local.mk \
+  src/nix-pack/local.mk \
+  src/bsdiff-4.3/local.mk \
+  perl/local.mk \
   scripts/local.mk \
   corepkgs/local.mk \
   misc/systemd/local.mk \
-  misc/launchd/local.mk \
   misc/upstart/local.mk \
+  misc/emacs/local.mk \
   doc/manual/local.mk \
-  tests/local.mk \
-  tests/plugins/local.mk
+  tests/local.mk
 
-GLOBAL_CXXFLAGS += -g -Wall -include config.h
+GLOBAL_CXXFLAGS += -std=c++11 -g -Wall
 
--include Makefile.config
+include Makefile.config
 
 OPTIMIZE = 1
 

Makefile.config.in

@@ -1,28 +1,21 @@
-AR = @AR@
 BDW_GC_LIBS = @BDW_GC_LIBS@
-BUILD_SHARED_LIBS = @BUILD_SHARED_LIBS@
 CC = @CC@
 CFLAGS = @CFLAGS@
 CXX = @CXX@
 CXXFLAGS = @CXXFLAGS@
-ENABLE_S3 = @ENABLE_S3@
-HAVE_SODIUM = @HAVE_SODIUM@
-HAVE_READLINE = @HAVE_READLINE@
-HAVE_SECCOMP = @HAVE_SECCOMP@
-LIBCURL_LIBS = @LIBCURL_LIBS@
+HAVE_OPENSSL = @HAVE_OPENSSL@
 OPENSSL_LIBS = @OPENSSL_LIBS@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
-SODIUM_LIBS = @SODIUM_LIBS@
-LIBLZMA_LIBS = @LIBLZMA_LIBS@
-SQLITE3_LIBS = @SQLITE3_LIBS@
-LIBBROTLI_LIBS = @LIBBROTLI_LIBS@
-EDITLINE_LIBS = @EDITLINE_LIBS@
 bash = @bash@
 bindir = @bindir@
-lsof = @lsof@
+bsddiff_compat_include = @bsddiff_compat_include@
+curl = @curl@
 datadir = @datadir@
 datarootdir = @datarootdir@
+dblatex = @dblatex@
+docbookrng = @docbookrng@
+docbookxsl = @docbookxsl@
 docdir = @docdir@
 exec_prefix = @exec_prefix@
 includedir = @includedir@
@@ -30,11 +23,12 @@ libdir = @libdir@
 libexecdir = @libexecdir@
 localstatedir = @localstatedir@
 mandir = @mandir@
+perl = @perl@
+perlbindings = @perlbindings@
+perllibdir = @perllibdir@
 pkglibdir = $(libdir)/$(PACKAGE_NAME)
 prefix = @prefix@
-sandbox_shell = @sandbox_shell@
 storedir = @storedir@
 sysconfdir = @sysconfdir@
-doc_generate = @doc_generate@
 xmllint = @xmllint@
 xsltproc = @xsltproc@

README

@@ -0,0 +1,10 @@
+Nix is a purely functional package manager.  For installation and
+usage instructions, please read the manual, which can be found in
+`docs/manual/manual.html', and additionally at the Nix website at
+<http://nixos.org/>.
+
+
+Acknowledgments
+
+This product includes software developed by the OpenSSL Project for
+use in the OpenSSL Toolkit (http://www.OpenSSL.org/).

README.md

@@ -1,22 +0,0 @@
-Nix, the purely functional package manager
-------------------------------------------
-
-Nix is a new take on package management that is fairly unique. Because of its
-purity aspects, a lot of issues found in traditional package managers don't
-appear with Nix.
-
-To find out more about the tool, usage and installation instructions, please
-read the manual, which is available on the Nix website at
-<http://nixos.org/nix/manual>.
-
-## Contributing
-
-Take a look at the [Hacking Section](http://nixos.org/nix/manual/#chap-hacking)
-of the manual. It helps you to get started with building Nix from source.
-
-## License
-
-Nix is released under the LGPL v2.1
-
-This product includes software developed by the OpenSSL Project for
-use in the [OpenSSL Toolkit](http://www.OpenSSL.org/).

configure.ac

@@ -1,5 +1,5 @@
-AC_INIT(nix, m4_esyscmd([bash -c "echo -n $(cat ./.version)$VERSION_SUFFIX"]))
-AC_CONFIG_SRCDIR(README.md)
+AC_INIT(nix, m4_esyscmd([bash -c "echo -n $(cat ./version)$VERSION_SUFFIX"]))
+AC_CONFIG_SRCDIR(README)
 AC_CONFIG_AUX_DIR(config)
 
 AC_PROG_SED
@@ -16,14 +16,12 @@ AC_ARG_WITH(system, AC_HELP_STRING([--with-system=SYSTEM],
         machine_name="i686";;
      amd64)
         machine_name="x86_64";;
-     armv6|armv7)
-        machine_name="${host_cpu}l";;
      *)
         machine_name="$host_cpu";;
    esac
 
    case "$host_os" in
-     linux-gnu*|linux-musl*)
+     linux-gnu*)
         # For backward compatibility, strip the `-gnu' part.
         system="$machine_name-linux";;
      *)
@@ -50,7 +48,6 @@ test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var
 
 
 # Solaris-specific stuff.
-AC_STRUCT_DIRENT_D_TYPE
 if test "$sys_name" = sunos; then
     # Solaris requires -lsocket -lnsl for network functions
     LIBS="-lsocket -lnsl $LIBS"
@@ -61,10 +58,7 @@ CFLAGS=
 CXXFLAGS=
 AC_PROG_CC
 AC_PROG_CXX
-AC_PROG_CPP
-AX_CXX_COMPILE_STDCXX_17
 
-AC_CHECK_TOOL([AR], [ar])
 
 # Use 64-bit file system calls so that we can support files > 2 GiB.
 AC_SYS_LARGEFILE
@@ -82,7 +76,17 @@ static char buf[1024];]],
 AC_LANG_POP(C++)
 
 
-AC_CHECK_FUNCS([statvfs pipe2])
+# Check for chroot support (requires chroot() and bind mounts).
+AC_CHECK_FUNCS([chroot])
+AC_CHECK_FUNCS([unshare])
+AC_CHECK_FUNCS([statvfs])
+AC_CHECK_HEADERS([sched.h])
+AC_CHECK_HEADERS([sys/param.h])
+AC_CHECK_HEADERS([sys/mount.h], [], [],
+[#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+# endif
+])
 
 
 # Check for lutimes, optionally used for changing the mtime of
@@ -90,6 +94,10 @@ AC_CHECK_FUNCS([statvfs pipe2])
 AC_CHECK_FUNCS([lutimes])
 
 
+# Check for sched_setaffinity.
+AC_CHECK_FUNCS([sched_setaffinity])
+
+
 # Check whether the store optimiser can optimise symlinks.
 AC_MSG_CHECKING([whether it is possible to create a link to a symlink])
 ln -s bla tmp_link
@@ -108,6 +116,15 @@ AC_CHECK_HEADERS([locale])
 AC_LANG_POP(C++)
 
 
+# Check for <err.h>.
+AC_CHECK_HEADER([err.h], [], [bsddiff_compat_include="-Icompat-include"])
+AC_SUBST([bsddiff_compat_include])
+
+
+# Check for <linux/fs.h> (for immutable file support).
+AC_CHECK_HEADERS([linux/fs.h])
+
+
 AC_DEFUN([NEED_PROG],
 [
 AC_PATH_PROG($1, $2)
@@ -116,19 +133,39 @@ if test -z "$$1"; then
 fi
 ])
 
+NEED_PROG(curl, curl)
 NEED_PROG(bash, bash)
 NEED_PROG(patch, patch)
 AC_PATH_PROG(xmllint, xmllint, false)
 AC_PATH_PROG(xsltproc, xsltproc, false)
 AC_PATH_PROG(flex, flex, false)
 AC_PATH_PROG(bison, bison, false)
+NEED_PROG(perl, perl)
 NEED_PROG(sed, sed)
 NEED_PROG(tar, tar)
 NEED_PROG(bzip2, bzip2)
 NEED_PROG(gzip, gzip)
 NEED_PROG(xz, xz)
 AC_PATH_PROG(dot, dot)
-AC_PATH_PROG(lsof, lsof, lsof)
+AC_PATH_PROG(dblatex, dblatex)
+AC_PATH_PROG(pv, pv, pv)
+
+
+# Test that Perl has the open/fork feature (Perl 5.8.0 and beyond).
+AC_MSG_CHECKING([whether Perl is recent enough])
+if ! $perl -e 'open(FOO, "-|", "true"); while (<FOO>) { print; }; close FOO or die;'; then
+    AC_MSG_RESULT(no)
+    AC_MSG_ERROR([Your Perl version is too old.  Nix requires Perl 5.8.0 or newer.])
+fi
+AC_MSG_RESULT(yes)
+
+
+# Figure out where to install Perl modules.
+AC_MSG_CHECKING([for the Perl installation prefix])
+perlversion=$($perl -e 'use Config; print $Config{version};')
+perlarchname=$($perl -e 'use Config; print $Config{archname};')
+AC_SUBST(perllibdir, [${libdir}/perl5/site_perl/$perlversion/$perlarchname])
+AC_MSG_RESULT($perllibdir)
 
 
 NEED_PROG(cat, cat)
@@ -139,86 +176,46 @@ AC_ARG_WITH(coreutils-bin, AC_HELP_STRING([--with-coreutils-bin=PATH],
 AC_SUBST(coreutils)
 
 
+AC_ARG_WITH(docbook-rng, AC_HELP_STRING([--with-docbook-rng=PATH],
+  [path of the DocBook RelaxNG schema]),
+  docbookrng=$withval, docbookrng=/docbook-rng-missing)
+AC_SUBST(docbookrng)
+
+AC_ARG_WITH(docbook-xsl, AC_HELP_STRING([--with-docbook-xsl=PATH],
+  [path of the DocBook XSL stylesheets]),
+  docbookxsl=$withval, docbookxsl=/docbook-xsl-missing)
+AC_SUBST(docbookxsl)
+
+
 AC_ARG_WITH(store-dir, AC_HELP_STRING([--with-store-dir=PATH],
   [path of the Nix store (defaults to /nix/store)]),
   storedir=$withval, storedir='/nix/store')
 AC_SUBST(storedir)
 
 
-# Look for OpenSSL, a required dependency.
-PKG_CHECK_MODULES([OPENSSL], [libcrypto], [CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"])
+# Look for OpenSSL, an optional dependency.
+AC_PATH_PROG(openssl, openssl, openssl) # if not found, call openssl in $PATH
+AC_SUBST(openssl)
+AC_DEFINE_UNQUOTED(OPENSSL_PATH, ["$openssl"], [Path of the OpenSSL binary])
+
+PKG_CHECK_MODULES([OPENSSL], [libcrypto],
+  [AC_DEFINE([HAVE_OPENSSL], [1], [Whether to use OpenSSL.])
+   CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"
+   have_openssl=1], [have_openssl=])
+AC_SUBST(HAVE_OPENSSL, [$have_openssl])
 
 
 # Look for libbz2, a required dependency.
 AC_CHECK_LIB([bz2], [BZ2_bzWriteOpen], [true],
-  [AC_MSG_ERROR([Nix requires libbz2, which is part of bzip2.  See https://web.archive.org/web/20180624184756/http://www.bzip.org/.])])
+  [AC_MSG_ERROR([Nix requires libbz2, which is part of bzip2.  See http://www.bzip.org/.])])
 AC_CHECK_HEADERS([bzlib.h], [true],
-  [AC_MSG_ERROR([Nix requires libbz2, which is part of bzip2.  See https://web.archive.org/web/20180624184756/http://www.bzip.org/.])])
+  [AC_MSG_ERROR([Nix requires libbz2, which is part of bzip2.  See http://www.bzip.org/.])])
 
 
 # Look for SQLite, a required dependency.
 PKG_CHECK_MODULES([SQLITE3], [sqlite3 >= 3.6.19], [CXXFLAGS="$SQLITE3_CFLAGS $CXXFLAGS"])
 
 
-# Look for libcurl, a required dependency.
-PKG_CHECK_MODULES([LIBCURL], [libcurl], [CXXFLAGS="$LIBCURL_CFLAGS $CXXFLAGS"])
-
-# Look for editline, a required dependency.
-PKG_CHECK_MODULES([EDITLINE], [libeditline], [CXXFLAGS="$EDITLINE_CFLAGS $CXXFLAGS"])
-
-# Look for libsodium, an optional dependency.
-PKG_CHECK_MODULES([SODIUM], [libsodium],
-  [AC_DEFINE([HAVE_SODIUM], [1], [Whether to use libsodium for cryptography.])
-   CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"
-   have_sodium=1], [have_sodium=])
-AC_SUBST(HAVE_SODIUM, [$have_sodium])
-
-
-# Look for liblzma, a required dependency.
-PKG_CHECK_MODULES([LIBLZMA], [liblzma], [CXXFLAGS="$LIBLZMA_CFLAGS $CXXFLAGS"])
-AC_CHECK_LIB([lzma], [lzma_stream_encoder_mt],
-  [AC_DEFINE([HAVE_LZMA_MT], [1], [xz multithreaded compression support])])
-
-
-# Look for libbrotli{enc,dec}.
-PKG_CHECK_MODULES([LIBBROTLI], [libbrotlienc libbrotlidec], [CXXFLAGS="$LIBBROTLI_CFLAGS $CXXFLAGS"])
-
-
-# Look for libseccomp, required for Linux sandboxing.
-if test "$sys_name" = linux; then
-  AC_ARG_ENABLE([seccomp-sandboxing],
-                AC_HELP_STRING([--disable-seccomp-sandboxing],
-                               [Don't build support for seccomp sandboxing (only recommended if your arch doesn't support libseccomp yet!)]
-                              ))
-  if test "x$enable_seccomp_sandboxing" != "xno"; then
-    PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
-                      [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
-    have_seccomp=1
-    AC_DEFINE([HAVE_SECCOMP], [1], [Whether seccomp is available and should be used for sandboxing.])
-  else
-    have_seccomp=
-  fi
-else
-  have_seccomp=
-fi
-AC_SUBST(HAVE_SECCOMP, [$have_seccomp])
-
-
-# Look for aws-cpp-sdk-s3.
-AC_LANG_PUSH(C++)
-AC_CHECK_HEADERS([aws/s3/S3Client.h],
-  [AC_DEFINE([ENABLE_S3], [1], [Whether to enable S3 support via aws-sdk-cpp.])
-  enable_s3=1], [enable_s3=])
-AC_SUBST(ENABLE_S3, [$enable_s3])
-AC_LANG_POP(C++)
-
-if test -n "$enable_s3"; then
-  declare -a aws_version_tokens=($(printf '#include <aws/core/VersionConfig.h>\nAWS_SDK_VERSION_STRING' | $CPP $CPPFLAGS - | grep -v '^#.*' | sed 's/"//g' | tr '.' ' '))
-  AC_DEFINE_UNQUOTED([AWS_VERSION_MAJOR], ${aws_version_tokens@<:@0@:>@}, [Major version of aws-sdk-cpp.])
-  AC_DEFINE_UNQUOTED([AWS_VERSION_MINOR], ${aws_version_tokens@<:@1@:>@}, [Minor version of aws-sdk-cpp.])
-fi
-
-
 # Whether to use the Boehm garbage collector.
 AC_ARG_ENABLE(gc, AC_HELP_STRING([--enable-gc],
   [enable garbage collection in the Nix expression evaluator (requires Boehm GC) [default=no]]),
@@ -230,11 +227,55 @@ if test "$gc" = yes; then
 fi
 
 
-# documentation generation switch
-AC_ARG_ENABLE(doc-gen, AC_HELP_STRING([--disable-doc-gen],
-  [disable documentation generation]),
-  doc_generate=$enableval, doc_generate=yes)
-AC_SUBST(doc_generate)
+# Check for the required Perl dependencies (DBI, DBD::SQLite and WWW::Curl).
+perlFlags="-I$perllibdir"
+
+AC_ARG_WITH(dbi, AC_HELP_STRING([--with-dbi=PATH],
+  [prefix of the Perl DBI library]),
+  perlFlags="$perlFlags -I$withval")
+
+AC_ARG_WITH(dbd-sqlite, AC_HELP_STRING([--with-dbd-sqlite=PATH],
+  [prefix of the Perl DBD::SQLite library]),
+  perlFlags="$perlFlags -I$withval")
+
+AC_ARG_WITH(www-curl, AC_HELP_STRING([--with-www-curl=PATH],
+  [prefix of the Perl WWW::Curl library]),
+  perlFlags="$perlFlags -I$withval")
+
+AC_MSG_CHECKING([whether DBD::SQLite works])
+if ! $perl $perlFlags -e 'use DBI; use DBD::SQLite;' 2>&5; then
+    AC_MSG_RESULT(no)
+    AC_MSG_FAILURE([The Perl modules DBI and/or DBD::SQLite are missing.])
+fi
+AC_MSG_RESULT(yes)
+
+AC_MSG_CHECKING([whether WWW::Curl works])
+if ! $perl $perlFlags -e 'use WWW::Curl;' 2>&5; then
+    AC_MSG_RESULT(no)
+    AC_MSG_FAILURE([The Perl module WWW::Curl is missing.])
+fi
+AC_MSG_RESULT(yes)
+
+AC_SUBST(perlFlags)
+
+
+# Whether to build the Perl bindings
+AC_MSG_CHECKING([whether to build the Perl bindings])
+AC_ARG_ENABLE(perl-bindings, AC_HELP_STRING([--enable-perl-bindings],
+  [whether to build the Perl bindings (recommended) [default=yes]]),
+  perlbindings=$enableval, perlbindings=yes)
+if test "$enable_shared" = no; then
+   # Perl bindings require shared libraries.
+   perlbindings=no
+fi
+AC_SUBST(perlbindings)
+AC_MSG_RESULT($perlbindings)
+
+
+AC_ARG_ENABLE(init-state, AC_HELP_STRING([--disable-init-state],
+  [do not initialise DB etc. in `make install']),
+  init_state=$enableval, init_state=yes)
+#AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes")
 
 
 # Setuid installations.
@@ -242,7 +283,7 @@ AC_CHECK_FUNCS([setresuid setreuid lchown])
 
 
 # Nice to have, but not essential.
-AC_CHECK_FUNCS([strsignal posix_fallocate sysconf])
+AC_CHECK_FUNCS([strsignal posix_fallocate nanosleep sysconf])
 
 
 # This is needed if bzip2 is a static library, and the Nix libraries
@@ -252,6 +293,11 @@ if test "$(uname)" = "Darwin"; then
 fi
 
 
+# Figure out the extension of dynamic libraries.
+eval dynlib_suffix=$shrext_cmds
+AC_SUBST(dynlib_suffix)
+
+
 # Do we have GNU tar?
 AC_MSG_CHECKING([if you have a recent GNU tar])
 if $tar --version 2> /dev/null | grep -q GNU && tar cvf /dev/null --warning=no-timestamp ./config.log > /dev/null; then
@@ -263,21 +309,6 @@ fi
 AC_SUBST(tarFlags)
 
 
-AC_ARG_WITH(sandbox-shell, AC_HELP_STRING([--with-sandbox-shell=PATH],
-  [path of a statically-linked shell to use as /bin/sh in sandboxes]),
-  sandbox_shell=$withval)
-AC_SUBST(sandbox_shell)
-
-AC_ARG_ENABLE(shared, AC_HELP_STRING([--enable-shared],
-  [Build shared libraries for Nix [default=yes]]),
-  shared=$enableval, shared=yes)
-if test "$shared" = yes; then
-  AC_SUBST(BUILD_SHARED_LIBS, 1, [Whether to build shared libraries.])
-else
-  AC_SUBST(BUILD_SHARED_LIBS, 0, [Whether to build shared libraries.])
-fi
-
-
 # Expand all variables in config.status.
 test "$prefix" = NONE && prefix=$ac_default_prefix
 test "$exec_prefix" = NONE && exec_prefix='${prefix}'

corepkgs/buildenv.nix

@@ -1,11 +1,14 @@
+with import <nix/config.nix>;
+
 { derivations, manifest }:
 
 derivation {
   name = "user-environment";
-  system = "builtin";
-  builder = "builtin:buildenv";
+  system = builtins.currentSystem;
+  builder = perl;
+  args = [ "-w" ./buildenv.pl ];
 
-  inherit manifest;
+  manifest = manifest;
 
   # !!! grmbl, need structured data for passing this in a clean way.
   derivations =
@@ -20,6 +23,6 @@ derivation {
   # network traffic, so don't do that.
   preferLocalBuild = true;
 
-  # Also don't bother substituting.
-  allowSubstitutes = false;
+  # Don't build in a chroot because Nix's dependencies may not be there.
+  __noChroot = true;
 }

corepkgs/buildenv.pl

@@ -0,0 +1,168 @@
+use strict;
+use Cwd;
+use IO::Handle;
+use utf8;
+
+STDOUT->autoflush(1);
+
+my $out = $ENV{"out"};
+mkdir "$out", 0755 || die "error creating $out";
+
+
+my $symlinks = 0;
+
+my %priorities;
+
+
+# For each activated package, create symlinks.
+
+sub createLinks {
+    my $srcDir = shift;
+    my $dstDir = shift;
+    my $priority = shift;
+
+    my @srcFiles = glob("$srcDir/*");
+
+    foreach my $srcFile (@srcFiles) {
+        my $baseName = $srcFile;
+        $baseName =~ s/^.*\///g; # strip directory
+        my $dstFile = "$dstDir/$baseName";
+
+        # The files below are special-cased so that they don't show up
+        # in user profiles, either because they are useless, or
+        # because they would cause pointless collisions (e.g., each
+        # Python package brings its own
+        # `$out/lib/pythonX.Y/site-packages/easy-install.pth'.)
+        # Urgh, hacky...
+        if ($srcFile =~ /\/propagated-build-inputs$/ ||
+            $srcFile =~ /\/nix-support$/ ||
+            $srcFile =~ /\/perllocal.pod$/ ||
+            $srcFile =~ /\/info\/dir$/ ||
+            $srcFile =~ /\/log$/)
+        {
+            # Do nothing.
+        }
+
+        elsif (-d $srcFile) {
+
+            lstat $dstFile;
+
+            if (-d _) {
+                createLinks($srcFile, $dstFile, $priority);
+            }
+
+            elsif (-l _) {
+                my $target = readlink $dstFile or die;
+                if (!-d $target) {
+                    die "collision between directory ‘$srcFile’ and non-directory ‘$target’";
+                }
+                unlink $dstFile or die "error unlinking ‘$dstFile’: $!";
+                mkdir $dstFile, 0755 ||
+                    die "error creating directory ‘$dstFile’: $!";
+                createLinks($target, $dstFile, $priorities{$dstFile});
+                createLinks($srcFile, $dstFile, $priority);
+            }
+
+            else {
+                symlink($srcFile, $dstFile) ||
+                    die "error creating link ‘$dstFile’: $!";
+                $priorities{$dstFile} = $priority;
+                $symlinks++;
+            }
+        }
+
+        else {
+
+            if (-l $dstFile) {
+                my $target = readlink $dstFile;
+                my $prevPriority = $priorities{$dstFile};
+                die("collision between ‘$srcFile’ and ‘$target’; " .
+                    "use ‘nix-env --set-flag priority NUMBER PKGNAME’ " .
+                    "to change the priority of one of the conflicting packages\n")
+                    if $prevPriority == $priority;
+                next if $prevPriority < $priority;
+                unlink $dstFile or die;
+            }
+
+            symlink($srcFile, $dstFile) ||
+                die "error creating link ‘$dstFile’: $!";
+            $priorities{$dstFile} = $priority;
+            $symlinks++;
+        }
+    }
+}
+
+
+my %done;
+my %postponed;
+
+sub addPkg;
+sub addPkg {
+    my $pkgDir = shift;
+    my $priority = shift;
+
+    return if (defined $done{$pkgDir});
+    $done{$pkgDir} = 1;
+
+#    print "symlinking $pkgDir\n";
+    createLinks("$pkgDir", "$out", $priority);
+
+    my $propagatedFN = "$pkgDir/nix-support/propagated-user-env-packages";
+    if (-e $propagatedFN) {
+        open PROP, "<$propagatedFN" or die;
+        my $propagated = <PROP>;
+        close PROP;
+        my @propagated = split ' ', $propagated;
+        foreach my $p (@propagated) {
+            $postponed{$p} = 1 unless defined $done{$p};
+        }
+    }
+}
+
+
+# Convert the stuff we get from the environment back into a coherent
+# data type.
+my @pkgs;
+my @derivations = split ' ', $ENV{"derivations"};
+while (scalar @derivations) {
+    my $active = shift @derivations;
+    my $priority = shift @derivations;
+    my $outputs = shift @derivations;
+    for (my $n = 0; $n < $outputs; $n++) {
+        my $path = shift @derivations;
+        push @pkgs,
+            { path => $path
+            , active => $active ne "false"
+            , priority => int($priority) };
+    }
+}
+
+
+# Symlink to the packages that have been installed explicitly by the
+# user.  Process in priority order to reduce unnecessary
+# symlink/unlink steps.
+@pkgs = sort { $a->{priority} <=> $b->{priority} || $a->{path} cmp $b->{path} } @pkgs;
+foreach my $pkg (@pkgs) {
+    #print $pkg, " ", $pkgs{$pkg}->{priority}, "\n";
+    addPkg($pkg->{path}, $pkg->{priority}) if $pkg->{active};
+}
+
+
+# Symlink to the packages that have been "propagated" by packages
+# installed by the user (i.e., package X declares that it want Y
+# installed as well).  We do these later because they have a lower
+# priority in case of collisions.
+my $priorityCounter = 1000; # don't care about collisions
+while (scalar(keys %postponed) > 0) {
+    my @pkgDirs = keys %postponed;
+    %postponed = ();
+    foreach my $pkgDir (sort @pkgDirs) {
+        addPkg($pkgDir, $priorityCounter++);
+    }
+}
+
+
+print STDERR "created $symlinks symlinks in user environment\n";
+
+
+symlink($ENV{"manifest"}, "$out/manifest.nix") or die "cannot create manifest";

corepkgs/config.nix.in

@@ -2,7 +2,8 @@ let
   fromEnv = var: def:
     let val = builtins.getEnv var; in
     if val != "" then val else def;
-in rec {
+in {
+  perl = "@perl@";
   shell = "@bash@";
   coreutils = "@coreutils@";
   bzip2 = "@bzip2@";
@@ -11,19 +12,6 @@ in rec {
   tar = "@tar@";
   tarFlags = "@tarFlags@";
   tr = "@tr@";
+  curl = "@curl@";
   nixBinDir = fromEnv "NIX_BIN_DIR" "@bindir@";
-  nixPrefix = "@prefix@";
-  nixLibexecDir = fromEnv "NIX_LIBEXEC_DIR" "@libexecdir@";
-  nixLocalstateDir = "@localstatedir@";
-  nixSysconfDir = "@sysconfdir@";
-  nixStoreDir = fromEnv "NIX_STORE_DIR" "@storedir@";
-
-  # If Nix is installed in the Nix store, then automatically add it as
-  # a dependency to the core packages. This ensures that they work
-  # properly in a chroot.
-  chrootDeps =
-    if dirOf nixPrefix == builtins.storeDir then
-      [ (builtins.storePath nixPrefix) ]
-    else
-      [ ];
 }

corepkgs/fetchurl.nix

@@ -1,33 +1,40 @@
-{ system ? "" # obsolete
-, url
-, hash ? "" # an SRI ash
+with import <nix/config.nix>;
 
-# Legacy hash specification
-, md5 ? "", sha1 ? "", sha256 ? "", sha512 ? ""
-, outputHash ?
-    if hash != "" then hash else if sha512 != "" then sha512 else if sha1 != "" then sha1 else if md5 != "" then md5 else sha256
-, outputHashAlgo ?
-    if hash != "" then "" else if sha512 != "" then "sha512" else if sha1 != "" then "sha1" else if md5 != "" then "md5" else "sha256"
+{system ? builtins.currentSystem, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? "", executable ? false}:
 
-, executable ? false
-, unpack ? false
-, name ? baseNameOf (toString url)
-}:
+assert (outputHash != "" && outputHashAlgo != "")
+    || md5 != "" || sha1 != "" || sha256 != "";
 
+let
+
+  builder = builtins.toFile "fetchurl.sh"
+    (''
+      echo "downloading $url into $out"
+      ${curl} --fail --location --max-redirs 20 --insecure "$url" > "$out"
+    '' + (if executable then "${coreutils}/chmod +x $out" else ""));
+
+in
+    
 derivation {
-  builder = "builtin:fetchurl";
+  name = baseNameOf (toString url);
+  builder = shell;
+  args = [ "-e" builder ];
 
   # New-style output content requirements.
-  inherit outputHashAlgo outputHash;
-  outputHashMode = if unpack || executable then "recursive" else "flat";
-
-  inherit name url executable unpack;
-
-  system = "builtin";
+  outputHashAlgo = if outputHashAlgo != "" then outputHashAlgo else
+      if sha256 != "" then "sha256" else if sha1 != "" then "sha1" else "md5";
+  outputHash = if outputHash != "" then outputHash else
+      if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5;
+  outputHashMode = if executable then "recursive" else "flat";
+  
+  inherit system url;
 
