Merge e027d4172f into fbe214b76e

Fix issue #11141 broken stack pointer corrector

.clang-format

@@ -15,7 +15,7 @@ SpaceAfterCStyleCast: true
 SpaceAfterTemplateKeyword: false
 AccessModifierOffset: -4
 AlignAfterOpenBracket: AlwaysBreak
-AlignEscapedNewlines: DontAlign
+AlignEscapedNewlines: Left
 ColumnLimit: 120
 BreakStringLiterals: false
 BitFieldColonSpacing: None
@@ -30,3 +30,4 @@ BreakBeforeBinaryOperators: NonAssignment
 AlwaysBreakBeforeMultilineStrings: true
 IndentPPDirectives: AfterHash
 PPIndentWidth: 2
+BinPackArguments: false

.editorconfig

@@ -4,20 +4,20 @@
 # Top-most EditorConfig file
 root = true
 
-# Unix-style newlines with a newline ending every file, utf-8 charset
+# Unix-style newlines with a newline ending every file, UTF-8 charset
 [*]
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
 charset = utf-8
 
-# Match nix files, set indent to spaces with width of two
+# Match Nix files, set indent to spaces with width of two
 [*.nix]
 indent_style = space
 indent_size = 2
 
-# Match c++/shell/perl, set indent to spaces with width of four
-[*.{hpp,cc,hh,sh,pl,xs}]
+# Match C++/C/shell/Perl, set indent to spaces with width of four
+[*.{hpp,cc,hh,c,h,sh,pl,xs}]
 indent_style = space
 indent_size = 4
 

.github/CODEOWNERS

@@ -11,7 +11,16 @@
 .github/CODEOWNERS @edolstra
 
 # Documentation of built-in functions
-src/libexpr/primops.cc @roberth
+src/libexpr/primops.cc @roberth @fricklerhandwerk
+
+# Documentation of settings
+src/libexpr/eval-settings.hh @fricklerhandwerk
+src/libstore/globals.hh @fricklerhandwerk
+
+# Documentation
+doc/manual @fricklerhandwerk
+maintainers/*.md @fricklerhandwerk
+src/**/*.md @fricklerhandwerk
 
 # Libstore layer
-/src/libstore @thufschmitt @ericson2314
+/src/libstore @ericson2314

.github/labeler.yml

@@ -13,7 +13,7 @@
 
 "documentation":
   - changed-files:
-    - any-glob-to-any-file: "doc/manual/*"
+    - any-glob-to-any-file: "doc/manual/**/*"
     - any-glob-to-any-file: "src/nix/**/*.md"
 
 "store":
@@ -40,4 +40,4 @@
     - any-glob-to-any-file: "src/*/tests/**/*"
     # Functional and integration tests
     - any-glob-to-any-file: "tests/functional/**/*"
-    
+

.github/workflows/backport.yml

@@ -21,7 +21,7 @@ jobs:
           fetch-depth: 0
       - name: Create backport PRs
         # should be kept in sync with `version`
-        uses: zeebe-io/backport-action@v2.5.0
+        uses: zeebe-io/backport-action@v3.0.2
         with:
           # Config README: https://github.com/zeebe-io/backport-action#backport-action
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ci.yml

@@ -25,14 +25,40 @@ jobs:
         # The sandbox would otherwise be disabled by default on Darwin
         extra_nix_config: "sandbox = true"
     - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
-    - uses: cachix/cachix-action@v14
+    - uses: cachix/cachix-action@v15
       if: needs.check_secrets.outputs.cachix == 'true'
       with:
         name: '${{ env.CACHIX_NAME }}'
         signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
         authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    - if: matrix.os == 'ubuntu-latest'
+      run: |
+        free -h
+        swapon --show
+        swap=$(swapon --show --noheadings | head -n 1 | awk '{print $1}')
+        echo "Found swap: $swap"
+        sudo swapoff $swap
+        # resize it (fallocate)
+        sudo fallocate -l 10G $swap
+        sudo mkswap $swap
+        sudo swapon $swap
+        free -h
+        (
+          while sleep 60; do
+            free -h
+          done
+        ) &
     - run: nix --experimental-features 'nix-command flakes' flake check -L
 
+  # Steps to test CI automation in your own fork.
+  # Cachix:
+  # 1. Sign-up for https://www.cachix.org/
+  # 2. Create a cache for $githubuser-nix-install-tests
+  # 3. Create a cachix auth token and save it in https://github.com/$githubuser/nix/settings/secrets/actions in "Repository secrets" as CACHIX_AUTH_TOKEN
+  # Dockerhub:
+  # 1. Sign-up for https://hub.docker.com/
+  # 2. Store your dockerhub username as DOCKERHUB_USERNAME in "Repository secrets" of your fork repository settings (https://github.com/$githubuser/nix/settings/secrets/actions)
+  # 3. Create an access token in https://hub.docker.com/settings/security and store it as DOCKERHUB_TOKEN in "Repository secrets" of your fork
   check_secrets:
     permissions:
       contents: none
@@ -65,11 +91,12 @@ jobs:
     - uses: cachix/install-nix-action@V27
       with:
         install_url: https://releases.nixos.org/nix/nix-2.20.3/install
-    - uses: cachix/cachix-action@v14
+    - uses: cachix/cachix-action@v15
       with:
         name: '${{ env.CACHIX_NAME }}'
         signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
         authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+        cachixArgs: '-v'
     - id: prepare-installer
       run: scripts/prepare-installer-for-github-actions
 
@@ -119,7 +146,7 @@ jobs:
         install_url: https://releases.nixos.org/nix/nix-2.20.3/install
     - run: echo CACHIX_NAME="$(echo $GITHUB_REPOSITORY-install-tests | tr "[A-Z]/" "[a-z]-")" >> $GITHUB_ENV
     - run: echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#default.version | tr -d \")" >> $GITHUB_ENV
-    - uses: cachix/cachix-action@v14
+    - uses: cachix/cachix-action@v15
       if: needs.check_secrets.outputs.cachix == 'true'
       with:
         name: '${{ env.CACHIX_NAME }}'
@@ -127,8 +154,8 @@ jobs:
         authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
     - run: nix --experimental-features 'nix-command flakes' build .#dockerImage -L
     - run: docker load -i ./result/image.tar.gz
-    - run: docker tag nix:$NIX_VERSION nixos/nix:$NIX_VERSION
-    - run: docker tag nix:$NIX_VERSION nixos/nix:master
+    - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
+    - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
     # We'll deploy the newly built image to both Docker Hub and Github Container Registry.
     #
     # Push to Docker Hub first
@@ -137,8 +164,8 @@ jobs:
       with:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_TOKEN }}
-    - run: docker push nixos/nix:$NIX_VERSION
-    - run: docker push nixos/nix:master
+    - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
+    - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
     # Push to GitHub Container Registry as well
     - name: Login to GitHub Container Registry
       uses: docker/login-action@v3
@@ -166,4 +193,38 @@ jobs:
       - uses: actions/checkout@v4
       - uses: DeterminateSystems/nix-installer-action@main
       - uses: DeterminateSystems/magic-nix-cache-action@main
-      - run: nix build -L .#hydraJobs.tests.githubFlakes .#hydraJobs.tests.tarballFlakes
+      - run: nix build -L .#hydraJobs.tests.githubFlakes .#hydraJobs.tests.tarballFlakes .#hydraJobs.tests.functional_user
+
+  meson_build:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      # Only meson packages that don't have a tests.run derivation.
+      # Those that have it are already built and tested as part of nix flake check.
+      - run: nix build -L .#hydraJobs.build.{nix-cmd,nix-main}.$(nix-instantiate --eval --expr builtins.currentSystem | sed -e 's/"//g')
+
+  flake_regressions:
+    needs: vm_tests
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout nix
+        uses: actions/checkout@v4
+      - name: Checkout flake-regressions
+        uses: actions/checkout@v4
+        with:
+          repository: NixOS/flake-regressions
+          path: flake-regressions
+      - name: Checkout flake-regressions-data
+        uses: actions/checkout@v4
+        with:
+          repository: NixOS/flake-regressions-data
+          path: flake-regressions/tests
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - run: nix build --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH scripts/flake-regressions.sh

.github/workflows/hydra_status.yml

@@ -1,20 +0,0 @@
-name: Hydra status
-
-permissions: read-all
-
-on:
-  schedule:
-    - cron: "12,42 * * * *"
-  workflow_dispatch:
-
-jobs:
-  check_hydra_status:
-    name: Check Hydra status
-    if: github.repository_owner == 'NixOS'
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - run: bash scripts/check-hydra-status.sh
-

.gitignore

@@ -11,6 +11,8 @@ perl/Makefile.config
 /svn-revision
 /libtool
 /config/config.*
+# Default meson build dir
+/build
 
 # /doc/manual/
 /doc/manual/*.1
@@ -52,6 +54,9 @@ perl/Makefile.config
 # /src/libfetchers
 /tests/unit/libfetchers/libnixfetchers-tests
 
+# /src/libflake
+/tests/unit/libflake/libnixflake-tests
+
 # /src/libstore/
 *.gen.*
 /src/libstore/tests
@@ -92,7 +97,7 @@ perl/Makefile.config
 
 # /tests/functional/
 /tests/functional/test-tmp
-/tests/functional/common/vars-and-functions.sh
+/tests/functional/common/subst-vars.sh
 /tests/functional/result*
 /tests/functional/restricted-innocent
 /tests/functional/shell

.shellcheckrc

@@ -0,0 +1,4 @@
+external-sources=true
+source-path=SCRIPTDIR
+# Hack for scripts in e.g. tests/functional/ca
+source-path=SCRIPTDIR/..

.version

@@ -1 +1 @@
-2.22.0
+2.24.0

CITATION.cff

@@ -0,0 +1,42 @@
+cff-version: 1.2.0
+title: Nix
+message: >-
+  If you use this software, please cite it using the
+  metadata from this file.
+type: software
+authors:
+  - given-names: Eelco
+    family-names: Dolstra
+    email: edolstra@gmail.com
+  - name: The Nix contributors
+    website: 'https://github.com/NixOS/nix'
+references:
+  - title: The Purely Functional Software Deployment Model
+    authors:
+    - family-names: Dolstra
+      given-names: Eelco
+    year: 2006
+    type: thesis
+    thesis-type: PhD thesis
+    isbn: 90-393-4130-3
+    url: https://dspace.library.uu.nl/handle/1874/7540
+    database-provider: Utrecht University Repository
+    institution:
+      name: Utrecht University
+    keywords:
+    - configuration management
+    - software deployment
+    - purely functional
+    - component-based software engineering
+repository-code: 'https://github.com/NixOS/nix'
+url: 'https://nixos.org/'
+abstract: >-
+  Nix, a purely functional package manager, is a powerful
+  package manager for Linux and other Unix systems that
+  makes package management reliable and reproducible.
+keywords:
+  - reproducibility
+  - open-source
+  - c++
+  - functional
+license: LGPL-2.1

CONTRIBUTING.md

@@ -27,6 +27,8 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).
 1. Search for related issues that cover what you're going to work on.
    It could help to mention there that you will work on the issue.
 
+   We strongly recommend first-time contributors not to propose new features but rather fix tightly-scoped problems in order to build trust and a working relationship with maintainers.
+
    Issues labeled [good first issue](https://github.com/NixOS/nix/labels/good%20first%20issue) should be relatively easy to fix and are likely to get merged quickly.
    Pull requests addressing issues labeled [idea approved](https://github.com/NixOS/nix/labels/idea%20approved) or [RFC](https://github.com/NixOS/nix/labels/RFC) are especially welcomed by maintainers and will receive prioritised review.
 

Makefile

@@ -18,6 +18,7 @@ makefiles = \
   src/libfetchers/local.mk \
   src/libmain/local.mk \
   src/libexpr/local.mk \
+  src/libflake/local.mk \
   src/libcmd/local.mk \
   src/nix/local.mk \
   src/libutil-c/local.mk \
@@ -45,7 +46,8 @@ makefiles += \
   tests/unit/libstore-support/local.mk \
   tests/unit/libfetchers/local.mk \
   tests/unit/libexpr/local.mk \
-  tests/unit/libexpr-support/local.mk
+  tests/unit/libexpr-support/local.mk \
+  tests/unit/libflake/local.mk
 endif
 
 ifeq ($(ENABLE_FUNCTIONAL_TESTS), yes)
@@ -68,14 +70,6 @@ ifeq ($(ENABLE_DOC_GEN), yes)
 makefiles-late += doc/manual/local.mk
 endif
 
-ifeq ($(ENABLE_INTERNAL_API_DOCS), yes)
-makefiles-late += doc/internal-api/local.mk
-endif
-
-ifeq ($(ENABLE_EXTERNAL_API_DOCS), yes)
-makefiles-late += doc/external-api/local.mk
-endif
-
 # Miscellaneous global Flags
 
 OPTIMIZE = 1
@@ -98,7 +92,7 @@ ifdef HOST_WINDOWS
   GLOBAL_LDFLAGS += -Wl,--export-all-symbols
 endif
 
-GLOBAL_CXXFLAGS += -g -Wall -Wimplicit-fallthrough -include $(buildprefix)config.h -std=c++2a -I src
+GLOBAL_CXXFLAGS += -g -Wall -Wdeprecated-copy -Wignored-qualifiers -Wimplicit-fallthrough -Werror=unused-result -include $(buildprefix)config.h -std=c++2a -I src
 
 # Include the main lib, causing rules to be defined
 
@@ -131,17 +125,3 @@ manual-html manpages:
 	@echo "Generated docs are disabled. Configure without '--disable-doc-gen', or avoid calling 'make manpages' and 'make manual-html'."
 	@exit 1
 endif
-
-ifneq ($(ENABLE_INTERNAL_API_DOCS), yes)
-.PHONY: internal-api-html
-internal-api-html:
-	@echo "Internal API docs are disabled. Configure with '--enable-internal-api-docs', or avoid calling 'make internal-api-html'."
-	@exit 1
-endif
-
-ifneq ($(ENABLE_EXTERNAL_API_DOCS), yes)
-.PHONY: external-api-html
-external-api-html:
-	@echo "External API docs are disabled. Configure with '--enable-external-api-docs', or avoid calling 'make external-api-html'."
-	@exit 1
-endif

Makefile.config.in

@@ -11,8 +11,6 @@ EDITLINE_LIBS = @EDITLINE_LIBS@
 ENABLE_BUILD = @ENABLE_BUILD@
 ENABLE_DOC_GEN = @ENABLE_DOC_GEN@
 ENABLE_FUNCTIONAL_TESTS = @ENABLE_FUNCTIONAL_TESTS@
-ENABLE_INTERNAL_API_DOCS = @ENABLE_INTERNAL_API_DOCS@
-ENABLE_EXTERNAL_API_DOCS = @ENABLE_EXTERNAL_API_DOCS@
 ENABLE_S3 = @ENABLE_S3@
 ENABLE_UNIT_TESTS = @ENABLE_UNIT_TESTS@
 GTEST_LIBS = @GTEST_LIBS@

build-utils-meson/deps-lists/meson.build

@@ -0,0 +1,36 @@
+# These are private dependencies with pkg-config files. What private
+# means is that the dependencies are used by the library but they are
+# *not* used (e.g. `#include`-ed) in any installed header file, and only
+# in regular source code (`*.cc`) or private, uninstalled headers. They
+# are thus part of the *implementation* of the library, but not its
+# *interface*.
+#
+# See `man pkg-config` for some details.
+deps_private = [ ]
+
+# These are public dependencies with pkg-config files. Public is the
+# opposite of private: these dependencies are used in installed header
+# files. They are part of the interface (and implementation) of the
+# library.
+#
+# N.B. This concept is mostly unrelated to our own concept of a public
+# (stable) API, for consumption outside of the Nix repository.
+# `libnixutil` is an unstable C++ library, whose public interface is
+# likewise unstable. `libutilc` conversely is a hopefully-soon stable
+# C library, whose public interface --- including public but not private
+# dependencies --- will also likewise soon be stable.
+#
+# N.B. For distributions that care about "ABI" stability and not just
+# "API" stability, the private dependencies also matter as they can
+# potentially affect the public ABI.
+deps_public = [ ]
+
+# These are subproject deps (type == "internal"). They are other
+# packages in `/src` in this repo. The private vs public distinction is
+# the same as above.
+deps_private_subproject = [ ]
+deps_public_subproject = [ ]
+
+# These are dependencencies without pkg-config files. Ideally they are
+# just private, but they may also be public (e.g. boost).
+deps_other = [ ]

build-utils-meson/diagnostics/meson.build

@@ -0,0 +1,13 @@
+add_project_arguments(
+  '-Wno-deprecated-declarations',
+  '-Wimplicit-fallthrough',
+  '-Werror=switch',
+  '-Werror=switch-enum',
+  '-Werror=unused-result',
+  '-Wdeprecated-copy',
+  '-Wignored-qualifiers',
+  # Enable assertions in libstdc++ by default. Harmless on libc++. Benchmarked
+  # at ~1% overhead in `nix search`.
+  #
+  language : 'cpp',
+)

build-utils-meson/export-all-symbols/meson.build

@@ -0,0 +1,11 @@
+if host_machine.system() == 'cygwin' or host_machine.system() == 'windows'
+  # Windows DLLs are stricter about symbol visibility than Unix shared
+  # objects --- see https://gcc.gnu.org/wiki/Visibility for details.
+  # This is a temporary sledgehammer to export everything like on Unix,
+  # and not detail with this yet.
+  #
+  # TODO do not do this, and instead do fine-grained export annotations.
+  linker_export_flags = ['-Wl,--export-all-symbols']
+else
+  linker_export_flags = []
+endif

build-utils-meson/export/meson.build

@@ -0,0 +1,30 @@
+requires_private = []
+foreach dep : deps_private_subproject
+  requires_private  += dep.name()
+endforeach
+requires_private += deps_private
+
+requires_public  = []
+foreach dep : deps_public_subproject
+  requires_public  += dep.name()
+endforeach
+requires_public += deps_public
+
+import('pkgconfig').generate(
+  this_library,
+  filebase : meson.project_name(),
+  name : 'Nix',
+  description : 'Nix Package Manager',
+  subdirs : ['nix'],
+  extra_cflags : ['-std=c++2a'],
+  requires : requires_public,
+  requires_private : requires_private,
+  libraries_private : libraries_private,
+)
+
+meson.override_dependency(meson.project_name(), declare_dependency(
+  include_directories : include_dirs,
+  link_with : this_library,
+  compile_args : ['-std=c++2a'],
+  dependencies : deps_public_subproject + deps_public,
+))

build-utils-meson/generate-header/meson.build

@@ -0,0 +1,7 @@
+bash = find_program('bash', native: true)
+
+gen_header = generator(
+  bash,
+  arguments : [ '-c', '{ echo \'R"__NIX_STR(\' && cat @INPUT@ && echo \')__NIX_STR"\'; } > "$1"', '_ignored_argv0', '@OUTPUT@' ],
+  output : '@PLAINNAME@.gen.hh',
+)

build-utils-meson/subprojects/meson.build

@@ -0,0 +1,19 @@
+foreach maybe_subproject_dep : deps_private_maybe_subproject
+  if maybe_subproject_dep.type_name() == 'internal'
+    deps_private_subproject += maybe_subproject_dep
+    # subproject sadly no good for pkg-config module
+    deps_other += maybe_subproject_dep
+  else
+    deps_private += maybe_subproject_dep
+  endif
+endforeach
+
+foreach maybe_subproject_dep : deps_public_maybe_subproject
+  if maybe_subproject_dep.type_name() == 'internal'
+    deps_public_subproject += maybe_subproject_dep
+    # subproject sadly no good for pkg-config module
+    deps_other += maybe_subproject_dep
+  else
+    deps_public += maybe_subproject_dep
+  endif
+endforeach

build-utils-meson/threads/meson.build

@@ -0,0 +1,6 @@
+# This is only conditional to work around
+# https://github.com/mesonbuild/meson/issues/13293. It should be
+# unconditional.
+if not (host_machine.system() == 'windows' and cxx.get_id() == 'gcc')
+  deps_private += dependency('threads')
+endif

configure.ac

@@ -63,7 +63,6 @@ AC_SYS_LARGEFILE
 
 
 # Solaris-specific stuff.
-AC_STRUCT_DIRENT_D_TYPE
 case "$host_os" in
   solaris*)
     # Solaris requires -lsocket -lnsl for network functions
@@ -150,11 +149,6 @@ AC_ARG_ENABLE(unit-tests, AS_HELP_STRING([--disable-unit-tests],[Do not build th
   ENABLE_UNIT_TESTS=$enableval, ENABLE_UNIT_TESTS=$ENABLE_BUILD)
 AC_SUBST(ENABLE_UNIT_TESTS)
 
-# Build external API docs by default
-AC_ARG_ENABLE(external_api_docs, AS_HELP_STRING([--enable-external-api-docs],[Build API docs for Nix's C interface]),
-  external_api_docs=$enableval, external_api_docs=yes)
-AC_SUBST(external_api_docs)
-
 AS_IF(
   [test "$ENABLE_BUILD" == "no" && test "$ENABLE_UNIT_TESTS" == "yes"],
   [AC_MSG_ERROR([Cannot enable unit tests when building overall is disabled. Please do not pass '--enable-unit-tests' or do not pass '--disable-build'.])])
@@ -172,15 +166,6 @@ AS_IF(
   [test "$ENABLE_BUILD" == "no" && test "$ENABLE_DOC_GEN" == "yes"],
   [AC_MSG_ERROR([Cannot enable generated docs when building overall is disabled. Please do not pass '--enable-doc-gen' or do not pass '--disable-build'.])])
 