   # No need to double the amount of network traffic
   preferLocalBuild = true;
 
+  # Don't build in a chroot because Nix's dependencies may not be there.
+  __noChroot = true;
+
   impureEnvVars = [
     # We borrow these environment variables from the caller to allow
     # easy proxy configuration.  This is impure, but a fixed-output
@@ -35,7 +42,4 @@ derivation {
     # by definition pure.
     "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
   ];
-
-  # To make "nix-prefetch-url" work.
-  urls = [ url ];
 }

corepkgs/imported-drv-to-derivation.nix

@@ -1,10 +1,10 @@
-attrs @ { drvPath, outputs, name, ... }:
+attrs @ { drvPath, outputs, ... }:
 
 let
 
   commonAttrs = (builtins.listToAttrs outputsList) //
     { all = map (x: x.value) outputsList;
-      inherit drvPath name;
+      inherit drvPath;
       type = "derivation";
     };
 

corepkgs/local.mk

@@ -1,4 +1,4 @@
-corepkgs_FILES = buildenv.nix unpack-channel.nix derivation.nix fetchurl.nix imported-drv-to-derivation.nix
+corepkgs_FILES = nar.nix buildenv.nix buildenv.pl unpack-channel.nix derivation.nix fetchurl.nix imported-drv-to-derivation.nix
 
 $(foreach file,config.nix $(corepkgs_FILES),$(eval $(call install-data-in,$(d)/$(file),$(datadir)/nix/corepkgs)))
 

corepkgs/nar.nix

@@ -0,0 +1,49 @@
+with import <nix/config.nix>;
+
+let
+
+  builder = builtins.toFile "nar.sh"
+    ''
+      export PATH=${nixBinDir}:${coreutils}
+
+      if [ $compressionType = xz ]; then
+        ext=.xz
+        compressor="| ${xz} -7"
+      elif [ $compressionType = bzip2 ]; then
+        ext=.bz2
+        compressor="| ${bzip2}"
+      else
+        ext=
+        compressor=
+      fi
+
+      echo "packing ‘$storePath’..."
+      mkdir $out
+      dst=$out/tmp.nar$ext
+
+      set -o pipefail
+      eval "nix-store --dump \"$storePath\" $compressor > $dst"
+
+      hash=$(nix-hash --flat --type $hashAlgo --base32 $dst)
+      echo -n $hash > $out/nar-compressed-hash
+
+      mv $dst $out/$hash.nar$ext
+    '';
+
+in
+
+{ storePath, hashAlgo, compressionType }:
+
+derivation {
+  name = "nar";
+  system = builtins.currentSystem;
+  builder = shell;
+  args = [ "-e" builder ];
+  inherit storePath hashAlgo compressionType;
+
+  # Don't build in a chroot because Nix's dependencies may not be there.
+  __noChroot = true;
+
+  # Remote machines may not have ${nixBinDir} or ${coreutils} in the same prefixes
+  preferLocalBuild = true;
+}

corepkgs/unpack-channel.nix

@@ -15,9 +15,7 @@ let
       else
         ${bzip2} -d < $src | ${tar} xf - ${tarFlags}
       fi
-      if [ * != $channelName ]; then
-        mv * $out/$channelName
-      fi
+      mv * $out/$channelName
       if [ -n "$binaryCacheURL" ]; then
         mkdir $out/binary-caches
         echo -n "$binaryCacheURL" > $out/binary-caches/$channelName
@@ -39,5 +37,6 @@ derivation {
   # No point in doing this remotely.
   preferLocalBuild = true;
 
-  inherit chrootDeps;
+  # Don't build in a chroot because Nix's dependencies may not be there.
+  __noChroot = true;
 }

dev-shell

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+if [ -e tests/test-tmp ]; then
+    chmod -R u+w tests/test-tmp
+    rm -rf tests/test-tmp
+fi
+
+s=$(type -p nix-shell)
+exec $s release.nix -A tarball --command "
+    unset http_proxy
+    export NIX_REMOTE=$NIX_REMOTE
+    export NIX_PATH='$NIX_PATH'
+    export NIX_BUILD_SHELL=$(type -p bash)
+    export c=\$configureFlags
+    exec $s release.nix -A build.$(if [ $(uname -s) = Darwin ]; then echo x86_64-darwin; else echo x86_64-linux; fi) --exclude tarball --command '
+        configureFlags+=\" \$c --prefix=$(pwd)/inst --sysconfdir=$(pwd)/inst/etc\"
+        return
+    '" \
+    "$@"

doc/manual/advanced-topics/advanced-topics.xml

@@ -1,11 +0,0 @@
-<part xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      xml:id="part-advanced-topics"
-      version="5.0">
-
-<title>Advanced Topics</title>
-
-<xi:include href="distributed-builds.xml" />
-
-</part>

doc/manual/advanced-topics/distributed-builds.xml

@@ -1,187 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id='chap-distributed-builds'>
-
-<title>Remote Builds</title>
-
-<para>Nix supports remote builds, where a local Nix installation can
-forward Nix builds to other machines.  This allows multiple builds to
-be performed in parallel and allows Nix to perform multi-platform
-builds in a semi-transparent way.  For instance, if you perform a
-build for a <literal>x86_64-darwin</literal> on an
-<literal>i686-linux</literal> machine, Nix can automatically forward
-the build to a <literal>x86_64-darwin</literal> machine, if
-available.</para>
-
-<para>To forward a build to a remote machine, it’s required that the
-remote machine is accessible via SSH and that it has Nix
-installed. You can test whether connecting to the remote Nix instance
-works, e.g.
-
-<screen>
-$ nix ping-store --store ssh://mac
-</screen>
-
-will try to connect to the machine named <literal>mac</literal>. It is
-possible to specify an SSH identity file as part of the remote store
-URI, e.g.
-
-<screen>
-$ nix ping-store --store ssh://mac?ssh-key=/home/alice/my-key
-</screen>
-
-Since builds should be non-interactive, the key should not have a
-passphrase. Alternatively, you can load identities ahead of time into
-<command>ssh-agent</command> or <command>gpg-agent</command>.</para>
-
-<para>If you get the error
-
-<screen>
-bash: nix-store: command not found
-error: cannot connect to 'mac'
-</screen>
-
-then you need to ensure that the <envar>PATH</envar> of
-non-interactive login shells contains Nix.</para>
-
-<warning><para>If you are building via the Nix daemon, it is the Nix
-daemon user account (that is, <literal>root</literal>) that should
-have SSH access to the remote machine. If you can’t or don’t want to
-configure <literal>root</literal> to be able to access to remote
-machine, you can use a private Nix store instead by passing
-e.g. <literal>--store ~/my-nix</literal>.</para></warning>
-
-<para>The list of remote machines can be specified on the command line
-or in the Nix configuration file. The former is convenient for
-testing. For example, the following command allows you to build a
-derivation for <literal>x86_64-darwin</literal> on a Linux machine:
-
-<screen>
-$ uname
-Linux
-
-$ nix build \
-  '(with import &lt;nixpkgs> { system = "x86_64-darwin"; }; runCommand "foo" {} "uname > $out")' \
-  --builders 'ssh://mac x86_64-darwin'
-[1/0/1 built, 0.0 MiB DL] building foo on ssh://mac
-
-$ cat ./result
-Darwin
-</screen>
-
-It is possible to specify multiple builders separated by a semicolon
-or a newline, e.g.
-
-<screen>
-  --builders 'ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd'
-</screen>
-</para>
-
-<para>Each machine specification consists of the following elements,
-separated by spaces. Only the first element is required.
-To leave a field at its default, set it to <literal>-</literal>.
-
-<orderedlist>
-
-  <listitem><para>The URI of the remote store in the format
-  <literal>ssh://[<replaceable>username</replaceable>@]<replaceable>hostname</replaceable></literal>,
-  e.g. <literal>ssh://nix@mac</literal> or
-  <literal>ssh://mac</literal>. For backward compatibility,
-  <literal>ssh://</literal> may be omitted. The hostname may be an
-  alias defined in your
-  <filename>~/.ssh/config</filename>.</para></listitem>
-
-  <listitem><para>A comma-separated list of Nix platform type
-  identifiers, such as <literal>x86_64-darwin</literal>.  It is
-  possible for a machine to support multiple platform types, e.g.,
-  <literal>i686-linux,x86_64-linux</literal>. If omitted, this
-  defaults to the local platform type.</para></listitem>
-
-  <listitem><para>The SSH identity file to be used to log in to the
-  remote machine. If omitted, SSH will use its regular
-  identities.</para></listitem>
-
-  <listitem><para>The maximum number of builds that Nix will execute
-  in parallel on the machine.  Typically this should be equal to the
-  number of CPU cores.  For instance, the machine
-  <literal>itchy</literal> in the example will execute up to 8 builds
-  in parallel.</para></listitem>
-
-  <listitem><para>The “speed factor”, indicating the relative speed of
-  the machine.  If there are multiple machines of the right type, Nix
-  will prefer the fastest, taking load into account.</para></listitem>
-
-  <listitem><para>A comma-separated list of <emphasis>supported
-  features</emphasis>.  If a derivation has the
-  <varname>requiredSystemFeatures</varname> attribute, then Nix will
-  only perform the derivation on a machine that has the specified
-  features.  For instance, the attribute
-
-<programlisting>
-requiredSystemFeatures = [ "kvm" ];
-</programlisting>
-
-  will cause the build to be performed on a machine that has the
-  <literal>kvm</literal> feature.</para></listitem>
-
-  <listitem><para>A comma-separated list of <emphasis>mandatory
-  features</emphasis>.  A machine will only be used to build a
-  derivation if all of the machine’s mandatory features appear in the
-  derivation’s <varname>requiredSystemFeatures</varname>
-  attribute..</para></listitem>
-
-</orderedlist>
-
-For example, the machine specification
-
-<programlisting>
-nix@scratchy.labs.cs.uu.nl  i686-linux      /home/nix/.ssh/id_scratchy_auto        8 1 kvm
-nix@itchy.labs.cs.uu.nl     i686-linux      /home/nix/.ssh/id_scratchy_auto        8 2
-nix@poochie.labs.cs.uu.nl   i686-linux      /home/nix/.ssh/id_scratchy_auto        1 2 kvm benchmark
-</programlisting>
-
-specifies several machines that can perform
-<literal>i686-linux</literal> builds. However,
-<literal>poochie</literal> will only do builds that have the attribute
-
-<programlisting>
-requiredSystemFeatures = [ "benchmark" ];
-</programlisting>
-
-or
-
-<programlisting>
-requiredSystemFeatures = [ "benchmark" "kvm" ];
-</programlisting>
-
-<literal>itchy</literal> cannot do builds that require
-<literal>kvm</literal>, but <literal>scratchy</literal> does support
-such builds. For regular builds, <literal>itchy</literal> will be
-preferred over <literal>scratchy</literal> because it has a higher
-speed factor.</para>
-
-<para>Remote builders can also be configured in
-<filename>nix.conf</filename>, e.g.
-
-<programlisting>
-builders = ssh://mac x86_64-darwin ; ssh://beastie x86_64-freebsd
-</programlisting>
-
-Finally, remote builders can be configured in a separate configuration
-file included in <option>builders</option> via the syntax
-<literal>@<replaceable>file</replaceable></literal>. For example,
-
-<programlisting>
-builders = @/etc/nix/machines
-</programlisting>
-
-causes the list of machines in <filename>/etc/nix/machines</filename>
-to be included. (This is the default.)</para>
-
-<para>If you want the builders to use caches, you likely want to set
-the option <link linkend='conf-builders-use-substitutes'><literal>builders-use-substitutes</literal></link>
-in your local <filename>nix.conf</filename>.</para>
-
-</chapter>

doc/manual/builds/build-farm.xml

@@ -0,0 +1,22 @@
+<part xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id='chap-distributed-builds'>
+
+<title>Distributed Builds</title>
+
+<partintro>
+<para>Nix supports distributed builds, where a local Nix installation can
+forward Nix builds to other machines over the network.  This allows
+multiple builds to be performed in parallel (thus improving
+performance) and allows Nix to perform multi-platform builds in a
+semi-transparent way.  For instance, if you perform a build for a
+<literal>powerpc-darwin</literal> on an <literal>i686-linux</literal>
+machine, Nix can automatically forward the build to a
+<literal>powerpc-darwin</literal> machine, if available.</para>
+</partintro>
+
+<xi:include href="enabling-builds.xml" />
+
+</part>

doc/manual/builds/enabling-builds.xml

@@ -0,0 +1,106 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="ch-enabling-builds">
+
+<title>Enabling Distributed Builds</title>
+
+<para>You can enable distributed builds by setting the environment
+variable <envar>NIX_BUILD_HOOK</envar> to point to a program that Nix
+will call whenever it wants to build a derivation.  The build hook
+(typically a shell or Perl script) can decline the build, in which Nix
+will perform it in the usual way if possible, or it can accept it, in
+which case it is responsible for somehow getting the inputs of the
+build to another machine, doing the build there, and getting the
+results back.  The details of the build hook protocol are described in
+the documentation of the <link
+linkend="envar-build-hook"><envar>NIX_BUILD_HOOK</envar>
+variable</link>.</para>
+
+<example xml:id='ex-remote-systems'><title>Remote machine configuration:
+<filename>remote-systems.conf</filename></title>
+<programlisting>
+nix@mcflurry.labs.cs.uu.nl  powerpc-darwin  /home/nix/.ssh/id_quarterpounder_auto  2
+nix@scratchy.labs.cs.uu.nl  i686-linux      /home/nix/.ssh/id_scratchy_auto        8 1 kvm
+nix@itchy.labs.cs.uu.nl     i686-linux      /home/nix/.ssh/id_scratchy_auto        8 2
+nix@poochie.labs.cs.uu.nl   i686-linux      /home/nix/.ssh/id_scratchy_auto        8 2 kvm perf
+</programlisting>
+</example>
+
+<para>Nix ships with a build hook that should be suitable for most
+purposes.  It uses <command>ssh</command> and
+<command>nix-copy-closure</command> to copy the build inputs and
+outputs and perform the remote build.  To use it, you should set
+<envar>NIX_BUILD_HOOK</envar> to
+<filename><replaceable>prefix</replaceable>/libexec/nix/build-remote.pl</filename>.
+You should also define a list of available build machines and point
+the environment variable <envar>NIX_REMOTE_SYSTEMS</envar> to it.  An
+example configuration is shown in <xref linkend='ex-remote-systems'
+/>.  Each line in the file specifies a machine, with the following
+bits of information:
+
+<orderedlist>
+  
+  <listitem><para>The name of the remote machine, with optionally the
+  user under which the remote build should be performed.  This is
+  actually passed as an argument to <command>ssh</command>, so it can
+  be an alias defined in your
+  <filename>~/.ssh/config</filename>.</para></listitem>
+
+  <listitem><para>A comma-separated list of Nix platform type
+  identifiers, such as <literal>powerpc-darwin</literal>.  It is
+  possible for a machine to support multiple platform types, e.g.,
+  <literal>i686-linux,x86_64-linux</literal>.</para></listitem>
+
+  <listitem><para>The SSH private key to be used to log in to the
+  remote machine.  Since builds should be non-interactive, this key
+  should not have a passphrase!</para></listitem>
+
+  <listitem><para>The maximum number of builds that
+  <filename>build-remote.pl</filename> will execute in parallel on the
+  machine.  Typically this should be equal to the number of CPU cores.
+  For instance, the machine <literal>itchy</literal> in the example
+  will execute up to 8 builds in parallel.</para></listitem>
+
+  <listitem><para>The “speed factor”, indicating the relative speed of
+  the machine.  If there are multiple machines of the right type, Nix
+  will prefer the fastest, taking load into account.</para></listitem>
+
+  <listitem><para>A comma-separated list of <emphasis>supported
+  features</emphasis>.  If a derivation has the
+  <varname>requiredSystemFeatures</varname> attribute, then
+  <filename>build-remote.pl</filename> will only perform the
+  derivation on a machine that has the specified features.  For
+  instance, the attribute
+  
+<programlisting>
+requiredSystemFeatures = [ "kvm" ];  
+</programlisting>
+
+  will cause the build to be performed on a machine that has the
+  <literal>kvm</literal> feature (i.e., <literal>scratchy</literal> in
+  the example above).</para></listitem>
+
+  <listitem><para>A comma-separated list of <emphasis>mandatory
+  features</emphasis>.  A machine will only be used to build a
+  derivation if all of the machine’s mandatory features appear in the
+  derivation’s <varname>requiredSystemFeatures</varname> attribute.
+  Thus, in the example, the machine <literal>poochie</literal> will
+  only do derivations that have
+  <varname>requiredSystemFeatures</varname> set to <literal>["kvm"
+  "perf"]</literal> or <literal>["perf"]</literal>.</para></listitem>
+
+</orderedlist>
+
+You should also set up the environment variable
+<envar>NIX_CURRENT_LOAD</envar> to point at a directory (e.g.,
+<filename>/var/run/nix/current-load</filename>) that
+<filename>build-remote.pl</filename> uses to remember how many builds
+it is currently executing remotely.  It doesn't look at the actual
+load on the remote machine, so if you have multiple instances of Nix
+running, they should use the same <envar>NIX_CURRENT_LOAD</envar>
+file.  Maybe in the future <filename>build-remote.pl</filename> will
+look at the actual remote load.</para>
+
+</chapter>

doc/manual/command-ref/env-common.xml

@@ -11,12 +11,6 @@
 
 <variablelist xml:id="env-common">
 
-<varlistentry><term><envar>IN_NIX_SHELL</envar></term>
-
-  <listitem><para>Indicator that tells if the current environment was set up by
-  <command>nix-shell</command>.</para></listitem>
-
-</varlistentry>
 
 <varlistentry xml:id="env-NIX_PATH"><term><envar>NIX_PATH</envar></term>
 
@@ -42,24 +36,7 @@ nixpkgs=/home/eelco/Dev/nixpkgs-branch:/etc/nixos</screen>
     <literal>&lt;nixpkgs/<replaceable>path</replaceable>></literal> in
     <filename>/home/eelco/Dev/nixpkgs-branch/<replaceable>path</replaceable></filename>
     and
-    <filename>/etc/nixos/nixpkgs/<replaceable>path</replaceable></filename>.</para>
-
-    <para>If a path in the Nix search path starts with
-    <literal>http://</literal> or <literal>https://</literal>, it is
-    interpreted as the URL of a tarball that will be downloaded and
-    unpacked to a temporary location. The tarball must consist of a
-    single top-level directory. For example, setting
-    <envar>NIX_PATH</envar> to
-
-    <screen>
-nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-15.09.tar.gz</screen>
-
-    tells Nix to download the latest revision in the Nixpkgs/NixOS
-    15.09 channel.</para>
-
-    <para>A following shorthand can be used to refer to the official channels:
-    
-    <screen>nixpkgs=channel:nixos-15.09</screen>
+    <filename>/etc/nixos/nixpkgs/<replaceable>path</replaceable></filename>.
     </para>
 
     <para>The search path can be extended using the <option
@@ -134,6 +111,15 @@ $ mount -o bind /mnt/otherdisk/nix /nix</screen>
 </varlistentry>
 
 
+<varlistentry><term><envar>NIX_DB_DIR</envar></term>
+
+  <listitem><para>Overrides the location of the Nix database (default
+  <filename><replaceable>$NIX_STATE_DIR</replaceable>/db</filename>, i.e.,
+  <filename><replaceable>prefix</replaceable>/var/nix/db</filename>).</para></listitem>
+
+</varlistentry>
+
+
 <varlistentry><term><envar>NIX_CONF_DIR</envar></term>
 
   <listitem><para>Overrides the location of the Nix configuration
@@ -153,14 +139,145 @@ $ mount -o bind /mnt/otherdisk/nix /nix</screen>
 </varlistentry>
 
 
+<varlistentry xml:id="envar-build-hook"><term><envar>NIX_BUILD_HOOK</envar></term>
+
+  <listitem>
+
+  <para>Specifies the location of the <emphasis>build hook</emphasis>,
+  which is a program (typically some script) that Nix will call
+  whenever it wants to build a derivation.  This is used to implement
+  distributed builds<phrase condition="manual"> (see <xref
+  linkend="chap-distributed-builds" />)</phrase>.</para>
+
+  <!--
+  The protocol by
+  which the calling Nix process and the build hook communicate is as
+  follows.
+
+  <para>The build hook is called with the following command-line
+  arguments:
+
+  <orderedlist>
+
+    <listitem><para>A boolean value <literal>0</literal> or
+    <literal>1</literal> specifying whether Nix can locally execute
+    more builds, as per the <link
+    linkend="opt-max-jobs"><option>- -max-jobs</option> option</link>.
+    The purpose of this argument is to allow the hook to not have to
+    maintain bookkeeping for the local machine.</para></listitem>
+
+    <listitem><para>The Nix platform identifier for the local machine
+    (e.g., <literal>i686-linux</literal>).</para></listitem>
+
+    <listitem><para>The Nix platform identifier for the derivation,
+    i.e., its <link linkend="attr-system"><varname>system</varname>
+    attribute</link>.</para></listitem>
+
+    <listitem><para>The store path of the derivation.</para></listitem>
+
+  </orderedlist>
+
+  </para>
+
+  <para>On the basis of this information, and whatever persistent
+  state the build hook keeps about other machines and their current
+  load, it has to decide what to do with the build.  It should print
+  out on standard error one of the following responses (terminated by
+  a newline, <literal>"\n"</literal>):
+
+  <variablelist>
+
+    <varlistentry><term><literal># decline</literal></term>
+
+      <listitem><para>The build hook is not willing or able to perform
+      the build; the calling Nix process should do the build itself,
+      if possible.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal># postpone</literal></term>
+
+      <listitem><para>The build hook cannot perform the build now, but
+      can do so in the future (e.g., because all available build slots
+      on remote machines are in use).  The calling Nix process should
+      postpone this build until at least one currently running build
+      has terminated.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal># accept</literal></term>
+
+      <listitem><para>The build hook has accepted the
+      build.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  <para>After sending <literal># accept</literal>, the hook should
+  read one line from standard input, which will be the string
+  <literal>okay</literal>.  It can then proceed with the build.
+  Before sending <literal>okay</literal>, Nix will store in the hook’s
+  current directory a number of text files that contain information
+  about the derivation:
+
+  <variablelist>
+
+    <varlistentry><term><filename>inputs</filename></term>
+
+      <listitem><para>The set of store paths that are inputs to the
+      build process (one per line).  These have to be copied
+      <emphasis>to</emphasis> the remote machine (in addition to the
+      store derivation itself).</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><filename>outputs</filename></term>
+
+      <listitem><para>The set of store paths that are outputs of the
+      derivation (one per line).  These have to be copied
+      <emphasis>from</emphasis> the remote machine if the build
+      succeeds.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><filename>references</filename></term>
+
+      <listitem><para>The reference graph of the inputs, in the format
+      accepted by the command <command>nix-store
+      - -register-validity</command>.  It is necessary to run this
+      command on the remote machine after copying the inputs to inform
+      Nix on the remote machine that the inputs are valid
+      paths.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  <para>The hook should copy the inputs to the remote machine,
+  register the validity of the inputs, perform the remote build, and
+  copy the outputs back to the local machine.  An exit code other than
+  <literal>0</literal> indicates that the hook has failed.  An exit
+  code equal to 100 means that the remote build failed (as opposed to,
+  e.g., a network error).</para>
+  -->
+
+  </listitem>
+
+
+</varlistentry>
+
+
 <varlistentry xml:id="envar-remote"><term><envar>NIX_REMOTE</envar></term>
 
   <listitem><para>This variable should be set to
   <literal>daemon</literal> if you want to use the Nix daemon to
   execute Nix operations. This is necessary in <link
   linkend="ssec-multi-user">multi-user Nix installations</link>.
-  If the Nix daemon's Unix socket is at some non-standard path,
-  this variable should be set to <literal>unix://path/to/socket</literal>.
   Otherwise, it should be left unset.</para></listitem>
 
 </varlistentry>

doc/manual/command-ref/nix-build.xml

@@ -29,6 +29,8 @@
       </group>
       <replaceable>attrPath</replaceable>
     </arg>
+    <arg><option>--drv-link</option> <replaceable>drvlink</replaceable></arg>
+    <arg><option>--add-drv-link</option></arg>
     <arg><option>--no-out-link</option></arg>
     <arg>
       <group choice='req'>
@@ -56,13 +58,6 @@ and so on).</para>
 <command>nix-build</command> will use <filename>default.nix</filename>
 in the current directory, if it exists.</para>
 
-<para>If an element of <replaceable>paths</replaceable> starts with
-<literal>http://</literal> or <literal>https://</literal>, it is
-interpreted as the URL of a tarball that will be downloaded and
-unpacked to a temporary location. The tarball must include a single
-top-level directory containing at least a file named
-<filename>default.nix</filename>.</para>
-
 <para><command>nix-build</command> is essentially a wrapper around
 <link
 linkend="sec-nix-instantiate"><command>nix-instantiate</command></link>
@@ -89,6 +84,25 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 
 <variablelist>
 
+  <varlistentry><term><option>--drv-link</option> <replaceable>drvlink</replaceable></term>
+
+    <listitem><para>Add a symlink named
+    <replaceable>drvlink</replaceable> to the store derivation
+    produced by <command>nix-instantiate</command>.  The derivation is
+    a root of the garbage collector until the symlink is deleted or
+    renamed.  If there are multiple derivations, numbers are suffixed
+    to <replaceable>drvlink</replaceable> to distinguish between
+    them.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--add-drv-link</option></term>
+
+    <listitem><para>Shorthand for <option>--drv-link</option>
+    <filename>./derivation</filename>.</para></listitem>
+
+  </varlistentry>
+
   <varlistentry><term><option>--no-out-link</option></term>
 
     <listitem><para>Do not create a symlink to the output path.  Note
@@ -161,15 +175,6 @@ bar
 
 </para>
 
-<para>Build the GNU Hello package from the latest revision of the
-master branch of Nixpkgs:
-
-<screen>
-$ nix-build https://github.com/NixOS/nixpkgs/archive/master.tar.gz -A hello
-</screen>
-
-</para>
-
 </refsection>
 
 

doc/manual/command-ref/nix-channel.xml

@@ -21,7 +21,7 @@
     <command>nix-channel</command>
     <group choice='req'>
       <arg choice='plain'><option>--add</option> <replaceable>url</replaceable> <arg choice='opt'><replaceable>name</replaceable></arg></arg>
-      <arg choice='plain'><option>--remove</option> <replaceable>name</replaceable></arg>
+      <arg choice='plain'><option>--remove</option> <replaceable>url</replaceable></arg>
       <arg choice='plain'><option>--list</option></arg>
       <arg choice='plain'><option>--update</option> <arg rep='repeat'><replaceable>names</replaceable></arg></arg>
       <arg choice='plain'><option>--rollback</option> <arg choice='opt'><replaceable>generation</replaceable></arg></arg>
@@ -31,10 +31,10 @@
 
 <refsection><title>Description</title>
 
-<para>A Nix channel is a mechanism that allows you to automatically stay
+<para>A Nix channel is mechanism that allows you to automatically stay
 up-to-date with a set of pre-built Nix expressions.  A Nix channel is
-just a URL that points to a place containing both a set of Nix
-expressions and a pointer to a binary cache.  <phrase
+just a URL that points to a place containing a set of Nix expressions
+and a <command>nix-push</command> manifest.  <phrase
 condition="manual">See also <xref linkend="sec-channels"
 />.</phrase></para>
 
@@ -73,10 +73,11 @@ condition="manual">See also <xref linkend="sec-channels"
 
     <listitem><para>Downloads the Nix expressions of all subscribed
     channels (or only those included in
-    <replaceable>names</replaceable> if specified) and makes them the
+    <replaceable>names</replaceable> if specified), makes them the
     default for <command>nix-env</command> operations (by symlinking
-    them from the directory
-    <filename>~/.nix-defexpr</filename>).</para></listitem>
+    them from the directory <filename>~/.nix-defexpr</filename>), and
+    performs a <command>nix-pull</command> on the manifests of all
+    channels to make pre-built binaries available.</para></listitem>
 
   </varlistentry>
 
@@ -98,6 +99,13 @@ an update.</para>
 <para>The list of subscribed channels is stored in
 <filename>~/.nix-channels</filename>.</para>
 
+<para>A channel consists of two elements: a bzipped Tar archive
+containing the Nix expressions, and a manifest created by
+<command>nix-push</command>.  These must be stored under
+<literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal> and
+<literal><replaceable>url</replaceable>/MANIFEST</literal>,
+respectively.</para>
+
 </refsection>
 
 <refsection><title>Examples</title>
@@ -128,7 +136,7 @@ $ nix-instantiate --eval -E '(import &lt;nixpkgs> {}).lib.nixpkgsVersion'
 
 <variablelist>
 
-  <varlistentry><term><filename>/nix/var/nix/profiles/per-user/<replaceable>username</replaceable>/channels</filename></term>
+  <varlistentry><term><filename>/nix/var/nix/profiles/<replaceable>username</replaceable>/channels</filename></term>
 
     <listitem><para><command>nix-channel</command> uses a
     <command>nix-env</command> profile to keep track of previous
@@ -143,7 +151,7 @@ $ nix-instantiate --eval -E '(import &lt;nixpkgs> {}).lib.nixpkgsVersion'
   <varlistentry><term><filename>~/.nix-defexpr/channels</filename></term>
 
     <listitem><para>This is a symlink to
-    <filename>/nix/var/nix/profiles/per-user/<replaceable>username</replaceable>/channels</filename>. It
+    <filename>/nix/var/nix/profiles/<replaceable>username</replaceable>/channels</filename>. It
     ensures that <command>nix-env</command> can find your channels. In
     a multi-user installation, you may also have
     <filename>~/.nix-defexpr/channels_root</filename>, which links to
@@ -155,37 +163,4 @@ $ nix-instantiate --eval -E '(import &lt;nixpkgs> {}).lib.nixpkgsVersion'
 
 </refsection>
 
-<refsection><title>Channel format</title>
-
-<para>A channel URL should point to a directory containing the
-following files:</para>
-
-<variablelist>
-
-  <varlistentry><term><filename>nixexprs.tar.xz</filename></term>
-
-    <listitem><para>A tarball containing Nix expressions and files
-    referenced by them (such as build scripts and patches). At the
-    top level, the tarball should contain a single directory. That
-    directory must contain a file <filename>default.nix</filename>
-    that serves as the channel’s “entry point”.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><filename>binary-cache-url</filename></term>
-
-    <listitem><para>A file containing the URL to a binary cache (such
-    as <uri>https://cache.nixos.org</uri>). Nix will automatically
-    check this cache for pre-built binaries, if the user has
-    sufficient rights to add binary caches. For instance, in a
-    multi-user Nix setup, the binary caches provided by the channels
-    of the root user are used automatically, but caches corresponding
-    to the channels of non-root users are ignored.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</refsection>
-
 </refentry>

doc/manual/command-ref/nix-collect-garbage.xml

@@ -22,7 +22,12 @@
     <arg><option>--delete-old</option></arg>
     <arg><option>-d</option></arg>
     <arg><option>--delete-older-than</option> <replaceable>period</replaceable></arg>
-    <arg><option>--max-freed</option> <replaceable>bytes</replaceable></arg>
+    <group choice='opt'>
+      <arg choice='plain'><option>--print-roots</option></arg>
+      <arg choice='plain'><option>--print-live</option></arg>
+      <arg choice='plain'><option>--print-dead</option></arg>
+      <arg choice='plain'><option>--delete</option></arg>
+    </group>
     <arg><option>--dry-run</option></arg>
   </cmdsynopsis>
 </refsynopsisdiv>

doc/manual/command-ref/nix-copy-closure.xml

@@ -22,16 +22,14 @@
       <arg choice='plain'><option>--to</option></arg>
       <arg choice='plain'><option>--from</option></arg>
     </group>
+    <arg><option>--sign</option></arg>
     <arg><option>--gzip</option></arg>
     <!--
     <arg><option>- -show-progress</option></arg>
     -->
     <arg><option>--include-outputs</option></arg>
-    <group>
-      <arg choice='plain'><option>--use-substitutes</option></arg>
-      <arg choice='plain'><option>-s</option></arg>
-    </group>
-    <arg><option>-v</option></arg>
+    <arg><option>--use-substitutes</option></arg>
+    <arg><option>-s</option></arg>
     <arg choice='plain'>
       <replaceable>user@</replaceable><replaceable>machine</replaceable>
     </arg>
@@ -44,7 +42,7 @@
 
 <para><command>nix-copy-closure</command> gives you an easy and
 efficient way to exchange software between machines.  Given one or
-more Nix store <replaceable>paths</replaceable> on the local
+more Nix store paths <replaceable>paths</replaceable> on the local
 machine, <command>nix-copy-closure</command> computes the closure of
 those paths (i.e. all their dependencies in the Nix store), and copies
 all paths in the closure to the remote machine via the
@@ -88,6 +86,23 @@ those paths.  If this bothers you, use
 
   </varlistentry>
 
+  <varlistentry><term><option>--sign</option></term>
+
+    <listitem><para>Let the sending machine cryptographically sign the
+    dump of each path with the key in
+    <filename><replaceable>sysconfdir</replaceable>/nix/signing-key.sec</filename>.
+    If the user on the target machine does not have direct access to
+    the Nix store (i.e., if the target machine has a multi-user Nix
+    installation), then the target machine will check the dump against
+    <filename><replaceable>sysconfdir</replaceable>/nix/signing-key.pub</filename>
+    before unpacking it in its Nix store.  This allows secure sharing
+    of store paths between untrusted users on two machines, provided
+    that there is a trust relation between the Nix installations on
+    both machines (namely, they have matching public/secret
+    keys).</para></listitem>
+
+  </varlistentry>
+
   <varlistentry><term><option>--gzip</option></term>
 
     <listitem><para>Enable compression of the SSH
@@ -95,6 +110,15 @@ those paths.  If this bothers you, use
 
   </varlistentry>
 
+  <!--
+  <varlistentry><term><option>- -show-progress</option></term>
+
+    <listitem><para>Show the progress of each path's transfer as it's made.
+    This requires the <command>pv</command> utility to be in <envar>PATH</envar>.</para></listitem>
+
+  </varlistentry>
+  -->
+
   <varlistentry><term><option>--include-outputs</option></term>
 
     <listitem><para>Also copy the outputs of store derivations
@@ -114,12 +138,6 @@ those paths.  If this bothers you, use
 
   </varlistentry>
 
-  <varlistentry><term><option>-v</option></term>
-
-    <listitem><para>Show verbose output.</para></listitem>
-
-  </varlistentry>
-
 </variablelist>
 
 </refsection>

doc/manual/command-ref/nix-env.xml

@@ -146,26 +146,20 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 
 <variablelist>
 
-  <varlistentry><term><option>--file</option> / <option>-f</option> <replaceable>path</replaceable></term>
+  <varlistentry><term><option>--file</option></term>
+    <term><option>-f</option></term>
 
     <listitem><para>Specifies the Nix expression (designated below as
     the <emphasis>active Nix expression</emphasis>) used by the
     <option>--install</option>, <option>--upgrade</option>, and
     <option>--query --available</option> operations to obtain
     derivations.  The default is
-    <filename>~/.nix-defexpr</filename>.</para>
-
-    <para>If the argument starts with <literal>http://</literal> or
-    <literal>https://</literal>, it is interpreted as the URL of a
-    tarball that will be downloaded and unpacked to a temporary
-    location. The tarball must include a single top-level directory
-    containing at least a file named <filename>default.nix</filename>.</para>
-
-    </listitem>
+    <filename>~/.nix-defexpr</filename>.</para></listitem>
 
   </varlistentry>
 
-  <varlistentry><term><option>--profile</option> / <option>-p</option> <replaceable>path</replaceable></term>
+  <varlistentry><term><option>--profile</option></term>
+    <term><option>-p</option></term>
 
     <listitem><para>Specifies the profile to be used by those
     operations that operate on a profile (designated below as the
@@ -365,10 +359,6 @@ number of possible ways:
   linkend="rsec-nix-store-realise">realised</link> and
   installed.</para></listitem>
 
-  <listitem><para>By default all outputs are installed for each derivation.
-  That can be reduced by setting <literal>meta.outputsToInstall</literal>.
-  </para></listitem> <!-- TODO: link nixpkgs docs on the ability to override those. -->
-
 </itemizedlist>
 
 </para>
@@ -380,7 +370,7 @@ number of possible ways:
 
 <variablelist>
 
-  <varlistentry><term><option>--prebuilt-only</option> / <option>-b</option></term>
+  <varlistentry><term><option>--prebuild-only</option> / <option>-b</option></term>
 
     <listitem><para>Use only derivations for which a substitute is
     registered, i.e., there is a pre-built binary available that can
@@ -426,7 +416,7 @@ $ nix-env --install gcc-3.3.2
 installing `gcc-3.3.2'
 uninstalling `gcc-3.1'</screen>
 
-Note the previously installed version is removed, since
+Note the the previously installed version is removed, since
 <option>--preserve-installed</option> was not specified.</para>
 
 <para>To install an arbitrary version:
@@ -456,7 +446,7 @@ $ nix-env -f ~/foo.nix -i '.*'</screen>
 from another profile:
 
 <screen>
-$ nix-env -i --from-profile /nix/var/nix/profiles/foo gcc</screen>
+$ nix-env -i --from-profile /nix/var/nix/profiles/foo -i gcc</screen>
 
 </para>
 
@@ -491,27 +481,21 @@ set returned by calling the function defined in
 source:
 
 <screen>
-$ nix-env -f '&lt;nixpkgs>' -iA hello --dry-run
+$ nix-env -f pkgs/top-level/all-packages.nix -i f-spot --dry-run
 (dry run; not doing anything)
-installing ‘hello-2.10’
-these paths will be fetched (0.04 MiB download, 0.19 MiB unpacked):
-  /nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10
+installing `f-spot-0.0.10'
+the following derivations will be built:
+  /nix/store/0g63jv9aagwbgci4nnzs2dkxqz84kdja-libgnomeprintui-2.12.1.tar.bz2.drv
+  /nix/store/0gfarvxq6sannsdw8a1ir40j1ys2mqb4-ORBit2-2.14.2.tar.bz2.drv
+  /nix/store/0i9gs5zc04668qiy60ga2rc16abkj7g8-sqlite-2.8.17.drv
+  <replaceable>...</replaceable>
+the following paths will be substituted:
+  /nix/store/8zbipvm4gp9jfqh9nnk1n3bary1a37gs-perl-XML-Parser-2.34
+  /nix/store/b8a2bg7gnyvvvjjibp4axg9x1hzkw36c-mono-1.1.4
   <replaceable>...</replaceable></screen>
 
 </para>
 
-<para>To install Firefox from the latest revision in the Nixpkgs/NixOS
-14.12 channel:
-
-<screen>
-$ nix-env -f https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz -iA firefox
-</screen>
-
-(The GitHub repository <literal>nixpkgs-channels</literal> is updated
-automatically from the main <literal>nixpkgs</literal> repository
-after certain tests have succeeded and binaries have been built and
-uploaded to the binary cache at <uri>cache.nixos.org</uri>.)</para>
-
 </refsection>
 
 </refsection>
@@ -717,44 +701,6 @@ $ nix-env -e '.*' <lineannotation>(remove everything)</lineannotation></screen>
 
 
 
-<!--######################################################################-->
-
-<refsection xml:id="rsec-nix-env-set"><title>Operation <option>--set</option></title>
-
-<refsection><title>Synopsis</title>
-
-<cmdsynopsis>
-  <command>nix-env</command>
-  <arg choice='plain'><option>--set</option></arg>
-  <arg choice='plain'><replaceable>drvname</replaceable></arg>
-</cmdsynopsis>
-</refsection>
-
-<refsection><title>Description</title>
-
-<para>The <option>--set</option> operation modifies the current generation of a
-profile so that it contains exactly the specified derivation, and nothing else.
-</para>
-
-</refsection>
-
-<refsection><title>Examples</title>
-
-<para>
-The following updates a profile such that its current generation will contain
-just Firefox:
-
-<screen>
-$ nix-env -p /nix/var/nix/profiles/browser --set firefox</screen>
-
-</para>
-
-</refsection>
-
-</refsection>
-
-
-
 <!--######################################################################-->
 
 <refsection xml:id="rsec-nix-env-set-flag"><title>Operation <option>--set-flag</option></title>
@@ -1008,7 +954,7 @@ user environment elements, etc. -->
 
   </varlistentry>
 
-  <varlistentry><term><option>--prebuilt-only</option> / <option>-b</option></term>
+  <varlistentry><term><option>--prebuild-only</option> / <option>-b</option></term>
 
     <listitem><para>Show only derivations for which a substitute is
     registered, i.e., there is a pre-built binary available that can
@@ -1134,7 +1080,7 @@ user environment elements, etc. -->
 
     <listitem><para>Print all of the meta-attributes of the
     derivation.  This option is only available with
-    <option>--xml</option> or <option>--json</option>.</para></listitem>
+    <option>--xml</option>.</para></listitem>
 
   </varlistentry>
 
@@ -1145,103 +1091,54 @@ user environment elements, etc. -->
 
 <refsection><title>Examples</title>
 
-<para>To show installed packages:
-
 <screen>
-$ nix-env -q
+$ nix-env -q <lineannotation>(show installed derivations)</lineannotation>
 bison-1.875c
 docbook-xml-4.2
 firefox-1.0.4
 MPlayer-1.0pre7
 ORBit2-2.8.3
-<replaceable>…</replaceable>
-</screen>
+...
 
-</para>
-
-<para>To show available packages:
-
-<screen>
-$ nix-env -qa
+$ nix-env -qa <lineannotation>(show available derivations)</lineannotation>
 firefox-1.0.7
 GConf-2.4.0.1
 MPlayer-1.0pre7
 ORBit2-2.8.3
-<replaceable>…</replaceable>
-</screen>
+...
 
-</para>
-
-<para>To show the status of available packages:
-
-<screen>
-$ nix-env -qas
+$ nix-env -qas      <lineannotation>(show status of available derivations)</lineannotation>
 -P- firefox-1.0.7   <lineannotation>(not installed but present)</lineannotation>
 --S GConf-2.4.0.1   <lineannotation>(not present, but there is a substitute for fast installation)</lineannotation>
 --S MPlayer-1.0pre3 <lineannotation>(i.e., this is not the installed MPlayer, even though the version is the same!)</lineannotation>
 IP- ORBit2-2.8.3    <lineannotation>(installed and by definition present)</lineannotation>
-<replaceable>…</replaceable>
-</screen>
+...
 
-</para>
-
-<para>To show available packages in the Nix expression <filename>foo.nix</filename>:
-
-<screen>
+<lineannotation>(show available derivations in the Nix expression <!-- !!! <filename>-->foo.nix<!-- </filename> -->)</lineannotation>
 $ nix-env -f ./foo.nix -qa
 foo-1.2.3
-</screen>
 
-</para>
-
-<para>To compare installed versions to what’s available:
-
-<screen>
-$ nix-env -qc
+$ nix-env -qc <lineannotation>(compare installed versions to what’s available)</lineannotation>
 <replaceable>...</replaceable>
 acrobat-reader-7.0 - ?      <lineannotation>(package is not available at all)</lineannotation>
 autoconf-2.59      = 2.59   <lineannotation>(same version)</lineannotation>
 firefox-1.0.4      &lt; 1.0.7  <lineannotation>(a more recent version is available)</lineannotation>
 <replaceable>...</replaceable>
-</screen>
 
-</para>
-
-<para>To show all packages with “<literal>zip</literal>” in the name:
-
-<screen>
-$ nix-env -qa '.*zip.*'
+$ nix-env -qa '.*zip.*' <lineannotation>(show all packages with “zip” in the name)</lineannotation>
 bzip2-1.0.6
 gzip-1.6
 zip-3.0
-<replaceable>…</replaceable>
-</screen>
+<replaceable>...</replaceable>
 
-</para>
-
-<para>To show all packages with “<literal>firefox</literal>” or
-“<literal>chromium</literal>” in the name:
-
-<screen>
-$ nix-env -qa '.*(firefox|chromium).*'
+$ nix-env -qa '.*(firefox|chromium).*' <lineannotation>(show all packages with “firefox” or “chromium” in the name)</lineannotation>
 chromium-37.0.2062.94
 chromium-beta-38.0.2125.24
 firefox-32.0.3
 firefox-with-plugins-13.0.1
-<replaceable>…</replaceable>
+<replaceable>...</replaceable>
 </screen>
 
-</para>
-
-<para>To show all packages in the latest revision of the Nixpkgs
-repository:
-
-<screen>
-$ nix-env -f https://github.com/NixOS/nixpkgs/archive/master.tar.gz -qa
-</screen>
-
-</para>
-
 </refsection>
 
 </refsection>
@@ -1346,12 +1243,11 @@ $ nix-env --list-generations
 <para>This operation deletes the specified generations of the current
 profile.  The generations can be a list of generation numbers, the
 special value <literal>old</literal> to delete all non-current
-generations,  a value such as <literal>30d</literal> to delete all
+generations, or a value such as <literal>30d</literal> to delete all
 generations older than the specified number of days (except for the
-generation that was active at that point in time), or a value such as.
-<literal>+5</literal> to only keep the specified items older than the
-current generation. Periodically deleting old generations is important
-to make garbage collection effective.</para>
+generation that was active at that point in time).
+Periodically deleting old generations is important to make garbage
+collection effective.</para>
 
 </refsection>
 
@@ -1360,8 +1256,6 @@ to make garbage collection effective.</para>
 <screen>
 $ nix-env --delete-generations 3 4 8
 
-$ nix-env --delete-generations +5
-
 $ nix-env --delete-generations 30d
 
 $ nix-env -p other_profile --delete-generations old</screen>
@@ -1461,7 +1355,7 @@ error: no generation older than the current (91) exists</screen>
 <refsection condition="manpage"><title>Environment variables</title>
 
 <variablelist>
-
+  
   <varlistentry><term><envar>NIX_PROFILE</envar></term>
 
     <listitem><para>Location of the Nix profile.  Defaults to the
@@ -1475,6 +1369,6 @@ error: no generation older than the current (91) exists</screen>
 </variablelist>
 
 </refsection>
-
+  
 
 </refentry>

doc/manual/command-ref/nix-generate-patches.xml

@@ -0,0 +1,44 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-nix-generate-patches">
+
+<refmeta>
+  <refentrytitle>nix-generate-patches</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-generate-patches</refname>
+  <refpurpose>generates binary patches between NAR files</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-generate-patches</command>
+    <arg choice='plain'><replaceable>NAR-DIR</replaceable></arg>
+	<arg choice='plain'><replaceable>PATCH-DIR</replaceable></arg>
+	<arg choice='plain'><replaceable>PATCH-URI</replaceable></arg>
+	<arg choice='plain'><replaceable>OLD-MANIFEST</replaceable></arg>
+	<arg choice='plain'><replaceable>NEW-MANIFEST</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-generate-patches</command> generates
+binary patches between NAR files listed in OLD-MANIFEST and NEW-MANIFEST.
+The patches are written to the directory PATCH-DIR, and the prefix
+PATCH-URI is used to generate URIs for the patches.  The patches are
+added to NEW-MANIFEST.  All NARs are required to exist in NAR-DIR.
+Patches are generated between succeeding versions of packages with
+the same name.</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/command-ref/nix-hash.xml

@@ -44,9 +44,7 @@
 cryptographic hash of the contents of each
 <replaceable>path</replaceable> and prints it on standard output.  By
 default, it computes an MD5 hash, but other hash algorithms are
-available as well.  The hash is printed in hexadecimal.  To generate
-the same hash as <command>nix-prefetch-url</command> you have to
-specify multiple arguments, see below for an example.</para>
+available as well.  The hash is printed in hexadecimal.</para>
 
 <para>The hash is computed over a <emphasis>serialisation</emphasis>
 of each path: a dump of the file system tree rooted at the path.  This
@@ -124,15 +122,6 @@ cryptographic hash as <literal>nix-store --dump
 
 <refsection><title>Examples</title>
 
-<para>Computing the same hash as <command>nix-prefetch-url</command>:
-<screen>
-$ nix-prefetch-url file://&lt;(echo test)
-1lkgqb6fclns49861dwk9rzb6xnfkxbpws74mxnx01z9qyv1pjpj
-$ nix-hash --type sha256 --flat --base32 &lt;(echo test)
-1lkgqb6fclns49861dwk9rzb6xnfkxbpws74mxnx01z9qyv1pjpj
-</screen>
-</para>
-
 <para>Computing hashes:
 
 <screen>

doc/manual/command-ref/nix-install-package.xml

@@ -0,0 +1,207 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-nix-install-package">
+  
+<refmeta>
+  <refentrytitle>nix-install-package</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-install-package</refname>
+  <refpurpose>install a Nix Package file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-install-package</command>
+    <arg><option>--non-interactive</option></arg>
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--profile</option></arg>
+        <arg choice='plain'><option>-p</option></arg>
+      </group>
+      <replaceable>path</replaceable>
+    </arg>
+    <arg><option>--set</option></arg>
+    <sbr />
+    <group choice='req'>
+      <arg choice='req'>
+        <option>--url</option>
+        <arg choice='plain'><replaceable>url</replaceable></arg>
+      </arg>
+      <arg choice='req'>
+        <arg choice='plain'><replaceable>file</replaceable></arg>
+      </arg>
+    </group>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-install-package</command> interactively
+installs a Nix Package file (<filename>*.nixpkg</filename>), which is
+a small file that contains a store path to be installed along with the
+URL of a <link linkend="sec-nix-push"><command>nix-push</command>
+manifest</link>.  The Nix Package file is either
+<replaceable>file</replaceable>, or automatically downloaded from
+<replaceable>url</replaceable> if the <option>--url</option> switch is
+used.</para>
+
+<para><command>nix-install-package</command> is used in <link
+linkend="sec-one-click">one-click installs</link> to download and
+install pre-built binary packages with all necessary dependencies.
+<command>nix-install-package</command> is intended to be associated
+with the MIME type <literal>application/nix-package</literal> in a web
+browser so that it is invoked automatically when you click on
+<filename>*.nixpkg</filename> files.  When invoked, it restarts itself
+in a terminal window (since otherwise it would be invisible when run
+from a browser), asks the user to confirm whether to install the
+package, and if so downloads and installs the package into the user’s
+current profile.</para>
+
+<para>To obtain a window, <command>nix-install-package</command> tries
+to restart itself with <command>xterm</command>,
+<command>konsole</command> and
+<command>gnome-terminal</command>.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+  
+  <varlistentry><term><option>--non-interactive</option></term>
+
+    <listitem><para>Do not open a new terminal window and do not ask
+    for confirmation.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--profile</option></term>
+    <term><option>-p</option></term>
+
+    <listitem><para>Install the package into the specified profile
+    rather than the user’s current profile.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--set</option></term>
+
+    <listitem><para>Install the package as the profile so that the
+    profile contains exactly the contents of the package.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To install <filename>subversion-1.4.0.nixpkg</filename> into the
+user’s current profile, without any prompting:
+
+<screen>
+$ nix-install-package --non-interactive subversion-1.4.0.nixpkg</screen>
+
+</para>
+
+<para>To install the same package from some URL into a different
+profile:
+
+<screen>
+$ nix-install-package --non-interactive -p /nix/var/nix/profiles/eelco \
+    --url http://nix.cs.uu.nl/dist/nix/nixpkgs-0.10pre6622/pkgs/subversion-1.4.0-i686-linux.nixpkg</screen>
+
+</para>
+
+</refsection>
+
+
+<refsection><title>Format of <literal>nixpkg</literal> files</title>
+
+<para>A Nix Package file consists of a single line with the following
+format:
+
+<screen>
+NIXPKG1 <replaceable>manifestURL</replaceable> <replaceable>name</replaceable> <replaceable>system</replaceable> <replaceable>drvPath</replaceable> <replaceable>outPath</replaceable></screen>
+
+The elements are as follows:
+
+<variablelist>
+
+  <varlistentry><term><literal>NIXPKG1</literal></term>
+  
+    <listitem><para>The version of the Nix Package
+    file.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>manifestURL</replaceable></term>
+  
+    <listitem><para>The manifest to be pulled by
+    <command>nix-pull</command>.  The manifest must contain
+    <replaceable>outPath</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>name</replaceable></term>
+  
+    <listitem><para>The symbolic name and version of the
+    package.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>system</replaceable></term>
+  
+    <listitem><para>The platform identifier of the platform for which
+    this binary package is intended.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>drvPath</replaceable></term>
+  
+    <listitem><para>The path in the Nix store of the derivation from
+    which <replaceable>outPath</replaceable> was built.  Not currently
+    used.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><replaceable>outPath</replaceable></term>
+  
+    <listitem><para>The path in the Nix store of the package.  After
+    <command>nix-install-package</command> has obtained the manifest
+    from <replaceable>manifestURL</replaceable>, it performs a
+    <literal>nix-env -i</literal> <replaceable>outPath</replaceable>
+    to install the binary package.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+  
+</para>
+
+<para>An example follows:
+
+<screen>
+NIXPKG1 http://.../nixpkgs-0.10pre6622/MANIFEST subversion-1.4.0 i686-darwin \
+  /nix/store/4kh60jkp...-subversion-1.4.0.drv \
+  /nix/store/nkw7wpgb...-subversion-1.4.0</screen>
+
+(The line breaks (<literal>\</literal>) are for presentation purposes
+and not part of the actual file.)
+
+</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/command-ref/nix-instantiate.xml

@@ -24,7 +24,6 @@
       <arg choice='plain'>
         <option>--eval</option>
         <arg><option>--strict</option></arg>
-        <arg><option>--json</option></arg>
         <arg><option>--xml</option></arg>
       </arg>
     </group>
@@ -39,15 +38,14 @@
     </arg>
     <arg><option>--add-root</option> <replaceable>path</replaceable></arg>
     <arg><option>--indirect</option></arg>
-    <group>
+    <group choice='req'>
       <arg choice='plain'><option>--expr</option></arg>
       <arg choice='plain'><option>-E</option></arg>
     </group>
     <arg choice='plain' rep='repeat'><replaceable>files</replaceable></arg>
-  </cmdsynopsis>
-  <cmdsynopsis>
+    <sbr/>
     <command>nix-instantiate</command>
-    <arg choice='plain'><option>--find-file</option></arg>
+    <arg choice='plain'><option>--file-file</option></arg>
     <arg choice='plain' rep='repeat'><replaceable>files</replaceable></arg>
   </cmdsynopsis>
 </refsynopsisdiv>
@@ -117,6 +115,26 @@ input.</para>
 
   </varlistentry>
 
+  <varlistentry><term><option>--xml</option></term>
+
+    <listitem><para>When used with <option>--parse</option> and
+    <option>--eval</option>, print the resulting expression as an
+    XML representation of the abstract syntax tree rather than as an
+    ATerm.  The schema is the same as that used by the <link
+    linkend="builtin-toXML"><function>toXML</function>
+    built-in</link>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--json</option></term>
+
+    <listitem><para>When used with <option>--parse</option> and
+    <option>--eval</option>, print the resulting expression as an
+    JSON representation of the abstract syntax tree rather than as an
+    ATerm.</para></listitem>
+
+  </varlistentry>
+
   <varlistentry><term><option>--strict</option></term>
 
     <listitem><para>When used with <option>--eval</option>,
@@ -131,32 +149,12 @@ input.</para>
 
   </varlistentry>
 
-  <varlistentry><term><option>--json</option></term>
-
-    <listitem><para>When used with <option>--eval</option>, print the resulting
-    value as an JSON representation of the abstract syntax tree rather
-    than as an ATerm.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--xml</option></term>
-
-    <listitem><para>When used with <option>--eval</option>, print the resulting
-    value as an XML representation of the abstract syntax tree rather than as
-    an ATerm. The schema is the same as that used by the <link
-    linkend="builtin-toXML"><function>toXML</function> built-in</link>.
-    </para></listitem>
-
-  </varlistentry>
-
   <varlistentry><term><option>--read-write-mode</option></term>
 
     <listitem><para>When used with <option>--eval</option>, perform
     evaluation in read/write mode so nix language features that
     require it will still work (at the cost of needing to do
-    instantiation of every evaluated derivation). If this option is
-    not enabled, there may be uninstantiated store paths in the final
-    output.</para>
+    instantiation of every evaluated derivation).</para>
 
     </listitem>
 

doc/manual/command-ref/nix-prefetch-url.xml

@@ -3,7 +3,7 @@
       xmlns:xi="http://www.w3.org/2001/XInclude"
       version="5.0"
       xml:id="sec-nix-prefetch-url">
-
+  
 <refmeta>
   <refentrytitle>nix-prefetch-url</refentrytitle>
   <manvolnum>1</manvolnum>
@@ -19,16 +19,13 @@
 <refsynopsisdiv>
   <cmdsynopsis>
     <command>nix-prefetch-url</command>
-    <arg><option>--version</option></arg>
     <arg><option>--type</option> <replaceable>hashAlgo</replaceable></arg>
-    <arg><option>--print-path</option></arg>
-    <arg><option>--unpack</option></arg>
-    <arg><option>--name</option> <replaceable>name</replaceable></arg>
     <arg choice='plain'><replaceable>url</replaceable></arg>
     <arg><replaceable>hash</replaceable></arg>
   </cmdsynopsis>
 </refsynopsisdiv>
 
+
 <refsection><title>Description</title>
 
 <para>The command <command>nix-prefetch-url</command> downloads the
@@ -57,8 +54,8 @@ error if signaled if the actual hash of the file does not match the
 specified hash.</para>
 
 <para>This command prints the hash on standard output.  Additionally,
-if the option <option>--print-path</option> is used, the path of the
-downloaded file in the Nix store is also printed.</para>
+if the environment variable <envar>PRINT_PATH</envar> is set, the path
+of the downloaded file in the Nix store is also printed.</para>
 