-# Building without API docs is the default as Nix' C++ interfaces are internal and unstable.
-AC_ARG_ENABLE(internal-api-docs, AS_HELP_STRING([--enable-internal-api-docs],[Build API docs for Nix's internal unstable C++ interfaces]),
-  ENABLE_INTERNAL_API_DOCS=$enableval, ENABLE_INTERNAL_API_DOCS=no)
-AC_SUBST(ENABLE_INTERNAL_API_DOCS)
-
-AC_ARG_ENABLE(external-api-docs, AS_HELP_STRING([--enable-external-api-docs],[Build API docs for Nix's external unstable C interfaces]),
-  ENABLE_EXTERNAL_API_DOCS=$enableval, ENABLE_EXTERNAL_API_DOCS=no)
-AC_SUBST(ENABLE_EXTERNAL_API_DOCS)
-
 AS_IF(
   [test "$ENABLE_FUNCTIONAL_TESTS" == "yes" || test "$ENABLE_DOC_GEN" == "yes"],
   [NEED_PROG(jq, jq)])
@@ -314,7 +299,7 @@ case "$host_os" in
                                 ]))
     if test "x$enable_seccomp_sandboxing" != "xno"; then
       PKG_CHECK_MODULES([LIBSECCOMP], [libseccomp],
-                        [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS"])
+                        [CXXFLAGS="$LIBSECCOMP_CFLAGS $CXXFLAGS" CFLAGS="$LIBSECCOMP_CFLAGS $CFLAGS"])
       have_seccomp=1
       AC_DEFINE([HAVE_SECCOMP], [1], [Whether seccomp is available and should be used for sandboxing.])
       AC_COMPILE_IFELSE([
@@ -355,13 +340,6 @@ AC_CHECK_HEADERS([aws/s3/S3Client.h],
 AC_SUBST(ENABLE_S3, [$enable_s3])
 AC_LANG_POP(C++)
 
-if test -n "$enable_s3"; then
-  declare -a aws_version_tokens=($(printf '#include <aws/core/VersionConfig.h>\nAWS_SDK_VERSION_STRING' | $CPP $CPPFLAGS - | grep -v '^#.*' | sed 's/"//g' | tr '.' ' '))
-  AC_DEFINE_UNQUOTED([AWS_VERSION_MAJOR], ${aws_version_tokens@<:@0@:>@}, [Major version of aws-sdk-cpp.])
-  AC_DEFINE_UNQUOTED([AWS_VERSION_MINOR], ${aws_version_tokens@<:@1@:>@}, [Minor version of aws-sdk-cpp.])
-  AC_DEFINE_UNQUOTED([AWS_VERSION_PATCH], ${aws_version_tokens@<:@2@:>@}, [Patch version of aws-sdk-cpp.])
-fi
-
 
 # Whether to use the Boehm garbage collector.
 AC_ARG_ENABLE(gc, AS_HELP_STRING([--enable-gc],[enable garbage collection in the Nix expression evaluator (requires Boehm GC) [default=yes]]),
@@ -370,6 +348,14 @@ if test "$gc" = yes; then
   PKG_CHECK_MODULES([BDW_GC], [bdw-gc])
   CXXFLAGS="$BDW_GC_CFLAGS $CXXFLAGS"
   AC_DEFINE(HAVE_BOEHMGC, 1, [Whether to use the Boehm garbage collector.])
+
+  # See `fixupBoehmStackPointer`, for the integration between Boehm GC
+  # and Boost coroutines.
+  old_CFLAGS="$CFLAGS"
+  # Temporary set `-pthread` just for the next check
+  CFLAGS="$CFLAGS -pthread"
+  AC_CHECK_FUNCS([pthread_attr_get_np pthread_getattr_np])
+  CFLAGS="$old_CFLAGS"
 fi
 
 AS_IF([test "$ENABLE_UNIT_TESTS" == "yes"],[
@@ -407,6 +393,11 @@ AS_CASE(["$enable_markdown"],
 PKG_CHECK_MODULES([LIBGIT2], [libgit2])
 
 
+# Look for toml11, a required dependency.
+AC_LANG_PUSH(C++)
+AC_CHECK_HEADER([toml.hpp], [], [AC_MSG_ERROR([toml11 is not found.])])
+AC_LANG_POP(C++)
+
 # Setuid installations.
 AC_CHECK_FUNCS([setresuid setreuid lchown])
 

dep-patches/boehmgc-coroutine-sp-fallback.diff

@@ -1,99 +0,0 @@
-diff --git a/darwin_stop_world.c b/darwin_stop_world.c
-index 0468aaec..b348d869 100644
---- a/darwin_stop_world.c
-+++ b/darwin_stop_world.c
-@@ -356,6 +356,7 @@ GC_INNER void GC_push_all_stacks(void)
-   int nthreads = 0;
-   word total_size = 0;
-   mach_msg_type_number_t listcount = (mach_msg_type_number_t)THREAD_TABLE_SZ;
-+  size_t stack_limit;
-   if (!EXPECT(GC_thr_initialized, TRUE))
-     GC_thr_init();
- 
-@@ -411,6 +412,19 @@ GC_INNER void GC_push_all_stacks(void)
-             GC_push_all_stack_sections(lo, hi, p->traced_stack_sect);
-           }
-           if (altstack_lo) {
-+            // When a thread goes into a coroutine, we lose its original sp until
-+            // control flow returns to the thread.
-+            // While in the coroutine, the sp points outside the thread stack,
-+            // so we can detect this and push the entire thread stack instead,
-+            // as an approximation.
-+            // We assume that the coroutine has similarly added its entire stack.
-+            // This could be made accurate by cooperating with the application
-+            // via new functions and/or callbacks.
-+            stack_limit = pthread_get_stacksize_np(p->id);
-+            if (altstack_lo >= altstack_hi || altstack_lo < altstack_hi - stack_limit) { // sp outside stack
-+              altstack_lo = altstack_hi - stack_limit;
-+            }
-+
-             total_size += altstack_hi - altstack_lo;
-             GC_push_all_stack(altstack_lo, altstack_hi);
-           }
-diff --git a/include/gc.h b/include/gc.h
-index edab6c22..f2c61282 100644
---- a/include/gc.h
-+++ b/include/gc.h
-@@ -2172,6 +2172,11 @@ GC_API void GC_CALL GC_win32_free_heap(void);
-         (*GC_amiga_allocwrapper_do)(a,GC_malloc_atomic_ignore_off_page)
- #endif /* _AMIGA && !GC_AMIGA_MAKINGLIB */
- 
-+#if !__APPLE__
-+/* Patch doesn't work on apple */
-+#define NIX_BOEHM_PATCH_VERSION 1
-+#endif
-+
- #ifdef __cplusplus
-   } /* extern "C" */
- #endif
-diff --git a/pthread_stop_world.c b/pthread_stop_world.c
-index b5d71e62..aed7b0bf 100644
---- a/pthread_stop_world.c
-+++ b/pthread_stop_world.c
-@@ -768,6 +768,8 @@ STATIC void GC_restart_handler(int sig)
- /* world is stopped.  Should not fail if it isn't.                      */
- GC_INNER void GC_push_all_stacks(void)
- {
-+    size_t stack_limit;
-+    pthread_attr_t pattr;
-     GC_bool found_me = FALSE;
-     size_t nthreads = 0;
-     int i;
-@@ -851,6 +853,37 @@ GC_INNER void GC_push_all_stacks(void)
-           hi = p->altstack + p->altstack_size;
-           /* FIXME: Need to scan the normal stack too, but how ? */
-           /* FIXME: Assume stack grows down */
-+        } else {
-+#ifdef HAVE_PTHREAD_ATTR_GET_NP
-+          if (!pthread_attr_init(&pattr)
-+              || !pthread_attr_get_np(p->id, &pattr))
-+#else /* HAVE_PTHREAD_GETATTR_NP */
-+          if (pthread_getattr_np(p->id, &pattr))
-+#endif
-+          {
-+            ABORT("GC_push_all_stacks: pthread_getattr_np failed!");
-+          }
-+          if (pthread_attr_getstacksize(&pattr, &stack_limit)) {
-+            ABORT("GC_push_all_stacks: pthread_attr_getstacksize failed!");
-+          }
-+          if (pthread_attr_destroy(&pattr)) {
-+            ABORT("GC_push_all_stacks: pthread_attr_destroy failed!");
-+          }
-+          // When a thread goes into a coroutine, we lose its original sp until
-+          // control flow returns to the thread.
-+          // While in the coroutine, the sp points outside the thread stack,
-+          // so we can detect this and push the entire thread stack instead,
-+          // as an approximation.
-+          // We assume that the coroutine has similarly added its entire stack.
-+          // This could be made accurate by cooperating with the application
-+          // via new functions and/or callbacks.
-+          #ifndef STACK_GROWS_UP
-+            if (lo >= hi || lo < hi - stack_limit) { // sp outside stack
-+              lo = hi - stack_limit;
-+            }
-+          #else
-+          #error "STACK_GROWS_UP not supported in boost_coroutine2 (as of june 2021), so we don't support it in Nix."
-+          #endif
-         }
-         GC_push_all_stack_sections(lo, hi, traced_stack_sect);
- #       ifdef STACK_GROWS_UP

dep-patches/boehmgc-traceable_allocator-public.diff

@@ -1,12 +0,0 @@
-diff --git a/include/gc_allocator.h b/include/gc_allocator.h
-index 597c7f13..587286be 100644
---- a/include/gc_allocator.h
-+++ b/include/gc_allocator.h
-@@ -312,6 +312,7 @@ public:
- 
- template<>
- class traceable_allocator<void> {
-+public:
-   typedef size_t      size_type;
-   typedef ptrdiff_t   difference_type;
-   typedef void*       pointer;

doc/external-api/local.mk

@@ -1,7 +0,0 @@
-$(docdir)/external-api/html/index.html $(docdir)/external-api/latex: $(d)/doxygen.cfg
-	mkdir -p $(docdir)/external-api
-	{ cat $< ; echo "OUTPUT_DIRECTORY=$(docdir)/external-api" ; } | doxygen -
-
-# Generate the HTML API docs for Nix's unstable C bindings
-.PHONY: external-api-html
-external-api-html: $(docdir)/external-api/html/index.html

doc/internal-api/local.mk

@@ -1,7 +0,0 @@
-$(docdir)/internal-api/html/index.html $(docdir)/internal-api/latex: $(d)/doxygen.cfg
-	mkdir -p $(docdir)/internal-api
-	{ cat $< ; echo "OUTPUT_DIRECTORY=$(docdir)/internal-api" ; } | doxygen -
-
-# Generate the HTML API docs for Nix's unstable internal interfaces.
-.PHONY: internal-api-html
-internal-api-html: $(docdir)/internal-api/html/index.html

doc/manual/book.toml

@@ -6,8 +6,6 @@ additional-css = ["custom.css"]
 additional-js = ["redirects.js"]
 edit-url-template = "https://github.com/NixOS/nix/tree/master/doc/manual/{path}"
 git-repository-url = "https://github.com/NixOS/nix"
-fold.enable = true
-fold.level = 1
 
 [preprocessor.anchors]
 renderers = ["html"]

doc/manual/generate-builtin-constants.nix

@@ -1,31 +0,0 @@
-let
-  inherit (builtins) concatStringsSep attrValues mapAttrs;
-  inherit (import <nix/utils.nix>) optionalString squash;
-in
-
-builtinsInfo:
-let
-  showBuiltin = name: { doc, type, impure-only }:
-    let
-      type' = optionalString (type != null) " (${type})";
-
-      impureNotice = optionalString impure-only ''
-        > **Note**
-        >
-        > Not available in [pure evaluation mode](@docroot@/command-ref/conf-file.md#conf-pure-eval).
-      '';
-    in
-    squash ''
-      <dt id="builtins-${name}">
-        <a href="#builtins-${name}"><code>${name}</code></a>${type'}
-      </dt>
-      <dd>
-
-      ${doc}
-
-      ${impureNotice}
-
-      </dd>
-    '';
-in
-concatStringsSep "\n" (attrValues (mapAttrs showBuiltin builtinsInfo))

doc/manual/generate-builtins.nix

@@ -5,8 +5,10 @@ in
 
 builtinsInfo:
 let
-  showBuiltin = name: { doc, args, arity, experimental-feature }:
+  showBuiltin = name: { doc, type ? null, args ? [ ], experimental-feature ? null, impure-only ? false }:
     let
+      type' = optionalString (type != null) " (${type})";
+
       experimentalNotice = optionalString (experimental-feature != null) ''
         > **Note**
         >
@@ -18,18 +20,26 @@ let
         > extra-experimental-features = ${experimental-feature}
         > ```
       '';
+
+      impureNotice = optionalString impure-only ''
+        > **Note**
+        >
+        > Not available in [pure evaluation mode](@docroot@/command-ref/conf-file.md#conf-pure-eval).
+      '';
     in
     squash ''
       <dt id="builtins-${name}">
-        <a href="#builtins-${name}"><code>${name} ${listArgs args}</code></a>
+        <a href="#builtins-${name}"><code>${name}${listArgs args}</code></a>${type'}
       </dt>
       <dd>
 
       ${experimentalNotice}
 
       ${doc}
+
+      ${impureNotice}
       </dd>
     '';
-  listArgs = args: concatStringsSep " " (map (s: "<var>${s}</var>") args);
+  listArgs = args: concatStringsSep "" (map (s: " <var>${s}</var>") args);
 in
 concatStringsSep "\n" (attrValues (mapAttrs showBuiltin builtinsInfo))

doc/manual/generate-manpage.nix

@@ -116,9 +116,12 @@ let
             storeInfo = commandInfo.stores;
             inherit inlineHTML;
           };
+          hasInfix = infix: content:
+            builtins.stringLength content != builtins.stringLength (replaceStrings [ infix ] [ "" ] content);
         in
         optionalString (details ? doc) (
-          if match ".*@store-types@.*" details.doc != null
+          # An alternate implementation with builtins.match stack overflowed on some systems.
+          if hasInfix "@store-types@" details.doc
           then help-stores
           else details.doc
         );

doc/manual/local.mk

@@ -140,16 +140,10 @@ $(d)/xp-features.json: $(doc_nix)
 
 $(d)/src/language/builtins.md: $(d)/language.json $(d)/generate-builtins.nix $(d)/src/language/builtins-prefix.md $(doc_nix)
 	@cat doc/manual/src/language/builtins-prefix.md > $@.tmp
-	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtins.nix (builtins.fromJSON (builtins.readFile $<)).builtins' >> $@.tmp;
+	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtins.nix (builtins.fromJSON (builtins.readFile $<))' >> $@.tmp;
 	@cat doc/manual/src/language/builtins-suffix.md >> $@.tmp
 	@mv $@.tmp $@
 
-$(d)/src/language/builtin-constants.md: $(d)/language.json $(d)/generate-builtin-constants.nix $(d)/src/language/builtin-constants-prefix.md $(doc_nix)
-	@cat doc/manual/src/language/builtin-constants-prefix.md > $@.tmp
-	$(trace-gen) $(nix-eval) --expr 'import doc/manual/generate-builtin-constants.nix (builtins.fromJSON (builtins.readFile $<)).constants' >> $@.tmp;
-	@cat doc/manual/src/language/builtin-constants-suffix.md >> $@.tmp
-	@mv $@.tmp $@
-
 $(d)/language.json: $(doc_nix)
 	$(trace-gen) $(dummy-env) $(doc_nix) __dump-language > $@.tmp
 	@mv $@.tmp $@
@@ -217,7 +211,7 @@ doc/manual/generated/man1/nix3-manpages: $(d)/src/command-ref/new-cli
 # `@docroot@` is to be preserved for documenting the mechanism
 # FIXME: maybe contributing guides should live right next to the code
 # instead of in the manual
-$(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/anchors.jq $(d)/custom.css $(d)/src/SUMMARY.md $(d)/src/store/types $(d)/src/command-ref/new-cli $(d)/src/contributing/experimental-feature-descriptions.md $(d)/src/command-ref/conf-file.md $(d)/src/language/builtins.md $(d)/src/language/builtin-constants.md $(d)/src/release-notes/rl-next.md $(d)/src/figures $(d)/src/favicon.png $(d)/src/favicon.svg
+$(docdir)/manual/index.html: $(MANUAL_SRCS) $(d)/book.toml $(d)/anchors.jq $(d)/custom.css $(d)/src/SUMMARY.md $(d)/src/store/types $(d)/src/command-ref/new-cli $(d)/src/contributing/experimental-feature-descriptions.md $(d)/src/command-ref/conf-file.md $(d)/src/language/builtins.md $(d)/src/release-notes/rl-next.md $(d)/src/figures $(d)/src/favicon.png $(d)/src/favicon.svg
 	$(trace-gen) \
 		tmp="$$(mktemp -d)"; \
 		cp -r doc/manual "$$tmp"; \

doc/manual/redirects.js

@@ -1,7 +1,7 @@
 // redirect rules for URL fragments (client-side) to prevent link rot.
 // this must be done on the client side, as web servers do not see the fragment part of the URL.
 // it will only work with JavaScript enabled in the browser, but this is the best we can do here.
-// see ./_redirects for path redirects (client-side)
+// see src/_redirects for path redirects (server-side)
 