 </refsection>
 
@@ -66,7 +63,7 @@ downloaded file in the Nix store is also printed.</para>
 <refsection><title>Options</title>
 
 <variablelist>
-
+  
   <varlistentry><term><option>--type</option> <replaceable>hashAlgo</replaceable></term>
 
     <listitem><para>Use the specified cryptographic hash algorithm,
@@ -76,35 +73,6 @@ downloaded file in the Nix store is also printed.</para>
 
   </varlistentry>
 
-  <varlistentry><term><option>--print-path</option></term>
-
-    <listitem><para>Print the store path of the downloaded file on
-    standard output.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--unpack</option></term>
-
-    <listitem><para>Unpack the archive (which must be a tarball or zip
-    file) and add the result to the Nix store. The resulting hash can
-    be used with functions such as Nixpkgs’s
-    <varname>fetchzip</varname> or
-    <varname>fetchFromGitHub</varname>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--name</option> <replaceable>name</replaceable></term>
-
-    <listitem><para>Override the name of the file in the Nix store. By
-    default, this is
-    <literal><replaceable>hash</replaceable>-<replaceable>basename</replaceable></literal>,
-    where <replaceable>basename</replaceable> is the last component of
-    <replaceable>url</replaceable>. Overriding the name is necessary
-    when <replaceable>basename</replaceable> contains characters that
-    are not allowed in Nix store paths.</para></listitem>
-
-  </varlistentry>
-
 </variablelist>
 
 </refsection>
@@ -113,19 +81,14 @@ downloaded file in the Nix store is also printed.</para>
 <refsection><title>Examples</title>
 
 <screen>
-$ nix-prefetch-url ftp://ftp.gnu.org/pub/gnu/hello/hello-2.10.tar.gz
-0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i
+$ nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
+0bbd1df101bc0294d440471e50feca71
 
-$ nix-prefetch-url --print-path mirror://gnu/hello/hello-2.10.tar.gz
-0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i
-/nix/store/3x7dwzq014bblazs7kq20p9hyzz0qh8g-hello-2.10.tar.gz
-
-$ nix-prefetch-url --unpack --print-path https://github.com/NixOS/patchelf/archive/0.8.tar.gz
-079agjlv0hrv7fxnx9ngipx14gyncbkllxrp9cccnh3a50fxcmy7
-/nix/store/19zrmhm3m40xxaw81c8cqm6aljgrnwj2-0.8.tar.gz
-</screen>
+$ PRINT_PATH=1 nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
+0bbd1df101bc0294d440471e50feca71
+/nix/store/wvyz8ifdn7wyz1p3pqyn0ra45ka2l492-make-3.80.tar.bz2</screen>
 
 </refsection>
 
-
+    
 </refentry>

doc/manual/command-ref/nix-pull.xml

@@ -0,0 +1,51 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-nix-pull">
+
+<refmeta>
+  <refentrytitle>nix-pull</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-pull</refname>
+  <refpurpose>pull substitutes from a network cache</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-pull</command>
+    <arg choice='plain'><replaceable>url</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-pull</command> obtains a list of
+pre-built store paths from the URL <replaceable>url</replaceable>, and
+for each of these store paths, registers a substitute derivation that
+downloads and unpacks it into the Nix store.  This is used to speed up
+installations: if you attempt to install something that has already
+been built and stored into the network cache, Nix can transparently
+re-use the pre-built store paths.</para>
+
+<para>The file at <replaceable>url</replaceable> must be compatible
+with the files created by <replaceable>nix-push</replaceable>.</para>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<screen>
+$ nix-pull http://nix.cs.uu.nl/dist/nix/nixpkgs-0.5pre753/MANIFEST</screen>
+
+</refsection>
+
+
+</refentry>

doc/manual/command-ref/nix-push.xml

@@ -0,0 +1,399 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-nix-push">
+
+<refmeta>
+  <refentrytitle>nix-push</refentrytitle>
+  <manvolnum>1</manvolnum>
+  <refmiscinfo class="source">Nix</refmiscinfo>
+  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+
+<refnamediv>
+  <refname>nix-push</refname>
+  <refpurpose>generate a binary cache</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nix-push</command>
+    <arg choice='plain'><option>--dest</option> <replaceable>dest-dir</replaceable></arg>
+    <arg><option>--bzip2</option></arg>
+    <arg><option>--none</option></arg>
+    <arg><option>--force</option></arg>
+    <arg><option>--link</option></arg>
+    <arg><option>--manifest</option></arg>
+    <arg><option>--manifest-path</option> <replaceable>filename</replaceable></arg>
+    <arg><option>--url-prefix</option> <replaceable>url</replaceable></arg>
+    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>The command <command>nix-push</command> produces a
+<emphasis>binary cache</emphasis>, a directory containing compressed
+Nix archives (NARs) plus some metadata of the closure of the specified
+store paths.  This directory can then be made available through a web
+server to other Nix installations, allowing them to skip building from
+source and instead download binaries from the cache
+automatically.</para>
+
+<para><command>nix-push</command> performs the following actions.
+      
+<orderedlist>
+
+  <listitem><para>Each path in <replaceable>paths</replaceable> is
+  built (using <link
+  linkend='rsec-nix-store-realise'><command>nix-store
+  --realise</command></link>).</para></listitem>
+
+  <listitem><para>All paths in the closure of
+  <replaceable>paths</replaceable> are determined (using
+  <command>nix-store --query --requisites
+  --include-outputs</command>).  Note that since the
+  <option>--include-outputs</option> flag is used, if
+  <replaceable>paths</replaceable> includes a store derivation, you
+  get a combined source/binary distribution (e.g., source tarballs
+  will be included).</para></listitem>
+
+  <listitem><para>All store paths determined in the previous step are
+  packaged into a NAR (using <command>nix-store --dump</command>) and
+  compressed using <command>xz</command> or <command>bzip2</command>.
+  The resulting files have the extension <filename>.nar.xz</filename>
+  or <filename>.nar.bz2</filename>.  Also for each store path, Nix
+  generates a file with extension <filename>.narinfo</filename>
+  containing metadata such as the references, cryptographic hash and
+  size of each path.</para></listitem>
+
+  <listitem><para>Optionally, a single <emphasis>manifest</emphasis>
+  file is created that contains the same metadata as the
+  <filename>.narinfo</filename> files.  This is for compatibility with
+  Nix versions prior to 1.2 (see <command>nix-pull</command> for
+  details).</para></listitem>
+
+  <listitem><para>A file named <option>nix-cache-info</option> is
+  placed in the destination directory.  The existence of this file
+  marks the directory as a binary cache.</para></listitem>
+
+</orderedlist>
+
+</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<variablelist>
+
+  <varlistentry><term><option>--dest</option> <replaceable>dest-dir</replaceable></term>
+
+    <listitem><para>Set the destination directory to
+    <replaceable>dir</replaceable>, which is created if it does not
+    exist.  This flag is required.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--bzip2</option></term>
+
+    <listitem><para>Compress NARs using <command>bzip2</command>
+    instead of <command>xz -9</command>.  The latter compresses about
+    30% better on typical archives, decompresses about twice as fast,
+    but compresses a lot slower and is not supported by Nix prior to
+    version 1.2.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--none</option></term>
+
+    <listitem><para>Do not compress NARs.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--force</option></term>
+
+    <listitem><para>Overwrite <filename>.narinfo</filename> files if
+    they already exist.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--link</option></term>
+
+    <listitem><para>By default, NARs are generated in the Nix store
+    and then copied to <replaceable>dest-dir</replaceable>.  If this
+    option is given, hard links are used instead.  This only works if
+    <replaceable>dest-dir</replaceable> is on the same filesystem as
+    the Nix store.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--manifest</option></term>
+
+    <listitem><para>Force the generation of a manifest suitable for
+    use by <command>nix-pull</command>.  The manifest is stored as
+    <filename><replaceable>dest-dir</replaceable>/MANIFEST</filename>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--manifest-path</option> <replaceable>filename</replaceable></term>
+
+    <listitem><para>Like <option>--manifest</option>, but store the
+    manifest in <replaceable>filename</replaceable>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--url-prefix</option> <replaceable>url</replaceable></term>
+
+    <listitem><para>Manifests are expected to contain the absolute
+    URLs of NARs.  For generating these URLs, the prefix
+    <replaceable>url</replaceable> is used.  It defaults to
+    <uri>file://<replaceable>dest-dir</replaceable></uri>.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To add the closure of Thunderbird to a binary cache:
+
+<screen>
+$ nix-push --dest /tmp/cache $(nix-build -A thunderbird)
+</screen>
+
+Assuming that <filename>/tmp/cache</filename> is exported by a web
+server as <uri>http://example.org/cache</uri>, you can then use this
+cache on another machine to speed up the installation of Thunderbird:
+
+<screen>
+$ nix-build -A thunderbird --option binary-caches http://example.org/cache
+</screen>
+
+Alternatively, you could add <literal>binary-caches =
+http://example.org/cache</literal> to
+<filename>nix.conf</filename>.</para>
+
+<para>To also include build-time dependencies (such as source
+tarballs):
+
+<screen>
+$ nix-push --dest /tmp/cache $(nix-instantiate -A thunderbird)
+</screen>
+
+</para>
+
+<para>To generate a manifest suitable for <command>nix-pull</command>:
+
+<screen>
+$ nix-push --dest /tmp/cache $(nix-build -A thunderbird) --manifest
+</screen>
+
+On another machine you can then do:
+
+<screen>
+$ nix-pull http://example.org/cache
+</screen>
+
+to cause the binaries to be used by subsequent Nix operations.</para>
+
+</refsection>
+
+
+<refsection><title>Binary cache format and operation</title>
+
+<para>A binary cache with URL <replaceable>url</replaceable> only
+denotes a valid binary cache if the file
+<uri><replaceable>url</replaceable>/nix-cache-info</uri> exists.  If
+this file does not exist (or cannot be downloaded), the cache is
+ignored.  If it does exist, it must be a text file containing cache
+properties.  Here’s an example:
+
+<screen>
+StoreDir: /nix/store
+WantMassQuery: 1
+Priority: 10
+</screen>
+
+The properties that are currently supported are:
+
+<variablelist>
+  
+  <varlistentry><term><literal>StoreDir</literal></term>
+
+    <listitem><para>The path of the Nix store to which this binary
+    cache applies.  Binaries are not relocatable — a binary built for
+    <filename>/nix/store</filename> won’t generally work in
+    <filename>/home/alice/store</filename> — so to prevent binaries
+    from being used in a wrong store, a binary cache is only used if
+    its <literal>StoreDir</literal> matches the local Nix
+    configuration.  The default is
+    <filename>/nix/store</filename>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>WantMassQuery</literal></term>
+
+    <listitem><para>Query operations such as <command>nix-env
+    -qas</command> can cause thousands of cache queries, and thus
+    thousands of HTTP requests, to determine which packages are
+    available in binary form.  While these requests are small, not
+    every server may appreciate a potential onslaught of queries.  If
+    <literal>WantMassQuery</literal> is set to <literal>0</literal>
+    (default), “mass queries” such as <command>nix-env -qas</command>
+    will skip this cache.  Thus a package may appear not to have a
+    binary substitute.  However, the binary will still be used when
+    you actually install the package.  If
+    <literal>WantMassQuery</literal> is set to <literal>1</literal>,
+    mass queries will use this cache.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>Priority</literal></term>
+
+    <listitem><para>Each binary cache has a priority (defaulting to
+    50).  Binary caches are checked for binaries in order of ascending
+    priority; thus a higher number denotes a lower priority.  The
+    binary cache <uri>http://cache.nixos.org</uri> has priority
+    40.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+<para>Every time Nix needs to build some store path
+<replaceable>p</replaceable>, it will check each configured binary
+cache to see if it has a NAR file for <replaceable>p</replaceable>,
+until it finds one.  If no cache has a NAR, Nix will fall back to
+building the path from source (if applicable).  To see if a cache with
+URL <replaceable>url</replaceable> has a binary for
+<replaceable>p</replaceable>, Nix fetches
+<replaceable>url/h</replaceable>, where <replaceable>h</replaceable>
+is the hash part of <replaceable>p</replaceable>.  Thus, if we have a
+cache <uri>http://cache.nixos.org</uri> and we want to obtain
+the store path
+<screen>
+/nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7
+</screen>
+then Nix will attempt to fetch
+<screen>
+http://cache.nixos.org/a8922c0h87iilxzzvwn2hmv8x210aqb9.narinfo
+</screen>
+(Commands such as <command>nix-env -qas</command> will issue an HTTP
+HEAD request, since it only needs to know if the
+<filename>.narinfo</filename> file exists.)  The
+<filename>.narinfo</filename> file is a simple text file that looks
+like this:
+
+<screen>
+StorePath: /nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7
+URL: nar/0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70.nar.bz2
+Compression: bzip2
+FileHash: sha256:0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70
+FileSize: 24473768
+NarHash: sha256:0s491y1h9hxj5ghiizlxk7ax6jwbha00zwn7lpyd5xg5bhf60vzg
+NarSize: 109521136
+References: 2ma2k0ys8knh4an48n28vigcmc2z8773-linux-headers-2.6.23.16 ...
+Deriver: 7akyyc87ka32xwmqza9dvyg5pwx3j212-glibc-2.7.drv
+</screen>
+
+The fields are as follows:
+
+<variablelist>
+  
+  <varlistentry><term><literal>StorePath</literal></term>
+
+    <listitem><para>The full store path, including the name part
+    (e.g., <literal>glibc-2.7</literal>).  It must match the
+    requested store path.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>URL</literal></term>
+
+    <listitem><para>The URL of the NAR, relative to the binary cache
+    URL.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>Compression</literal></term>
+
+    <listitem><para>The compression method; either
+    <literal>xz</literal> or
+    <literal>bzip2</literal>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>FileHash</literal></term>
+
+    <listitem><para>The SHA-256 hash of the compressed
+    NAR.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>FileSize</literal></term>
+
+    <listitem><para>The size of the compressed NAR.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>NarHash</literal></term>
+
+    <listitem><para>The SHA-256 hash of the uncompressed NAR.  This is
+    equal to the hash of the store path as returned by
+    <command>nix-store -q --hash
+    <replaceable>p</replaceable></command>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>NarSize</literal></term>
+
+    <listitem><para>The size of the uncompressed NAR.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>References</literal></term>
+
+    <listitem><para>The references of the store path, without the Nix
+    store prefix.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>Deriver</literal></term>
+
+    <listitem><para>The deriver of the store path, without the Nix
+    store prefix.  This field is optional.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><literal>System</literal></term>
+
+    <listitem><para>The Nix platform type of this binary, if known.
+    This field is optional.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+<para>Thus, in our example, after recursively ensuring that the
+references exist (e.g.,
+<filename>/nix/store/2ma2k0ys8knh4an48n28vigcmc2z8773-linux-headers-2.6.23.16</filename>),
+Nix will fetch <screen>
+http://cache.nixos.org/nar/0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70.nar.bz2
+</screen> and decompress and unpack it to
+<filename>/nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7</filename>.</para>
+
+</refsection>
+
+
+</refentry>

doc/manual/command-ref/nix-shell.xml

@@ -29,18 +29,16 @@
       <replaceable>attrPath</replaceable>
     </arg>
     <arg><option>--command</option> <replaceable>cmd</replaceable></arg>
-    <arg><option>--run</option> <replaceable>cmd</replaceable></arg>
     <arg><option>--exclude</option> <replaceable>regexp</replaceable></arg>
     <arg><option>--pure</option></arg>
-    <arg><option>--keep</option> <replaceable>name</replaceable></arg>
     <group choice='req'>
-      <arg choice='plain'>
-        <group choice='req'>
+      <group choice='plain'>
+        <group>
           <arg choice='plain'><option>--packages</option></arg>
           <arg choice='plain'><option>-p</option></arg>
         </group>
-        <arg choice='plain' rep='repeat'><replaceable>packages</replaceable></arg>
-      </arg>
+        <replaceable>packages</replaceable>
+      </group>
       <arg><replaceable>path</replaceable></arg>
     </group>
   </cmdsynopsis>
@@ -62,13 +60,6 @@ derivation for development.</para>
 <filename>shell.nix</filename> if it exists, and
 <filename>default.nix</filename> otherwise.</para>
 
-<para>If <replaceable>path</replaceable> starts with
-<literal>http://</literal> or <literal>https://</literal>, it is
-interpreted as the URL of a tarball that will be downloaded and
-unpacked to a temporary location. The tarball must include a single
-top-level directory containing at least a file named
-<filename>default.nix</filename>.</para>
-
 <para>If the derivation defines the variable
 <varname>shellHook</varname>, it will be evaluated after
 <literal>$stdenv/setup</literal> has been sourced.  Since this hook is
@@ -101,24 +92,11 @@ also <xref linkend="sec-common-options" />.</phrase></para>
   <varlistentry><term><option>--command</option> <replaceable>cmd</replaceable></term>
 
     <listitem><para>In the environment of the derivation, run the
-    shell command <replaceable>cmd</replaceable>. This command is
-    executed in an interactive shell. (Use <option>--run</option> to
-    use a non-interactive shell instead.) However, a call to
-    <literal>exit</literal> is implicitly added to the command, so the
-    shell will exit after running the command. To prevent this, add
-    <literal>return</literal> at the end; e.g. <literal>--command
-    "echo Hello; return"</literal> will print <literal>Hello</literal>
-    and then drop you into the interactive shell. This can be useful
-    for doing any additional initialisation.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--run</option> <replaceable>cmd</replaceable></term>
-
-    <listitem><para>Like <option>--command</option>, but executes the
-    command in a non-interactive shell. This means (among other
-    things) that if you hit Ctrl-C while the command is running, the
-    shell exits.</para></listitem>
+    shell command <replaceable>cmd</replaceable> instead of starting
+    an interactive shell.  However, if you end the shell command with
+    <literal>return</literal>, you still get an interactive shell.
+    This can be useful for doing any additional
+    initialisation.</para></listitem>
 
   </varlistentry>
 
@@ -145,7 +123,7 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 
   </varlistentry>
 
-  <varlistentry><term><option>--packages</option> / <option>-p</option> <replaceable>packages</replaceable>…</term>
+  <varlistentry><term><option>--packages</option> / <option>-p</option></term>
 
     <listitem><para>Set up an environment in which the specified
     packages are present.  The command line arguments are interpreted
@@ -157,22 +135,6 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 
   </varlistentry>
 
-  <varlistentry><term><option>-i</option> <replaceable>interpreter</replaceable></term>
-
-    <listitem><para>The chained script interpreter to be invoked by
-    <command>nix-shell</command>. Only applicable in
-    <literal>#!</literal>-scripts (described <link
-    linkend="ssec-nix-shell-shebang">below</link>).</para>
-
-    </listitem></varlistentry>
-
-  <varlistentry><term><option>--keep</option> <replaceable>name</replaceable></term>
-
-    <listitem><para>When a <option>--pure</option> shell is started,
-    keep the listed environment variables.</para></listitem>
-
-  </varlistentry>
-
 </variablelist>
 
 <para>The following common options are supported:</para>
@@ -184,22 +146,6 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 </refsection>
 
 
-<refsection><title>Environment variables</title>
-
-<variablelist>
-
-  <varlistentry><term><envar>NIX_BUILD_SHELL</envar></term>
-    
-    <listitem><para>Shell used to start the interactive environment. 
-    Defaults to the <command>bash</command> found in <envar>PATH</envar>.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</refsection>
-
-
 <refsection><title>Examples</title>
 
 <para>To build the dependencies of the package Pan, and start an
@@ -238,148 +184,6 @@ $ nix-shell -p sqlite xorg.libX11
 … -L/nix/store/j1zg5v…-sqlite-3.8.0.2/lib -L/nix/store/0gmcz9…-libX11-1.6.1/lib …
 </screen>
 
-The <command>-p</command> flag looks up Nixpkgs in the Nix search
-path. You can override it by passing <option>-I</option> or setting
-<envar>NIX_PATH</envar>. For example, the following gives you a shell
-containing the Pan package from a specific revision of Nixpkgs:
-
-<screen>
-$ nix-shell -p pan -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/8a3eea054838b55aca962c3fbde9c83c102b8bf2.tar.gz
-
-[nix-shell:~]$ pan --version
-Pan 0.139
-</screen>
-
-</para>
-
-</refsection>
-
-
-<refsection xml:id="ssec-nix-shell-shebang"><title>Use as a <literal>#!</literal>-interpreter</title>
-
-<para>You can use <command>nix-shell</command> as a script interpreter
-to allow scripts written in arbitrary languages to obtain their own
-dependencies via Nix. This is done by starting the script with the
-following lines:
-
-<programlisting>
-#! /usr/bin/env nix-shell
-#! nix-shell -i <replaceable>real-interpreter</replaceable> -p <replaceable>packages</replaceable>
-</programlisting>
-
-where <replaceable>real-interpreter</replaceable> is the “real” script
-interpreter that will be invoked by <command>nix-shell</command> after
-it has obtained the dependencies and initialised the environment, and
-<replaceable>packages</replaceable> are the attribute names of the
-dependencies in Nixpkgs.</para>
-
-<para>The lines starting with <literal>#! nix-shell</literal> specify
-<command>nix-shell</command> options (see above). Note that you cannot
-write <literal>#! /usr/bin/env nix-shell -i ...</literal> because
-many operating systems only allow one argument in
-<literal>#!</literal> lines.</para>
-
-<para>For example, here is a Python script that depends on Python and
-the <literal>prettytable</literal> package:
-
-<programlisting>
-#! /usr/bin/env nix-shell
-#! nix-shell -i python -p python pythonPackages.prettytable
-
-import prettytable
-
-# Print a simple table.
-t = prettytable.PrettyTable(["N", "N^2"])
-for n in range(1, 10): t.add_row([n, n * n])
-print t
-</programlisting>
-
-</para>
-
-<para>Similarly, the following is a Perl script that specifies that it
-requires Perl and the <literal>HTML::TokeParser::Simple</literal> and
-<literal>LWP</literal> packages:
-
-<programlisting>
-#! /usr/bin/env nix-shell
-#! nix-shell -i perl -p perl perlPackages.HTMLTokeParserSimple perlPackages.LWP
-
-use HTML::TokeParser::Simple;
-
-# Fetch nixos.org and print all hrefs.
-my $p = HTML::TokeParser::Simple->new(url => 'http://nixos.org/');
-
-while (my $token = $p->get_tag("a")) {
-    my $href = $token->get_attr("href");
-    print "$href\n" if $href;
-}
-</programlisting>
-
-</para>
-
-<para>Sometimes you need to pass a simple Nix expression to customize
-a package like Terraform:
-
-<programlisting><![CDATA[
-#! /usr/bin/env nix-shell
-#! nix-shell -i bash -p "terraform.withPlugins (plugins: [ plugins.openstack ])"
-
-terraform apply
-]]></programlisting>
-
-<note><para>You must use double quotes (<literal>"</literal>) when
-passing a simple Nix expression in a nix-shell shebang.</para></note>
-</para>
-
-<para>Finally, using the merging of multiple nix-shell shebangs the
-following Haskell script uses a specific branch of Nixpkgs/NixOS (the
-18.03 stable branch):
-
-<programlisting><![CDATA[
-#! /usr/bin/env nix-shell
-#! nix-shell -i runghc -p "haskellPackages.ghcWithPackages (ps: [ps.HTTP ps.tagsoup])"
-#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.03.tar.gz
-
-import Network.HTTP
-import Text.HTML.TagSoup
-
--- Fetch nixos.org and print all hrefs.
-main = do
-  resp <- Network.HTTP.simpleHTTP (getRequest "http://nixos.org/")
-  body <- getResponseBody resp
-  let tags = filter (isTagOpenName "a") $ parseTags body
-  let tags' = map (fromAttrib "href") tags
-  mapM_ putStrLn $ filter (/= "") tags'
-]]></programlisting>
-
-If you want to be even more precise, you can specify a specific
-revision of Nixpkgs:
-
-<programlisting>
-#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/0672315759b3e15e2121365f067c1c8c56bb4722.tar.gz
-</programlisting>
-
-</para>
-
-<para>The examples above all used <option>-p</option> to get
-dependencies from Nixpkgs. You can also use a Nix expression to build
-your own dependencies. For example, the Python example could have been
-written as:
-
-<programlisting>
-#! /usr/bin/env nix-shell
-#! nix-shell deps.nix -i python
-</programlisting>
-
-where the file <filename>deps.nix</filename> in the same directory
-as the <literal>#!</literal>-script contains:
-
-<programlisting>
-with import &lt;nixpkgs> {};
-
-runCommand "dummy" { buildInputs = [ python pythonPackages.prettytable ]; } ""
-</programlisting>
-
 </para>
 
 </refsection>

doc/manual/command-ref/nix-store.xml

@@ -194,25 +194,6 @@ printed.)</para>
 
   </varlistentry>
 
-  <varlistentry><term><option>--check</option></term>
-
-    <listitem><para>This option allows you to check whether a
-    derivation is deterministic. It rebuilds the specified derivation
-    and checks whether the result is bitwise-identical with the
-    existing outputs, printing an error if that’s not the case. The
-    outputs of the specified derivation must already exist. When used
-    with <option>-K</option>, if an output path is not identical to
-    the corresponding output from the previous build, the new output
-    path is left in
-    <filename>/nix/store/<replaceable>name</replaceable>.check.</filename></para>
-
-    <para>See also the <option>build-repeat</option> configuration
-    option, which repeats a derivation a number of times and prevents
-    its outputs from being registered as “valid” in the Nix store
-    unless they are identical.</para></listitem>
-
-  </varlistentry>
-
 </variablelist>
 
 </refsection>
@@ -231,73 +212,6 @@ $ nix-store -r $(nix-instantiate ./test.nix)
 This is essentially what <link
 linkend="sec-nix-build"><command>nix-build</command></link> does.</para>
 
-<para>To test whether a previously-built derivation is deterministic:
-
-<screen>
-$ nix-build '&lt;nixpkgs>' -A hello --check -K
-</screen>
-
-</para>
-
-</refsection>
-
-
-</refsection>
-
-
-
-<!--######################################################################-->
-
-<refsection xml:id='rsec-nix-store-serve'><title>Operation <option>--serve</option></title>
-
-<refsection><title>Synopsis</title>
-
-<cmdsynopsis>
-  <command>nix-store</command>
-  <arg choice='plain'><option>--serve</option></arg>
-  <arg><option>--write</option></arg>
-</cmdsynopsis>
-
-</refsection>
-
-<refsection><title>Description</title>
-
-<para>The operation <option>--serve</option> provides access to
-the Nix store over stdin and stdout, and is intended to be used
-as a means of providing Nix store access to a restricted ssh user.
-</para>
-
-<para>The following flags are available:</para>
-
-<variablelist>
-
-  <varlistentry><term><option>--write</option></term>
-
-    <listitem><para>Allow the connected client to request the realization
-    of derivations. In effect, this can be used to make the host act
-    as a remote builder.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</refsection>
-
-
-<refsection><title>Examples</title>
-
-<para>To turn a host into a build server, the
-<filename>authorized_keys</filename> file can be used to provide build
-access to a given SSH public key:
-
-<screen>
-$ cat &lt;&lt;EOF >>/root/.ssh/authorized_keys
-command="nice -n20 nix-store --serve --write" ssh-rsa AAAAB3NzaC1yc2EAAAA...
-EOF
-</screen>
-
-</para>
-
 </refsection>
 
 
@@ -397,9 +311,9 @@ options control what gets deleted and in what order:
 </para>
 
 <para>The behaviour of the collector is also influenced by the <link
-linkend="conf-keep-outputs"><literal>keep-outputs</literal></link>
+linkend="conf-gc-keep-outputs"><literal>gc-keep-outputs</literal></link>
 and <link
-linkend="conf-keep-derivations"><literal>keep-derivations</literal></link>
+linkend="conf-gc-keep-derivations"><literal>gc-keep-derivations</literal></link>
 variables in the Nix configuration file.</para>
 
 <para>With <option>--delete</option>, the collector prints the total
@@ -501,11 +415,10 @@ error: cannot delete path `/nix/store/zq0h41l75vlb4z45kzgjjmsjxvcv1qk7-mesa-6.4'
     <arg choice='plain'><option>--referrers</option></arg>
     <arg choice='plain'><option>--referrers-closure</option></arg>
     <arg choice='plain'><option>--deriver</option></arg>
-    <arg choice='plain'><option>-d</option></arg>
+    <arg choice='plain'><option>--deriver</option></arg>
     <arg choice='plain'><option>--graph</option></arg>
     <arg choice='plain'><option>--tree</option></arg>
     <arg choice='plain'><option>--binding</option> <replaceable>name</replaceable></arg>
-    <arg choice='plain'><option>-b</option> <replaceable>name</replaceable></arg>
     <arg choice='plain'><option>--hash</option></arg>
     <arg choice='plain'><option>--size</option></arg>
     <arg choice='plain'><option>--roots</option></arg>
@@ -643,7 +556,6 @@ query is applied to the target of the symlink.</para>
   </varlistentry>
 
   <varlistentry><term><option>--deriver</option></term>
-    <term><option>-d</option></term>
 