 // redirects are declared as follows:
 // each entry has as its key a path matching the requested URL path, relative to the mdBook document root.
@@ -238,12 +238,12 @@ const redirects = {
     "attr-system": "language/derivations.html#attr-system",
     "ssec-derivation": "language/derivations.html",
     "ch-expression-language": "language/index.html",
-    "sec-constructs": "language/constructs.html",
-    "sect-let-language": "language/constructs.html#let-language",
-    "ss-functions": "language/constructs.html#functions",
+    "sec-constructs": "language/syntax.html",
+    "sect-let-language": "language/syntax.html#let-expressions",
+    "ss-functions": "language/syntax.html#functions",
     "sec-language-operators": "language/operators.html",
     "table-operators": "language/operators.html",
-    "ssec-values": "language/values.html",
+    "ssec-values": "language/types.html",
     "gloss-closure": "glossary.html#gloss-closure",
     "gloss-derivation": "glossary.html#gloss-derivation",
     "gloss-deriver": "glossary.html#gloss-deriver",
@@ -285,15 +285,15 @@ const redirects = {
     "ch-basic-package-mgmt": "package-management/basic-package-mgmt.html",
     "ssec-binary-cache-substituter": "package-management/binary-cache-substituter.html",
     "sec-channels": "command-ref/nix-channel.html",
-    "ssec-copy-closure": "package-management/copy-closure.html",
+    "ssec-copy-closure": "command-ref/nix-copy-closure.html",
     "sec-garbage-collection": "package-management/garbage-collection.html",
     "ssec-gc-roots": "package-management/garbage-collector-roots.html",
     "chap-package-management": "package-management/index.html",
     "sec-profiles": "package-management/profiles.html",
-    "ssec-s3-substituter": "package-management/s3-substituter.html",
-    "ssec-s3-substituter-anonymous-reads": "package-management/s3-substituter.html#anonymous-reads-to-your-s3-compatible-binary-cache",
-    "ssec-s3-substituter-authenticated-reads": "package-management/s3-substituter.html#authenticated-reads-to-your-s3-binary-cache",
-    "ssec-s3-substituter-authenticated-writes": "package-management/s3-substituter.html#authenticated-writes-to-your-s3-compatible-binary-cache",
+    "ssec-s3-substituter": "store/types/s3-substituter.html",
+    "ssec-s3-substituter-anonymous-reads": "store/types/s3-substituter.html#anonymous-reads-to-your-s3-compatible-binary-cache",
+    "ssec-s3-substituter-authenticated-reads": "store/types/s3-substituter.html#authenticated-reads-to-your-s3-binary-cache",
+    "ssec-s3-substituter-authenticated-writes": "store/types/s3-substituter.html#authenticated-writes-to-your-s3-compatible-binary-cache",
     "sec-sharing-packages": "package-management/sharing-packages.html",
     "ssec-ssh-substituter": "package-management/ssh-substituter.html",
     "chap-quick-start": "quick-start.html",
@@ -335,11 +335,15 @@ const redirects = {
     "ssec-relnotes-2.2": "release-notes/rl-2.2.html",
     "ssec-relnotes-2.3": "release-notes/rl-2.3.html",
   },
-  "language/values.html": {
+  "language/types.html": {
     "simple-values": "#primitives",
     "lists": "#list",
     "strings": "#string",
     "attribute-sets": "#attribute-set",
+    "type-number": "#type-int",
+  },
+  "language/syntax.html": {
+    "scoping-rules": "scoping.html",
   },
   "installation/installing-binary.html": {
     "linux": "uninstall.html#linux",

doc/manual/rl-next/drop-vendored-toml11.md

@@ -0,0 +1,6 @@
+---
+synopsis: Stop vendoring toml11
+---
+
+We don't apply any patches to it, and vendoring it locks users into
+bugs (it hasn't been updated since its introduction in late 2021).

doc/manual/rl-next/harden-user-sandboxing.md

@@ -0,0 +1,7 @@
+---
+synopsis: Harden the user sandboxing
+significance: significant
+issues:
+---
+
+The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.

doc/manual/rl-next/nix-eval-derivations.md

@@ -1,13 +0,0 @@
----
-synopsis: "`nix eval` prints derivations as `.drv` paths"
-prs: 10200
----
-
-`nix eval` will now print derivations as their `.drv` paths, rather than as
-attribute sets. This makes commands like `nix eval nixpkgs#bash` terminate
-instead of infinitely looping into recursive self-referential attributes:
-
-```ShellSession
-$ nix eval nixpkgs#bash
-«derivation /nix/store/m32cbgbd598f4w299g0hwyv7gbw6rqcg-bash-5.2p26.drv»
-```

doc/manual/rl-next/nix-shell-looks-for-shell-nix.md

@@ -0,0 +1,28 @@
+---
+synopsis: "`nix-shell <directory>` looks for `shell.nix`"
+significance: significant
+issues:
+- 496
+- 2279
+- 4529
+- 5431
+- 11053
+prs:
+- 11057
+---
+
+`nix-shell $x` now looks for `$x/shell.nix` when `$x` resolves to a directory.
+
+Although this might be seen as a breaking change, its primarily interactive usage makes it a minor issue.
+This adjustment addresses a commonly reported problem.
+
+This also applies to `nix-shell` shebang scripts. Consider the following example:
+
+```shell
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash
+```
+
+This will now load `shell.nix` from the script's directory, if it exists; `default.nix` otherwise.
+
+The old behavior can be opted into by setting the option [`nix-shell-always-looks-for-shell-nix`](@docroot@/command-ref/conf-file.md#conf-nix-shell-always-looks-for-shell-nix) to `false`.

doc/manual/rl-next/remove-repl-flake.md

@@ -1,8 +0,0 @@
----
-synopsis: Remove experimental repl-flake
-significance: significant
-issues: 10103
-prs: 10299
----
-
-The `repl-flake` experimental feature has been removed. The `nix repl` command now works like the rest of the new CLI in that `nix repl {path}` now tries to load a flake at `{path}` (or fails if the `flakes` experimental feature isn't enabled).*

doc/manual/rl-next/repl-doc-renders-doc-comments.md

@@ -0,0 +1,53 @@
+---
+synopsis: "`nix-repl`'s `:doc` shows documentation comments"
+significance: significant
+issues:
+- 3904
+- 10771
+prs:
+- 1652
+- 9054
+- 11072
+---
+
+`nix repl` has a `:doc` command that previously only rendered documentation for internally defined functions.
+This feature has been extended to also render function documentation comments, in accordance with [RFC 145].
+
+Example:
+
+```
+nix-repl> :doc lib.toFunction
+Function toFunction
+    … defined at /home/user/h/nixpkgs/lib/trivial.nix:1072:5
+
+    Turns any non-callable values into constant functions. Returns
+    callable values as is.
+
+Inputs
+
+    v
+
+      : Any value
+
+Examples
+
+    :::{.example}
+
+## lib.trivial.toFunction usage example
+
+      | nix-repl> lib.toFunction 1 2
+      | 1
+      | 
+      | nix-repl> lib.toFunction (x: x + 1) 2
+      | 3
+
+    :::
+```
+
+Known limitations:
+- It does not render documentation for "formals", such as `{ /** the value to return */ x, ... }: x`.
+- Some extensions to markdown are not yet supported, as you can see in the example above.
+
+We'd like to acknowledge Yingchi Long for proposing a proof of concept for this functionality in [#9054](https://github.com/NixOS/nix/pull/9054), as well as @sternenseemann and Johannes Kirschbauer for their contributions, proposals, and their work on [RFC 145].
+
+[RFC 145]: https://github.com/NixOS/rfcs/pull/145

doc/manual/rl-next/shebang-relative.md

@@ -0,0 +1,62 @@
+---
+synopsis: "`nix-shell` shebang uses relative path"
+prs:
+- 5088
+- 11058
+issues:
+- 4232
+---
+
+<!-- unfortunately no link target for the specific syntax -->
+Relative [path](@docroot@/language/values.md#type-path) literals in `nix-shell` shebang scripts' options are now resolved relative to the [script's location](@docroot@/glossary?highlight=base%20directory#gloss-base-directory).
+Previously they were resolved relative to the current working directory.
+
+For example, consider the following script in `~/myproject/say-hi`:
+
+```shell
+#!/usr/bin/env nix-shell
+#!nix-shell --expr 'import ./shell.nix'
+#!nix-shell --arg toolset './greeting-tools.nix'
+#!nix-shell -i bash
+hello
+```
+
+Older versions of `nix-shell` would resolve `shell.nix` relative to the current working directory; home in this example:
+
+```console
+[hostname:~]$ ./myproject/say-hi
+error:
+       … while calling the 'import' builtin
+         at «string»:1:2:
+            1| (import ./shell.nix)
+             |  ^
+
+       error: path '/home/user/shell.nix' does not exist
+```
+
+Since this release, `nix-shell` resolves `shell.nix` relative to the script's location, and `~/myproject/shell.nix` is used.
+
+```console
+$ ./myproject/say-hi
+Hello, world!
+```
+
+**Opt-out**
+
+This is technically a breaking change, so we have added an option so you can adapt independently of your Nix update.
+The old behavior can be opted into by setting the option [`nix-shell-shebang-arguments-relative-to-script`](@docroot@/command-ref/conf-file.md#conf-nix-shell-shebang-arguments-relative-to-script) to `false`.
+This option will be removed in a future release.
+
+**`nix` command shebang**
+
+The experimental [`nix` command shebang](@docroot@/command-ref/new-cli/nix.md?highlight=shebang#shebang-interpreter) already behaves in this script-relative manner.
+
+Example:
+
+```shell
+#!/usr/bin/env nix
+#!nix develop
+#!nix --expr ``import ./shell.nix``
+#!nix -c bash
+hello
+```

doc/manual/src/SUMMARY.md.in

@@ -18,21 +18,24 @@
   - [Uninstalling Nix](installation/uninstall.md)
 - [Nix Store](store/index.md)
   - [File System Object](store/file-system-object.md)
+    - [Content-Addressing File System Objects](store/file-system-object/content-address.md)
   - [Store Object](store/store-object.md)
+    - [Content-Addressing Store Objects](store/store-object/content-address.md)
   - [Store Path](store/store-path.md)
   - [Store Types](store/types/index.md)
 {{#include ./store/types/SUMMARY.md}}
 - [Nix Language](language/index.md)
-  - [Data Types](language/values.md)
-  - [Language Constructs](language/constructs.md)
+  - [Data Types](language/types.md)
+    - [String context](language/string-context.md)
+  - [Syntax and semantics](language/syntax.md)
+    - [Scoping rules](language/scope.md)
     - [String interpolation](language/string-interpolation.md)
     - [Lookup path](language/constructs/lookup-path.md)
   - [Operators](language/operators.md)
-  - [Derivations](language/derivations.md)
-    - [Advanced Attributes](language/advanced-attributes.md)
-    - [Import From Derivation](language/import-from-derivation.md)
-  - [Built-in Constants](language/builtin-constants.md)
-  - [Built-in Functions](language/builtins.md)
+  - [Built-ins](language/builtins.md)
+    - [Derivations](language/derivations.md)
+      - [Advanced Attributes](language/advanced-attributes.md)
+      - [Import From Derivation](language/import-from-derivation.md)
 - [Package Management](package-management/index.md)
   - [Profiles](package-management/profiles.md)
   - [Garbage Collection](package-management/garbage-collection.md)
@@ -40,9 +43,7 @@
 - [Advanced Topics](advanced-topics/index.md)
   - [Sharing Packages Between Machines](package-management/sharing-packages.md)
     - [Serving a Nix store via HTTP](package-management/binary-cache-substituter.md)
-    - [Copying Closures via SSH](package-management/copy-closure.md)
     - [Serving a Nix store via SSH](package-management/ssh-substituter.md)
-    - [Serving a Nix store via S3](package-management/s3-substituter.md)
   - [Remote Builds](advanced-topics/distributed-builds.md)
   - [Tuning Cores and Jobs](advanced-topics/cores-vs-jobs.md)
   - [Verifying Build Reproducibility](advanced-topics/diff-hook.md)
@@ -112,6 +113,7 @@
   - [Store Path Specification](protocols/store-path.md)
   - [Nix Archive (NAR) Format](protocols/nix-archive.md)
   - [Derivation "ATerm" file format](protocols/derivation-aterm.md)
+- [C API](c-api.md)
 - [Glossary](glossary.md)
 - [Contributing](contributing/index.md)
   - [Hacking](contributing/hacking.md)
@@ -119,9 +121,12 @@
   - [Documentation](contributing/documentation.md)
   - [Experimental Features](contributing/experimental-features.md)
   - [CLI guideline](contributing/cli-guideline.md)
+  - [JSON guideline](contributing/json-guideline.md)
   - [C++ style guide](contributing/cxx.md)
 - [Releases](release-notes/index.md)
 {{#include ./SUMMARY-rl-next.md}}
+  - [Release 2.23 (2024-06-03)](release-notes/rl-2.23.md)
+  - [Release 2.22 (2024-04-23)](release-notes/rl-2.22.md)
   - [Release 2.21 (2024-03-11)](release-notes/rl-2.21.md)
   - [Release 2.20 (2024-01-29)](release-notes/rl-2.20.md)
   - [Release 2.19 (2023-11-17)](release-notes/rl-2.19.md)

doc/manual/src/_redirects

@@ -1,5 +1,5 @@
 # redirect rules for paths (server-side) to prevent link rot.
-# see ./redirects.js for redirects based on URL fragments (client-side)
+# see ../redirects.js for redirects based on URL fragments (client-side)
 #
 # concrete user story this supports:
 # - user finds URL to the manual for Nix x.y
@@ -27,6 +27,9 @@
 /expressions/language-operators /language/operators 301!
 /expressions/language-values /language/values 301!
 /expressions/* /language/:splat 301!
+/language/values /language/types 301!
+/language/constructs /language/syntax 301!
+/language/builtin-constants /language/builtins 301!
 
 /installation/installation /installation 301!
 
@@ -39,3 +42,5 @@
 /json/* /protocols/json/:splat 301!
 
 /release-notes/release-notes /release-notes 301!
+
+/package-management/copy-closure /command-ref/nix-copy-closure 301!

doc/manual/src/advanced-topics/distributed-builds.md

@@ -12,14 +12,14 @@ machine is accessible via SSH and that it has Nix installed. You can
 test whether connecting to the remote Nix instance works, e.g.
 
 ```console
-$ nix store info --store ssh://mac
+$ nix store ping --store ssh://mac
 ```
 
 will try to connect to the machine named `mac`. It is possible to
 specify an SSH identity file as part of the remote store URI, e.g.
 
 ```console
-$ nix store info --store ssh://mac?ssh-key=/home/alice/my-key
+$ nix store ping --store ssh://mac?ssh-key=/home/alice/my-key
 ```
 
 Since builds should be non-interactive, the key should not have a

doc/manual/src/c-api.md

@@ -0,0 +1,16 @@
+# C API
+
+Nix provides a C API with the intent of [_becoming_](https://github.com/NixOS/nix/milestone/52) a stable API, which it is currently not.
+It is in development.
+
+See:
+- C API documentation for a recent build of master
+  - [Getting Started]
+  - [Index]
+- [Matrix Room *Nix Bindings*](https://matrix.to/#/#nix-bindings:nixos.org) for discussion and questions.
+- [Stabilisation Milestone](https://github.com/NixOS/nix/milestone/52)
+- [Other C API PRs and issues](https://github.com/NixOS/nix/labels/c%20api)
+- [Contributing C API Documentation](contributing/documentation.md#c-api-documentation), including how to build it locally.
+
+[Getting Started]: https://hydra.nixos.org/job/nix/master/external-api-docs/latest/download-by-type/doc/external-api-docs
+[Index]: https://hydra.nixos.org/job/nix/master/external-api-docs/latest/download-by-type/doc/external-api-docs/globals.html

doc/manual/src/command-ref/conf-file-prefix.md

@@ -66,5 +66,12 @@ Configuration options can be set on the command line, overriding the values set
 
 The `extra-` prefix is supported for settings that take a list of items (e.g. `--extra-trusted users alice` or `--option extra-trusted-users alice`).
 
+## Integer settings
+
+Settings that have an integer type support the suffixes `K`, `M`, `G`
+and `T`. These cause the specified value to be multiplied by 2^10,
+2^20, 2^30 and 2^40, respectively. For instance, `--min-free 1M` is
+equivalent to `--min-free 1048576`.
+
 # Available settings
 

doc/manual/src/command-ref/env-common.md

@@ -10,7 +10,7 @@ Most Nix commands interpret the following environment variables:
 - <span id="env-NIX_PATH">[`NIX_PATH`](#env-NIX_PATH)</span>
 
   A colon-separated list of directories used to look up the location of Nix
-  expressions using [paths](@docroot@/language/values.md#type-path)
+  expressions using [paths](@docroot@/language/types.md#type-path)
   enclosed in angle brackets (i.e., `<path>`),
   e.g. `/home/eelco/Dev:/etc/nixos`. It can be extended using the
   [`-I` option](@docroot@/command-ref/opt-common.md#opt-I).

doc/manual/src/command-ref/nix-build.md

@@ -55,20 +55,20 @@ All options not listed here are passed to
 [`nix-store --realise`](nix-store/realise.md),
 except for `--arg` and `--attr` / `-A` which are passed to [`nix-instantiate`](nix-instantiate.md).
 
-  - <span id="opt-no-out-link">[`--no-out-link`](#opt-no-out-link)<span>
+- <span id="opt-no-out-link">[`--no-out-link`](#opt-no-out-link)<span>
 
-    Do not create a symlink to the output path. Note that as a result
-    the output does not become a root of the garbage collector, and so
-    might be deleted by `nix-store --gc`.
+  Do not create a symlink to the output path. Note that as a result
+  the output does not become a root of the garbage collector, and so
+  might be deleted by `nix-store --gc`.
 
-  - <span id="opt-dry-run">[`--dry-run`](#opt-dry-run)</span>
+- <span id="opt-dry-run">[`--dry-run`](#opt-dry-run)</span>
 
-    Show what store paths would be built or downloaded.
+  Show what store paths would be built or downloaded.
 
-  - <span id="opt-out-link">[`--out-link`](#opt-out-link)</span> / `-o` *outlink*
+- <span id="opt-out-link">[`--out-link`](#opt-out-link)</span> / `-o` *outlink*
 
-    Change the name of the symlink to the output path created from
-    `result` to *outlink*.
+  Change the name of the symlink to the output path created from
+  `result` to *outlink*.
 
 {{#include ./status-build-failure.md}}
 

doc/manual/src/command-ref/nix-channel.md

@@ -27,40 +27,46 @@ The moving parts of channels are:
 
 This command has the following operations:
 
-  - `--add` *url* \[*name*\]\
-    Add a channel *name* located at *url* to the list of subscribed channels.
-    If *name* is omitted, default to the last component of *url*, with the suffixes `-stable` or `-unstable` removed.
+- `--add` *url* \[*name*\]
 
-    > **Note**
-    >
-    > `--add` does not automatically perform an update.
-    > Use `--update` explicitly.
+  Add a channel *name* located at *url* to the list of subscribed channels.
+  If *name* is omitted, default to the last component of *url*, with the suffixes `-stable` or `-unstable` removed.
 
-    A channel URL must point to a directory containing a file `nixexprs.tar.gz`.
-    At the top level, that tarball must contain a single directory with a `default.nix` file that serves as the channel’s entry point.
+  > **Note**
+  >
+  > `--add` does not automatically perform an update.
+  > Use `--update` explicitly.
 
-  - `--remove` *name*\
-    Remove the channel *name* from the list of subscribed channels.
+  A channel URL must point to a directory containing a file `nixexprs.tar.gz`.
+  At the top level, that tarball must contain a single directory with a `default.nix` file that serves as the channel’s entry point.
 
-  - `--list`\
-    Print the names and URLs of all subscribed channels on standard output.
+- `--remove` *name*
 
-  - `--update` \[*names*…\]\
-    Download the Nix expressions of subscribed channels and create a new generation.
-    Update all channels if none is specified, and only those included in *names* otherwise.
+  Remove the channel *name* from the list of subscribed channels.
 
-  - `--list-generations`\
-    Prints a list of all the current existing generations for the
-    channel profile.
+- `--list`
 
-    Works the same way as
-    ```
-    nix-env --profile /nix/var/nix/profiles/per-user/$USER/channels --list-generations
-    ```
+  Print the names and URLs of all subscribed channels on standard output.
 
-  - `--rollback` \[*generation*\]\
-    Revert channels to the state before the last call to `nix-channel --update`.
-    Optionally, you can specify a specific channel *generation* number to restore.
+- `--update` \[*names*…\]
+
+  Download the Nix expressions of subscribed channels and create a new generation.
+  Update all channels if none is specified, and only those included in *names* otherwise.
+
+- `--list-generations`
+
+  Prints a list of all the current existing generations for the
+  channel profile.
+
+  Works the same way as
+  ```
+  nix-env --profile /nix/var/nix/profiles/per-user/$USER/channels --list-generations
+  ```
+
+- `--rollback` \[*generation*\]
+
+  Revert channels to the state before the last call to `nix-channel --update`.
+  Optionally, you can specify a specific channel *generation* number to restore.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-collect-garbage.md

@@ -48,12 +48,14 @@ Instead, it looks in a few locations, and acts on all profiles it finds there:
 
 These options are for deleting old [profiles] prior to deleting unreachable [store objects].
 
-- <span id="opt-delete-old">[`--delete-old`](#opt-delete-old)</span> / `-d`\
+- <span id="opt-delete-old">[`--delete-old`](#opt-delete-old)</span> / `-d`
+
   Delete all old generations of profiles.
 
   This is the equivalent of invoking [`nix-env --delete-generations old`](@docroot@/command-ref/nix-env/delete-generations.md#generations-old) on each found profile.
 
-- <span id="opt-delete-older-than">[`--delete-older-than`](#opt-delete-older-than)</span> *period*\
+- <span id="opt-delete-older-than">[`--delete-older-than`](#opt-delete-older-than)</span> *period*
+
   Delete all generations of profiles older than the specified amount (except for the generations that were active at that point in time).
   *period* is a value such as `30d`, which would mean 30 days.
 
@@ -74,4 +76,4 @@ $ nix-collect-garbage -d
 ```
 
 [profiles]: @docroot@/command-ref/files/profiles.md
-[store objects]: @docroot@/glossary.md#gloss-store-object
+[store objects]: @docroot@/store/store-object.md

doc/manual/src/command-ref/nix-copy-closure.md

@@ -1,91 +1,91 @@
 # Name
 
-`nix-copy-closure` - copy a closure to or from a remote machine via SSH
+`nix-copy-closure` - copy store objects to or from a remote machine via SSH
 
 # Synopsis
 
 `nix-copy-closure`
-  [`--to` | `--from`]
+  [`--to` | `--from` ]
   [`--gzip`]
   [`--include-outputs`]
   [`--use-substitutes` | `-s`]
   [`-v`]
-  _user@machine_ _paths_
+  [_user_@]_machine_[:_port_] _paths_
 
 # Description
 
-`nix-copy-closure` gives you an easy and efficient way to exchange
-software between machines.  Given one or more Nix store _paths_ on the
-local machine, `nix-copy-closure` computes the closure of those paths
-(i.e. all their dependencies in the Nix store), and copies all paths
-in the closure to the remote machine via the `ssh` (Secure Shell)
-command.  With the `--from` option, the direction is reversed: the
-closure of _paths_ on a remote machine is copied to the Nix store on
-the local machine.
+Given _paths_ from one machine, `nix-copy-closure` computes the [closure](@docroot@/glossary.md#gloss-closure) of those paths (i.e. all their dependencies in the Nix store), and copies [store objects](@docroot@/glossary.md#gloss-store-object) in that closure to another machine via SSH.
+It doesn’t copy store objects that are already present on the other machine.
 
-This command is efficient because it only sends the store paths
-that are missing on the target machine.
+> **Note**
+>
+> While the Nix store to use on the local machine can be specified on the command line with the [`--store`](@docroot@/command-ref/conf-file.md#conf-store) option, the Nix store to be accessed on the remote machine can only be [configured statically](@docroot@/command-ref/conf-file.md#configuration-file) on that remote machine.
 
-Since `nix-copy-closure` calls `ssh`, you may be asked to type in the
-appropriate password or passphrase.  In fact, you may be asked _twice_
-because `nix-copy-closure` currently connects twice to the remote
-machine, first to get the set of paths missing on the target machine,
-and second to send the dump of those paths.  When using public key
-authentication, you can avoid typing the passphrase with `ssh-agent`.
+Since `nix-copy-closure` calls `ssh`, you may need to authenticate with the remote machine.
+In fact, you may be asked for authentication _twice_ because `nix-copy-closure` currently connects twice to the remote machine: first to get the set of paths missing on the target machine, and second to send the dump of those paths.
+When using public key authentication, you can avoid typing the passphrase with `ssh-agent`.
 
 # Options
 
-  - `--to`\
-    Copy the closure of _paths_ from the local Nix store to the Nix
-    store on _machine_. This is the default.
+- `--to`
 
-  - `--from`\
-    Copy the closure of _paths_ from the Nix store on _machine_ to the
-    local Nix store.
+  Copy the closure of _paths_ from a Nix store accessible from the local machine to the Nix store on the remote _machine_.
+  This is the default behavior.
 
-  - `--gzip`\
-    Enable compression of the SSH connection.
+- `--from`
 
-  - `--include-outputs`\
-    Also copy the outputs of [store derivation]s included in the closure.
+  Copy the closure of _paths_ from the Nix store on the remote _machine_ to the local machine's specified Nix store.
 
-    [store derivation]: @docroot@/glossary.md#gloss-store-derivation
+- `--gzip`
 
-  - `--use-substitutes` / `-s`\
-    Attempt to download missing paths on the target machine using Nix’s
-    substitute mechanism.  Any paths that cannot be substituted on the
-    target are still copied normally from the source.  This is useful,
-    for instance, if the connection between the source and target
-    machine is slow, but the connection between the target machine and
-    `nixos.org` (the default binary cache server) is
-    fast.
+  Enable compression of the SSH connection.
 
-  - `-v`\
-    Show verbose output.
+- `--include-outputs`
+
+  Also copy the outputs of [store derivation]s included in the closure.
+
+  [store derivation]: @docroot@/glossary.md#gloss-store-derivation
+
+- `--use-substitutes` / `-s`
+
+  Attempt to download missing store objects on the target from [substituters](@docroot@/command-ref/conf-file.md#conf-substituters).
+  Any store objects that cannot be substituted on the target are still copied normally from the source.
+  This is useful, for instance, if the connection between the source and target machine is slow, but the connection between the target machine and `cache.nixos.org` (the default binary cache server) is fast.
 
 {{#include ./opt-common.md}}
 
 # Environment variables
 
-  - `NIX_SSHOPTS`\
-    Additional options to be passed to `ssh` on the command
-    line.
+- `NIX_SSHOPTS`
+
+  Additional options to be passed to `ssh` on the command line.
 
 {{#include ./env-common.md}}
 
 # Examples
 
-Copy Firefox with all its dependencies to a remote machine:
+> **Example**
+>
+> Copy GNU Hello with all its dependencies to a remote machine:
+>
+> ```shell-session
+> $ storePath="$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)"
+> $ nix-copy-closure --to alice@itchy.example.org "$storePath"
+> copying 5 paths...
+> copying path '/nix/store/nrwkk6ak3rgkrxbqhsscb01jpzmslf2r-xgcc-13.2.0-libgcc' to 'ssh://alice@itchy.example.org'...
+> copying path '/nix/store/gm61h1y42pqyl6178g90x8zm22n6pyy5-libunistring-1.1' to 'ssh://alice@itchy.example.org'...
+> copying path '/nix/store/ddfzjdykw67s20c35i7a6624by3iz5jv-libidn2-2.3.7' to 'ssh://alice@itchy.example.org'...
+> copying path '/nix/store/apab5i73dqa09wx0q27b6fbhd1r18ihl-glibc-2.39-31' to 'ssh://alice@itchy.example.org'...
+> copying path '/nix/store/g1n2vryg06amvcc1avb2mcq36faly0mh-hello-2.12.1' to 'ssh://alice@itchy.example.org'...
+> ```
 
-```console
-$ nix-copy-closure --to alice@itchy.labs $(type -tP firefox)
-```
-
-Copy Subversion from a remote machine and then install it into a user
-environment:
-
-```console
-$ nix-copy-closure --from alice@itchy.labs \
-    /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
-$ nix-env --install /nix/store/0dj0503hjxy5mbwlafv1rsbdiyx1gkdy-subversion-1.4.4
-```
+> **Example**
+>
+> Copy GNU Hello from a remote machine using a known store path, and run it:
+>
+> ```shell-session
+> $ storePath="$(nix-instantiate --eval '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello.outPath | tr -d '"')"
+> $ nix-copy-closure --from alice@itchy.example.org "$storePath"
+> $ "$storePath"/bin/hello
+> Hello, world!
+> ```

doc/manual/src/command-ref/nix-env.md

@@ -47,39 +47,83 @@ These pages can be viewed offline:
 
   Example: `nix-env --help --install`
 
+# Package sources
+
+`nix-env` can obtain packages from multiple sources:
+
+- An attribute set of derivations from:
+  - The [default Nix expression](@docroot@/command-ref/files/default-nix-expression.md) (by default)
+  - A Nix file, specified via `--file`
+  - A [profile](@docroot@/command-ref/files/profiles.md), specified via `--from-profile`
+  - A Nix expression that is a function which takes default expression as argument, specified via `--from-expression`
+- A [store path](@docroot@/store/store-path.md)
+
 # Selectors
 
-Several commands, such as `nix-env --query ` and `nix-env --install `, take a list of
-arguments that specify the packages on which to operate. These are
-extended regular expressions that must match the entire name of the
-package. (For details on regular expressions, see **regex**(7).) The match is
-case-sensitive. The regular expression can optionally be followed by a
-dash and a version number; if omitted, any version of the package will
-match. Here are some examples:
+Several operations, such as [`nix-env --query`](./nix-env/query.md) and [`nix-env --install`](./nix-env/install.md), take a list of *arguments* that specify the packages on which to operate.
 
-  - `firefox`\
-    Matches the package name `firefox` and any version.
+Packages are identified based on a `name` part and a `version` part of a [symbolic derivation name](@docroot@/language/derivations.md#attr-names):
 
-  - `firefox-32.0`\
-    Matches the package name `firefox` and version `32.0`.
+- `name`: Everything up to but not including the first dash (`-`) that is *not* followed by a letter.
+- `version`: The rest, excluding the separating dash.
 
-  - `gtk\\+`\
-    Matches the package name `gtk+`. The `+` character must be escaped
-    using a backslash to prevent it from being interpreted as a
-    quantifier, and the backslash must be escaped in turn with another
-    backslash to ensure that the shell passes it on.
+> **Example**
+>
+> `nix-env` parses the symbolic derivation name `apache-httpd-2.0.48` as:
+>
+> ```json
+> {
+>   "name": "apache-httpd",
+>   "version": "2.0.48"
+> }
+> ```
 
-  - `.\*`\
-    Matches any package name. This is the default for most commands.
+> **Example**
+>
+> `nix-env` parses the symbolic derivation name `firefox.*` as:
+>
+> ```json
+> {
+>   "name": "firefox.*",
+>   "version": ""
+> }
+> ```
 
-  - `'.*zip.*'`\
-    Matches any package name containing the string `zip`. Note the dots:
-    `'*zip*'` does not work, because in a regular expression, the
-    character `*` is interpreted as a quantifier.
+The `name` parts of the *arguments* to `nix-env` are treated as extended regular expressions and matched against the `name` parts of derivation names in the package source.
+The match is case-sensitive.
+The regular expression can optionally be followed by a dash (`-`) and a version number; if omitted, any version of the package will match.
+For details on regular expressions, see [**regex**(7)](https://linux.die.net/man/7/regex).
 
-  - `'.*(firefox|chromium).*'`\
-    Matches any package name containing the strings `firefox` or
-    `chromium`.
+> **Example**
+>
+> Common patterns for finding package names with `nix-env`:
+>
+> - `firefox`
+>
+>   Matches the package name `firefox` and any version.
+>
+> - `firefox-32.0`
+>
+>   Matches the package name `firefox` and version `32.0`.
+>
+> - `gtk\\+`
+>
+>   Matches the package name `gtk+`.
+>   The `+` character must be escaped using a backslash (`\`) to prevent it from being interpreted as a quantifier, and the backslash must be escaped in turn with another backslash to ensure that the shell passes it on.
+>
+> - `.\*`
+>
+>   Matches any package name.
+>   This is the default for most commands.
+>
+> - `'.*zip.*'`
+>
+>   Matches any package name containing the string `zip`.
+>   Note the dots: `'*zip*'` does not work, because in a regular expression, the character `*` is interpreted as a quantifier.
+>
+> - `'.*(firefox|chromium).*'`
+>
+>   Matches any package name containing the strings `firefox` or `chromium`.
 
 # Files
 

doc/manual/src/command-ref/nix-env/delete-generations.md

@@ -12,7 +12,8 @@ This operation deletes the specified generations of the current profile.
 
 *generations* can be a one of the following:
 
-- <span id="generations-list">[`<number>...`](#generations-list)</span>:\
+- <span id="generations-list">[`<number>...`](#generations-list)</span>
+
   A list of generation numbers, each one a separate command-line argument.
 
   Delete exactly the profile generations given by their generation number.
@@ -30,7 +31,8 @@ This operation deletes the specified generations of the current profile.
   > Because one can roll back to a previous generation, it is possible to have generations newer than the current one.
   > They will also be deleted.
 
-- <span id="generations-time">[`<number>d`](#generations-time)</span>:\
+- <span id="generations-time">[`<number>d`](#generations-time)</span>
+
   The last *number* days
 
   *Example*: `30d`
@@ -38,7 +40,8 @@ This operation deletes the specified generations of the current profile.
   Delete all generations created more than *number* days ago, except the most recent one of them.
   This allows rolling back to generations that were available within the specified period.
 
-- <span id="generations-count">[`+<number>`](#generations-count)</span>:\
+- <span id="generations-count">[`+<number>`](#generations-count)</span>
+
   The last *number* generations up to the present
 
   *Example*: `+5`
@@ -49,7 +52,7 @@ Periodically deleting old generations is important to make garbage collection
 effective.
 The is because profiles are also garbage collection roots — any [store object] reachable from a profile is "alive" and ineligible for deletion.
 
-[store object]: @docroot@/glossary.md#gloss-store-object
+[store object]: @docroot@/store/store-object.md
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-env/env-common.md

@@ -1,6 +1,7 @@
 # Environment variables
 
-- `NIX_PROFILE`\
+- `NIX_PROFILE`
+
   Location of the Nix profile. Defaults to the target of the symlink
   `~/.nix-profile`, if it exists, or `/nix/var/nix/profiles/default`
   otherwise.

doc/manual/src/command-ref/nix-env/install.md

@@ -14,133 +14,132 @@
 
 # Description
 
-The install operation creates a new user environment.
+The `--install` operation creates a new user environment.
 It is based on the current generation of the active [profile](@docroot@/command-ref/files/profiles.md), to which a set of [store paths] described by *args* is added.
 
-[store paths]: @docroot@/glossary.md#gloss-store-path
+[store paths]: @docroot@/store/store-path.md
 
 The arguments *args* map to store paths in a number of possible ways:
 
+- By default, *args* is a set of [derivation] names denoting derivations in the [default Nix expression].
+  These are [realised], and the resulting output paths are installed.
+  Currently installed derivations with a name equal to the name of a derivation being added are removed unless the option `--preserve-installed` is specified.
 
-  - By default, *args* is a set of [derivation] names denoting derivations in the [default Nix expression].
-    These are [realised], and the resulting output paths are installed.
-    Currently installed derivations with a name equal to the name of a derivation being added are removed unless the option `--preserve-installed` is specified.
+  [derivation]: @docroot@/glossary.md#gloss-derivation
+  [default Nix expression]: @docroot@/command-ref/files/default-nix-expression.md
+  [realised]: @docroot@/glossary.md#gloss-realise
 
-    [derivation]: @docroot@/glossary.md#gloss-derivation
-    [default Nix expression]: @docroot@/command-ref/files/default-nix-expression.md
-    [realised]: @docroot@/glossary.md#gloss-realise
+  If there are multiple derivations matching a name in *args* that
+  have the same name (e.g., `gcc-3.3.6` and `gcc-4.1.1`), then the
+  derivation with the highest *priority* is used. A derivation can
+  define a priority by declaring the `meta.priority` attribute. This
+  attribute should be a number, with a higher value denoting a lower
+  priority. The default priority is `5`.
 
-    If there are multiple derivations matching a name in *args* that
-    have the same name (e.g., `gcc-3.3.6` and `gcc-4.1.1`), then the
-    derivation with the highest *priority* is used. A derivation can
-    define a priority by declaring the `meta.priority` attribute. This
-    attribute should be a number, with a higher value denoting a lower
-    priority. The default priority is `5`.
+  If there are multiple matching derivations with the same priority,
+  then the derivation with the highest version will be installed.
 
-    If there are multiple matching derivations with the same priority,
-    then the derivation with the highest version will be installed.
+  You can force the installation of multiple derivations with the same
+  name by being specific about the versions. For instance, `nix-env --install
+  gcc-3.3.6 gcc-4.1.1` will install both version of GCC (and will
+  probably cause a user environment conflict\!).
 
-    You can force the installation of multiple derivations with the same
-    name by being specific about the versions. For instance, `nix-env --install
-    gcc-3.3.6 gcc-4.1.1` will install both version of GCC (and will
-    probably cause a user environment conflict\!).
+- If [`--attr`](#opt-attr) / `-A` is specified, the arguments are *attribute paths* that select attributes from the [default Nix expression].
+  This is faster than using derivation names and unambiguous.
+  Show the attribute paths of available packages with [`nix-env --query`](./query.md):
 
-  - If [`--attr`](#opt-attr) / `-A` is specified, the arguments are *attribute paths* that select attributes from the [default Nix expression].
-    This is faster than using derivation names and unambiguous.
-    Show the attribute paths of available packages with [`nix-env --query`](./query.md):
+  ```console
+  nix-env --query --available --attr-path
+  ```
 