     <listitem><para>Prints the <link
     linkend="gloss-deriver">deriver</link> of the store paths
@@ -679,20 +591,7 @@ query is applied to the target of the symlink.</para>
 
   </varlistentry>
 
-  <varlistentry><term><option>--graphml</option></term>
-
-    <listitem><para>Prints the references graph of the store paths
-    <replaceable>paths</replaceable> in the <link
-    xlink:href="http://graphml.graphdrawing.org/">GraphML</link> file format.
-    This can be used to visualise dependency graphs. To obtain a
-    build-time dependency graph, apply this to a store derivation. To
-    obtain a runtime dependency graph, apply it to an output
-    path.</para></listitem>
-
-  </varlistentry>
-
   <varlistentry><term><option>--binding</option> <replaceable>name</replaceable></term>
-    <term><option>-b</option> <replaceable>name</replaceable></term>
 
     <listitem><para>Prints the value of the attribute
     <replaceable>name</replaceable> (i.e., environment variable) of
@@ -1130,18 +1029,18 @@ path).</para>
 <para>This command does not produce a <emphasis>closure</emphasis> of
 the specified paths, so if a store path references other store paths
 that are missing in the target Nix store, the import will fail.  To
-copy a whole closure, do something like:
+copy a whole closure, do something like
 
 <screen>
 $ nix-store --export $(nix-store -qR <replaceable>paths</replaceable>) > out</screen>
 
-To import the whole closure again, run:
-
-<screen>
-$ nix-store --import &lt; out</screen>
-
 </para>
 
+<para>For an example of how <option>--export</option> and
+<option>--import</option> can be used, see the source of the <command
+linkend="sec-nix-copy-closure">nix-copy-closure</command>
+command.</para>
+
 </refsection>
 
 
@@ -1251,7 +1150,12 @@ the store path is used.</para>
 <filename>/nix/var/log/nix/drvs</filename>.  However, there is no
 guarantee that a build log is available for any particular store path.
 For instance, if the path was downloaded as a pre-built binary through
-a substitute, then the log is unavailable.</para>
+a substitute, then the log is unavailable. If the log is not available
+locally, then <command>nix-store</command> will try to download the
+log from the servers specified in the Nix option
+<option>log-servers</option>. For example, if it’s set to
+<literal>http://hydra.nixos.org/log</literal>, then Nix will check
+<literal>http://hydra.nixos.org/log/<replaceable>base-name</replaceable></literal>.</para>
 
 </refsection>
 
@@ -1282,7 +1186,6 @@ ktorrent-2.2.1/NEWS
   <cmdsynopsis>
     <command>nix-store</command>
     <arg choice='plain'><option>--dump-db</option></arg>
-    <arg rep='repeat'><replaceable>paths</replaceable></arg>
   </cmdsynopsis>
 </refsection>
 
@@ -1293,13 +1196,6 @@ Nix database to standard output.  It can be loaded into an empty Nix
 store using <option>--load-db</option>.  This is useful for making
 backups and when migrating to different database schemas.</para>
 
-<para>By default, <option>--dump-db</option> will dump the entire Nix
-database.  When one or more store paths is passed, only the subset of
-the Nix database for those store paths is dumped.  As with
-<option>--export</option>, the user is responsible for passing all the
-store paths for a closure.  See <option>--export</option> for an
-example.</para>
-
 </refsection>
 
 </refsection>
@@ -1368,47 +1264,74 @@ export _args; _args='-e /nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25c-default-buil
 
 <!--######################################################################-->
 
-<refsection xml:id='rsec-nix-store-generate-binary-cache-key'><title>Operation <option>--generate-binary-cache-key</option></title>
+<refsection><title>Operation <option>--query-failed-paths</option></title>
 
 <refsection>
   <title>Synopsis</title>
   <cmdsynopsis>
     <command>nix-store</command>
-    <arg choice='plain'>
-      <option>--generate-binary-cache-key</option>
-      <option>key-name</option>
-      <option>secret-key-file</option>
-      <option>public-key-file</option>
-    </arg>
+    <arg choice='plain'><option>--query-failed-paths</option></arg>
   </cmdsynopsis>
 </refsection>
 
 <refsection><title>Description</title>
 
-<para>This command generates an <link
-xlink:href="http://ed25519.cr.yp.to/">Ed25519 key pair</link> that can
-be used to create a signed binary cache. It takes three mandatory
-parameters:
+<para>If build failure caching is enabled through the
+<literal>build-cache-failures</literal> configuration option, the
+operation <option>--query-failed-paths</option> will print out all
+store paths that have failed to build.</para>
 
-<orderedlist>
+</refsection>
 
-  <listitem><para>A key name, such as
-  <literal>cache.example.org-1</literal>, that is used to look up keys
-  on the client when it verifies signatures. It can be anything, but
-  it’s suggested to use the host name of your cache
-  (e.g. <literal>cache.example.org</literal>) with a suffix denoting
-  the number of the key (to be incremented every time you need to
-  revoke a key).</para></listitem>
+<refsection><title>Example</title>
 
-  <listitem><para>The file name where the secret key is to be
-  stored.</para></listitem>
+<screen>
+$ nix-store --query-failed-paths
+/nix/store/000zi5dcla86l92jn1g997jb06sidm7x-perl-PerlMagick-6.59
+/nix/store/0011iy7sfwbc1qj5a1f6ifjnbcdail8a-haskell-gitit-ghc7.0.4-0.8.1
+/nix/store/001c0yn1hkh86gprvrb46cxnz3pki7q3-gamin-0.1.10
+<replaceable>…</replaceable>
+</screen>
 
-  <listitem><para>The file name where the public key is to be
-  stored.</para></listitem>
+</refsection>
 
-</orderedlist>
+</refsection>
 
-</para>
+
+<!--######################################################################-->
+
+<refsection><title>Operation <option>--clear-failed-paths</option></title>
+
+<refsection>
+  <title>Synopsis</title>
+  <cmdsynopsis>
+    <command>nix-store</command>
+    <arg choice='plain'><option>--clear-failed-paths</option></arg>
+    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
+  </cmdsynopsis>
+</refsection>
+
+<refsection><title>Description</title>
+
+<para>If build failure caching is enabled through the
+<literal>build-cache-failures</literal> configuration option, the
+operation <option>--clear-failed-paths</option> clears the “failed”
+state of the given store paths, allowing them to be built again.  This
+is useful if the failure was actually transient (e.g. because the disk
+was full).</para>
+
+<para>If a path denotes a derivation, its output paths are cleared.
+You can provide the argument <literal>*</literal> to clear all store
+paths.</para>
+
+</refsection>
+
+<refsection><title>Example</title>
+
+<screen>
+$ nix-store --clear-failed-paths /nix/store/000zi5dcla86l92jn1g997jb06sidm7x-perl-PerlMagick-6.59
+$ nix-store --clear-failed-paths *
+</screen>
 
 </refsection>
 

doc/manual/command-ref/opt-common-syn.xml

@@ -2,21 +2,10 @@
   
 <arg><option>--help</option></arg>
 <arg><option>--version</option></arg>
-<arg rep='repeat'>
-  <group choice='req'>
-    <arg choice='plain'><option>--verbose</option></arg>
-    <arg choice='plain'><option>-v</option></arg>
-  </group>
-</arg>
-<arg>
-  <arg choice='plain'><option>--quiet</option></arg>
-</arg>
-<arg>
-  <group choice='plain'>
-    <arg choice='plain'><option>--no-build-output</option></arg>
-    <arg choice='plain'><option>-Q</option></arg>
-  </group>
-</arg>
+<arg rep='repeat'><option>--verbose</option></arg>
+<arg rep='repeat'><option>-v</option></arg>
+<arg><option>--no-build-output</option></arg>
+<arg><option>-Q</option></arg>
 <arg>
   <group choice='req'>
     <arg choice='plain'><option>--max-jobs</option></arg>
@@ -36,20 +25,14 @@
   <option>--timeout</option>
   <replaceable>number</replaceable>
 </arg>
-<arg>
-  <group choice='plain'>
-    <arg choice='plain'><option>--keep-going</option></arg>
-    <arg choice='plain'><option>-k</option></arg>
-  </group>
-</arg>
-<arg>
-  <group choice='plain'>
-    <arg choice='plain'><option>--keep-failed</option></arg>
-    <arg choice='plain'><option>-K</option></arg>
-  </group>
-</arg>
+<arg><option>--keep-going</option></arg>
+<arg><option>-k</option></arg>
+<arg><option>--keep-failed</option></arg>
+<arg><option>-K</option></arg>
 <arg><option>--fallback</option></arg>
 <arg><option>--readonly-mode</option></arg>
+<arg><option>--log-type</option> <replaceable>type</replaceable></arg>
+<arg><option>--show-trace</option></arg>
 <arg>
   <option>-I</option>
   <replaceable>path</replaceable>

doc/manual/command-ref/opt-common.xml

@@ -22,7 +22,8 @@
 </varlistentry>
 
 
-<varlistentry><term><option>--verbose</option> / <option>-v</option></term>
+<varlistentry><term><option>--verbose</option></term>
+  <term><option>-v</option></term>
 
   <listitem>
 
@@ -75,24 +76,8 @@
 </varlistentry>
 
 
-<varlistentry><term><option>--quiet</option></term>
-
-  <listitem>
-
-  <para>Decreases the level of verbosity of diagnostic messages
-  printed on standard error.  This is the inverse option to
-  <option>-v</option> / <option>--verbose</option>.
-  </para>
-
-  <para>This option may be specified repeatedly.  See the previous
-  verbosity levels list.</para>
-
-  </listitem>
-
-</varlistentry>
-
-
-<varlistentry><term><option>--no-build-output</option> / <option>-Q</option></term>
+<varlistentry><term><option>--no-build-output</option></term>
+  <term><option>-Q</option></term>
 
   <listitem><para>By default, output written by builders to standard
   output and standard error is echoed to the Nix command's standard
@@ -104,14 +89,13 @@
 </varlistentry>
 
 
-<varlistentry xml:id="opt-max-jobs"><term><option>--max-jobs</option> / <option>-j</option>
-<replaceable>number</replaceable></term>
+<varlistentry xml:id="opt-max-jobs"><term><option>--max-jobs</option></term>
+  <term><option>-j</option></term>
 
   <listitem><para>Sets the maximum number of build jobs that Nix will
-  perform in parallel to the specified number.  Specify
-  <literal>auto</literal> to use the number of CPUs in the system.
-  The default is specified by the <link
-  linkend='conf-max-jobs'><literal>max-jobs</literal></link>
+  perform in parallel to the specified number.  The default is
+  specified by the <link
+  linkend='conf-build-max-jobs'><literal>build-max-jobs</literal></link>
   configuration setting, which itself defaults to
   <literal>1</literal>.  A higher value is useful on SMP systems or to
   exploit I/O latency.</para></listitem>
@@ -129,7 +113,7 @@
   <literal>true</literal>, the builder passes the
   <option>-j<replaceable>N</replaceable></option> flag to GNU Make.
   It defaults to the value of the <link
-  linkend='conf-cores'><literal>cores</literal></link>
+  linkend='conf-build-cores'><literal>build-cores</literal></link>
   configuration setting, if set, or <literal>1</literal> otherwise.
   The value <literal>0</literal> means that the builder should use all
   available CPU cores in the system.</para></listitem>
@@ -142,7 +126,7 @@
   <listitem><para>Sets the maximum number of seconds that a builder
   can go without producing any data on standard output or standard
   error.  The default is specified by the <link
-  linkend='conf-max-silent-time'><literal>max-silent-time</literal></link>
+  linkend='conf-build-max-silent-time'><literal>build-max-silent-time</literal></link>
   configuration setting.  <literal>0</literal> means no
   time-out.</para></listitem>
 
@@ -152,13 +136,14 @@
 
   <listitem><para>Sets the maximum number of seconds that a builder
   can run.  The default is specified by the <link
-  linkend='conf-timeout'><literal>timeout</literal></link>
+  linkend='conf-build-timeout'><literal>build-timeout</literal></link>
   configuration setting.  <literal>0</literal> means no
   timeout.</para></listitem>
 
 </varlistentry>
 
-<varlistentry><term><option>--keep-going</option> / <option>-k</option></term>
+<varlistentry><term><option>--keep-going</option></term>
+  <term><option>-k</option></term>
 
   <listitem><para>Keep going in case of failed builds, to the
   greatest extent possible.  That is, if building an input of some
@@ -170,7 +155,8 @@
 </varlistentry>
 
 
-<varlistentry><term><option>--keep-failed</option> / <option>-K</option></term>
+<varlistentry><term><option>--keep-failed</option></term>
+  <term><option>-K</option></term>
 
   <listitem><para>Specifies that in case of a build failure, the
   temporary directory (usually in <filename>/tmp</filename>) in which
@@ -205,23 +191,6 @@
 
 </varlistentry>
 
-<varlistentry><term><option>--no-build-hook</option></term>
-
-  <listitem>
-
-  <para>Disables the build hook mechanism.  This allows to ignore remote
-  builders if they are setup on the machine.</para>
-
-  <para>It's useful in cases where the bandwidth between the client and the
-  remote builder is too low.  In that case it can take more time to upload the
-  sources to the remote builder and fetch back the result than to do the
-  computation locally.</para>
-
-  </listitem>
-
-</varlistentry>
-
-
 
 <varlistentry><term><option>--readonly-mode</option></term>
 
@@ -232,6 +201,61 @@
 </varlistentry>
 
 
+<varlistentry xml:id="opt-log-type"><term><option>--log-type</option>
+<replaceable>type</replaceable></term>
+
+  <listitem>
+
+  <para>This option determines how the output written to standard
+  error is formatted.  Nix’s diagnostic messages are typically
+  <emphasis>nested</emphasis>.  For instance, when tracing Nix
+  expression evaluation (<command>nix-env -vvvvv</command>, messages
+  from subexpressions are nested inside their parent expressions.  Nix
+  builder output is also often nested.  For instance, the Nix Packages
+  generic builder nests the various build tasks (unpack, configure,
+  compile, etc.), and the GNU Make in <literal>stdenv-linux</literal>
+  has been patched to provide nesting for recursive Make
+  invocations.</para>
+
+  <para><replaceable>type</replaceable> can be one of the
+  following:
+
+  <variablelist>
+
+    <varlistentry><term><literal>pretty</literal></term>
+
+      <listitem><para>Pretty-print the output, indicating different
+      nesting levels using spaces.  This is the
+      default.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>escapes</literal></term>
+
+      <listitem><para>Indicate nesting using escape codes that can be
+      interpreted by the <command>nix-log2xml</command> tool in the
+      Nix source distribution.  The resulting XML file can be fed into
+      the <command>log2html.xsl</command> stylesheet to create an HTML
+      file that can be browsed interactively, using JavaScript to
+      expand and collapse parts of the output.</para></listitem>
+
+    </varlistentry>
+
+    <varlistentry><term><literal>flat</literal></term>
+
+      <listitem><para>Remove all nesting.</para></listitem>
+
+    </varlistentry>
+
+  </variablelist>
+
+  </para>
+
+  </listitem>
+
+</varlistentry>
+
+
 <varlistentry><term><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></term>
 
   <listitem><para>This option is accepted by
@@ -249,8 +273,9 @@
   named <replaceable>name</replaceable>, it will call it with value
   <replaceable>value</replaceable>.</para>
 
-  <para>For instance, the top-level <literal>default.nix</literal> in
-  Nixpkgs is actually a function:
+  <para>For instance, the file
+  <literal>pkgs/top-level/all-packages.nix</literal> in Nixpkgs is
+  actually a function:
 
 <programlisting>
 { # The system (e.g., `i686-linux') for which to build the packages.
@@ -318,6 +343,13 @@
 
 </varlistentry>
 
+<varlistentry><term><option>--show-trace</option></term>
+
+  <listitem><para>Causes Nix to print out a stack trace in case of Nix
+  expression evaluation errors.</para></listitem>
+
+</varlistentry>
+
 
 <varlistentry xml:id="opt-I"><term><option>-I</option> <replaceable>path</replaceable></term>
 

doc/manual/command-ref/utilities.xml

@@ -13,8 +13,12 @@ work with Nix.</para>
 <xi:include href="nix-collect-garbage.xml" />
 <xi:include href="nix-copy-closure.xml" />
 <xi:include href="nix-daemon.xml" />
+<xi:include href="nix-generate-patches.xml" />
 <xi:include href="nix-hash.xml" />
+<xi:include href="nix-install-package.xml" />
 <xi:include href="nix-instantiate.xml" />
 <xi:include href="nix-prefetch-url.xml" />
+<xi:include href="nix-pull.xml" />
+<xi:include href="nix-push.xml" />
 
-</chapter>
+</chapter>

doc/manual/expressions/advanced-attributes.xml

@@ -40,7 +40,7 @@ allowedReferences = [];
     recursively.  For example,
 
 <programlisting>
-allowedRequisites = [ foobar ];
+allowedReferences = [ foobar ];
 </programlisting>
 
     enforces that the output of a derivation cannot have any other
@@ -50,40 +50,6 @@ allowedRequisites = [ foobar ];
 
   </varlistentry>
 
-  <varlistentry><term><varname>disallowedReferences</varname></term>
-
-    <listitem><para>The optional attribute
-    <varname>disallowedReferences</varname> specifies a list of illegal
-    references (dependencies) of the output of the builder.  For
-    example,
-
-<programlisting>
-disallowedReferences = [ foo ];
-</programlisting>
-
-    enforces that the output of a derivation cannot have a direct runtime
-    dependencies on the derivation <varname>foo</varname>.</para></listitem>
-
-  </varlistentry>
-
-
-  <varlistentry><term><varname>disallowedRequisites</varname></term>
-
-    <listitem><para>This attribute is similar to
-    <varname>disallowedReferences</varname>, but it specifies illegal
-    requisites for the whole closure, so all the dependencies
-    recursively.  For example,
-
-<programlisting>
-disallowedRequisites = [ foobar ];
-</programlisting>
-
-    enforces that the output of a derivation cannot have any
-    runtime dependency on <varname>foobar</varname> or any other derivation
-    depending recursively on <varname>foobar</varname>.</para></listitem>
-
-  </varlistentry>
-
 
   <varlistentry><term><varname>exportReferencesGraph</varname></term>
 
@@ -124,39 +90,6 @@ derivation {
   </varlistentry>
 
 
-  <varlistentry><term><varname>impureEnvVars</varname></term>
-
-    <listitem><para>This attribute allows you to specify a list of
-    environment variables that should be passed from the environment
-    of the calling user to the builder.  Usually, the environment is
-    cleared completely when the builder is executed, but with this
-    attribute you can allow specific environment variables to be
-    passed unmodified.  For example, <function>fetchurl</function> in
-    Nixpkgs has the line
-
-<programlisting>
-impureEnvVars = [ "http_proxy" "https_proxy" <replaceable>...</replaceable> ];
-</programlisting>
-
-    to make it use the proxy server configuration specified by the
-    user in the environment variables <envar>http_proxy</envar> and
-    friends.</para>
-
-    <para>This attribute is only allowed in <link
-    linkend="fixed-output-drvs">fixed-output derivations</link>, where
-    impurities such as these are okay since (the hash of) the output
-    is known in advance.  It is ignored for all other
-    derivations.</para>
-
-    <warning><para><varname>impureEnvVars</varname> implementation takes
-    environment variables from the current builder process. When a daemon is
-    building its environmental variables are used. Without the daemon, the
-    environmental variables come from the environment of the
-    <command>nix-build</command>.</para></warning></listitem>
-
-  </varlistentry>
-
-
   <varlistentry xml:id="fixed-output-drvs">
     <term><varname>outputHash</varname></term>
     <term><varname>outputHashAlgo</varname></term>
@@ -179,7 +112,7 @@ impureEnvVars = [ "http_proxy" "https_proxy" <replaceable>...</replaceable> ];
 <programlisting>
 fetchurl {
   url = http://ftp.gnu.org/pub/gnu/hello/hello-2.1.1.tar.gz;
-  sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
+  md5 = "70c9ccf9fac07f762c24f2df2290784d";
 }
 </programlisting>
 
@@ -190,7 +123,7 @@ fetchurl {
 <programlisting>
 fetchurl {
   url = ftp://ftp.nluug.nl/pub/gnu/hello/hello-2.1.1.tar.gz;
-  sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
+  md5 = "70c9ccf9fac07f762c24f2df2290784d";
 }
 </programlisting>
 
@@ -216,7 +149,7 @@ fetchurl {
 <programlisting>
 { stdenv, curl }: # The <command>curl</command> program is used for downloading.
 
-{ url, sha256 }:
+{ url, md5 }:
 
 stdenv.mkDerivation {
   name = baseNameOf (toString url);
@@ -224,10 +157,10 @@ stdenv.mkDerivation {
   buildInputs = [ curl ];
 
   # This is a fixed-output derivation; the output must be a regular
-  # file with SHA256 hash <varname>sha256</varname>.
+  # file with MD5 hash <varname>md5</varname>.
   outputHashMode = "flat";
-  outputHashAlgo = "sha256";
-  outputHash = sha256;
+  outputHashAlgo = "md5";
+  outputHash = md5;
 
   inherit url;
 }
@@ -237,8 +170,8 @@ stdenv.mkDerivation {
 
     <para>The <varname>outputHashAlgo</varname> attribute specifies
     the hash algorithm used to compute the hash.  It can currently be
-    <literal>"sha1"</literal>, <literal>"sha256"</literal> or
-    <literal>"sha512"</literal>.</para>
+    <literal>"md5"</literal>, <literal>"sha1"</literal> or
+    <literal>"sha256"</literal>.</para>
 
     <para>The <varname>outputHashMode</varname> attribute determines
     how the hash is computed.  It must be one of the following two
@@ -251,7 +184,7 @@ stdenv.mkDerivation {
         <listitem><para>The output must be a non-executable regular
         file.  If it isn’t, the build fails.  The hash is simply
         computed over the contents of that file (so it’s equal to what
-        Unix commands like <command>sha256sum</command> or
+        Unix commands like <command>md5sum</command> or
         <command>sha1sum</command> produce).</para>
 
         <para>This is the default.</para></listitem>
@@ -282,29 +215,29 @@ stdenv.mkDerivation {
   </varlistentry>
 
 
-  <varlistentry><term><varname>passAsFile</varname></term>
+  <varlistentry><term><varname>impureEnvVars</varname></term>
 
-    <listitem><para>A list of names of attributes that should be
-    passed via files rather than environment variables.  For example,
-    if you have
+    <listitem><para>This attribute allows you to specify a list of
+    environment variables that should be passed from the environment
+    of the calling user to the builder.  Usually, the environment is
+    cleared completely when the builder is executed, but with this
+    attribute you can allow specific environment variables to be
+    passed unmodified.  For example, <function>fetchurl</function> in
+    Nixpkgs has the line
 
-    <programlisting>
-passAsFile = ["big"];
-big = "a very long string";
-    </programlisting>
+<programlisting>
+impureEnvVars = [ "http_proxy" "https_proxy" <replaceable>...</replaceable> ];
+</programlisting>
 
-    then when the builder runs, the environment variable
-    <envar>bigPath</envar> will contain the absolute path to a
-    temporary file containing <literal>a very long
-    string</literal>. That is, for any attribute
-    <replaceable>x</replaceable> listed in
-    <varname>passAsFile</varname>, Nix will pass an environment
-    variable <envar><replaceable>x</replaceable>Path</envar> holding
-    the path of the file containing the value of attribute
-    <replaceable>x</replaceable>. This is useful when you need to pass
-    large strings to a builder, since most operating systems impose a
-    limit on the size of the environment (typically, a few hundred
-    kilobyte).</para></listitem>
+    to make it use the proxy server configuration specified by the
+    user in the environment variables <envar>http_proxy</envar> and
+    friends.</para>
+
+    <para>This attribute is only allowed in <link
+    linkend="fixed-output-drvs">fixed-output derivations</link>, where
+    impurities such as these are okay since (the hash of) the output
+    is known in advance.  It is ignored for all other
+    derivations.</para></listitem>
 
   </varlistentry>
 
@@ -312,7 +245,9 @@ big = "a very long string";
   <varlistentry><term><varname>preferLocalBuild</varname></term>
 
     <listitem><para>If this attribute is set to
-    <literal>true</literal> and <link
+    <literal>true</literal>, it has two effects.  First, the
+    derivation will always be built, not substituted, even if a
+    substitute is available.  Second, if <link
     linkend="chap-distributed-builds">distributed building is
     enabled</link>, then, if possible, the derivaton will be built
     locally instead of forwarded to a remote machine.  This is
@@ -322,19 +257,6 @@ big = "a very long string";
 
   </varlistentry>
 
-
-  <varlistentry><term><varname>allowSubstitutes</varname></term>
-
-    <listitem><para>If this attribute is set to
-    <literal>false</literal>, then Nix will always build this
-    derivation; it will not try to substitute its outputs. This is
-    useful for very trivial derivations (such as
-    <function>writeText</function> in Nixpkgs) that are cheaper to
-    build than to substitute from a binary cache.</para></listitem>
-
-  </varlistentry>
-
-
 </variablelist>
 
 </section>

doc/manual/expressions/custom-builder.xml

@@ -0,0 +1,26 @@
+<section xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-custom-builder">
+
+<title>Customizing the Generic Builder</title>
+
+<para>The operation of the generic builder can be modified in many
+places by setting certain variables.  These <emphasis>hook
+variables</emphasis> are typically set to the name of some shell
+function defined by you.  For instance, to perform some additional
+steps after <command>make install</command> you would set the
+<varname>postInstall</varname> variable:
+
+<programlisting>
+postInstall=myPostInstall
+
+myPostInstall() {
+    mkdir $out/share/extra
+    cp extrafiles/* $out/share/extra
+}</programlisting>
+
+</para>
+
+</section>

doc/manual/expressions/debug-build.xml

@@ -0,0 +1,33 @@
+<section xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-debug-build">
+
+<title>Debugging Build Failures</title>
+
+<para>At the beginning of each phase, the set of all shell variables
+is written to the file <filename>env-vars</filename> at the top-level
+build directory.  This is useful for debugging: it allows you to
+recreate the environment in which a build was performed.  For
+instance, if a build fails, then assuming you used the
+<option>-K</option> flag, you can go to the output directory and
+<quote>switch</quote> to the environment of the builder:
+
+<screen>
+$ nix-build -K ./foo.nix
+... fails, keeping build directory `/tmp/nix-1234-0'
+
+$ cd /tmp/nix-1234-0
+
+$ source env-vars
+
+<lineannotation>(edit some files...)</lineannotation>
+
+$ make
+
+<lineannotation>(execution continues with the same GCC, make, etc.)</lineannotation></screen>
+
+</para>
+
+</section>

doc/manual/expressions/derivations.xml

@@ -16,7 +16,7 @@ of which specify the inputs of the build.</para>
   <listitem xml:id="attr-system"><para>There must be an attribute named
   <varname>system</varname> whose value must be a string specifying a
   Nix platform identifier, such as <literal>"i686-linux"</literal> or
-  <literal>"x86_64-darwin"</literal><footnote><para>To figure out
+  <literal>"powerpc-darwin"</literal><footnote><para>To figure out
   your platform identifier, look at the line <quote>Checking for the
   canonical Nix system name</quote> in the output of Nix's
   <filename>configure</filename> script.</para></footnote> The build
@@ -43,7 +43,7 @@ of which specify the inputs of the build.</para>
 
     <itemizedlist>
 
-      <listitem><para>Strings and numbers are just passed
+      <listitem><para>Strings and integers are just passed
       verbatim.</para></listitem>
 
       <listitem><para>A <emphasis>path</emphasis> (e.g.,
@@ -100,7 +100,7 @@ outputs = [ "lib" "headers" "doc" ];
 <programlisting>
 buildInputs = [ pkg.lib pkg.headers ];
 </programlisting>
-  The first element of <varname>outputs</varname> determines the
+  The first element of <varname>output</varname> determines the
   <emphasis>default output</emphasis>.  Thus, you could also write
 <programlisting>
 buildInputs = [ pkg pkg.headers ];
@@ -110,12 +110,12 @@ buildInputs = [ pkg pkg.headers ];
 
 </itemizedlist>
 
-<para>The function <function>mkDerivation</function> in the Nixpkgs
-standard environment is a wrapper around
-<function>derivation</function> that adds a default value for
-<varname>system</varname> and always uses Bash as the builder, to
-which the supplied builder is passed as a command-line argument.  See
-the Nixpkgs manual for details.</para>
+<para>The function <function>mkDerivation</function> in the standard
+environment is a wrapper around <function>derivation</function> that
+adds a default value for <varname>system</varname> and always uses
+Bash as the builder, to which the supplied builder is passed as a
+command-line argument.  See <xref linkend='sec-standard-environment'
+/>.</para>
 
 <para>The builder is executed as follows:
 
@@ -208,4 +208,4 @@ the Nixpkgs manual for details.</para>
 
 <xi:include href="advanced-attributes.xml" />
 
-</section>
+</section>

doc/manual/expressions/expression-syntax.xml

@@ -16,7 +16,7 @@ stdenv.mkDerivation { <co xml:id='ex-hello-nix-co-2' />
   builder = ./builder.sh; <co xml:id='ex-hello-nix-co-4' />
   src = fetchurl { <co xml:id='ex-hello-nix-co-5' />
     url = ftp://ftp.nluug.nl/pub/gnu/hello/hello-2.1.1.tar.gz;
-    sha256 = "1md7jsfd8pa45z73bz1kszpp01yw6x5ljkjk2hx7wl800any6465";
+    md5 = "70c9ccf9fac07f762c24f2df2290784d";
   };
   inherit perl; <co xml:id='ex-hello-nix-co-6' />
 }</programlisting>
@@ -108,7 +108,7 @@ the single Nix expression in that directory
     <para>The builder has to know what the sources of the package
     are.  Here, the attribute <varname>src</varname> is bound to the
     result of a call to the <command>fetchurl</command> function.
-    Given a URL and a SHA-256 hash of the expected contents of the file
+    Given a URL and an MD5 hash of the expected contents of the file
     at that URL, this function builds a derivation that downloads the
     file and checks its hash.  So the sources are a dependency that
     like all other dependencies is built before Hello itself is
@@ -145,4 +145,4 @@ perl = perl;</programlisting>
 
 </para>
 
-</section>
+</section>

doc/manual/expressions/generic-builder.xml

@@ -71,7 +71,7 @@ genericBuild <co xml:id='ex-hello-builder2-co-3' /></programlisting>
     generic builder is smart enough to figure out whether to unpack
     the sources using <command>gzip</command>,
     <command>bzip2</command>, etc.  It can be customised in many ways;
-    see the Nixpkgs manual for details.</para>
+    see <xref linkend='sec-standard-environment' />.</para>
 
   </callout>
 
@@ -95,4 +95,4 @@ In fact, <varname>mkDerivation</varname> provides a default builder
 that looks exactly like that, so it is actually possible to omit the
 builder for Hello entirely.</para>
 
-</section>
+</section>

doc/manual/expressions/language-constructs.xml

@@ -41,7 +41,7 @@ encountered</quote>).</para></footnote>.</para>
 </simplesect>
 
 
-<simplesect xml:id="sect-let-expressions"><title>Let-expressions</title>
+<simplesect><title>Let-expressions</title>
 
 <para>A let-expression allows you define local variables for an
 expression.  For instance,
@@ -61,7 +61,7 @@ evaluates to <literal>"foobar"</literal>.
 