-    ```console
-    nix-env --query --available --attr-path`
-    ```
+- If `--from-profile` *path* is given, *args* is a set of names
+  denoting installed [store paths] in the profile *path*. This is an
+  easy way to copy user environment elements from one profile to
+  another.
 
-  - If `--from-profile` *path* is given, *args* is a set of names
-    denoting installed [store paths] in the profile *path*. This is an
-    easy way to copy user environment elements from one profile to
-    another.
+- If `--from-expression` is given, *args* are [Nix language functions](@docroot@/language/syntax.md#functions) that are called with the [default Nix expression] as their single argument.
+  The derivations returned by those function calls are installed.
+  This allows derivations to be specified in an unambiguous way, which is necessary if there are multiple derivations with the same name.
 
-  - If `--from-expression` is given, *args* are [Nix language functions](@docroot@/language/constructs.md#functions) that are called with the [default Nix expression] as their single argument.
-    The derivations returned by those function calls are installed.
-    This allows derivations to be specified in an unambiguous way, which is necessary if there are multiple derivations with the same name.
+- If *args* are [store derivations](@docroot@/glossary.md#gloss-store-derivation), then these are [realised], and the resulting output paths are installed.
 
-  - If *args* are [store derivations](@docroot@/glossary.md#gloss-store-derivation), then these are [realised], and the resulting output paths are installed.
+- If *args* are [store paths] that are not store derivations, then these are [realised] and installed.
 
-  - If *args* are [store paths] that are not store derivations, then these are [realised] and installed.
+- By default all [outputs](@docroot@/language/derivations.md#attr-outputs) are installed for each [derivation].
+  This can be overridden by adding a `meta.outputsToInstall` attribute on the derivation listing a subset of the output names.
 
-  - By default all [outputs](@docroot@/language/derivations.md#attr-outputs) are installed for each [derivation].
-    This can be overridden by adding a `meta.outputsToInstall` attribute on the derivation listing a subset of the output names.
+  Example:
 
-    Example:
+  The file `example.nix` defines a derivation with two outputs `foo` and `bar`, each containing a file.
 
-    The file `example.nix` defines a derivation with two outputs `foo` and `bar`, each containing a file.
+  ```nix
+  # example.nix
+  let
+    pkgs = import <nixpkgs> {};
+    command = ''
+      ${pkgs.coreutils}/bin/mkdir -p $foo $bar
+      echo foo > $foo/foo-file
+      echo bar > $bar/bar-file
+    '';
+  in
+  derivation {
+    name = "example";
+    builder = "${pkgs.bash}/bin/bash";
+    args = [ "-c" command ];
+    outputs = [ "foo" "bar" ];
+    system = builtins.currentSystem;
+  }
+  ```
 
-    ```nix
-    # example.nix
-    let
-      pkgs = import <nixpkgs> {};
-      command = ''
-        ${pkgs.coreutils}/bin/mkdir -p $foo $bar
-        echo foo > $foo/foo-file
-        echo bar > $bar/bar-file
-      '';
-    in
-    derivation {
-      name = "example";
-      builder = "${pkgs.bash}/bin/bash";
-      args = [ "-c" command ];
-      outputs = [ "foo" "bar" ];
-      system = builtins.currentSystem;
-    }
-    ```
+  Installing from this Nix expression will make files from both outputs appear in the current profile.
 
-    Installing from this Nix expression will make files from both outputs appear in the current profile.
+  ```console
+  $ nix-env --install --file example.nix
+  installing 'example'
+  $ ls ~/.nix-profile
+  foo-file
+  bar-file
+  manifest.nix
+  ```
 
-    ```console
-    $ nix-env --install --file example.nix
-    installing 'example'
-    $ ls ~/.nix-profile
-    foo-file
-    bar-file
-    manifest.nix
-    ```
+  Adding `meta.outputsToInstall` to that derivation will make `nix-env` only install files from the specified outputs.
 
-    Adding `meta.outputsToInstall` to that derivation will make `nix-env` only install files from the specified outputs.
+  ```nix
+  # example-outputs.nix
+  import ./example.nix // { meta.outputsToInstall = [ "bar" ]; }
+  ```
 
-    ```nix
-    # example-outputs.nix
-    import ./example.nix // { meta.outputsToInstall = [ "bar" ]; }
-    ```
-
-    ```console
-    $ nix-env --install --file example-outputs.nix
-    installing 'example'
-    $ ls ~/.nix-profile
-    bar-file
-    manifest.nix
-    ```
+  ```console
+  $ nix-env --install --file example-outputs.nix
+  installing 'example'
+  $ ls ~/.nix-profile
+  bar-file
+  manifest.nix
+  ```
 
 # Options
 
-  - `--prebuilt-only` / `-b`
+- `--prebuilt-only` / `-b`
 
-    Use only derivations for which a substitute is registered, i.e.,
-    there is a pre-built binary available that can be downloaded in lieu
-    of building the derivation. Thus, no packages will be built from
-    source.
+  Use only derivations for which a substitute is registered, i.e.,
+  there is a pre-built binary available that can be downloaded in lieu
+  of building the derivation. Thus, no packages will be built from
+  source.
 
-  - `--preserve-installed` / `-P`
+- `--preserve-installed` / `-P`
 
-    Do not remove derivations with a name matching one of the
-    derivations being installed. Usually, trying to have two versions of
-    the same package installed in the same generation of a profile will
-    lead to an error in building the generation, due to file name
-    clashes between the two versions. However, this is not the case for
-    all packages.
+  Do not remove derivations with a name matching one of the
+  derivations being installed. Usually, trying to have two versions of
+  the same package installed in the same generation of a profile will
+  lead to an error in building the generation, due to file name
+  clashes between the two versions. However, this is not the case for
+  all packages.
 
-  - `--remove-all` / `-r`
+- `--remove-all` / `-r`
 
-    Remove all previously installed packages first. This is equivalent
-    to running `nix-env --uninstall '.*'` first, except that everything happens
-    in a single transaction.
+  Remove all previously installed packages first. This is equivalent
+  to running `nix-env --uninstall '.*'` first, except that everything happens
+  in a single transaction.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-env/opt-common.md

@@ -2,34 +2,37 @@
 
 The following options are allowed for all `nix-env` operations, but may not always have an effect.
 
-  - `--file` / `-f` *path*\
-    Specifies the Nix expression (designated below as the *active Nix
-    expression*) used by the `--install`, `--upgrade`, and `--query
-    --available` operations to obtain derivations. The default is
-    `~/.nix-defexpr`.
+- `--file` / `-f` *path*
 
-    If the argument starts with `http://` or `https://`, it is
-    interpreted as the URL of a tarball that will be downloaded and
-    unpacked to a temporary location. The tarball must include a single
-    top-level directory containing at least a file named `default.nix`.
+  Specifies the Nix expression (designated below as the *active Nix
+  expression*) used by the `--install`, `--upgrade`, and `--query
+  --available` operations to obtain derivations. The default is
+  `~/.nix-defexpr`.
 
-  - `--profile` / `-p` *path*\
-    Specifies the profile to be used by those operations that operate on
-    a profile (designated below as the *active profile*). A profile is a
-    sequence of user environments called *generations*, one of which is
-    the *current generation*.
+  If the argument starts with `http://` or `https://`, it is
+  interpreted as the URL of a tarball that will be downloaded and
+  unpacked to a temporary location. The tarball must include a single
+  top-level directory containing at least a file named `default.nix`.
 
-  - `--dry-run`\
-    For the `--install`, `--upgrade`, `--uninstall`,
-    `--switch-generation`, `--delete-generations` and `--rollback`
-    operations, this flag will cause `nix-env` to print what *would* be
-    done if this flag had not been specified, without actually doing it.
+- `--profile` / `-p` *path*
 
-    `--dry-run` also prints out which paths will be
-    [substituted](@docroot@/glossary.md) (i.e., downloaded) and which paths
-    will be built from source (because no substitute is available).
+  Specifies the profile to be used by those operations that operate on
+  a profile (designated below as the *active profile*). A profile is a
+  sequence of user environments called *generations*, one of which is
+  the *current generation*.
 
-  - `--system-filter` *system*\
-    By default, operations such as `--query
-                    --available` show derivations matching any platform. This option
-    allows you to use derivations for the specified platform *system*.
+- `--dry-run`
+
+  For the `--install`, `--upgrade`, `--uninstall`,
+  `--switch-generation`, `--delete-generations` and `--rollback`
+  operations, this flag will cause `nix-env` to print what *would* be
+  done if this flag had not been specified, without actually doing it.
+
+  `--dry-run` also prints out which paths will be
+  [substituted](@docroot@/glossary.md) (i.e., downloaded) and which paths
+  will be built from source (because no substitute is available).
+
+- `--system-filter` *system*
+
+  By default, operations such as `--query --available` show derivations matching any platform. This option
+  allows you to use derivations for the specified platform *system*.

doc/manual/src/command-ref/nix-env/query.md

@@ -35,11 +35,13 @@ The derivations are sorted by their `name` attributes.
 The following flags specify the set of things on which the query
 operates.
 
-  - `--installed`\
+  - `--installed`
+
     The query operates on the store paths that are installed in the
     current generation of the active profile. This is the default.
 
-  - `--available`; `-a`\
+  - `--available` / `-a`
+
     The query operates on the derivations that are available in the
     active Nix expression.
 
@@ -50,24 +52,28 @@ selected derivations. Multiple flags may be specified, in which case the
 information is shown in the order given here. Note that the name of the
 derivation is shown unless `--no-name` is specified.
 
-  - `--xml`\
+  - `--xml`
+
     Print the result in an XML representation suitable for automatic
     processing by other tools. The root element is called `items`, which
     contains a `item` element for each available or installed
     derivation. The fields discussed below are all stored in attributes
     of the `item` elements.
 
-  - `--json`\
+  - `--json`
+
     Print the result in a JSON representation suitable for automatic
     processing by other tools.
 
-  - `--prebuilt-only` / `-b`\
+  - `--prebuilt-only` / `-b`
+
     Show only derivations for which a substitute is registered, i.e.,
     there is a pre-built binary available that can be downloaded in lieu
     of building the derivation. Thus, this shows all packages that
     probably can be installed quickly.
 
-  - `--status`; `-s`\
+  - `--status` / `-s`
+
     Print the *status* of the derivation. The status consists of three
     characters. The first is `I` or `-`, indicating whether the
     derivation is currently installed in the current generation of the
@@ -78,49 +84,61 @@ derivation is shown unless `--no-name` is specified.
     derivation to be built. The third is `S` or `-`, indicating whether
     a substitute is available for the derivation.
 
-  - `--attr-path`; `-P`\
+  - `--attr-path` / `-P`
+
     Print the *attribute path* of the derivation, which can be used to
     unambiguously select it using the `--attr` option available in
     commands that install derivations like `nix-env --install`. This
     option only works together with `--available`
 
-  - `--no-name`\
+  - `--no-name`
+
     Suppress printing of the `name` attribute of each derivation.
 
-  - `--compare-versions` / `-c`\
+  - `--compare-versions` / `-c`
+
     Compare installed versions to available versions, or vice versa (if
     `--available` is given). This is useful for quickly seeing whether
     upgrades for installed packages are available in a Nix expression. A
     column is added with the following meaning:
 
-      - `<` *version*\
+      - `<` *version*
+
         A newer version of the package is available or installed.
 
-      - `=` *version*\
+      - `=` *version*
+
         At most the same version of the package is available or
         installed.
 
-      - `>` *version*\
+      - `>` *version*
+
         Only older versions of the package are available or installed.
 
-      - `- ?`\
+      - `- ?`
+
         No version of the package is available or installed.
 
-  - `--system`\
+  - `--system`
+
     Print the `system` attribute of the derivation.
 
-  - `--drv-path`\
+  - `--drv-path`
+
     Print the path of the [store derivation](@docroot@/glossary.md#gloss-store-derivation).
 
-  - `--out-path`\
+  - `--out-path`
+
     Print the output path of the derivation.
 
-  - `--description`\
+  - `--description`
+
     Print a short (one-line) description of the derivation, if
     available. The description is taken from the `meta.description`
     attribute of the derivation.
 
-  - `--meta`\
+  - `--meta`
+
     Print all of the meta-attributes of the derivation. This option is
     only available with `--xml` or `--json`.
 

doc/manual/src/command-ref/nix-env/set-flag.md

@@ -13,24 +13,24 @@ to be modified. There are several attributes that can be usefully
 modified, because they affect the behaviour of `nix-env` or the user
 environment build script:
 
-  - `priority` can be changed to resolve filename clashes. The user
-    environment build script uses the `meta.priority` attribute of
-    derivations to resolve filename collisions between packages. Lower
-    priority values denote a higher priority. For instance, the GCC
-    wrapper package and the Binutils package in Nixpkgs both have a file
-    `bin/ld`, so previously if you tried to install both you would get a
-    collision. Now, on the other hand, the GCC wrapper declares a higher
-    priority than Binutils, so the former’s `bin/ld` is symlinked in the
-    user environment.
+- `priority` can be changed to resolve filename clashes. The user
+  environment build script uses the `meta.priority` attribute of
+  derivations to resolve filename collisions between packages. Lower
+  priority values denote a higher priority. For instance, the GCC
+  wrapper package and the Binutils package in Nixpkgs both have a file
+  `bin/ld`, so previously if you tried to install both you would get a
+  collision. Now, on the other hand, the GCC wrapper declares a higher
+  priority than Binutils, so the former’s `bin/ld` is symlinked in the
+  user environment.
 
-  - `keep` can be set to `true` to prevent the package from being
-    upgraded or replaced. This is useful if you want to hang on to an
-    older version of a package.
+- `keep` can be set to `true` to prevent the package from being
+  upgraded or replaced. This is useful if you want to hang on to an
+  older version of a package.
 
-  - `active` can be set to `false` to “disable” the package. That is, no
-    symlinks will be generated to the files of the package, but it
-    remains part of the profile (so it won’t be garbage-collected). It
-    can be set back to `true` to re-enable the package.
+- `active` can be set to `false` to “disable” the package. That is, no
+  symlinks will be generated to the files of the package, but it
+  remains part of the profile (so it won’t be garbage-collected). It
+  can be set back to `true` to re-enable the package.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-env/upgrade.md

@@ -28,42 +28,48 @@ version is installed.
 
 # Flags
 
-  - `--lt`\
-    Only upgrade a derivation to newer versions. This is the default.
+- `--lt`
 
-  - `--leq`\
-    In addition to upgrading to newer versions, also “upgrade” to
-    derivations that have the same version. Version are not a unique
-    identification of a derivation, so there may be many derivations
-    that have the same version. This flag may be useful to force
-    “synchronisation” between the installed and available derivations.
+  Only upgrade a derivation to newer versions. This is the default.
 
-  - `--eq`\
-    *Only* “upgrade” to derivations that have the same version. This may
-    not seem very useful, but it actually is, e.g., when there is a new
-    release of Nixpkgs and you want to replace installed applications
-    with the same versions built against newer dependencies (to reduce
-    the number of dependencies floating around on your system).
+- `--leq`
 
-  - `--always`\
-    In addition to upgrading to newer versions, also “upgrade” to
-    derivations that have the same or a lower version. I.e., derivations
-    may actually be downgraded depending on what is available in the
-    active Nix expression.
+  In addition to upgrading to newer versions, also “upgrade” to
+  derivations that have the same version. Version are not a unique
+  identification of a derivation, so there may be many derivations
+  that have the same version. This flag may be useful to force
+  “synchronisation” between the installed and available derivations.
 
-  - `--prebuilt-only` / `-b`\
-    Use only derivations for which a substitute is registered, i.e.,
-    there is a pre-built binary available that can be downloaded in lieu
-    of building the derivation. Thus, no packages will be built from
-    source.
+- `--eq`
 
-  - `--preserve-installed` / `-P`\
-    Do not remove derivations with a name matching one of the
-    derivations being installed. Usually, trying to have two versions of
-    the same package installed in the same generation of a profile will
-    lead to an error in building the generation, due to file name
-    clashes between the two versions. However, this is not the case for
-    all packages.
+  *Only* “upgrade” to derivations that have the same version. This may
+  not seem very useful, but it actually is, e.g., when there is a new
+  release of Nixpkgs and you want to replace installed applications
+  with the same versions built against newer dependencies (to reduce
+  the number of dependencies floating around on your system).
+
+- `--always`
+
+  In addition to upgrading to newer versions, also “upgrade” to
+  derivations that have the same or a lower version. I.e., derivations
+  may actually be downgraded depending on what is available in the
+  active Nix expression.
+
+- `--prebuilt-only` / `-b`
+
+  Use only derivations for which a substitute is registered, i.e.,
+  there is a pre-built binary available that can be downloaded in lieu
+  of building the derivation. Thus, no packages will be built from
+  source.
+
+- `--preserve-installed` / `-P`
+
+  Do not remove derivations with a name matching one of the
+  derivations being installed. Usually, trying to have two versions of
+  the same package installed in the same generation of a profile will
+  lead to an error in building the generation, due to file name
+  clashes between the two versions. However, this is not the case for
+  all packages.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-hash.md

@@ -20,58 +20,74 @@ an example.
 The hash is computed over a *serialisation* of each path: a dump of
 the file system tree rooted at the path. This allows directories and
 symlinks to be hashed as well as regular files. The dump is in the
-*NAR format* produced by [`nix-store
+*[Nix Archive (NAR)][Nix Archive] format* produced by [`nix-store
 --dump`](@docroot@/command-ref/nix-store/dump.md).  Thus, `nix-hash path`
 yields the same cryptographic hash as `nix-store --dump path |
 md5sum`.
 
+[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
+
 # Options
 
-  - `--flat`\
-    Print the cryptographic hash of the contents of each regular file
-    *path*. That is, do not compute the hash over the dump of *path*.
-    The result is identical to that produced by the GNU commands
-    `md5sum` and `sha1sum`.
+- `--flat`
 
-  - `--base16`\
-    Print the hash in a hexadecimal representation (default).
+  Print the cryptographic hash of the contents of each regular file *path*.
+  That is, instead of computing
+  the hash of the [Nix Archive (NAR)](@docroot@/store/file-system-object/content-address.md#serial-nix-archive) of *path*,
+  just [directly hash]((@docroot@/store/file-system-object/content-address.md#serial-flat) *path* as is.
+  This requires *path* to resolve to a regular file rather than directory.
+  The result is identical to that produced by the GNU commands
+  `md5sum` and `sha1sum`.
 
-  - `--base32`\
-    Print the hash in a base-32 representation rather than hexadecimal.
-    This base-32 representation is more compact and can be used in Nix
-    expressions (such as in calls to `fetchurl`).
+- `--base16`
 
-  - `--base64`\
-    Similar to --base32, but print the hash in a base-64 representation,
-    which is more compact than the base-32 one.
+  Print the hash in a hexadecimal representation (default).
 
-  - `--sri`\
-    Print the hash in SRI format with base-64 encoding.
-    The type of hash algorithm will be prepended to the hash string,
-    followed by a hyphen (-) and the base-64 hash body.
+- `--base32`
 
-  - `--truncate`\
-    Truncate hashes longer than 160 bits (such as SHA-256) to 160 bits.
+  Print the hash in a base-32 representation rather than hexadecimal.
+  This base-32 representation is more compact and can be used in Nix
+  expressions (such as in calls to `fetchurl`).
 
-  - `--type` *hashAlgo*\
-    Use the specified cryptographic hash algorithm, which can be one of
-    `md5`, `sha1`, `sha256`, and `sha512`.
+- `--base64`
 
-  - `--to-base16`\
-    Don’t hash anything, but convert the base-32 hash representation
-    *hash* to hexadecimal.
+  Similar to --base32, but print the hash in a base-64 representation,
+  which is more compact than the base-32 one.
 
-  - `--to-base32`\
-    Don’t hash anything, but convert the hexadecimal hash representation
-    *hash* to base-32.
+- `--sri`
 
-  - `--to-base64`\
-    Don’t hash anything, but convert the hexadecimal hash representation
-    *hash* to base-64.
+  Print the hash in SRI format with base-64 encoding.
+  The type of hash algorithm will be prepended to the hash string,
+  followed by a hyphen (-) and the base-64 hash body.
 
-  - `--to-sri`\
-    Don’t hash anything, but convert the hexadecimal hash representation
-    *hash* to SRI.
+- `--truncate`
+
+  Truncate hashes longer than 160 bits (such as SHA-256) to 160 bits.
+
+- `--type` *hashAlgo*
+
+  Use the specified cryptographic hash algorithm, which can be one of
+  `md5`, `sha1`, `sha256`, and `sha512`.
+
+- `--to-base16`
+
+  Don’t hash anything, but convert the base-32 hash representation
+  *hash* to hexadecimal.
+
+- `--to-base32`
+
+  Don’t hash anything, but convert the hexadecimal hash representation
+  *hash* to base-32.
+
+- `--to-base64`
+
+  Don’t hash anything, but convert the hexadecimal hash representation
+  *hash* to base-64.
+
+- `--to-sri`
+
+  Don’t hash anything, but convert the hexadecimal hash representation
+  *hash* to SRI.
 
 # Examples
 

doc/manual/src/command-ref/nix-instantiate.md

@@ -30,89 +30,97 @@ standard input.
 
 # Options
 
-  - `--add-root` *path*\
-    See the [corresponding option](nix-store.md) in `nix-store`.
+- `--add-root` *path*
 
-  - `--parse`\
-    Just parse the input files, and print their abstract syntax trees on
-    standard output as a Nix expression.
+  See the [corresponding option](nix-store.md) in `nix-store`.
 
-  - `--eval`\
-    Just parse and evaluate the input files, and print the resulting
-    values on standard output. No instantiation of store derivations
-    takes place.
+- `--parse`
 
-    > **Warning**
-    >
-    > This option produces output which can be parsed as a Nix expression which
-    > will produce a different result than the input expression when evaluated.
-    > For example, these two Nix expressions print the same result despite
-    > having different meaning:
-    >
-    > ```console
-    > $ nix-instantiate --eval --expr '{ a = {}; }'
-    > { a = <CODE>; }
-    > $ nix-instantiate --eval --expr '{ a = <CODE>; }'
-    > { a = <CODE>; }
-    > ```
-    >
-    > For human-readable output, `nix eval` (experimental) is more informative:
-    >
-    > ```console
-    > $ nix-instantiate --eval --expr 'a: a'
-    > <LAMBDA>
-    > $ nix eval --expr 'a: a'
-    > «lambda @ «string»:1:1»
-    > ```
-    >
-    > For machine-readable output, the `--xml` option produces unambiguous
-    > output:
-    >
-    > ```console
-    > $ nix-instantiate --eval --xml --expr '{ foo = <CODE>; }'
-    > <?xml version='1.0' encoding='utf-8'?>
-    > <expr>
-    >   <attrs>
-    >     <attr column="3" line="1" name="foo">
-    >       <unevaluated />
-    >     </attr>
-    >   </attrs>
-    > </expr>
-    > ```
+  Just parse the input files, and print their abstract syntax trees on
+  standard output as a Nix expression.
 
-  - `--find-file`\
-    Look up the given files in Nix’s search path (as specified by the
-    `NIX_PATH` environment variable). If found, print the corresponding
-    absolute paths on standard output. For instance, if `NIX_PATH` is
-    `nixpkgs=/home/alice/nixpkgs`, then `nix-instantiate --find-file
-    nixpkgs/default.nix` will print `/home/alice/nixpkgs/default.nix`.
+- `--eval`
 
-  - `--strict`\
-    When used with `--eval`, recursively evaluate list elements and
-    attributes. Normally, such sub-expressions are left unevaluated
-    (since the Nix language is lazy).
+  Just parse and evaluate the input files, and print the resulting
+  values on standard output. No instantiation of store derivations
+  takes place.
 
-    > **Warning**
-    >
-    > This option can cause non-termination, because lazy data
-    > structures can be infinitely large.
+  > **Warning**
+  >
+  > This option produces output which can be parsed as a Nix expression which
+  > will produce a different result than the input expression when evaluated.
+  > For example, these two Nix expressions print the same result despite
+  > having different meaning:
+  >
+  > ```console
+  > $ nix-instantiate --eval --expr '{ a = {}; }'
+  > { a = <CODE>; }
+  > $ nix-instantiate --eval --expr '{ a = <CODE>; }'
+  > { a = <CODE>; }
+  > ```
+  >
+  > For human-readable output, `nix eval` (experimental) is more informative:
+  >
+  > ```console
+  > $ nix-instantiate --eval --expr 'a: a'
+  > <LAMBDA>
+  > $ nix eval --expr 'a: a'
+  > «lambda @ «string»:1:1»
+  > ```
+  >
+  > For machine-readable output, the `--xml` option produces unambiguous
+  > output:
+  >
+  > ```console
+  > $ nix-instantiate --eval --xml --expr '{ foo = <CODE>; }'
+  > <?xml version='1.0' encoding='utf-8'?>
+  > <expr>
+  >   <attrs>
+  >     <attr column="3" line="1" name="foo">
+  >       <unevaluated />
+  >     </attr>
+  >   </attrs>
+  > </expr>
+  > ```
 
-  - `--json`\
-    When used with `--eval`, print the resulting value as an JSON
-    representation of the abstract syntax tree rather than as a Nix expression.
+- `--find-file`
 
-  - `--xml`\
-    When used with `--eval`, print the resulting value as an XML
-    representation of the abstract syntax tree rather than as a Nix expression.
-    The schema is the same as that used by the [`toXML`
-    built-in](../language/builtins.md).
+  Look up the given files in Nix’s search path (as specified by the
+  `NIX_PATH` environment variable). If found, print the corresponding
+  absolute paths on standard output. For instance, if `NIX_PATH` is
+  `nixpkgs=/home/alice/nixpkgs`, then `nix-instantiate --find-file
+  nixpkgs/default.nix` will print `/home/alice/nixpkgs/default.nix`.
 
-  - `--read-write-mode`\
-    When used with `--eval`, perform evaluation in read/write mode so
-    nix language features that require it will still work (at the cost
-    of needing to do instantiation of every evaluated derivation). If
-    this option is not enabled, there may be uninstantiated store paths
-    in the final output.
+- `--strict`
+
+  When used with `--eval`, recursively evaluate list elements and
+  attributes. Normally, such sub-expressions are left unevaluated
+  (since the Nix language is lazy).
+
+  > **Warning**
+  >
+  > This option can cause non-termination, because lazy data
+  > structures can be infinitely large.
+
+- `--json`
+
+  When used with `--eval`, print the resulting value as an JSON
+  representation of the abstract syntax tree rather than as a Nix expression.
+
+- `--xml`
+
+  When used with `--eval`, print the resulting value as an XML
+  representation of the abstract syntax tree rather than as a Nix expression.
+  The schema is the same as that used by the [`toXML`
+  built-in](../language/builtins.md).
+
+- `--read-write-mode`
+
+  When used with `--eval`, perform evaluation in read/write mode so
+  nix language features that require it will still work (at the cost
+  of needing to do instantiation of every evaluated derivation). If
+  this option is not enabled, there may be uninstantiated store paths
+  in the final output.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-prefetch-url.md

@@ -39,27 +39,32 @@ the path of the downloaded file in the Nix store is also printed.
 
 # Options
 
-  - `--type` *hashAlgo*\
-    Use the specified cryptographic hash algorithm,
-    which can be one of `md5`, `sha1`, `sha256`, and `sha512`.
-    The default is `sha256`.
+- `--type` *hashAlgo*
 
-  - `--print-path`\
-    Print the store path of the downloaded file on standard output.
+  Use the specified cryptographic hash algorithm,
+  which can be one of `md5`, `sha1`, `sha256`, and `sha512`.
+  The default is `sha256`.
 
-  - `--unpack`\
-    Unpack the archive (which must be a tarball or zip file) and add the
-    result to the Nix store. The resulting hash can be used with
-    functions such as Nixpkgs’s `fetchzip` or `fetchFromGitHub`.
+- `--print-path`
 
-  - `--executable`\
-    Set the executable bit on the downloaded file.
+  Print the store path of the downloaded file on standard output.
 
-  - `--name` *name*\
-    Override the name of the file in the Nix store. By default, this is
-    `hash-basename`, where *basename* is the last component of *url*.
-    Overriding the name is necessary when *basename* contains characters
-    that are not allowed in Nix store paths.
+- `--unpack`
+
+  Unpack the archive (which must be a tarball or zip file) and add the
+  result to the Nix store. The resulting hash can be used with
+  functions such as Nixpkgs’s `fetchzip` or `fetchFromGitHub`.
+
+- `--executable`
+
+  Set the executable bit on the downloaded file.
+
+- `--name` *name*
+
+  Override the name of the file in the Nix store. By default, this is
+  `hash-basename`, where *basename* is the last component of *url*.
+  Overriding the name is necessary when *basename* contains characters
+  that are not allowed in Nix store paths.
 
 # Examples
 

doc/manual/src/command-ref/nix-shell.md

@@ -60,55 +60,63 @@ All options not listed here are passed to `nix-store
 --realise`, except for `--arg` and `--attr` / `-A` which are passed to
 `nix-instantiate`.
 
-  - `--command` *cmd*\
-    In the environment of the derivation, run the shell command *cmd*.
-    This command is executed in an interactive shell. (Use `--run` to
-    use a non-interactive shell instead.) However, a call to `exit` is
-    implicitly added to the command, so the shell will exit after
-    running the command. To prevent this, add `return` at the end;
-    e.g.  `--command "echo Hello; return"` will print `Hello` and then
-    drop you into the interactive shell. This can be useful for doing
-    any additional initialisation.
+- `--command` *cmd*
 
-  - `--run` *cmd*\
-    Like `--command`, but executes the command in a non-interactive
-    shell. This means (among other things) that if you hit Ctrl-C while
-    the command is running, the shell exits.
+  In the environment of the derivation, run the shell command *cmd*.
+  This command is executed in an interactive shell. (Use `--run` to
+  use a non-interactive shell instead.) However, a call to `exit` is
+  implicitly added to the command, so the shell will exit after
+  running the command. To prevent this, add `return` at the end;
+  e.g.  `--command "echo Hello; return"` will print `Hello` and then
+  drop you into the interactive shell. This can be useful for doing
+  any additional initialisation.
 
-  - `--exclude` *regexp*\
-    Do not build any dependencies whose store path matches the regular
-    expression *regexp*. This option may be specified multiple times.
+- `--run` *cmd*
 
-  - `--pure`\
-    If this flag is specified, the environment is almost entirely
-    cleared before the interactive shell is started, so you get an
-    environment that more closely corresponds to the “real” Nix build. A
-    few variables, in particular `HOME`, `USER` and `DISPLAY`, are
-    retained.
+  Like `--command`, but executes the command in a non-interactive
+  shell. This means (among other things) that if you hit Ctrl-C while
+  the command is running, the shell exits.
 
-  - `--packages` / `-p` *packages*…\
-    Set up an environment in which the specified packages are present.
-    The command line arguments are interpreted as attribute names inside
-    the Nix Packages collection. Thus, `nix-shell --packages libjpeg openjdk`
-    will start a shell in which the packages denoted by the attribute
-    names `libjpeg` and `openjdk` are present.
+- `--exclude` *regexp*
 
-  - `-i` *interpreter*\
-    The chained script interpreter to be invoked by `nix-shell`. Only
-    applicable in `#!`-scripts (described below).
+  Do not build any dependencies whose store path matches the regular
+  expression *regexp*. This option may be specified multiple times.
 
-  - `--keep` *name*\
-    When a `--pure` shell is started, keep the listed environment
-    variables.
+- `--pure`
+
+  If this flag is specified, the environment is almost entirely
+  cleared before the interactive shell is started, so you get an
+  environment that more closely corresponds to the “real” Nix build. A
+  few variables, in particular `HOME`, `USER` and `DISPLAY`, are
+  retained.
+
+- `--packages` / `-p` *packages*…
+
+  Set up an environment in which the specified packages are present.
+  The command line arguments are interpreted as attribute names inside
+  the Nix Packages collection. Thus, `nix-shell --packages libjpeg openjdk`
+  will start a shell in which the packages denoted by the attribute
+  names `libjpeg` and `openjdk` are present.
+
+- `-i` *interpreter*
+
+  The chained script interpreter to be invoked by `nix-shell`. Only
+  applicable in `#!`-scripts (described below).
+
+- `--keep` *name*
+
+  When a `--pure` shell is started, keep the listed environment
+  variables.
 
 {{#include ./opt-common.md}}
 
 # Environment variables
 
-  - `NIX_BUILD_SHELL`\
-    Shell used to start the interactive environment. Defaults to the
-    `bash` found in `<nixpkgs>`, falling back to the `bash` found in
-    `PATH` if not found.
+- `NIX_BUILD_SHELL`
+
+  Shell used to start the interactive environment. Defaults to the
+  `bash` found in `<nixpkgs>`, falling back to the `bash` found in
+  `PATH` if not found.
 
 {{#include ./env-common.md}}
 
@@ -202,14 +210,14 @@ For example, here is a Python script that depends on Python and the
 