 <simplesect><title>Inheriting attributes</title>
 
-<para>When defining a set or in a let-expression it is often convenient to copy variables
+<para>When defining a set it is often convenient to copy variables
 from the surrounding lexical scope (e.g., when you want to propagate
 attributes).  This can be shortened using the
 <literal>inherit</literal> keyword.  For instance,
@@ -72,15 +72,7 @@ let x = 123; in
   y = 456;
 }</programlisting>
 
-is equivalent to
-
-<programlisting>
-let x = 123; in
-{ x = x;
-  y = 456;
-}</programlisting>
-
-and both evaluate to <literal>{ x = 123; y = 456; }</literal>. (Note that
+evaluates to <literal>{ x = 123; y = 456; }</literal>.  (Note that
 this works because <varname>x</varname> is added to the lexical scope
 by the <literal>let</literal> construct.)  It is also possible to
 inherit attributes from another set.  For instance, in this fragment
@@ -109,26 +101,6 @@ variables from the surrounding scope (<varname>fetchurl</varname>
 <varname>libXaw</varname> (the X Athena Widgets) from the
 <varname>xlibs</varname> (X11 client-side libraries) set.</para>
 
-<para>
-Summarizing the fragment
-
-<programlisting>
-...
-inherit x y z;
-inherit (src-set) a b c;
-...</programlisting>
-
-is equivalent to
-
-<programlisting>
-...
-x = x; y = y; z = z;
-a = src-set.a; b = src-set.b; c = src-set.c;
-...</programlisting>
-
-when used while defining local variables in a let-expression or
-while defining a set.</para>
-
 </simplesect>
 
 
@@ -205,19 +177,13 @@ map (concat "foo") [ "bar" "bla" "abc" ]</programlisting>
   <listitem><para>An <literal>@</literal>-pattern provides a means of referring
   to the whole value being matched:
 
-<programlisting> args@{ x, y, z, ... }: z + y + x + args.a</programlisting>
-
-but can also be written as:
-
-<programlisting> { x, y, z, ... } @ args: z + y + x + args.a</programlisting>
+<programlisting>
+args@{ x, y, z, ... }: z + y + x + args.a</programlisting>
 
   Here <varname>args</varname> is bound to the entire argument, which
   is further matched against the pattern <literal>{ x, y, z,
-  ... }</literal>. <literal>@</literal>-pattern makes mainly sense with an 
-  ellipsis(<literal>...</literal>) as you can access attribute names as 
-  <literal>a</literal>, using <literal>args.a</literal>, which was given as an
-  additional attribute to the function.
-  </para></listitem>
+  ... }</literal>.</para></listitem>
+
 
 </itemizedlist>
 
@@ -361,20 +327,7 @@ with (import ./definitions.nix); ...</programlisting>
 
 makes all attributes defined in the file
 <filename>definitions.nix</filename> available as if they were defined
-locally in a <literal>let</literal>-expression.</para>
-
-<para>The bindings introduced by <literal>with</literal> do not shadow bindings
-introduced by other means, e.g.
-
-<programlisting>
-let a = 3; in with { a = 1; }; let a = 4; in with { a = 2; }; ...</programlisting>
-
-establishes the same scope as
-
-<programlisting>
-let a = 1; in let a = 2; in let a = 3; in let a = 4; in ...</programlisting>
-
-</para>
+locally in a <literal>rec</literal>-expression.</para>
 
 </simplesect>
 
@@ -388,4 +341,4 @@ character, or inline/multi-line, enclosed within <literal>/*
 </simplesect>
 
 
-</section>
+</section>

doc/manual/expressions/language-operators.xml

@@ -40,11 +40,6 @@ weakest binding).</para>
         <entry>Call function <replaceable>e1</replaceable> with
         argument <replaceable>e2</replaceable>.</entry>
       </row>
-      <row>
-        <entry><literal>-</literal> <replaceable>e</replaceable></entry>
-        <entry>none</entry>
-        <entry>Arithmetic negation.</entry>
-      </row>
       <row>
         <entry><replaceable>e</replaceable> <literal>?</literal>
         <replaceable>attrpath</replaceable></entry>
@@ -60,24 +55,13 @@ weakest binding).</para>
         <entry>List concatenation.</entry>
       </row>
       <row>
-        <entry>
-          <replaceable>e1</replaceable> <literal>*</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>/</literal> <replaceable>e2</replaceable>
-        </entry>
+        <entry><replaceable>e1</replaceable> <literal>+</literal> <replaceable>e2</replaceable></entry>
         <entry>left</entry>
-        <entry>Arithmetic multiplication and division.</entry>
-      </row>
-      <row>
-        <entry>
-          <replaceable>e1</replaceable> <literal>+</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>-</literal> <replaceable>e2</replaceable>
-        </entry>
-        <entry>left</entry>
-        <entry>Arithmetic addition and subtraction.  String or path concatenation (only by <literal>+</literal>).</entry>
+        <entry>String or path concatenation.</entry>
       </row>
       <row>
         <entry><literal>!</literal> <replaceable>e</replaceable></entry>
-        <entry>none</entry>
+        <entry>left</entry>
         <entry>Boolean negation.</entry>
       </row>
       <row>
@@ -91,22 +75,16 @@ weakest binding).</para>
         attributes).</entry>
       </row>
       <row>
-        <entry>
-          <replaceable>e1</replaceable> <literal>&lt;</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>&gt;</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>&lt;=</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>&gt;=</literal> <replaceable>e2</replaceable>
-        </entry>
+        <entry><replaceable>e1</replaceable> <literal>==</literal>
+        <replaceable>e2</replaceable></entry>
         <entry>none</entry>
-        <entry>Arithmetic comparison.</entry>
+        <entry>Equality.</entry>
       </row>
       <row>
-        <entry>
-          <replaceable>e1</replaceable> <literal>==</literal> <replaceable>e2</replaceable>,
-          <replaceable>e1</replaceable> <literal>!=</literal> <replaceable>e2</replaceable>
-        </entry>
+        <entry><replaceable>e1</replaceable> <literal>!=</literal>
+        <replaceable>e2</replaceable></entry>
         <entry>none</entry>
-        <entry>Equality and inequality.</entry>
+        <entry>Inequality.</entry>
       </row>
       <row>
         <entry><replaceable>e1</replaceable> <literal>&amp;&amp;</literal>

doc/manual/expressions/language-values.xml

@@ -98,17 +98,13 @@ configureFlags = "
 
     <para>Since <literal>${</literal> and <literal>''</literal> have
     special meaning in indented strings, you need a way to quote them.
-    <literal>$</literal> can be escaped by prefixing it with
+    <literal>${</literal> can be escaped by prefixing it with
     <literal>''</literal> (that is, two single quotes), i.e.,
-    <literal>''$</literal>. <literal>''</literal> can be escaped by
+    <literal>''${</literal>.  <literal>''</literal> can be escaped by
     prefixing it with <literal>'</literal>, i.e.,
-    <literal>'''</literal>. <literal>$</literal> removes any special meaning
-    from the following <literal>$</literal>. Linefeed, carriage-return and tab
-    characters can be written as <literal>''\n</literal>,
-    <literal>''\r</literal>, <literal>''\t</literal>, and <literal>''\</literal>
-    escapes any other character.
-
-    </para>
+    <literal>'''</literal>.  Finally, linefeed, carriage-return and
+    tab characters can be written as <literal>''\n</literal>,
+    <literal>''\r</literal>, <literal>''\t</literal>.</para>
 
     <para>Indented strings are primarily useful in that they allow
     multi-line string literals to follow the indentation of the
@@ -144,13 +140,8 @@ stdenv.mkDerivation {
 
   </listitem>
 
-  <listitem><para>Numbers, which can be <emphasis>integers</emphasis> (like
-  <literal>123</literal>) or <emphasis>floating point</emphasis> (like
-  <literal>123.43</literal> or <literal>.27e13</literal>).</para>
-
-  <para>Numbers are type-compatible: pure integer operations will always
-  return integers, whereas any operation involving at least one floating point
-  number will have a floating point number as a result.</para></listitem>
+  <listitem><para><emphasis>Integers</emphasis>, e.g.,
+  <literal>123</literal>.</para></listitem>
 
   <listitem><para><emphasis>Paths</emphasis>, e.g.,
   <filename>/bin/sh</filename> or <filename>./builder.sh</filename>.
@@ -164,23 +155,7 @@ stdenv.mkDerivation {
   expression that contained it.  For instance, if a Nix expression in
   <filename>/foo/bar/bla.nix</filename> refers to
   <filename>../xyzzy/fnord.nix</filename>, the absolute path is
-  <filename>/foo/xyzzy/fnord.nix</filename>.</para>
-
-  <para>If the first component of a path is a <literal>~</literal>,
-  it is interpreted as if the rest of the path were relative to the
-  user's home directory. e.g. <filename>~/foo</filename> would be
-  equivalent to <filename>/home/edolstra/foo</filename> for a user
-  whose home directory is <filename>/home/edolstra</filename>.
-  </para>
-
-  <para>Paths can also be specified between angle brackets, e.g.
-  <literal>&lt;nixpkgs&gt;</literal>. This means that the directories
-  listed in the environment variable
-  <envar linkend="env-NIX_PATH">NIX_PATH</envar> will be searched
-  for the given file or directory name.
-  </para>
-
-  </listitem>
+  <filename>/foo/xyzzy/fnord.nix</filename>.</para></listitem>
 
   <listitem><para><emphasis>Booleans</emphasis> with values
   <literal>true</literal> and
@@ -289,23 +264,6 @@ added to the set:
 This will evaluate to <literal>{}</literal> if <literal>foo</literal>
 evaluates to <literal>false</literal>.</para>
 
-<para>A set that has a <literal>__functor</literal> attribute whose value
-is callable (i.e. is itself a function or a set with a
-<literal>__functor</literal> attribute whose value is callable) can be
-applied as if it were a function, with the set itself passed in first
-, e.g.,
-
-<programlisting>
-let add = { __functor = self: x: x + self.x; };
-    inc = add // { x = 1; };
-in inc 1
-</programlisting>
-
-evaluates to <literal>2</literal>. This can be used to attach metadata to a
-function without the caller needing to treat it specially, or to implement
-a form of object-oriented programming, for example.
-
-</para>
 
 </simplesect>
 

doc/manual/expressions/simple-building-testing.xml

@@ -7,14 +7,15 @@
 <title>Building and Testing</title>
 
 <para>You can now try to build Hello.  Of course, you could do
-<literal>nix-env -i hello</literal>, but you may not want to install a
-possibly broken package just yet.  The best way to test the package is by
-using the command <command linkend="sec-nix-build">nix-build</command>,
-which builds a Nix expression and creates a symlink named
-<filename>result</filename> in the current directory:
+<literal>nix-env -f pkgs/top-level/all-packages.nix -i hello</literal>,
+but you may not want to install a possibly broken package just yet.
+The best way to test the package is by using the command <command
+linkend="sec-nix-build">nix-build</command>, which builds a Nix
+expression and creates a symlink named <filename>result</filename> in
+the current directory:
 
 <screen>
-$ nix-build -A hello
+$ nix-build pkgs/top-level/all-packages.nix -A hello
 building path `/nix/store/632d2b22514d...-hello-2.1.1'
 hello-2.1.1/
 hello-2.1.1/intl/
@@ -28,7 +29,8 @@ $ ./result/bin/hello
 Hello, world!</screen>
 
 The <link linkend='opt-attr'><option>-A</option></link> option selects
-the <literal>hello</literal> attribute.  This is faster than using the
+the <literal>hello</literal> attribute from
+<filename>all-packages.nix</filename>.  This is faster than using the
 symbolic package name specified by the <literal>name</literal>
 attribute (which also happens to be <literal>hello</literal>) and is
 unambiguous (there can be multiple packages with the symbolic name
@@ -67,7 +69,7 @@ block (or perform other derivations if available) until the build
 finishes:
 
 <screen>
-$ nix-build -A hello
+$ nix-build pkgs/top-level/all-packages.nix -A hello
 waiting for lock on `/nix/store/0h5b7hp8d4hqfrw8igvx97x1xawrjnac-hello-2.1.1x'</screen>
 
 So it is always safe to run multiple instances of Nix in parallel
@@ -81,4 +83,4 @@ Just pass the option <link linkend='opt-max-jobs'><option>-j
 in parallel, or set.  Typically this should be the number of
 CPUs.</para>
 
-</section>
+</section>

doc/manual/expressions/simple-expression.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-simple-expression">
 
-<title>A Simple Nix Expression</title>
+<title>Simple Nix Expression Use-Case</title>
 
 <para>This section shows how to add and test the <link
 xlink:href='http://www.gnu.org/software/hello/hello.html'>GNU Hello
@@ -44,4 +44,4 @@ need to do three things:
 <xi:include href="simple-building-testing.xml" />
 <xi:include href="generic-builder.xml" />
 
-</chapter>
+</chapter>

doc/manual/expressions/standard-env.xml

@@ -0,0 +1,60 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id='sec-standard-environment'>
+
+<title>The Standard Environment</title>
+
+
+<para>The standard environment is used by passing it as an input
+called <envar>stdenv</envar> to the derivation, and then doing
+
+<programlisting>
+source $stdenv/setup</programlisting>
+
+at the top of the builder.</para>
+
+<para>Apart from adding the aforementioned commands to the
+<envar>PATH</envar>, <filename>setup</filename> also does the
+following:
+
+<itemizedlist>
+
+  <listitem><para>All input packages specified in the
+  <envar>buildInputs</envar> environment variable have their
+  <filename>/bin</filename> subdirectory added to <envar>PATH</envar>,
+  their <filename>/include</filename> subdirectory added to the C/C++
+  header file search path, and their <filename>/lib</filename>
+  subdirectory added to the linker search path.  This can be extended.
+  For instance, when the <command>pkgconfig</command> package is
+  used, the subdirectory <filename>/lib/pkgconfig</filename> of each
+  input is added to the <envar>PKG_CONFIG_PATH</envar> environment
+  variable.</para></listitem>
+
+  <listitem><para>The environment variable
+  <envar>NIX_CFLAGS_STRIP</envar> is set so that the compiler strips
+  debug information from object files.  This can be disabled by
+  setting <envar>NIX_STRIP_DEBUG</envar> to
+  <literal>0</literal>.</para></listitem>
+
+</itemizedlist>
+
+</para>
+
+<para>The <filename>setup</filename> script also exports a function
+called <function>genericBuild</function> that knows how to build
+typical Autoconf-style packages.  It can be customised to perform
+builds for any type of package.  It is advisable to use
+<function>genericBuild</function> since it provides facilities that
+are almost always useful such as unpacking of sources, patching of
+sources, nested logging, etc.</para>
+
+<para>The definitive, up-to-date documentation of the generic builder
+is the source itself, which resides in
+<filename>pkgs/stdenv/generic/setup.sh</filename>.</para>
+
+<xi:include href="custom-builder.xml" />
+<xi:include href="debug-build.xml" />
+
+</chapter>

doc/manual/expressions/writing-nix-expressions.xml

@@ -22,5 +22,6 @@ manual</link>.</para></note>
 
 <xi:include href="simple-expression.xml" />
 <xi:include href="expression-language.xml" />
+<xi:include href="standard-env.xml" />
 
 </part>

doc/manual/glossary/glossary.xml

@@ -1,6 +1,5 @@
 <appendix xmlns="http://docbook.org/ns/docbook"
-          xmlns:xlink="http://www.w3.org/1999/xlink"
-          xml:id="part-glossary">
+          xmlns:xlink="http://www.w3.org/1999/xlink">
 
 <title>Glossary</title>
 
@@ -55,7 +54,7 @@
 
   <glossdef><para>A substitute is a command invocation stored in the
   Nix database that describes how to build a store object, bypassing
-  the normal build mechanism (i.e., derivations).  Typically, the
+  normal the build mechanism (i.e., derivations).  Typically, the
   substitute builds the store object by downloading a pre-built
   version of the store object from some server.</para></glossdef>
 
@@ -86,48 +85,29 @@
 
 <glossentry xml:id="gloss-reference"><glossterm>reference</glossterm>
 
-  <glossdef>
-    <para>A store path <varname>P</varname> is said to have a
-    reference to a store path <varname>Q</varname> if the store object
-    at <varname>P</varname> contains the path <varname>Q</varname>
-    somewhere. The <emphasis>references</emphasis> of a store path are
-    the set of store paths to which it has a reference.
-    </para>
-    <para>A derivation can reference other derivations and sources
-    (but not output paths), whereas an output path only references other
-    output paths.
-    </para>
-  </glossdef>
+  <glossdef><para>A store path <varname>P</varname> is said to have a
+  reference to a store path <varname>Q</varname> if the store object
+  at <varname>P</varname> contains the path <varname>Q</varname>
+  somewhere.  This implies than an execution involving
+  <varname>P</varname> potentially needs <varname>Q</varname> to be
+  present.  The <emphasis>references</emphasis> of a store path are
+  the set of store paths to which it has a reference.</para></glossdef>
 
 </glossentry>
 
-<glossentry xml:id="gloss-reachable"><glossterm>reachable</glossterm>
-
-  <glossdef><para>A store path <varname>Q</varname> is reachable from
-  another store path <varname>P</varname> if <varname>Q</varname> is in the
-  <link linkend="gloss-closure">closure</link> of the
-  <link linkend="gloss-reference">references</link> relation.
-  </para></glossdef>
-</glossentry>
 
 <glossentry xml:id="gloss-closure"><glossterm>closure</glossterm>
 
   <glossdef><para>The closure of a store path is the set of store
   paths that are directly or indirectly “reachable” from that store
   path; that is, it’s the closure of the path under the <link
-  linkend="gloss-reference">references</link> relation. For a package, the
-  closure of its derivation is equivalent to the build-time
-  dependencies, while the closure of its output path is equivalent to its
-  runtime dependencies. For correct deployment it is necessary to deploy whole
-  closures, since otherwise at runtime files could be missing. The command
-  <command>nix-store -qR</command> prints out closures of store paths.
-  </para>
-  <para>As an example, if the store object at path <varname>P</varname> contains
-  a reference to path <varname>Q</varname>, then <varname>Q</varname> is
-  in the closure of <varname>P</varname>. Further, if <varname>Q</varname>
-  references <varname>R</varname> then <varname>R</varname> is also in
-  the closure of <varname>P</varname>.
-  </para></glossdef>
+  linkend="gloss-reference">references</link> relation.  For instance,
+  if the store object at path <varname>P</varname> contains a
+  reference to path <varname>Q</varname>, then <varname>Q</varname> is
+  in the closure of <varname>P</varname>.  For correct deployment it
+  is necessary to deploy whole closures, since otherwise at runtime
+  files could be missing.  The command <command>nix-store
+  -qR</command> prints out closures of store paths.</para></glossdef>
 
 </glossentry>
 
@@ -167,7 +147,7 @@
   linkend="sec-profiles" />.</para>
 
   </glossdef>
-
+  
 </glossentry>
 
 

doc/manual/hacking.xml

@@ -22,7 +22,7 @@ $ nix-build release.nix -A build.x86_64-linux
 environment variables are set up so that those dependencies can be
 found:
 <screen>
-$ nix-shell
+$ ./dev-shell
 </screen>
 To build Nix itself in this shell:
 <screen>
@@ -30,7 +30,7 @@ To build Nix itself in this shell:
 [nix-shell]$ configurePhase
 [nix-shell]$ make
 </screen>
-To install it in <literal>$(pwd)/inst</literal> and test it:
+To test it:
 <screen>
 [nix-shell]$ make install
 [nix-shell]$ make installcheck

doc/manual/installation/building-source.xml

@@ -46,4 +46,12 @@ packages will need to be built from source.</para></warning>
 <filename>/nix/var</filename> by default.  This can be changed using
 <option>--localstatedir=<replaceable>path</replaceable></option>.</para>
 
-</section>
+<para>If you want to rebuild the documentation, pass the full path to
+the DocBook RELAX NG schemas and to the DocBook XSL stylesheets using
+the
+<option>--with-docbook-rng=<replaceable>path</replaceable></option>
+and
+<option>--with-docbook-xsl=<replaceable>path</replaceable></option>
+options.</para>
+
+</section>

doc/manual/installation/env-variables.xml

@@ -21,51 +21,4 @@ in your <filename>~/.profile</filename> (or similar), like this:</para>
 <screen>
 source <replaceable>prefix</replaceable>/etc/profile.d/nix.sh</screen>
 
-<section xml:id="sec-nix-ssl-cert-file">
-
-<title><envar>NIX_SSL_CERT_FILE</envar></title>
-
-<para>If you need to specify a custom certificate bundle to account
-for an HTTPS-intercepting man in the middle proxy, you must specify
-the path to the certificate bundle in the environment variable
-<envar>NIX_SSL_CERT_FILE</envar>.</para>
-
-
-<para>If you don't specify a <envar>NIX_SSL_CERT_FILE</envar>
-manually, Nix will install and use its own certificate
-bundle.</para>
-
-<procedure>
-  <step><para>Set the environment variable and install Nix</para>
-    <screen>
-$ export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
-$ sh &lt;(curl https://nixos.org/nix/install)
-</screen></step>
-
-  <step><para>In the shell profile and rc files (for example,
-  <filename>/etc/bashrc</filename>, <filename>/etc/zshrc</filename>),
-  add the following line:</para>
-<programlisting>
-export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
-</programlisting>
-</step>
-</procedure>
-
-<note><para>You must not add the export and then do the install, as
-the Nix installer will detect the presense of Nix configuration, and
-abort.</para></note>
-
-<section xml:id="sec-nix-ssl-cert-file-with-nix-daemon-and-macos">
-<title><envar>NIX_SSL_CERT_FILE</envar> with macOS and the Nix daemon</title>
-
-<para>On macOS you must specify the environment variable for the Nix
-daemon service, then restart it:</para>
-
-<screen>
-$ sudo launchctl setenv NIX_SSL_CERT_FILE /etc/ssl/my-certificate-bundle.crt
-$ sudo launchctl kickstart -k system/org.nixos.nix-daemon
-</screen>
-</section>
-
-</section>
-</chapter>
+</chapter>

doc/manual/installation/installing-binary.xml

@@ -6,185 +6,76 @@
 
 <title>Installing a Binary Distribution</title>
 
-<para>If you are using Linux or macOS, the easiest way to install Nix
-is to run the following command:
+<para>The easiest way to install Nix is to run the following command:
 
 <screen>
-  $ sh &lt;(curl https://nixos.org/nix/install)
+$ bash &lt;(curl https://nixos.org/nix/install)
 </screen>
 
-As of Nix 2.1.0, the Nix installer will always default to creating a
-single-user installation, however opting in to the multi-user
-installation is highly recommended.
-</para>
-
-<section xml:id="sect-single-user-installation">
-  <title>Single User Installation</title>
-
-  <para>
-    To explicitly select a single-user installation on your system:
-
-    <screen>
-  sh &lt;(curl https://nixos.org/nix/install) --no-daemon
-</screen>
-  </para>
-
-<para>
 This will perform a single-user installation of Nix, meaning that
 <filename>/nix</filename> is owned by the invoking user.  You should
 run this under your usual user account, <emphasis>not</emphasis> as
 root.  The script will invoke <command>sudo</command> to create
 <filename>/nix</filename> if it doesn’t already exist.  If you don’t
 have <command>sudo</command>, you should manually create
-<command>/nix</command> first as root, e.g.:
+<command>/nix</command> first as root:
 
 <screen>
 $ mkdir /nix
 $ chown alice /nix
 </screen>
 
-The install script will modify the first writable file from amongst
-<filename>.bash_profile</filename>, <filename>.bash_login</filename>
-and <filename>.profile</filename> to source
-<filename>~/.nix-profile/etc/profile.d/nix.sh</filename>. You can set
-the <command>NIX_INSTALLER_NO_MODIFY_PROFILE</command> environment
-variable before executing the install script to disable this
-behaviour.
 </para>
 
+<para>You can also manually download and install a binary package.
+Binary packages of the latest stable release are available for Fedora,
+Debian, Ubuntu, Mac OS X and various other systems from the <link
+xlink:href="http://nixos.org/nix/download.html">Nix homepage</link>.
+You can also get builds of the latest development release from our
+<link
+xlink:href="http://hydra.nixos.org/job/nix/master/release/latest-finished#tabs-constituents">continuous
+build system</link>.</para>
 
-<para>You can uninstall Nix simply by running:
+<para>For Fedora, RPM packages are available.  These can be installed
+or upgraded using <command>rpm -U</command>.  For example,
 
 <screen>
-$ rm -rf /nix
-</screen>
+$ rpm -U nix-1.7-1.i386.rpm</screen>
 
 </para>
-</section>
 
-<section xml:id="sect-multi-user-installation">
-  <title>Multi User Installation</title>
-  <para>
-    The multi-user Nix installation creates system users, and a system
-    service for the Nix daemon.
-  </para>
-
-  <itemizedlist>
-    <title>Supported Systems</title>
-
-    <listitem>
-      <para>Linux running systemd, with SELinux disabled</para>
-    </listitem>
-    <listitem><para>macOS</para></listitem>
-  </itemizedlist>
-
-  <para>
-    You can instruct the installer to perform a multi-user
-    installation on your system:
-
-    <screen>
-  sh &lt;(curl https://nixos.org/nix/install) --daemon
-</screen>
-  </para>
-
-  <para>
-    The multi-user installation of Nix will create build users between
-    the user IDs 30001 and 30032, and a group with the group ID 30000.
-
-    You should run this under your usual user account,
-    <emphasis>not</emphasis> as root. The script will invoke
-    <command>sudo</command> as needed.
-  </para>
-
-  <note><para>
-    If you need Nix to use a different group ID or user ID set, you
-    will have to download the tarball manually and <link
-    linkend="sect-nix-install-binary-tarball">edit the install
-    script</link>.
-  </para></note>
-
-  <para>
-    The installer will modify <filename>/etc/bashrc</filename>, and
-    <filename>/etc/zshrc</filename> if they exist. The installer will
-    first back up these files with a
-    <literal>.backup-before-nix</literal> extension. The installer
-    will also create <filename>/etc/profile.d/nix.sh</filename>.
-  </para>
-
-  <para>You can uninstall Nix with the following commands:
+<para>For Debian and Ubuntu, you can download a Deb package and
+install it like this:
 
 <screen>
-sudo rm -rf /etc/profile/nix.sh /etc/nix /nix ~root/.nix-profile ~root/.nix-defexpr ~root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
+$ dpkg -i nix_1.7-1_amd64.deb</screen>
 