 ```python
 #! /usr/bin/env nix-shell
-#! nix-shell -i python --packages python pythonPackages.prettytable
+#! nix-shell -i python3 --packages python3 python3Packages.prettytable
 
 import prettytable
 
 # Print a simple table.
 t = prettytable.PrettyTable(["N", "N^2"])
 for n in range(1, 10): t.add_row([n, n * n])
-print t
+print(t)
 ```
 
 Similarly, the following is a Perl script that specifies that it

doc/manual/src/command-ref/nix-store/add-fixed.md

@@ -16,9 +16,10 @@ public url or broke since the download expression was written.
 
 This operation has the following options:
 
-  - `--recursive`\
-    Use recursive instead of flat hashing mode, used when adding
-    directories to the store.
+- `--recursive`
+
+  Use recursive instead of flat hashing mode, used when adding
+  directories to the store.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-store/dump.md

@@ -1,6 +1,6 @@
 # Name
 
-`nix-store --dump` - write a single path to a Nix Archive
+`nix-store --dump` - write a single path to a [Nix Archive]
 
 ## Synopsis
 
@@ -8,7 +8,7 @@
 
 ## Description
 
-The operation `--dump` produces a NAR (Nix ARchive) file containing the
+The operation `--dump` produces a [Nix archive](@docroot@/glossary.md#gloss-nar) (NAR) file containing the
 contents of the file system tree rooted at *path*. The archive is
 written to standard output.
 
@@ -30,8 +30,9 @@ NAR archives support filenames of unlimited length and 64-bit file
 sizes. They can contain regular files, directories, and symbolic links,
 but not other types of files (such as device nodes).
 
-A Nix archive can be unpacked using `nix-store
---restore`.
+A Nix archive can be unpacked using [`nix-store --restore`](@docroot@/command-ref/nix-store/restore.md).
+
+[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-store/export.md

@@ -1,6 +1,6 @@
 # Name
 
-`nix-store --export` - export store paths to a Nix Archive
+`nix-store --export` - export store paths to a [Nix Archive]
 
 ## Synopsis
 
@@ -8,16 +8,22 @@
 
 ## Description
 
-The operation `--export` writes a serialisation of the specified store
-paths to standard output in a format that can be imported into another
-Nix store with `nix-store --import`. This is like `nix-store
---dump`, except that the NAR archive produced by that command doesn’t
-contain the necessary meta-information to allow it to be imported into
-another Nix store (namely, the set of references of the path).
+The operation `--export` writes a serialisation of the given [store objects](@docroot@/glossary.md#gloss-store-object) to standard output in a format that can be imported into another [Nix store](@docroot@/store/index.md) with [`nix-store --import`](./import.md).
 
-This command does not produce a *closure* of the specified paths, so if
-a store path references other store paths that are missing in the target
-Nix store, the import will fail.
+> **Warning**
+>
+> This command *does not* produce a [closure](@docroot@/glossary.md#gloss-closure) of the specified store paths.
+> Trying to import a store object that refers to store paths not available in the target Nix store will fail.
+>
+> Use [`nix-store --query`](@docroot@/command-ref/nix-store/query.md) to obtain the closure of a store path.
+
+This command is different from [`nix-store --dump`](./dump.md), which produces a [Nix archive](@docroot@/glossary.md#gloss-nar) that *does not* contain the set of [references](@docroot@/glossary.md#gloss-reference) of a given store path.
+
+> **Note**
+>
+> For efficient transfer of closures to remote machines over SSH, use [`nix-copy-closure`](@docroot@/command-ref/nix-copy-closure.md).
+
+[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
 
 {{#include ./opt-common.md}}
 
@@ -27,15 +33,21 @@ Nix store, the import will fail.
 
 # Examples
 
-To copy a whole closure, do something
-like:
-
-```console
-$ nix-store --export $(nix-store --query --requisites paths) > out
-```
-
-To import the whole closure again, run:
-
-```console
-$ nix-store --import < out
-```
+> **Example**
+>
+> Deploy GNU Hello to an airgapped machine via USB stick.
+>
+> Write the closure to the block device on a machine with internet connection:
+>
+> ```shell-session
+> [alice@itchy]$ storePath=$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)
+> [alice@itchy]$ nix-store --export $(nix-store --query --requisites $storePath) | sudo dd of=/dev/usb
+> ```
+>
+> Read the closure from the block device on the machine without internet connection:
+>
+> ```shell-session
+> [bob@scratchy]$ hello=$(sudo dd if=/dev/usb | nix-store --import | tail -1)
+> [bob@scratchy]$ $hello/bin/hello
+> Hello, world!
+> ```

doc/manual/src/command-ref/nix-store/gc.md

@@ -14,30 +14,34 @@ reachable via file system references from a set of “roots”, are deleted.
 
 The following suboperations may be specified:
 
-  - `--print-roots`\
-    This operation prints on standard output the set of roots used by
-    the garbage collector.
+- `--print-roots`
 
-  - `--print-live`\
-    This operation prints on standard output the set of “live” store
-    paths, which are all the store paths reachable from the roots. Live
-    paths should never be deleted, since that would break consistency —
-    it would become possible that applications are installed that
-    reference things that are no longer present in the store.
+  This operation prints on standard output the set of roots used by
+  the garbage collector.
 
-  - `--print-dead`\
-    This operation prints out on standard output the set of “dead” store
-    paths, which is just the opposite of the set of live paths: any path
-    in the store that is not live (with respect to the roots) is dead.
+- `--print-live`
+
+  This operation prints on standard output the set of “live” store
+  paths, which are all the store paths reachable from the roots. Live
+  paths should never be deleted, since that would break consistency —
+  it would become possible that applications are installed that
+  reference things that are no longer present in the store.
+
+- `--print-dead`
+
+  This operation prints out on standard output the set of “dead” store
+  paths, which is just the opposite of the set of live paths: any path
+  in the store that is not live (with respect to the roots) is dead.
 
 By default, all unreachable paths are deleted. The following options
 control what gets deleted and in what order:
 
-  - `--max-freed` *bytes*\
-    Keep deleting paths until at least *bytes* bytes have been deleted,
-    then stop. The argument *bytes* can be followed by the
-    multiplicative suffix `K`, `M`, `G` or `T`, denoting KiB, MiB, GiB
-    or TiB units.
+- `--max-freed` *bytes*
+
+  Keep deleting paths until at least *bytes* bytes have been deleted,
+  then stop. The argument *bytes* can be followed by the
+  multiplicative suffix `K`, `M`, `G` or `T`, denoting KiB, MiB, GiB
+  or TiB units.
 
 The behaviour of the collector is also influenced by the
 `keep-outputs` and `keep-derivations` settings in the Nix

doc/manual/src/command-ref/nix-store/import.md

@@ -1,6 +1,8 @@
 # Name
 
-`nix-store --import` - import Nix Archive into the store
+`nix-store --import` - import [Nix Archive] into the store
+
+[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
 
 # Synopsis
 
@@ -8,14 +10,34 @@
 
 # Description
 
-The operation `--import` reads a serialisation of a set of store paths
-produced by `nix-store --export` from standard input and adds those
-store paths to the Nix store. Paths that already exist in the Nix store
-are ignored. If a path refers to another path that doesn’t exist in the
-Nix store, the import fails.
+The operation `--import` reads a serialisation of a set of [store objects](@docroot@/glossary.md#gloss-store-object) produced by [`nix-store --export`](./export.md) from standard input, and adds those store objects to the specified [Nix store](@docroot@/store/index.md).
+Paths that already exist in the target Nix store are ignored.
+If a path [refers](@docroot@/glossary.md#gloss-reference) to another path that doesn’t exist in the target Nix store, the import fails.
+
+> **Note**
+>
+> For efficient transfer of closures to remote machines over SSH, use [`nix-copy-closure`](@docroot@/command-ref/nix-copy-closure.md).
 
 {{#include ./opt-common.md}}
 
 {{#include ../opt-common.md}}
 
 {{#include ../env-common.md}}
+
+# Examples
+
+> **Example**
+>
+> Given a closure of GNU Hello as a file:
+>
+> ```shell-session
+> $ storePath="$(nix-build '<nixpkgs>' -I nixpkgs=channel:nixpkgs-unstable -A hello --no-out-link)"
+> $ nix-store --export $(nix-store --query --requisites $storePath) > hello.closure
+> ```
+>
+> Import the closure into a [remote SSH store](@docroot@/store/types/ssh-store.md) using the [`--store`](@docroot@/command-ref/conf-file.md#conf-store) option:
+>
+> ```console
+> $ nix-store --import --store ssh://alice@itchy.example.org < hello.closure
+> ```
+

doc/manual/src/command-ref/nix-store/optimise.md

@@ -12,7 +12,7 @@ The operation `--optimise` reduces Nix store disk space usage by finding
 identical files in the store and hard-linking them to each other. It
 typically reduces the size of the store by something like 25-35%. Only
 regular files and symlinks are hard-linked in this manner. Files are
-considered identical when they have the same NAR archive serialisation:
+considered identical when they have the same [Nix Archive (NAR)][Nix Archive] serialisation:
 that is, regular files must have the same contents and permission
 (executable or non-executable), and symlinks must have the same
 contents.
@@ -38,3 +38,4 @@ hashing files in `/nix/store/qhqx7l2f1kmwihc9bnxs7rc159hsxnf3-gcc-4.1.1'
 there are 114486 files with equal contents out of 215894 files in total
 ```
 