-# If you are on Linux with systemd, you will need to run:
-sudo systemctl stop nix-daemon.socket
-sudo systemctl stop nix-daemon.service
-sudo systemctl disable nix-daemon.socket
-sudo systemctl disable nix-daemon.service
-sudo systemctl daemon-reload
-
-# If you are on macOS, you will need to run:
-sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-</screen>
-
-    There may also be references to Nix in
-    <filename>/etc/profile</filename>,
-    <filename>/etc/bashrc</filename>, and
-    <filename>/etc/zshrc</filename> which you may remove.
-  </para>
-
-</section>
-
-<section xml:id="sect-nix-install-pinned-version-url">
-  <title>Installing a pinned Nix version from a URL</title>
-
-  <para>
-    NixOS.org hosts version-specific installation URLs for all Nix
-    versions since 1.11.16, at
-    <literal>https://nixos.org/releases/nix/nix-VERSION/install</literal>.
-  </para>
-
-  <para>
-    These install scripts can be used the same as the main
-  NixOS.org installation script:
-
-  <screen>
-  sh &lt;(curl https://nixos.org/nix/install)
-</screen>
-  </para>
-
-  <para>
-    In the same directory of the install script are sha256 sums, and
-    gpg signature files.
-  </para>
-</section>
-
-<section xml:id="sect-nix-install-binary-tarball">
-  <title>Installing from a binary tarball</title>
-
-  <para>
-    You can also download a binary tarball that contains Nix and all
-    its dependencies.  (This is what the install script at
-    <uri>https://nixos.org/nix/install</uri> does automatically.)  You
-    should unpack it somewhere (e.g. in <filename>/tmp</filename>),
-    and then run the script named <command>install</command> inside
-    the binary tarball:
+</para>
 
+<para>For other platforms, including Mac OS X (Darwin), FreeBSD and
+other Linux distributions, you can download a binary tarball that
+contains Nix and all its dependencies.  (This is what the install
+script at <uri>https://nixos.org/nix/install</uri> uses.)  You should
+unpack it somewhere (e.g. in <filename>/tmp</filename>), and then run
+the script named <command>install</command> inside the binary tarball:
 
 <screen>
 alice$ cd /tmp
-alice$ tar xfj nix-1.8-x86_64-darwin.tar.bz2
-alice$ cd nix-1.8-x86_64-darwin
+alice$ tar xfj nix-1.7-x86_64-darwin.tar.bz2
+alice$ cd nix-1.7-x86_64-darwin
 alice$ ./install
 </screen>
-  </para>
 
-  <para>
-    If you need to edit the multi-user installation script to use
-    different group ID or a different user ID range, modify the
-    variables set in the file named
-    <filename>install-multi-user</filename>.
-  </para>
-</section>
-</chapter>
+</para>
+
+<para>Nix can be uninstalled using <command>rpm -e nix</command> or
+<command>dpkg -r nix</command> on RPM- and Dpkg-based systems,
+respectively.  After this you should manually remove the Nix store and
+other auxiliary data, if desired:
+
+<screen>
+$ rm -rf /nix</screen>
+
+</para>
+
+</chapter>

doc/manual/installation/multi-user.xml

@@ -23,11 +23,11 @@ daemon</emphasis> running under the owner of the Nix store/database
 that performs the operation.</para>
 
 <note><para>Multi-user mode has one important limitation: only
-<systemitem class="username">root</systemitem> and a set of trusted
-users specified in <filename>nix.conf</filename> can specify arbitrary
-binary caches. So while unprivileged users may install packages from
-arbitrary Nix expressions, they may not get pre-built
-binaries.</para></note>
+<systemitem class="username">root</systemitem> can run <command
+linkend="sec-nix-pull">nix-pull</command> to register the availability
+of pre-built binaries.  However, those registrations are shared by all
+users, so they still get the benefit from <command>nix-pull</command>s
+done by <systemitem class="username">root</systemitem>.</para></note>
 
 
 <simplesect>

doc/manual/installation/prerequisites-source.xml

@@ -9,11 +9,10 @@
 <itemizedlist>
 
   <listitem><para>GNU Make.</para></listitem>
-  
-  <listitem><para>Bash Shell. The <literal>./configure</literal> script
-  relies on bashisms, so Bash is required.</para></listitem>
 
-  <listitem><para>A version of GCC or Clang that supports C++14.</para></listitem>
+  <listitem><para>A version of GCC or Clang that supports C++11.</para></listitem>
+
+  <listitem><para>Perl 5.8 or higher.</para></listitem>
 
   <listitem><para><command>pkg-config</command> to locate
   dependencies.  If your distribution does not provide it, you can get
@@ -21,47 +20,29 @@
   xlink:href="http://www.freedesktop.org/wiki/Software/pkg-config"
   />.</para></listitem>
 
-  <listitem><para>The OpenSSL library to calculate cryptographic hashes.
-  If your distribution does not provide it, you can get it from <link
-  xlink:href="https://www.openssl.org"/>.</para></listitem>
-
-  <listitem><para>The <literal>libbrotlienc</literal> and
-  <literal>libbrotlidec</literal> libraries to provide implementation
-  of the Brotli compression algorithm. They are available for download
-  from the official repository <link
-  xlink:href="https://github.com/google/brotli" />.</para></listitem>
-
   <listitem><para>The bzip2 compressor program and the
   <literal>libbz2</literal> library.  Thus you must have bzip2
   installed, including development headers and libraries.  If your
   distribution does not provide these, you can obtain bzip2 from <link
-  xlink:href="https://web.archive.org/web/20180624184756/http://www.bzip.org/"
-  />.</para></listitem>
+  xlink:href="http://www.bzip.org/"/>.</para></listitem>
 
-  <listitem><para><literal>liblzma</literal>, which is provided by
-  XZ Utils. If your distribution does not provide this, you can
-  get it from <link xlink:href="https://tukaani.org/xz/"/>.</para></listitem>
-  
-  <listitem><para>cURL and its library. If your distribution does not
-  provide it, you can get it from <link
-  xlink:href="https://curl.haxx.se/"/>.</para></listitem>
-      
   <listitem><para>The SQLite embedded database library, version 3.6.19
   or higher.  If your distribution does not provide it, please install
   it from <link xlink:href="http://www.sqlite.org/" />.</para></listitem>
 
+  <listitem><para>The Perl DBI and DBD::SQLite libraries, which are
+  available from <link
+  xlink:href="http://search.cpan.org/">CPAN</link> if your
+  distribution does not provide them.</para></listitem>
+
   <listitem><para>The <link
-  xlink:href="http://www.hboehm.info/gc/">Boehm
+  xlink:href="http://www.hpl.hp.com/personal/Hans_Boehm/gc/">Boehm
   garbage collector</link> to reduce the evaluator’s memory
   consumption (optional).  To enable it, install
   <literal>pkgconfig</literal> and the Boehm garbage collector, and
   pass the flag <option>--enable-gc</option> to
   <command>configure</command>.</para></listitem>
 
-  <listitem><para>The <literal>boost</literal> library of version
-  1.66.0 or higher. It can be obtained from the official web site
-  <link xlink:href="https://www.boost.org/" />.</para></listitem>
-
   <listitem><para>The <command>xmllint</command> and
   <command>xsltproc</command> programs to build this manual and the
   man-pages.  These are part of the <literal>libxml2</literal> and
@@ -87,15 +68,6 @@
   modify the parser or when you are building from the Git
   repository.</para></listitem>
 
-  <listitem><para>The <literal>libseccomp</literal> is used to provide
-  syscall filtering on Linux. This is an optional dependency and can
-  be disabled passing a <option>--disable-seccomp-sandboxing</option>
-  option to the <command>configure</command> script (Not recommended
-  unless your system doesn't support
-  <literal>libseccomp</literal>). To get the library, visit <link
-  xlink:href="https://github.com/seccomp/libseccomp"
-  />.</para></listitem>
-
 </itemizedlist>
 
-</section>
+</section>

doc/manual/installation/supported-platforms.xml

@@ -10,13 +10,12 @@
 
 <itemizedlist>
 
-  <listitem><para>Linux (i686, x86_64, aarch64).</para></listitem>
+  <listitem><para>Linux (particularly on x86, x86_64, and
+  PowerPC).</para></listitem>
 
-  <listitem><para>macOS (x86_64).</para></listitem>
+  <listitem><para>Mac OS X.</para></listitem>
 
-  <!--
   <listitem><para>FreeBSD (only tested on Intel).</para></listitem>
-  -->
 
   <!--
   <listitem><para>Windows through <link
@@ -33,4 +32,7 @@
 
 </para>
 
-</chapter>
+<para>Nix is pretty portable, so it should work on most other Unix
+platforms as well.</para>
+
+</chapter>

doc/manual/installation/upgrading.xml

@@ -1,22 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id="ch-upgrading-nix">
-
-  <title>Upgrading Nix</title>
-
-  <para>
-    Multi-user Nix users on macOS can upgrade Nix by running:
-    <command>sudo -i sh -c 'nix-channel --update &amp;&amp;
-    nix-env -iA nixpkgs.nix &amp;&amp;
-    launchctl remove org.nixos.nix-daemon &amp;&amp;
-    launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist'</command>
-  </para>
-
-
-  <para>
-    Single-user installations of Nix should run this:
-    <command>nix-channel --update; nix-env -iA nixpkgs.nix</command>
-  </para>
-</chapter>

doc/manual/introduction/about-nix.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-about-nix">
 
-<title>About Nix</title>
+<title>Introduction</title>
 
 <para>Nix is a <emphasis>purely functional package manager</emphasis>.
 This means that it treats packages like values in purely functional
@@ -16,10 +16,10 @@ store</emphasis>, usually the directory
 subdirectory such as
 
 <programlisting>
-/nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1/
+/nix/store/nlc4z5y1hm8w9s8vm6m1f5hy962xjmp5-firefox-12.0
 </programlisting>
 
-where <literal>b6gvzjyb2pg0…</literal> is a unique identifier for the
+where <literal>nlc4z5…</literal> is a unique identifier for the
 package that captures all its dependencies (it’s a cryptographic hash
 of the package’s build dependency graph).  This enables many powerful
 features.</para>
@@ -60,13 +60,11 @@ This is because tools such as compilers don’t search in per-packages
 directories such as
 <filename>/nix/store/5lbfaxb722zp…-openssl-0.9.8d/include</filename>,
 so if a package builds correctly on your system, this is because you
-specified the dependency explicitly. This takes care of the build-time
-dependencies.</para>
+specified the dependency explicitly.</para>
 
-<para>Once a package is built, runtime dependencies are found by
-scanning binaries for the hash parts of Nix store paths (such as
-<literal>r8vvq9kq…</literal>).  This sounds risky, but it works
-extremely well.</para>
+<para>Runtime dependencies are found by scanning binaries for the hash
+parts of Nix store paths (such as <literal>r8vvq9kq…</literal>).  This
+sounds risky, but it works extremely well.</para>
 
 </simplesect>
 
@@ -94,7 +92,7 @@ time window in which the package has some files from the old version
 and some files from the new version — which would be bad because a
 program might well crash if it’s started during that period.</para>
 
-<para>And since packages aren’t overwritten, the old versions are still
+<para>And since package aren’t overwritten, the old versions are still
 there after an upgrade.  This means that you can <emphasis>roll
 back</emphasis> to the old version:</para>
 
@@ -163,19 +161,19 @@ library and the compiler) would have to built, at least if they are
 not already in the Nix store.  This is a <emphasis>source deployment
 model</emphasis>.  For most users, building from source is not very
 pleasant as it takes far too long.  However, Nix can automatically
-skip building from source and instead use a <emphasis>binary
-cache</emphasis>, a web server that provides pre-built binaries. For
-instance, when asked to build
-<literal>/nix/store/b6gvzjyb2pg0…-firefox-33.1</literal> from source,
-Nix would first check if the file
-<uri>https://cache.nixos.org/b6gvzjyb2pg0….narinfo</uri> exists, and
-if so, fetch the pre-built binary referenced from there; otherwise, it
-would fall back to building from source.</para>
+skip building from source and download a pre-built binary instead if
+it knows about it.  <emphasis>Nix channels</emphasis> provide Nix
+expressions along with pre-built binaries.</para>
+
+<!--
+<para>source deployment model (like <a
+href="http://www.gentoo.org/">Gentoo</a>) and a binary model (like
+RPM)</para>
+-->
 
 </simplesect>
 
 
-<!--
 <simplesect><title>Binary patching</title>
 
 <para>In addition to downloading binaries automatically if they’re
@@ -184,7 +182,6 @@ package in the Nix store into a new version.  This speeds up
 upgrades.</para>
 
 </simplesect>
--->
 
 
 <simplesect><title>Nix Packages collection</title>
@@ -196,48 +193,10 @@ collection</emphasis> (Nixpkgs).</para>
 </simplesect>
 
 
-<simplesect><title>Managing build environments</title>
-
-<para>Nix is extremely useful for developers as it makes it easy to
-automatically set up the build environment for a package. Given a
-Nix expression that describes the dependencies of your package, the
-command <command>nix-shell</command> will build or download those
-dependencies if they’re not already in your Nix store, and then start
-a Bash shell in which all necessary environment variables (such as
-compiler search paths) are set.</para>
-
-<para>For example, the following command gets all dependencies of the
-Pan newsreader, as described by <link
-xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/newsreaders/pan/default.nix">its
-Nix expression</link>:</para>
-
-<screen>
-$ nix-shell '&lt;nixpkgs>' -A pan
-</screen>
-
-<para>You’re then dropped into a shell where you can edit, build and test
-the package:</para>
-
-<screen>
-[nix-shell]$ tar xf $src
-[nix-shell]$ cd pan-*
-[nix-shell]$ ./configure
-[nix-shell]$ make
-[nix-shell]$ ./pan/gui/pan
-</screen>
-
-<!--
-<para>Since Nix packages are reproducible and have complete dependency
-specifications, Nix makes an excellent basis for <a
-href="[%root%]hydra">a continuous build system</a>.</para>
--->
-
-</simplesect>
-
-
 <simplesect><title>Portability</title>
 
-<para>Nix runs on Linux and macOS.</para>
+<para>Nix should run on most Unix systems, including Linux and Mac OS
+X.</para>
 
 </simplesect>
 
@@ -247,22 +206,20 @@ href="[%root%]hydra">a continuous build system</a>.</para>
 <para>NixOS is a Linux distribution based on Nix.  It uses Nix not
 just for package management but also to manage the system
 configuration (e.g., to build configuration files in
-<filename>/etc</filename>).  This means, among other things, that it
-is easy to roll back the entire configuration of the system to an
-earlier state.  Also, users can install software without root
+<filename>/etc</filename>).  This means, among other things, that it’s
+possible to easily roll back the entire configuration of the system to
+an earlier state.  Also, users can install software without root
 privileges.  For more information and downloads, see the <link
 xlink:href="http://nixos.org/">NixOS homepage</link>.</para>
 
 </simplesect>
 
 
-<simplesect><title>License</title>
+<!-- other features:
 
-<para>Nix is released under the terms of the <link
-xlink:href="http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html">GNU
-LGPLv2.1 or (at your option) any later version</link>.</para>
-
-</simplesect>
+- build farms
+- reproducibility (Nix expressions allows whole configuration to be rebuilt)
 
+-->
 
 </chapter>

doc/manual/introduction/introduction.xml

@@ -7,6 +7,5 @@
 <title>Introduction</title>
 
 <xi:include href="about-nix.xml" />
-<xi:include href="quick-start.xml" />
 
 </part>

doc/manual/local.mk

@@ -1,6 +1,3 @@
-
-ifeq ($(doc_generate),yes)
-
 XSLTPROC = $(xsltproc) --nonet $(xmlflags) \
   --param section.autolabel 1 \
   --param section.label.includes.component.label 1 \
@@ -10,11 +7,7 @@ XSLTPROC = $(xsltproc) --nonet $(xmlflags) \
   --param admon.style \'\' \
   --param callout.graphics.extension \'.gif\' \
   --param contrib.inline.enabled 0 \
-  --stringparam generate.toc "book toc" \
-  --param keep.relative.image.uris 0
-
-docbookxsl = http://docbook.sourceforge.net/release/xsl-ns/current
-docbookrng = http://docbook.org/xml/5.0/rng/docbook.rng
+  --stringparam generate.toc "book toc"
 
 MANUAL_SRCS := $(call rwildcard, $(d), *.xml)
 
@@ -31,7 +24,7 @@ $(d)/version.txt:
 $(d)/manual.is-valid: $(d)/manual.xmli
 	$(trace-gen) $(XSLTPROC) --novalid --stringparam profile.condition manual \
 	  $(docbookxsl)/profiling/profile.xsl $< 2> /dev/null | \
-	  $(xmllint) --nonet --noout --relaxng $(docbookrng) -
+	  $(xmllint) --nonet --noout --relaxng $(docbookrng)/docbook.rng -
 	@touch $@
 
 clean-files += $(d)/manual.xmli $(d)/version.txt $(d)/manual.is-valid
@@ -42,9 +35,9 @@ dist-files += $(d)/manual.xmli $(d)/version.txt $(d)/manual.is-valid
 # Generate man pages.
 man-pages := $(foreach n, \
   nix-env.1 nix-build.1 nix-shell.1 nix-store.1 nix-instantiate.1 \
-  nix-collect-garbage.1 \
-  nix-prefetch-url.1 nix-channel.1 \
-  nix-hash.1 nix-copy-closure.1 \
+  nix-collect-garbage.1 nix-push.1 nix-pull.1 \
+  nix-prefetch-url.1 nix-channel.1 nix-generate-patches.1 \
+  nix-install-package.1 nix-hash.1 nix-copy-closure.1 \
   nix.conf.5 nix-daemon.8, \
   $(d)/$(n))
 
@@ -74,14 +67,22 @@ $(foreach file, $(wildcard $(d)/images/callouts/*.gif), $(eval $(call install-da
 
 $(eval $(call install-symlink, manual.html, $(docdir)/manual/index.html))
 
-
 all: $(d)/manual.html
 
-
-
 clean-files += $(d)/manual.html
 
 dist-files += $(d)/manual.html
 
 
-endif
+# Generate the PDF manual.
+$(d)/manual.pdf: $(d)/manual.xml $(MANUAL_SRCS) $(d)/manual.is-valid
+	$(trace-gen) if test "$(dblatex)" != ""; then \
+		cd doc/manual && $(XSLTPROC) --xinclude --stringparam profile.condition manual \
+		  $(docbookxsl)/profiling/profile.xsl manual.xml | \
+		  $(dblatex) -o $(notdir $@) $(dblatex_opts) -; \
+	else \
+		echo "Please install dblatex and rerun configure."; \
+		exit 1; \
+	fi
+
+clean-files += $(d)/manual.pdf

doc/manual/manual.xml

@@ -4,39 +4,45 @@
       version="5.0">
 
   <info>
+
     <title>Nix Package Manager Guide</title>
-    <subtitle>Version <xi:include href="version.txt" parse="text" /></subtitle>
+
+    <edition>Version <xi:include href="version.txt" parse="text" /></edition>
 
     <author>
       <personname>
         <firstname>Eelco</firstname>
         <surname>Dolstra</surname>
       </personname>
+      <affiliation>
+        <orgname>LogicBlox</orgname>
+      </affiliation>
       <contrib>Author</contrib>
     </author>
 
     <copyright>
-      <year>2004-2018</year>
+      <year>2004-2014</year>
       <holder>Eelco Dolstra</holder>
     </copyright>
 
+    <date>September 2014</date>
+
   </info>
 
-  <!--
   <preface>
     <title>Preface</title>
     <para>This manual describes how to set up and use the Nix package
     manager.</para>
   </preface>
-  -->
 
   <xi:include href="introduction/introduction.xml" />
+  <xi:include href="quick-start/quick-start.xml" />
   <xi:include href="installation/installation.xml" />
-  <xi:include href="installation/upgrading.xml" />
   <xi:include href="packages/package-management.xml" />
   <xi:include href="expressions/writing-nix-expressions.xml" />
-  <xi:include href="advanced-topics/advanced-topics.xml" />
+  <xi:include href="builds/build-farm.xml" />
   <xi:include href="command-ref/command-ref.xml" />
+  <xi:include href="troubleshooting/troubleshooting.xml" />
   <xi:include href="glossary/glossary.xml" />
   <xi:include href="hacking.xml" />
   <xi:include href="release-notes/release-notes.xml" />

doc/manual/packages/basic-package-mgmt.xml

@@ -28,71 +28,40 @@ Nix expressions called the Nix Package collection that contains
 packages ranging from basic development stuff such as GCC and Glibc,
 to end-user applications like Mozilla Firefox.  (Nix is however not
 tied to the Nix Package collection; you could write your own Nix
-expressions based on it, or completely new ones.)</para>
+expressions based on it, or completely new ones.)  You can download
+the latest version from <link
+xlink:href='http://nixos.org/nixpkgs/download.html' />.</para>
 
-<para>You can manually download the latest version of Nixpkgs from
-<link xlink:href='http://nixos.org/nixpkgs/download.html'/>. However,
-it’s much more convenient to use the Nixpkgs
-<emphasis>channel</emphasis>, since it makes it easy to stay up to
-date with new versions of Nixpkgs. (Channels are described in more
-detail in <xref linkend="sec-channels"/>.) Nixpkgs is automatically
-added to your list of “subscribed” channels when you install
-Nix. If this is not the case for some reason, you can add it as
-follows:
+<para>Assuming that you have downloaded and unpacked a release of Nix
+Packages, you can view the set of available packages in the release:
 
 <screen>
-$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable
-$ nix-channel --update
-</screen>
-
-</para>
-
-<note><para>On NixOS, you’re automatically subscribed to a NixOS
-channel corresponding to your NixOS major release
-(e.g. <uri>http://nixos.org/channels/nixos-14.12</uri>). A NixOS
-channel is identical to the Nixpkgs channel, except that it contains
-only Linux binaries and is updated only if a set of regression tests
-succeed.</para></note>
-
-<para>You can view the set of available packages in Nixpkgs:
-
-<screen>
-$ nix-env -qa
+$ nix-env -qaf nixpkgs-<replaceable>version</replaceable> '*'
+ant-blackdown-1.4.2
 aterm-2.2
 bash-3.0
 binutils-2.15
 bison-1.875d
 blackdown-1.4.2
 bzip2-1.0.2
-…</screen>
+...</screen>
 
-The flag <option>-q</option> specifies a query operation, and
-<option>-a</option> means that you want to show the “available” (i.e.,
-installable) packages, as opposed to the installed packages. If you
-downloaded Nixpkgs yourself, or if you checked it out from GitHub,
-then you need to pass the path to your Nixpkgs tree using the
-<option>-f</option> flag:
+where <literal>nixpkgs-<replaceable>version</replaceable></literal> is
+where you’ve unpacked the release.  The flag <option>-q</option>
+specifies a query operation; <option>-a</option> means that you want
+to show the “available” (i.e., installable) packages, as opposed to
+the installed packages; and <option>-f</option>
+<filename>nixpkgs-<replaceable>version</replaceable></filename>
+specifies the source of the packages.  The argument
+<literal>'*'</literal> shows all installable packages. (The quotes are
+necessary to prevent shell expansion.)  You can also select specific
+packages by name:
 
 <screen>
-$ nix-env -qaf <replaceable>/path/to/nixpkgs</replaceable>
-</screen>
-
-where <replaceable>/path/to/nixpkgs</replaceable> is where you’ve
-unpacked or checked out Nixpkgs.</para>
-
-<para>You can select specific packages by name:
-
-<screen>
-$ nix-env -qa firefox
-firefox-34.0.5
-firefox-with-plugins-34.0.5
-</screen>
-
-and using regular expressions:
-
-<screen>
-$ nix-env -qa 'firefox.*'
-</screen>
+$ nix-env -qaf nixpkgs-<replaceable>version</replaceable> gcc
+gcc-3.4.6
+gcc-4.0.3
+gcc-4.1.1</screen>
 
 </para>
 
@@ -101,12 +70,12 @@ available packages, i.e., whether they are installed into the user
 environment and/or present in the system:
 
 <screen>
-$ nix-env -qas
-…
+$ nix-env -qasf nixpkgs-<replaceable>version</replaceable> '*'
+...
 -PS bash-3.0
 --S binutils-2.15
 IPS bison-1.875d
-…</screen>
+...</screen>
 
 The first character (<literal>I</literal>) indicates whether the
 package is installed in your current user environment.  The second
@@ -119,33 +88,40 @@ just means that Nix knows that it can fetch a pre-built package from
 somewhere (typically a network server) instead of building it
 locally.</para>
 
-<para>You can install a package using <literal>nix-env -i</literal>.
-For instance,
+<para>So now that we have a set of Nix expressions we can build the
+packages contained in them.  This is done using <literal>nix-env
+-i</literal>.  For instance,
 
 <screen>
-$ nix-env -i subversion</screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -i subversion</screen>
 
 will install the package called <literal>subversion</literal> (which
 is, of course, the <link
 xlink:href='http://subversion.tigris.org/'>Subversion version
 management system</link>).</para>
 
-<note><para>When you ask Nix to install a package, it will first try
-to get it in pre-compiled form from a <emphasis>binary
-cache</emphasis>. By default, Nix will use the binary cache
-<uri>https://cache.nixos.org</uri>; it contains binaries for most
-packages in Nixpkgs. Only if no binary is available in the binary
-cache, Nix will build the package from source. So if <literal>nix-env
--i subversion</literal> results in Nix building stuff from source,
-then either the package is not built for your platform by the Nixpkgs
-build servers, or your version of Nixpkgs is too old or too new. For
-instance, if you have a very recent checkout of Nixpkgs, then the
-Nixpkgs build servers may not have had a chance to build everything
-and upload the resulting binaries to
-<uri>https://cache.nixos.org</uri>. The Nixpkgs channel is only
-updated after all binaries have been uploaded to the cache, so if you
-stick to the Nixpkgs channel (rather than using a Git checkout of the
-Nixpkgs tree), you will get binaries for most packages.</para></note>
+<para>When you do this for the first time, Nix will start building
+Subversion and all its dependencies.  This will take quite a while —
+typically an hour or two on modern machines.  Fortunately, there is a
+faster way (so do a Ctrl-C on that install operation!): you just need
+to tell Nix that pre-built binaries of all those packages are
+available somewhere.  This is done using the
+<command>nix-pull</command> command, which must be supplied with a URL
+containing a <emphasis>manifest</emphasis> describing what binaries
+are available.  This URL should correspond to the Nix Packages release
+that you’re using.  For instance, if you obtained a release from <link
+xlink:href='http://nixos.org/releases/nixpkgs/nixpkgs-0.12pre11712-4lrp7j8x'
+/>, then you should do:
+
+<screen>
+$ nix-pull http://nixos.org/releases/nixpkgs/nixpkgs-0.12pre11712-4lrp7j8x/MANIFEST</screen>
+
+If you then issue the installation command, it should start
+downloading binaries from <systemitem
+class='fqdomainname'>nixos.org</systemitem>, instead of building
+them from source.  This might still take a while since all
+dependencies must be downloaded, but on a reasonably fast connection
+such as a DSL line it’s on the order of a few minutes.</para>
 
 <para>Naturally, packages can also be uninstalled:
 
@@ -158,7 +134,7 @@ $ nix-env -e subversion</screen>
 release of Nix Packages, you can do:
 
 <screen>
-$ nix-env -u subversion</screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -u subversion</screen>
 
 This will <emphasis>only</emphasis> upgrade Subversion if there is a
 “newer” version in the new set of Nix expressions, as
@@ -173,17 +149,17 @@ whatever version is already installed.</para>
 versions:
 
 <screen>
-$ nix-env -u</screen>
+$ nix-env -f nixpkgs-<replaceable>version</replaceable> -u '*'</screen>
 
 </para>
 
 <para>Sometimes it’s useful to be able to ask what
 <command>nix-env</command> would do, without actually doing it.  For
 instance, to find out what packages would be upgraded by
-<literal>nix-env -u</literal>, you can do
+<literal>nix-env -u '*'</literal>, you can do
 
 <screen>
-$ nix-env -u --dry-run
+$ nix-env ... -u '*' --dry-run
 (dry run; not doing anything)
 upgrading `libxslt-1.1.0' to `libxslt-1.1.10'
 upgrading `graphviz-1.10' to `graphviz-1.12'
@@ -191,4 +167,4 @@ upgrading `coreutils-5.0' to `coreutils-5.2.1'</screen>
 