+[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive

doc/manual/src/command-ref/nix-store/query.md

@@ -24,122 +24,138 @@ symlink.
 
 # Common query options
 
-  - `--use-output`; `-u`\
-    For each argument to the query that is a [store derivation], apply the
-    query to the output path of the derivation instead.
+- `--use-output` / `-u`
 
-  - `--force-realise`; `-f`\
-    Realise each argument to the query first (see [`nix-store --realise`](./realise.md)).
+  For each argument to the query that is a [store derivation], apply the
+  query to the output path of the derivation instead.
+
+- `--force-realise` / `-f`
+
+  Realise each argument to the query first (see [`nix-store --realise`](./realise.md)).
 
 [store derivation]: @docroot@/glossary.md#gloss-store-derivation
 
 # Queries
 
-  - `--outputs`\
-    Prints out the [output paths] of the store
-    derivations *paths*. These are the paths that will be produced when
-    the derivation is built.
+- `--outputs`
 
-    [output paths]: @docroot@/glossary.md#gloss-output-path
+  Prints out the [output paths] of the store
+  derivations *paths*. These are the paths that will be produced when
+  the derivation is built.
 
-  - `--requisites`; `-R`\
-    Prints out the [closure] of the store path *paths*.
+  [output paths]: @docroot@/glossary.md#gloss-output-path
 
-    [closure]: @docroot@/glossary.md#gloss-closure
+- `--requisites` / `-R`
 
-    This query has one option:
+  Prints out the [closure] of the store path *paths*.
 
-      - `--include-outputs`
-        Also include the existing output paths of [store derivation]s,
-        and their closures.
+  [closure]: @docroot@/glossary.md#gloss-closure
 
-    This query can be used to implement various kinds of deployment. A
-    *source deployment* is obtained by distributing the closure of a
-    store derivation. A *binary deployment* is obtained by distributing
-    the closure of an output path. A *cache deployment* (combined
-    source/binary deployment, including binaries of build-time-only
-    dependencies) is obtained by distributing the closure of a store
-    derivation and specifying the option `--include-outputs`.
+  This query has one option:
 
-  - `--references`\
-    Prints the set of [references] of the store paths
-    *paths*, that is, their immediate dependencies. (For *all*
-    dependencies, use `--requisites`.)
+    - `--include-outputs`
+      Also include the existing output paths of [store derivation]s,
+      and their closures.
 
-    [references]: @docroot@/glossary.md#gloss-reference
+  This query can be used to implement various kinds of deployment. A
+  *source deployment* is obtained by distributing the closure of a
+  store derivation. A *binary deployment* is obtained by distributing
+  the closure of an output path. A *cache deployment* (combined
+  source/binary deployment, including binaries of build-time-only
+  dependencies) is obtained by distributing the closure of a store
+  derivation and specifying the option `--include-outputs`.
 
-  - `--referrers`\
-    Prints the set of *referrers* of the store paths *paths*, that is,
-    the store paths currently existing in the Nix store that refer to
-    one of *paths*. Note that contrary to the references, the set of
-    referrers is not constant; it can change as store paths are added or
-    removed.
+- `--references`
 
-  - `--referrers-closure`\
-    Prints the closure of the set of store paths *paths* under the
-    referrers relation; that is, all store paths that directly or
-    indirectly refer to one of *paths*. These are all the path currently
-    in the Nix store that are dependent on *paths*.
+  Prints the set of [references] of the store paths
+  *paths*, that is, their immediate dependencies. (For *all*
+  dependencies, use `--requisites`.)
 
-  - `--deriver`; `-d`\
-    Prints the [deriver] that was used to build the store paths *paths*. If
-    the path has no deriver (e.g., if it is a source file), or if the
-    deriver is not known (e.g., in the case of a binary-only
-    deployment), the string `unknown-deriver` is printed.
-    The returned deriver is not guaranteed to exist in the local store, for
-    example when *paths* were substituted from a binary cache.
-    Use `--valid-derivers` instead to obtain valid paths only.
+  [references]: @docroot@/glossary.md#gloss-reference
 
-    [deriver]: @docroot@/glossary.md#gloss-deriver
+- `--referrers`
 
-  - `--valid-derivers`\
-    Prints a set of derivation files (`.drv`) which are supposed produce
-    said paths when realized. Might print nothing, for example for source paths
-    or paths subsituted from a binary cache.
+  Prints the set of *referrers* of the store paths *paths*, that is,
+  the store paths currently existing in the Nix store that refer to
+  one of *paths*. Note that contrary to the references, the set of
+  referrers is not constant; it can change as store paths are added or
+  removed.
 
-  - `--graph`\
-    Prints the references graph of the store paths *paths* in the format
-    of the `dot` tool of AT\&T's [Graphviz
-    package](http://www.graphviz.org/). This can be used to visualise
-    dependency graphs. To obtain a build-time dependency graph, apply
-    this to a store derivation. To obtain a runtime dependency graph,
-    apply it to an output path.
+- `--referrers-closure`
 
-  - `--tree`\
-    Prints the references graph of the store paths *paths* as a nested
-    ASCII tree. References are ordered by descending closure size; this
-    tends to flatten the tree, making it more readable. The query only
-    recurses into a store path when it is first encountered; this
-    prevents a blowup of the tree representation of the graph.
+  Prints the closure of the set of store paths *paths* under the
+  referrers relation; that is, all store paths that directly or
+  indirectly refer to one of *paths*. These are all the path currently
+  in the Nix store that are dependent on *paths*.
 
-  - `--graphml`\
-    Prints the references graph of the store paths *paths* in the
-    [GraphML](http://graphml.graphdrawing.org/) file format. This can be
-    used to visualise dependency graphs. To obtain a build-time
-    dependency graph, apply this to a [store derivation]. To obtain a
-    runtime dependency graph, apply it to an output path.
+- `--deriver` / `-d`
 
-  - `--binding` *name*; `-b` *name*\
-    Prints the value of the attribute *name* (i.e., environment
-    variable) of the [store derivation]s *paths*. It is an error for a
-    derivation to not have the specified attribute.
+  Prints the [deriver] that was used to build the store paths *paths*. If
+  the path has no deriver (e.g., if it is a source file), or if the
+  deriver is not known (e.g., in the case of a binary-only
+  deployment), the string `unknown-deriver` is printed.
+  The returned deriver is not guaranteed to exist in the local store, for
+  example when *paths* were substituted from a binary cache.
+  Use `--valid-derivers` instead to obtain valid paths only.
 
-  - `--hash`\
-    Prints the SHA-256 hash of the contents of the store paths *paths*
-    (that is, the hash of the output of `nix-store --dump` on the given
-    paths). Since the hash is stored in the Nix database, this is a fast
-    operation.
+  [deriver]: @docroot@/glossary.md#gloss-deriver
 
-  - `--size`\
-    Prints the size in bytes of the contents of the store paths *paths*
-    — to be precise, the size of the output of `nix-store --dump` on
-    the given paths. Note that the actual disk space required by the
-    store paths may be higher, especially on filesystems with large
-    cluster sizes.
+- `--valid-derivers`
 
-  - `--roots`\
-    Prints the garbage collector roots that point, directly or
-    indirectly, at the store paths *paths*.
+  Prints a set of derivation files (`.drv`) which are supposed produce
+  said paths when realized. Might print nothing, for example for source paths
+  or paths subsituted from a binary cache.
+
+- `--graph`
+
+  Prints the references graph of the store paths *paths* in the format
+  of the `dot` tool of AT\&T's [Graphviz
+  package](http://www.graphviz.org/). This can be used to visualise
+  dependency graphs. To obtain a build-time dependency graph, apply
+  this to a store derivation. To obtain a runtime dependency graph,
+  apply it to an output path.
+
+- `--tree`
+
+  Prints the references graph of the store paths *paths* as a nested
+  ASCII tree. References are ordered by descending closure size; this
+  tends to flatten the tree, making it more readable. The query only
+  recurses into a store path when it is first encountered; this
+  prevents a blowup of the tree representation of the graph.
+
+- `--graphml`
+
+  Prints the references graph of the store paths *paths* in the
+  [GraphML](http://graphml.graphdrawing.org/) file format. This can be
+  used to visualise dependency graphs. To obtain a build-time
+  dependency graph, apply this to a [store derivation]. To obtain a
+  runtime dependency graph, apply it to an output path.
+
+- `--binding` *name* / `-b` *name*
+
+  Prints the value of the attribute *name* (i.e., environment
+  variable) of the [store derivation]s *paths*. It is an error for a
+  derivation to not have the specified attribute.
+
+- `--hash`
+
+  Prints the SHA-256 hash of the contents of the store paths *paths*
+  (that is, the hash of the output of `nix-store --dump` on the given
+  paths). Since the hash is stored in the Nix database, this is a fast
+  operation.
+
+- `--size`
+
+  Prints the size in bytes of the contents of the store paths *paths*
+  — to be precise, the size of the output of `nix-store --dump` on
+  the given paths. Note that the actual disk space required by the
+  store paths may be higher, especially on filesystems with large
+  cluster sizes.
+
+- `--roots`
+
+  Prints the garbage collector roots that point, directly or
+  indirectly, at the store paths *paths*.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-store/realise.md

@@ -25,11 +25,11 @@ Each of *paths* is processed as follows:
 
 If no substitutes are available and no store derivation is given, realisation fails.
 
-[store paths]: @docroot@/glossary.md#gloss-store-path
+[store paths]: @docroot@/store/store-path.md
 [valid]: @docroot@/glossary.md#gloss-validity
 [store derivation]: @docroot@/glossary.md#gloss-store-derivation
 [output paths]: @docroot@/glossary.md#gloss-output-path
-[store objects]: @docroot@/glossary.md#gloss-store-object
+[store objects]: @docroot@/store/store-object.md
 [closure]: @docroot@/glossary.md#gloss-closure
 [substituters]: @docroot@/command-ref/conf-file.md#conf-substituters
 [content-addressed derivations]: @docroot@/contributing/experimental-features.md#xp-feature-ca-derivations
@@ -42,23 +42,26 @@ For non-derivation arguments, the argument itself is printed.
 
 # Options
 
-  - `--dry-run`\
-    Print on standard error a description of what packages would be
-    built or downloaded, without actually performing the operation.
+- `--dry-run`
 
-  - `--ignore-unknown`\
-    If a non-derivation path does not have a substitute, then silently
-    ignore it.
+  Print on standard error a description of what packages would be
+  built or downloaded, without actually performing the operation.
 
-  - `--check`\
-    This option allows you to check whether a derivation is
-    deterministic. It rebuilds the specified derivation and checks
-    whether the result is bitwise-identical with the existing outputs,
-    printing an error if that’s not the case. The outputs of the
-    specified derivation must already exist. When used with `-K`, if an
-    output path is not identical to the corresponding output from the
-    previous build, the new output path is left in
-    `/nix/store/name.check.`
+- `--ignore-unknown`
+
+  If a non-derivation path does not have a substitute, then silently
+  ignore it.
+
+- `--check`
+
+  This option allows you to check whether a derivation is
+  deterministic. It rebuilds the specified derivation and checks
+  whether the result is bitwise-identical with the existing outputs,
+  printing an error if that’s not the case. The outputs of the
+  specified derivation must already exist. When used with `-K`, if an
+  output path is not identical to the corresponding output from the
+  previous build, the new output path is left in
+  `/nix/store/name.check.`
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-store/restore.md

@@ -8,9 +8,11 @@
 
 ## Description
 
-The operation `--restore` unpacks a NAR archive to *path*, which must
+The operation `--restore` unpacks a [Nix Archive (NAR)][Nix Archive] to *path*, which must
 not already exist. The archive is read from standard input.
 
+[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
+
 {{#include ./opt-common.md}}
 
 {{#include ../opt-common.md}}

doc/manual/src/command-ref/nix-store/serve.md

@@ -14,10 +14,11 @@ access to a restricted ssh user.
 
 The following flags are available:
 
-  - `--write`\
-    Allow the connected client to request the realization of
-    derivations. In effect, this can be used to make the host act as a
-    remote builder.
+- `--write`
+
+  Allow the connected client to request the realization of
+  derivations. In effect, this can be used to make the host act as a
+  remote builder.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/nix-store/verify.md

@@ -16,18 +16,20 @@ being modified by non-Nix tools, or of bugs in Nix itself.
 
 This operation has the following options:
 
-  - `--check-contents`\
-    Checks that the contents of every valid store path has not been
-    altered by computing a SHA-256 hash of the contents and comparing it
-    with the hash stored in the Nix database at build time. Paths that
-    have been modified are printed out. For large stores,
-    `--check-contents` is obviously quite slow.
+- `--check-contents`
 
-  - `--repair`\
-    If any valid path is missing from the store, or (if
-    `--check-contents` is given) the contents of a valid path has been
-    modified, then try to repair the path by redownloading it. See
-    `nix-store --repair-path` for details.
+  Checks that the contents of every valid store path has not been
+  altered by computing a SHA-256 hash of the contents and comparing it
+  with the hash stored in the Nix database at build time. Paths that
+  have been modified are printed out. For large stores,
+  `--check-contents` is obviously quite slow.
+
+- `--repair`
+
+  If any valid path is missing from the store, or (if
+  `--check-contents` is given) the contents of a valid path has been
+  modified, then try to repair the path by redownloading it. See
+  `nix-store --repair-path` for details.
 
 {{#include ./opt-common.md}}
 

doc/manual/src/command-ref/opt-common.md

@@ -143,7 +143,7 @@ Most Nix commands accept the following command-line options:
 
   This option is accepted by `nix-env`, `nix-instantiate`, `nix-shell` and `nix-build`.
   When evaluating Nix expressions, the expression evaluator will automatically try to call functions that it encounters.
-  It can automatically call functions for which every argument has a [default value](@docroot@/language/constructs.md#functions) (e.g., `{ argName ?  defaultValue }: ...`).
+  It can automatically call functions for which every argument has a [default value](@docroot@/language/syntax.md#functions) (e.g., `{ argName ?  defaultValue }: ...`).
 
   With `--arg`, you can also call functions that have arguments without a default value (or override a default value).
   That is, if the evaluator encounters a function with an argument named *name*, it will call it with value *value*.

doc/manual/src/contributing/cli-guideline.md

@@ -389,88 +389,6 @@ colors, no emojis and using ASCII instead of Unicode symbols). The same should
 happen when TTY is not detected on STDERR. We should not display progress /
 status section, but only print warnings and errors.
 