 </para>
 
-</chapter>
+</chapter>

doc/manual/packages/binary-cache-substituter.xml

@@ -1,70 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="ssec-binary-cache-substituter">
-
-<title>Serving a Nix store via HTTP</title>
-
-<para>You can easily share the Nix store of a machine via HTTP. This
-allows other machines to fetch store paths from that machine to speed
-up installations. It uses the same <emphasis>binary cache</emphasis>
-mechanism that Nix usually uses to fetch pre-built binaries from
-<uri>https://cache.nixos.org</uri>.</para>
-
-<para>The daemon that handles binary cache requests via HTTP,
-<command>nix-serve</command>, is not part of the Nix distribution, but
-you can install it from Nixpkgs:
-
-<screen>
-$ nix-env -i nix-serve
-</screen>
-
-You can then start the server, listening for HTTP connections on
-whatever port you like:
-
-<screen>
-$ nix-serve -p 8080
-</screen>
-
-To check whether it works, try the following on the client:
-
-<screen>
-$ curl http://avalon:8080/nix-cache-info
-</screen>
-
-which should print something like:
-
-<screen>
-StoreDir: /nix/store
-WantMassQuery: 1
-Priority: 30
-</screen>
-
-</para>
-
-<para>On the client side, you can tell Nix to use your binary cache
-using <option>--option extra-binary-caches</option>, e.g.:
-
-<screen>
-$ nix-env -i firefox --option extra-binary-caches http://avalon:8080/
-</screen>
-
-The option <option>extra-binary-caches</option> tells Nix to use this
-binary cache in addition to your default caches, such as
-<uri>https://cache.nixos.org</uri>. Thus, for any path in the closure
-of Firefox, Nix will first check if the path is available on the
-server <literal>avalon</literal> or another binary caches. If not, it
-will fall back to building from source.</para>
-
-<para>You can also tell Nix to always use your binary cache by adding
-a line to the <filename linkend="sec-conf-file">nix.conf</filename>
-configuration file like this:
-
-<programlisting>
-binary-caches = http://avalon:8080/ https://cache.nixos.org/
-</programlisting>
-
-</para>
-
-</section>

doc/manual/packages/channels.xml

@@ -8,9 +8,10 @@
 
 <para>If you want to stay up to date with a set of packages, it’s not
 very convenient to manually download the latest set of Nix expressions
-for those packages and upgrade using <command>nix-env</command>.
-Fortunately, there’s a better way: <emphasis>Nix
-channels</emphasis>.</para>
+for those packages, use <command>nix-pull</command> to register
+pre-built binaries (if available), and upgrade using
+<command>nix-env</command>.  Fortunately, there’s a better way:
+<emphasis>Nix channels</emphasis>.</para>
 
 <para>A Nix channel is just a URL that points to a place that contains
 a set of Nix expressions and a manifest.  Using the command <link
@@ -22,36 +23,35 @@ URL.</para>
 <command>nix-channel --add</command>, e.g.,
 
 <screen>
-$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable</screen>
+$ nix-channel --add http://nixos.org/channels/nixpkgs-unstable</screen>
 
 subscribes you to a channel that always contains that latest version
-of the Nix Packages collection.  (Subscribing really just means that
-the URL is added to the file <filename>~/.nix-channels</filename>,
-where it is read by subsequent calls to <command>nix-channel
---update</command>.) You can “unsubscribe” using <command>nix-channel
---remove</command>:
-
-<screen>
-$ nix-channel --remove nixpkgs
-</screen>
-</para>
+of the Nix Packages collection.  (Instead of
+<literal>nixpkgs-unstable</literal> you could also subscribe to
+<literal>nixpkgs-stable</literal>, which should have a higher level of
+stability, but right now is just outdated.)  Subscribing really just
+means that the URL is added to the file
+<filename>~/.nix-channels</filename>.  Right now there is no command
+to “unsubscribe”; you should just edit that file manually
+and delete the offending URL.</para>
 
 <para>To obtain the latest Nix expressions available in a channel, do
 
 <screen>
 $ nix-channel --update</screen>
 
-This downloads and unpacks the Nix expressions in every channel
-(downloaded from <literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal>).
-It also makes the union of each channel’s Nix expressions available by
-default to <command>nix-env</command> operations (via the symlink
-<filename>~/.nix-defexpr/channels</filename>).  Consequently, you can
-then say
+This downloads the Nix expressions in every channel (downloaded from
+<literal><replaceable>url</replaceable>/nixexprs.tar.bz2</literal>)
+and registers any available pre-built binaries in every channel
+(by <command>nix-pull</command>ing
+<literal><replaceable>url</replaceable>/MANIFEST</literal>).  It also
+makes the union of each channel’s Nix expressions the default for
+<command>nix-env</command> operations.  Consequently, you can then say
 
 <screen>
-$ nix-env -u</screen>
+$ nix-env -u '*'</screen>
 
 to upgrade all packages in your profile to the latest versions
 available in the subscribed channels.</para>
 
-</chapter>
+</chapter>

doc/manual/packages/copy-closure.xml

@@ -1,50 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="ssec-copy-closure">
-
-<title>Copying Closures Via SSH</title>
-
-<para>The command <command
-linkend="sec-nix-copy-closure">nix-copy-closure</command> copies a Nix
-store path along with all its dependencies to or from another machine
-via the SSH protocol.  It doesn’t copy store paths that are already
-present on the target machine.  For example, the following command
-copies Firefox with all its dependencies:
-
-<screen>
-$ nix-copy-closure --to alice@itchy.example.org $(type -p firefox)</screen>
-
-See <xref linkend='sec-nix-copy-closure' /> for details.</para>
-
-<para>With <command linkend='refsec-nix-store-export'>nix-store
---export</command> and <command
-linkend='refsec-nix-store-import'>nix-store --import</command> you can
-write the closure of a store path (that is, the path and all its
-dependencies) to a file, and then unpack that file into another Nix
-store.  For example,
-
-<screen>
-$ nix-store --export $(nix-store -qR $(type -p firefox)) > firefox.closure</screen>
-
-writes the closure of Firefox to a file.  You can then copy this file
-to another machine and install the closure:
-
-<screen>
-$ nix-store --import &lt; firefox.closure</screen>
-
-Any store paths in the closure that are already present in the target
-store are ignored.  It is also possible to pipe the export into
-another command, e.g. to copy and install a closure directly to/on
-another machine:
-
-<screen>
-$ nix-store --export $(nix-store -qR $(type -p firefox)) | bzip2 | \
-    ssh alice@itchy.example.org "bunzip2 | nix-store --import"</screen>
-
-However, <command>nix-copy-closure</command> is generally more
-efficient because it only copies paths that are not already present in
-the target Nix store.</para>
-
-</section>

doc/manual/packages/garbage-collection.xml

@@ -37,14 +37,7 @@ generations, e.g.,
 <screen>
 $ nix-env --delete-generations 10 11 14</screen>
 
-To delete all generations older than a specified number of days
-(except the current generation), use the <literal>d</literal>
-suffix. For example,
-
-<screen>
-$ nix-env --delete-generations 14d</screen>
-
-deletes all generations older than two weeks.</para>
+</para>
 
 <para>After removing appropriate old generations you can run the
 garbage collector as follows:
@@ -52,14 +45,6 @@ garbage collector as follows:
 <screen>
 $ nix-store --gc</screen>
 
-The behaviour of the gargage collector is affected by the <literal>keep-
-derivations</literal> (default: true) and <literal>keep-outputs</literal>
-(default: false) options in the Nix configuration file. The defaults will ensure
-that all derivations that are not build-time dependencies of garbage collector roots
-will be collected but that all output paths that are not runtime dependencies
-will be collected. (This is usually what you want, but while you are developing
-it may make sense to keep outputs to ensure that rebuild times are quick.)
-
 If you are feeling uncertain, you can also first view what files would
 be deleted:
 
@@ -82,4 +67,4 @@ is a quick and easy way to clean up your system.</para>
 
 <xi:include href="garbage-collector-roots.xml" />
 
-</chapter>
+</chapter>

doc/manual/packages/one-click.xml

@@ -0,0 +1,37 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="sec-one-click">
+
+<title>One-Click Installation</title>
+
+<para>Often, when you want to install a specific package (e.g., from
+the <link
+xlink:href="http://nixos.org/nixpkgs/">Nix
+Packages collection</link>), subscribing to a channel is a bit
+cumbersome.  And channels don’t help you at all if you want to install
+an older version of a package than the one provided by the current
+contents of the channel, or a package that has been removed from the
+channel.  That’s when <emphasis>one-click installs</emphasis> come in
+handy: you can just go to the web page that contains the package,
+click on it, and it will be installed with all the necessary
+dependencies.</para>
+
+<para>For instance, you can go to <link
+xlink:href="http://hydra.nixos.org/jobset/nixpkgs/trunk/channel/latest"
+/> and click on any link for the individual packages for your
+platform.  The first time you do this, your browser will ask what to
+do with <literal>application/nix-package</literal> files.  You should
+open them with <filename>/nix/bin/nix-install-package</filename>.
+This will open a window that asks you to confirm that you want to
+install the package.  When you answer <literal>Y</literal>, the
+package and all its dependencies will be installed.  This is a binary
+deployment mechanism — you get packages pre-compiled for the selected
+platform type.</para>
+
+<para>You can also install <literal>application/nix-package</literal>
+files from the command line directly.  See <xref
+linkend='sec-nix-install-package' /> for details.</para>
+
+</chapter>

doc/manual/packages/package-management.xml

@@ -18,6 +18,7 @@ who want to <emphasis>create</emphasis> packages should consult
 <xi:include href="profiles.xml" />
 <xi:include href="garbage-collection.xml" />
 <xi:include href="channels.xml" />
+<xi:include href="one-click.xml" />
 <xi:include href="sharing-packages.xml" />
 
 </part>

doc/manual/packages/profiles.xml

@@ -30,7 +30,7 @@ store.</para>
 <figure xml:id='fig-user-environments'><title>User environments</title>
   <mediaobject>
     <imageobject>
-      <imagedata fileref='../figures/user-environments.png' format='PNG' />
+      <imagedata fileref='figures/user-environments.png' format='PNG' />
     </imageobject>
   </mediaobject>
 </figure>
@@ -73,9 +73,9 @@ generated based on the current one.  For instance, generation 43 was
 created from generation 42 when we did
 
 <screen>
-$ nix-env -i subversion firefox</screen>
+$ nix-env -i subversion mozilla</screen>
 
-on a set of Nix expressions that contained Firefox and a new version
+on a set of Nix expressions that contained Mozilla and a new version
 of Subversion.</para>
 
 <para>Generations are grouped together into
@@ -120,7 +120,8 @@ can also see all available generations:
 <screen>
 $ nix-env --list-generations</screen></para>
 
-<para>You generally wouldn’t have
+<para>Actually, there is another level of indirection not shown in the
+figure above.  You generally wouldn’t have
 <filename>/nix/var/nix/profiles/<replaceable>some-profile</replaceable>/bin</filename>
 in your <envar>PATH</envar>.  Rather, there is a symlink
 <filename>~/.nix-profile</filename> that points to your current
@@ -155,4 +156,4 @@ $ nix-env -p /nix/var/nix/profiles/other-profile -i subversion</screen>
 This will <emphasis>not</emphasis> change the
 <command>~/.nix-profile</command> symlink.</para>
 
-</chapter>
+</chapter>

doc/manual/packages/s3-substituter.xml

@@ -1,183 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="ssec-s3-substituter">
-
-<title>Serving a Nix store via AWS S3 or S3-compatible Service</title>
-
-<para>Nix has built-in support for storing and fetching store paths
-from Amazon S3 and S3 compatible services. This uses the same
-<emphasis>binary</emphasis> cache mechanism that Nix usually uses to
-fetch prebuilt binaries from <uri>cache.nixos.org</uri>.</para>
-
-<para>The following options can be specified as URL parameters to
-the S3 URL:</para>
-
-<variablelist>
-  <varlistentry><term><literal>profile</literal></term>
-  <listitem>
-    <para>
-      The name of the AWS configuration profile to use. By default
-      Nix will use the <literal>default</literal> profile.
-    </para>
-  </listitem>
-  </varlistentry>
-
-  <varlistentry><term><literal>region</literal></term>
-  <listitem>
-    <para>
-      The region of the S3 bucket. <literal>us–east-1</literal> by
-      default.
-    </para>
-
-    <para>
-      If your bucket is not in <literal>us–east-1</literal>, you
-      should always explicitly specify the region parameter.
-    </para>
-  </listitem>
-  </varlistentry>
-
-  <varlistentry><term><literal>endpoint</literal></term>
-  <listitem>
-    <para>
-      The URL to your S3-compatible service, for when not using
-      Amazon S3. Do not specify this value if you're using Amazon
-      S3.
-    </para>
-    <note><para>This endpoint must support HTTPS and will use
-    path-based addressing instead of virtual host based
-    addressing.</para></note>
-  </listitem>
-  </varlistentry>
-
-  <varlistentry><term><literal>scheme</literal></term>
-  <listitem>
-    <para>
-      The scheme used for S3 requests, <literal>https</literal>
-      (default) or <literal>http</literal>.  This option allows you to
-      disable HTTPS for binary caches which don't support it.
-    </para>
-    <note><para>HTTPS should be used if the cache might contain
-    sensitive information.</para></note>
-  </listitem>
-  </varlistentry>
-</variablelist>
-
-<para>In this example we will use the bucket named
-<literal>example-nix-cache</literal>.</para>
-
-<section xml:id="ssec-s3-substituter-anonymous-reads">
-  <title>Anonymous Reads to your S3-compatible binary cache</title>
-
-  <para>If your binary cache is publicly accessible and does not
-  require authentication, the simplest and easiest way to use Nix with
-  your S3 compatible binary cache is to use the HTTP URL for that
-  cache.</para>
-
-  <para>For AWS S3 the binary cache URL for example bucket will be
-  exactly <uri>https://example-nix-cache.s3.amazonaws.com</uri> or
-  <uri>s3://example-nix-cache</uri>. For S3 compatible binary caches,
-  consult that cache's documentation.</para>
-
-  <para>Your bucket will need the following bucket policy:</para>
-
-  <programlisting><![CDATA[
-{
-    "Id": "DirectReads",
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "AllowDirectReads",
-            "Action": [
-                "s3:GetObject",
-                "s3:GetBucketLocation"
-            ],
-            "Effect": "Allow",
-            "Resource": [
-                "arn:aws:s3:::example-nix-cache",
-                "arn:aws:s3:::example-nix-cache/*"
-            ],
-            "Principal": "*"
-        }
-    ]
-}
-]]></programlisting>
-</section>
-
-<section xml:id="ssec-s3-substituter-authenticated-reads">
-  <title>Authenticated Reads to your S3 binary cache</title>
-
-  <para>For AWS S3 the binary cache URL for example bucket will be
-  exactly <uri>s3://example-nix-cache</uri>.</para>
-
-  <para>Nix will use the <link
-  xlink:href="https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default.">default
-  credential provider chain</link> for authenticating requests to
-  Amazon S3.</para>
-
-  <para>Nix supports authenticated reads from Amazon S3 and S3
-  compatible binary caches.</para>
-
-  <para>Your bucket will need a bucket policy allowing the desired
-  users to perform the <literal>s3:GetObject</literal> and
-  <literal>s3:GetBucketLocation</literal> action on all objects in the
-  bucket. The anonymous policy in <xref
-  linkend="ssec-s3-substituter-anonymous-reads" /> can be updated to
-  have a restricted <literal>Principal</literal> to support
-  this.</para>
-</section>
-
-
-<section xml:id="ssec-s3-substituter-authenticated-writes">
-  <title>Authenticated Writes to your S3-compatible binary cache</title>
-
-  <para>Nix support fully supports writing to Amazon S3 and S3
-  compatible buckets. The binary cache URL for our example bucket will
-  be <uri>s3://example-nix-cache</uri>.</para>
-
-  <para>Nix will use the <link
-  xlink:href="https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default.">default
-  credential provider chain</link> for authenticating requests to
-  Amazon S3.</para>
-
-  <para>Your account will need the following IAM policy to
-  upload to the cache:</para>
-
-  <programlisting><![CDATA[
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Sid": "UploadToCache",
-      "Effect": "Allow",
-      "Action": [
-        "s3:AbortMultipartUpload",
-        "s3:GetBucketLocation",
-        "s3:GetObject",
-        "s3:ListBucket",
-        "s3:ListBucketMultipartUploads",
-        "s3:ListMultipartUploadParts",
-        "s3:ListObjects",
-        "s3:PutObject"
-      ],
-      "Resource": [
-        "arn:aws:s3:::example-nix-cache",
-        "arn:aws:s3:::example-nix-cache/*"
-      ]
-    }
-  ]
-}
-]]></programlisting>
-
-
-  <example><title>Uploading with a specific credential profile for Amazon S3</title>
-    <para><command>nix copy --to 's3://example-nix-cache?profile=cache-upload&amp;region=eu-west-2' nixpkgs.hello</command></para>
-  </example>
-
-  <example><title>Uploading to an S3-Compatible Binary Cache</title>
-    <para><command>nix copy --to 's3://example-nix-cache?profile=cache-upload&amp;scheme=https&amp;endpoint=minio.example.com' nixpkgs.hello</command></para>
-  </example>
-</section>
-</section>

doc/manual/packages/sharing-packages.xml

@@ -12,9 +12,46 @@ another machine already has some or all of those packages or their
 dependencies.  In that case there are mechanisms to quickly copy
 packages between machines.</para>
 
-<xi:include href="binary-cache-substituter.xml" />
-<xi:include href="copy-closure.xml" />
-<xi:include href="ssh-substituter.xml" />
-<xi:include href="s3-substituter.xml" />
+<para>The command <command
+linkend="sec-nix-copy-closure">nix-copy-closure</command> copies a Nix
+store path along with all its dependencies to or from another machine
+via the SSH protocol.  It doesn’t copy store paths that are already
+present on the target machine.  For example, the following command
+copies Firefox with all its dependencies:
+
+<screen>
+$ nix-copy-closure --to alice@itchy.example.org $(type -p firefox)</screen>
+
+See <xref linkend='sec-nix-copy-closure' /> for details.</para>
+
+<para>With <command linkend='refsec-nix-store-export'>nix-store
+--export</command> and <command
+linkend='refsec-nix-store-import'>nix-store --import</command> you can
+write the closure of a store path (that is, the path and all its
+dependencies) to a file, and then unpack that file into another Nix
+store.  For example,
+
+<screen>
+$ nix-store --export $(nix-store -qR $(type -p firefox)) > firefox.closure</screen>
+
+writes the closure of Firefox to a file.  You can then copy this file
+to another machine and install the closure:
+
+<screen>
+$ nix-store --import &lt; firefox.closure</screen>
+
+Any store paths in the closure that are already present in the target
+store are ignored.  It is also possible to pipe the export into
+another command, e.g. to copy and install a closure directly to/on
+another machine:
+
+<screen>
+$ nix-store --export $(nix-store -qR $(type -p firefox)) | bzip2 | \
+    ssh alice@itchy.example.org "bunzip2 | nix-store --import"</screen>
+
+But note that <command>nix-copy-closure</command> is generally more
+efficient in this example because it only copies paths that are not
+already present in the target Nix store.</para>
+
 
 </chapter>

doc/manual/packages/ssh-substituter.xml

@@ -1,73 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="ssec-ssh-substituter">
-
-<title>Serving a Nix store via SSH</title>
-
-<para>You can tell Nix to automatically fetch needed binaries from a
-remote Nix store via SSH. For example, the following installs Firefox,
-automatically fetching any store paths in Firefox’s closure if they
-are available on the server <literal>avalon</literal>:
-
-<screen>
-$ nix-env -i firefox --substituters ssh://alice@avalon
-</screen>
-
-This works similar to the binary cache substituter that Nix usually
-uses, only using SSH instead of HTTP: if a store path
-<literal>P</literal> is needed, Nix will first check if it’s available
-in the Nix store on <literal>avalon</literal>. If not, it will fall
-back to using the binary cache substituter, and then to building from
-source.</para>
-
-<note><para>The SSH substituter currently does not allow you to enter
-an SSH passphrase interactively. Therefore, you should use
-<command>ssh-add</command> to load the decrypted private key into
-<command>ssh-agent</command>.</para></note>
-
-<para>You can also copy the closure of some store path, without
-installing it into your profile, e.g.
-
-<screen>
-$ nix-store -r /nix/store/m85bxg…-firefox-34.0.5 --substituters ssh://alice@avalon
-</screen>
-
-This is essentially equivalent to doing
-
-<screen>
-$ nix-copy-closure --from alice@avalon /nix/store/m85bxg…-firefox-34.0.5
-</screen>
-
-</para>
-
-<para>You can use SSH’s <emphasis>forced command</emphasis> feature to
-set up a restricted user account for SSH substituter access, allowing
-read-only access to the local Nix store, but nothing more. For
-example, add the following lines to <filename>sshd_config</filename>
-to restrict the user <literal>nix-ssh</literal>:
-
-<programlisting>
-Match User nix-ssh
-  AllowAgentForwarding no
-  AllowTcpForwarding no
-  PermitTTY no
-  PermitTunnel no
-  X11Forwarding no
-  ForceCommand nix-store --serve
-Match All
-</programlisting>
-
-On NixOS, you can accomplish the same by adding the following to your
-<filename>configuration.nix</filename>:
-
-<programlisting>
-nix.sshServe.enable = true;
-nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ];
-</programlisting>
-
-where the latter line lists the public keys of users that are allowed
-to connect.</para>
-
-</section>

doc/manual/quick-start/getting-started.xml

@@ -2,20 +2,17 @@
       xmlns:xlink="http://www.w3.org/1999/xlink"
       xmlns:xi="http://www.w3.org/2001/XInclude"
       version="5.0"
-      xml:id="chap-quick-start">
+      xml:id="ch-getting-started-nix"> 
 
-<title>Quick Start</title>
-
-<para>This chapter is for impatient people who don't like reading
-documentation.  For more in-depth information you are kindly referred
-to subsequent chapters.</para>
+<title>Getting Started with Nix</title>
 
+<para>This tutorial takes you through the basic tasks you might perform when you start using Nix.</para>
 <procedure>
 
 <step><para>Install single-user Nix by running the following:
 
 <screen>
-$ bash &lt;(curl https://nixos.org/nix/install)
+$ curl https://nixos.org/nix/install | sh
 </screen>
 
 This will install Nix in <filename>/nix</filename>. The install script
@@ -28,11 +25,10 @@ in the channel:
 
 <screen>
 $ nix-env -qa
-docbook-xml-4.3
-docbook-xml-4.5
-firefox-33.0.2
-hello-2.9
-libxslt-1.1.28
+docbook-xml-4.2
+firefox-1.0pre-PR-0.10.1
+hello-2.1.1
+libxslt-1.1.0
 <replaceable>...</replaceable></screen>
 
 </para></step>
@@ -40,7 +36,7 @@ libxslt-1.1.28
 <step><para>Install some packages from the channel:
 
 <screen>
-$ nix-env -i hello</screen>
+$ nix-env -i hello <replaceable>...</replaceable> </screen>
 
 This should download pre-built packages; it should not build them
 locally (if it does, something went wrong).</para></step>
@@ -63,28 +59,6 @@ $ nix-env -e hello</screen>
 
 </para></step>
 
-<step><para>You can also test a package without installing it:
-
-<screen>
-$ nix-shell -p hello
-</screen>
-
-This builds or downloads GNU Hello and its dependencies, then drops
-you into a Bash shell where the <command>hello</command> command is
-present, all without affecting your normal environment:
-
-<screen>
-[nix-shell:~]$ hello
-Hello, world!
-
-[nix-shell:~]$ exit
-
-$ hello
-hello: command not found
-</screen>
-
-</para></step>
-
 <step><para>To keep up-to-date with the channel, do:
 
 <screen>
@@ -95,6 +69,16 @@ The latter command will upgrade each installed package for which there
 is a “newer” version (as determined by comparing the version
 numbers).</para></step>
 
+<step><para>You can also install specific packages directly from
+your web browser.  For instance, you can go to <link
+xlink:href="http://hydra.nixos.org/jobset/nixpkgs/trunk/channel/latest"
+/> and click on any link for the individual packages for your
+platform.  Associate <literal>application/nix-package</literal> with
+the program <command>nix-install-package</command>.  A window should
+appear asking you whether it’s okay to install the package.  Say
+<literal>Y</literal>.  The package and all its dependencies will be
+installed.</para></step>
+
 <step><para>If you're unhappy with the result of a
 <command>nix-env</command> action (e.g., an upgraded package turned
 out not to work properly), you can go back:

doc/manual/quick-start/quick-start.xml

@@ -0,0 +1,17 @@
+<part xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="chap-quick-start">
+
+<title>Quick-Start</title>
+
+<partintro>
+<para>This section is for impatient people who don't like reading
+documentation.  For more in-depth information you are kindly referred
+to subsequent chapters.</para>
+</partintro>
+
+<xi:include href="getting-started.xml" />
+
+</part>

doc/manual/release-notes/release-notes.xml

@@ -12,13 +12,6 @@
 </partintro>
 -->
 
-<xi:include href="rl-2.2.xml" />
-<xi:include href="rl-2.1.xml" />
-<xi:include href="rl-2.0.xml" />
-<xi:include href="rl-1.11.10.xml" />
-<xi:include href="rl-1.11.xml" />
-<xi:include href="rl-1.10.xml" />
-<xi:include href="rl-1.9.xml" />
 <xi:include href="rl-1.8.xml" />
 <xi:include href="rl-1.7.xml" />
 <xi:include href="rl-1.6.1.xml" />

doc/manual/release-notes/rl-0.10.1.xml

@@ -4,10 +4,10 @@
       version="5.0"
       xml:id="ch-relnotes-0.10.1">
 
-<title>Release 0.10.1 (2006-10-11)</title>
+<title>Release 0.10.1 (October 11, 2006)</title>
 
 <para>This release fixes two somewhat obscure bugs that occur when
 evaluating Nix expressions that are stored inside the Nix store
 (<literal>NIX-67</literal>).  These do not affect most users.</para>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.10.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.10">
 
-<title>Release 0.10 (2006-10-06)</title>
+<title>Release 0.10 (October 6, 2006)</title>
 
 <note><para>This version of Nix uses Berkeley DB 4.4 instead of 4.3.
 The database is upgraded automatically, but you should be careful not
@@ -320,4 +320,4 @@ irreversible.</para></warning>
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.11.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-0.11">
 
-<title>Release 0.11 (2007-12-31)</title>
+<title>Release 0.11 (December 31, 2007)</title>
 
 <para>Nix 0.11 has many improvements over the previous stable release.
 The most important improvement is secure multi-user support.  It also
@@ -258,4 +258,4 @@ on Nix.  Here is an (incomplete) list:</para>
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.12.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-0.12">
 
-<title>Release 0.12 (2008-11-20)</title>
+<title>Release 0.12 (November 20, 2008)</title>
 
 <itemizedlist>
 
@@ -172,4 +172,4 @@ the following paths will be downloaded/copied (30.02 MiB):
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.13.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-0.13">
 
-<title>Release 0.13 (2009-11-05)</title>
+<title>Release 0.13 (November 5, 2009)</title>
 
 <para>This is primarily a bug fix release.  It has some new
 features:</para>
@@ -103,4 +103,4 @@ features:</para>
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.14.xml

@@ -2,9 +2,7 @@
       xmlns:xlink="http://www.w3.org/1999/xlink"
       xmlns:xi="http://www.w3.org/2001/XInclude"
       version="5.0"
-      xml:id="ssec-relnotes-0.14">
-
-<title>Release 0.14 (2010-02-04)</title>
+      xml:id="ssec-relnotes-0.14"><title>Release 0.14 (February 4, 2010)</title>
 
 <para>This release has the following improvements:</para>
 
@@ -43,4 +41,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.15.xml

@@ -4,11 +4,11 @@
       version="5.0"
       xml:id="ssec-relnotes-0.15">
 
-<title>Release 0.15 (2010-03-17)</title>
+<title>Release 0.15 (March 17, 2010)</title>
 
 <para>This is a bug-fix release.  Among other things, it fixes
 building on Mac OS X (Snow Leopard), and improves the contents of
 <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
 in <literal>chroot</literal> builds.</para>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.16.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ssec-relnotes-0.16">
 
-<title>Release 0.16 (2010-08-17)</title>
+<title>Release 0.16 (August 17, 2010)</title>
 
 <para>This release has the following improvements:</para>
 
@@ -52,4 +52,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.6.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.6">
 
-<title>Release 0.6 (2004-11-14)</title>
+<title>Release 0.6 (November 14, 2004)</title>
 
 <itemizedlist>
 
@@ -119,4 +119,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.7.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.7">
 
-<title>Release 0.7 (2005-01-12)</title>
+<title>Release 0.7 (January 12, 2005)</title>
 
 <itemizedlist>
 
@@ -32,4 +32,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.8.1.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.8.1">
 
-<title>Release 0.8.1 (2005-04-13)</title>
+<title>Release 0.8.1 (April 13, 2005)</title>
 
 <para>This is a bug fix release.</para>
 
@@ -18,4 +18,4 @@
 
 </itemizedlist>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.8.xml

@@ -4,7 +4,7 @@
       version="5.0"
       xml:id="ch-relnotes-0.8">
 
-<title>Release 0.8 (2005-04-11)</title>
+<title>Release 0.8 (April 11, 2005)</title>
 
 <para>NOTE: the hashing scheme in Nix 0.8 changed (as detailed below).
 As a result, <command>nix-pull</command> manifests and channels built
@@ -243,4 +243,4 @@ $ nix-env -f .../i686-linux.nix -i -E 'x: x.firefoxWrapper'</screen>
 
 </para>
 
-</section>
+</section>

doc/manual/release-notes/rl-0.9.1.xml

@@ -4,10 +4,10 @@
       version="5.0"
       xml:id="ch-relnotes-0.9.1">
 
-<title>Release 0.9.1 (2005-09-20)</title>
+<title>Release 0.9.1 (September 20, 2005)</title>
 
 <para>This bug fix release addresses a problem with the ATerm library
 when the <option>--with-aterm</option> flag in
 <command>configure</command> was <emphasis>not</emphasis> used.</para>
 
-</section>
+</section>