-## Returning future proof JSON
-
-The schema of JSON output should allow for backwards compatible extension. This section explains how to achieve this.
-
-Two definitions are helpful here, because while JSON only defines one "key-value"
-object type, we use it to cover two use cases:
-
- - **dictionary**: a map from names to value that all have the same type. In
-   C++ this would be a `std::map` with string keys.
- - **record**: a fixed set of attributes each with their own type. In C++, this
-   would be represented by a `struct`.
-
-It is best not to mix these use cases, as that may lead to incompatibilities when the schema changes. For example, adding a record field to a dictionary breaks consumers that assume all JSON object fields to have the same meaning and type.
-
-This leads to the following guidelines:
-
- - The top-level (root) value must be a record.
-
-   Otherwise, one can not change the structure of a command's output.
-
- - The value of a dictionary item must be a record.
-
-   Otherwise, the item type can not be extended.
-
- - List items should be records.
-
-   Otherwise, one can not change the structure of the list items.
-
-   If the order of the items does not matter, and each item has a unique key that is a string, consider representing the list as a dictionary instead. If the order of the items needs to be preserved, return a list of records.
-
- - Streaming JSON should return records.
-
-   An example of a streaming JSON format is [JSON lines](https://jsonlines.org/), where each line represents a JSON value. These JSON values can be considered top-level values or list items, and they must be records.
-
-### Examples
-
-
-This is bad, because all keys must be assumed to be store types:
-
-```json
-{
-  "local": { ... },
-  "remote": { ... },
-  "http": { ... }
-}
-```
-
-This is good, because the it is extensible at the root, and is somewhat self-documenting:
-
-```json
-{
-  "storeTypes": { "local": { ... }, ... },
-  "pluginSupport": true
-}
-```
-
-While the dictionary of store types seems like a very complete response at first, a use case may arise that warrants returning additional information.
-For example, the presence of plugin support may be crucial information for a client to proceed when their desired store type is missing.
-
-
-
-The following representation is bad because it is not extensible:
-
-```json
-{ "outputs": [ "out" "bin" ] }
-```
-
-However, simply converting everything to records is not enough, because the order of outputs must be preserved:
-
-```json
-{ "outputs": { "bin": {}, "out": {} } }
-```
-
-The first item is the default output. Deriving this information from the outputs ordering is not great, but this is how Nix currently happens to work.
-While it is possible for a JSON parser to preserve the order of fields, we can not rely on this capability to be present in all JSON libraries.
-
-This representation is extensible and preserves the ordering:
-
-```json
-{ "outputs": [ { "outputName": "out" }, { "outputName": "bin" } ] }
-```
-
 ## Dialog with the user
 
 CLIs don't always make it clear when an action has taken place. For every

doc/manual/src/contributing/documentation.md

@@ -147,7 +147,7 @@ Please observe these guidelines to ease reviews:
   ```
   A [store object] contains a [file system object] and [references] to other store objects.
 
-  [store object]: @docroot@/glossary.md#gloss-store-object
+  [store object]: @docroot@/store/store-object.md
   [file system object]: @docroot@/architecture/file-system-object.md
   [references]: @docroot@/glossary.md#gloss-reference
   ```
@@ -196,32 +196,35 @@ You can also build and view it yourself:
 [Doxygen API documentation]: https://hydra.nixos.org/job/nix/master/internal-api-docs/latest/download-by-type/doc/internal-api-docs
 
 ```console
-# nix build .#hydraJobs.internal-api-docs
-# xdg-open ./result/share/doc/nix/internal-api/html/index.html
+$ nix build .#hydraJobs.internal-api-docs
+$ xdg-open ./result/share/doc/nix/internal-api/html/index.html
 ```
 
 or inside `nix-shell` or `nix develop`:
 
-```
-# make internal-api-html
-# xdg-open ./outputs/doc/share/doc/nix/internal-api/html/index.html
+```console
+$ mesonConfigurePhase
+$ ninja src/internal-api-docs/html
+$ xdg-open src/internal-api-docs/html/index.html
 ```
 
-## C API documentation (experimental)
+## C API documentation
 
+Note that the C API is not yet stable.
 [C API documentation] is available online.
 You can also build and view it yourself:
 
 [C API documentation]: https://hydra.nixos.org/job/nix/master/external-api-docs/latest/download-by-type/doc/external-api-docs
 
 ```console
-# nix build .#hydraJobs.external-api-docs
-# xdg-open ./result/share/doc/nix/external-api/html/index.html
+$ nix build .#hydraJobs.external-api-docs
+$ xdg-open ./result/share/doc/nix/external-api/html/index.html
 ```
 
 or inside `nix-shell` or `nix develop`:
 
 ```
-# make external-api-html
-# xdg-open ./outputs/doc/share/doc/nix/external-api/html/index.html
+$ mesonConfigurePhase
+$ ninja src/external-api-docs/html
+$ xdg-open src/external-api-docs/html/index.html
 ```

doc/manual/src/contributing/hacking.md

@@ -122,7 +122,6 @@ Run `make` with [`-e` / `--environment-overrides`](https://www.gnu.org/software/
 
   The docs can take a while to build, so you may want to disable this for local development.
 - `ENABLE_FUNCTIONAL_TESTS=yes` to enable building the functional tests.
-- `ENABLE_UNIT_TESTS=yes` to enable building the unit tests.
 - `OPTIMIZE=1` to enable optimizations.
 - `libraries=libutil programs=` to only build a specific library.
 

doc/manual/src/contributing/json-guideline.md

@@ -0,0 +1,128 @@
+# JSON guideline
+
+Nix consumes and produces JSON in a variety of contexts.
+These guidelines ensure consistent practices for all our JSON interfaces, for ease of use, and so that experience in one part carries over to another.
+
+## Extensibility
+
+The schema of JSON input and output should allow for backwards compatible extension.
+This section explains how to achieve this.
+
+Two definitions are helpful here, because while JSON only defines one "key-value" object type, we use it to cover two use cases:
+
+ - **dictionary**: a map from names to value that all have the same type.
+   In C++ this would be a `std::map` with string keys.
+
+ - **record**: a fixed set of attributes each with their own type.
+   In C++, this would be represented by a `struct`.
+
+It is best not to mix these use cases, as that may lead to incompatibilities when the schema changes.
+For example, adding a record field to a dictionary breaks consumers that assume all JSON object fields to have the same meaning and type, and dictionary items with a colliding name can not be represented anymore.
+
+This leads to the following guidelines:
+
+ - The top-level (root) value must be a record.
+
+   Otherwise, one can not change the structure of a command's output.
+
+ - The value of a dictionary item must be a record.
+
+   Otherwise, the item type can not be extended.
+
+ - List items should be records.
+
+   Otherwise, one can not change the structure of the list items.
+
+   If the order of the items does not matter, and each item has a unique key that is a string, consider representing the list as a dictionary instead.
+   If the order of the items needs to be preserved, return a list of records.
+
+ - Streaming JSON should return records.
+
+   An example of a streaming JSON format is [JSON lines](https://jsonlines.org/), where each line represents a JSON value.
+   These JSON values can be considered top-level values or list items, and they must be records.
+
+### Examples
+
+This is bad, because all keys must be assumed to be store types:
+
+```json
+{
+  "local": { ... },
+  "remote": { ... },
+  "http": { ... }
+}
+```
+
+This is good, because the it is extensible at the root, and is somewhat self-documenting:
+
+```json
+{
+  "storeTypes": { "local": { ... }, ... },
+  "pluginSupport": true
+}
+```
+
+While the dictionary of store types seems like a very complete response at first, a use case may arise that warrants returning additional information.
+For example, the presence of plugin support may be crucial information for a client to proceed when their desired store type is missing.
+
+
+
+The following representation is bad because it is not extensible:
+
+```json
+{ "outputs": [ "out" "bin" ] }
+```
+
+However, simply converting everything to records is not enough, because the order of outputs must be preserved:
+
+```json
+{ "outputs": { "bin": {}, "out": {} } }
+```
+
+The first item is the default output. Deriving this information from the outputs ordering is not great, but this is how Nix currently happens to work.
+While it is possible for a JSON parser to preserve the order of fields, we can not rely on this capability to be present in all JSON libraries.
+
+This representation is extensible and preserves the ordering:
+
+```json
+{ "outputs": [ { "outputName": "out" }, { "outputName": "bin" } ] }
+```
+
+## Self-describing values
+
+As described in the previous section, it's crucial that schemas can be extended with with new fields without breaking compatibility.
+However, that should *not* mean we use the presence/absence of fields to indicate optional information *within* a version of the schema.
+Instead, always include the field, and use `null` to indicate the "nothing" case.
+
+### Examples
+
+Here are two JSON objects:
+
+```json
+{
+  "foo": {}
+}
+```
+```json
+{
+  "foo": {},
+  "bar": {}
+}
+```
+
+Since they differ in which fields they contain, they should *not* both be valid values of the same schema.
+At most, they can match two different schemas where the second (with `foo` and `bar`) is considered a newer version of the first (with just `foo`).
+Within each version, all fields are mandatory (always `foo`, and always `foo` and `bar`).
+Only *between* each version, `bar` gets added as a new mandatory field.
+
+Here are another two JSON objects:
+
+```json
+{ "foo": null }
+```
+```json
+{ "foo": { "bar": 1 } }
+```
+
+Since they both contain a `foo` field, they could be valid values of the same schema.
+The schema would have `foo` has an optional field, which is either `null` or an object where `bar` is an integer.

doc/manual/src/contributing/testing.md

@@ -59,15 +59,15 @@ The unit tests are defined using the [googletest] and [rapidcheck] frameworks.
 > …
 > ```
 
-The tests for each Nix library (`libnixexpr`, `libnixstore`, etc..) live inside a directory `tests/unit/${library_name_without-nix}`.
-Given a interface (header) and implementation pair in the original library, say, `src/libexpr/value/context.{hh,cc}`, we write tests for it in `tests/unit/libexpr/tests/value/context.cc`, and (possibly) declare/define additional interfaces for testing purposes in `tests/unit/libexpr-support/tests/value/context.{hh,cc}`.
+The tests for each Nix library (`libnixexpr`, `libnixstore`, etc..) live inside a directory `src/${library_name_without-nix}-test`.
+Given an interface (header) and implementation pair in the original library, say, `src/libexpr/value/context.{hh,cc}`, we write tests for it in `src/nix-expr-tests/value/context.cc`, and (possibly) declare/define additional interfaces for testing purposes in `src/nix-expr-test-support/tests/value/context.{hh,cc}`.
 
 Data for unit tests is stored in a `data` subdir of the directory for each unit test executable.
-For example, `libnixstore` code is in `src/libstore`, and its test data is in `tests/unit/libstore/data`.
-The path to the `tests/unit/data` directory is passed to the unit test executable with the environment variable `_NIX_TEST_UNIT_DATA`.
+For example, `libnixstore` code is in `src/libstore`, and its test data is in `src/nix-store-tests/data`.
+The path to the `src/${library_name_without-nix}-test/data` directory is passed to the unit test executable with the environment variable `_NIX_TEST_UNIT_DATA`.
 Note that each executable only gets the data for its tests.
 
-The unit test libraries are in `tests/unit/${library_name_without-nix}-lib`.
+The unit test libraries are in `src/${library_name_without-nix}-test-support`.
 All headers are in a `tests` subdirectory so they are included with `#include "tests/"`.
 
 The use of all these separate directories for the unit tests might seem inconvenient, as for example the tests are not "right next to" the part of the code they are testing.
@@ -76,8 +76,25 @@ there is no risk of any build-system wildcards for the library accidentally pick
 
 ### Running tests
 
-You can run the whole testsuite with `make check`, or the tests for a specific component with `make libfoo-tests_RUN`.
-Finer-grained filtering is also possible using the [--gtest_filter](https://google.github.io/googletest/advanced.html#running-a-subset-of-the-tests) command-line option, or the `GTEST_FILTER` environment variable, e.g. `GTEST_FILTER='ErrorTraceTest.*' make check`.
+You can run the whole testsuite with `meson test` from the Meson build directory, or the tests for a specific component with `meson test nix-store-tests`.
+A environment variables that Google Test accepts are also worth knowing:
+
+1. [`GTEST_FILTER`](https://google.github.io/googletest/advanced.html#running-a-subset-of-the-tests)
+
+   This is used for finer-grained filtering of which tests to run.
+
+
+2. [`GTEST_BRIEF`](https://google.github.io/googletest/advanced.html#suppressing-test-passes)
+
+   This is used to avoid logging passing tests.
+
+Putting the two together, one might run
+
+```bash
+GTEST_BRIEF=1 GTEST_FILTER='ErrorTraceTest.*' meson test nix-expr-tests -v
+```
+
+for short but comprensive output.
 
 ### Characterisation testing { #characaterisation-testing-unit }
 
@@ -86,7 +103,7 @@ See [functional characterisation testing](#characterisation-testing-functional)
 Like with the functional characterisation, `_NIX_TEST_ACCEPT=1` is also used.
 For example:
 ```shell-session
-$ _NIX_TEST_ACCEPT=1 make libstore-tests_RUN
+$ _NIX_TEST_ACCEPT=1 meson test nix-store-tests -v
 ...
 [  SKIPPED ] WorkerProtoTest.string_read
 [  SKIPPED ] WorkerProtoTest.string_write
@@ -114,6 +131,8 @@ On other platforms they wouldn't be run at all.
 The functional tests reside under the `tests/functional` directory and are listed in `tests/functional/local.mk`.
 Each test is a bash script.
 
+Functional tests are run during `installCheck` in the `nix` package build, as well as separately from the build, in VM tests.
+
 ### Running the whole test suite
 
 The whole test suite can be run with:
@@ -162,14 +181,14 @@ ran test tests/functional/${testName}.sh... [PASS]
 or without `make`:
 
 ```shell-session
-$ ./mk/run-test.sh tests/functional/${testName}.sh tests/functional/init.sh
+$ ./mk/run-test.sh tests/functional/${testName}.sh
 ran test tests/functional/${testName}.sh... [PASS]
 ```
 
 To see the complete output, one can also run:
 
 ```shell-session
-$ ./mk/debug-test.sh tests/functional/${testName}.sh tests/functional/init.sh
+$ ./mk/debug-test.sh tests/functional/${testName}.sh
 +(${testName}.sh:1) foo
 output from foo
 +(${testName}.sh:2) bar
@@ -204,7 +223,7 @@ edit it like so:
 Then, running the test with `./mk/debug-test.sh` will drop you into GDB once the script reaches that point:
 
 ```shell-session
-$ ./mk/debug-test.sh tests/functional/${testName}.sh tests/functional/init.sh
+$ ./mk/debug-test.sh tests/functional/${testName}.sh
 ...
 + gdb blash blub
 GNU gdb (GDB) 12.1
@@ -252,13 +271,30 @@ Regressions are caught, and improvements always show up in code review.
 
 To ensure that characterisation testing doesn't make it harder to intentionally change these interfaces, there always must be an easy way to regenerate the expected output, as we do with `_NIX_TEST_ACCEPT=1`.
 
+### Running functional tests on NixOS
+
+We run the functional tests not just in the build, but also in VM tests.
+This helps us ensure that Nix works correctly on NixOS, and environments that have similar characteristics that are hard to reproduce in a build environment.
+
+The recommended way to run these tests during development is:
+
+```shell
+nix build .#hydraJobs.tests.functional_user.quickBuild
+```
+
+The `quickBuild` attribute configures the test to use a `nix` package that's built without integration tests, so that you can iterate on the tests without performing recompilations due to the changed sources for `installCheck`.
+
+Generally, this build is sufficient, but in nightly or CI we also test the attributes `functional_root` and `functional_trusted`, in which the test suite is run with different levels of authorization.
+
 ## Integration tests
 
 The integration tests are defined in the Nix flake under the `hydraJobs.tests` attribute.
 These tests include everything that needs to interact with external services or run Nix in a non-trivial distributed setup.
 Because these tests are expensive and require more than what the standard github-actions setup provides, they only run on the master branch (on <https://hydra.nixos.org/jobset/nix/master>).
 
-You can run them manually with `nix build .#hydraJobs.tests.{testName}` or `nix-build -A hydraJobs.tests.{testName}`
+You can run them manually with `nix build .#hydraJobs.tests.{testName}` or `nix-build -A hydraJobs.tests.{testName}`.
+
+If you are testing a build of `nix` that you haven't compiled yet, you may iterate faster by appending the `quickBuild` attribute: `nix build .#hydraJobs.tests.{testName}.quickBuild`.
 
 ## Installer tests
 

doc/manual/src/glossary.md

@@ -1,5 +1,24 @@
 # Glossary
 
+- [content address]{#gloss-content-address}
+
+  A
+  [*content address*](https://en.wikipedia.org/wiki/Content-addressable_storage)
+  is a secure way to reference immutable data.
+  The reference is calculated directly from the content of the data being referenced, which means the reference is
+  [*tamper proof*](https://en.wikipedia.org/wiki/Tamperproofing)
+  --- variations of the data should always calculate to distinct content addresses.
+
+  For how Nix uses content addresses, see:
+
+    - [Content-Addressing File System Objects](@docroot@/store/file-system-object/content-address.md)
+    - [Content-Addressing Store Objects](@docroot@/store/store-object/content-address.md)
+    - [content-addressed derivation](#gloss-content-addressed-derivation)
+
+  Software Heritage's writing on [*Intrinsic and Extrinsic identifiers*](https://www.softwareheritage.org/2020/07/09/intrinsic-vs-extrinsic-identifiers) is also a good introduction to the value of content-addressing over other referencing schemes.
+
+  Besides content addressing, the Nix store also uses [input addressing](#gloss-input-addressed-store-object).
+
 - [derivation]{#gloss-derivation}
 
   A description of a build task. The result of a derivation is a
@@ -52,10 +71,9 @@
   [`__contentAddressed`](./language/advanced-attributes.md#adv-attr-__contentAddressed)
   attribute set to `true`.
 
-- [fixed-output derivation]{#gloss-fixed-output-derivation}
+- [fixed-output derivation]{#gloss-fixed-output-derivation} (FOD)
 
-  A derivation which includes the
-  [`outputHash`](./language/advanced-attributes.md#adv-attr-outputHash) attribute.
+  A [derivation] where a cryptographic hash of the [output] is determined in advance using the [`outputHash`](./language/advanced-attributes.md#adv-attr-outputHash) attribute, and where the [`builder`](@docroot@/language/derivations.md#attr-builder) executable has access to the network.
 
 - [store]{#gloss-store}
 
@@ -118,9 +136,12 @@
 
 - [content-addressed store object]{#gloss-content-addressed-store-object}
 
-  A [store object] whose [store path] is determined by its contents.
+  A [store object] which is [content-addressed](#gloss-content-address),
+  i.e. whose [store path] is determined by its contents.
   This includes derivations, the outputs of [content-addressed derivations](#gloss-content-addressed-derivation), and the outputs of [fixed-output derivations](#gloss-fixed-output-derivation).
 
+  See [Content-Addressing Store Objects](@docroot@/store/store-object/content-address.md) for details.
+
 - [substitute]{#gloss-substitute}
 
   A substitute is a command invocation stored in the [Nix database] that
@@ -218,6 +239,17 @@
 - [output closure]{#gloss-output-closure}\
   The [closure] of an [output path]. It only contains what is [reachable] from the output.
 
+- [deriving path]{#gloss-deriving-path}
+
+  Deriving paths are a way to refer to [store objects][store object] that ar not yet [realised][realise].
+  This is necessary because, in general and particularly for [content-addressed derivations][content-addressed derivation], the [output path] of an [output] is not known in advance.
+  There are two forms:
+
+  - *constant*: just a [store path]
+    It can be made [valid][validity] by copying it into the store: from the evaluator, command line interface or another store.
+
+  - *output*: a pair of a [store path] to a [derivation] and an [output] name.
+
 - [deriver]{#gloss-deriver}
 
   The [store derivation] that produced an [output path].
@@ -255,13 +287,15 @@
 
   See [installables](./command-ref/new-cli/nix.md#installables) for [`nix` commands](./command-ref/new-cli/nix.md) (experimental) for details.
 
-- [NAR]{#gloss-nar}
+- [Nix Archive (NAR)]{#gloss-nar}
 
   A *N*ix *AR*chive. This is a serialisation of a path in the Nix
   store. It can contain regular files, directories and symbolic
   links.  NARs are generated and unpacked using `nix-store --dump`
   and `nix-store --restore`.
 
+  See [Nix Archive](store/file-system-object/content-address.html#serial-nix-archive) for details.
+
 - [`∅`]{#gloss-emtpy-set}
 
   The empty set symbol. In the context of profile history, this denotes a package is not present in a particular version of the profile.
@@ -278,7 +312,7 @@
 
 - [package attribute set]{#package-attribute-set}
 
-  An [attribute set](@docroot@/language/values.md#attribute-set) containing the attribute `type = "derivation";` (derivation for historical reasons), as well as other attributes, such as
+  An [attribute set](@docroot@/language/types.md#attribute-set) containing the attribute `type = "derivation";` (derivation for historical reasons), as well as other attributes, such as
   - attributes that refer to the files of a [package], typically in the form of [derivation outputs](#output),
   - attributes that declare something about how the package is supposed to be installed or used,
   - other metadata or arbitrary attributes.
@@ -291,9 +325,9 @@
 
   See [String interpolation](./language/string-interpolation.md) for details.
 
-  [string]: ./language/values.md#type-string
-  [path]: ./language/values.md#type-path
-  [attribute name]: ./language/values.md#attribute-set
+  [string]: ./language/types.md#type-string
+  [path]: ./language/types.md#type-path
+  [attribute name]: ./language/types.md#attribute-set
 
 - [base directory]{#gloss-base-directory}
 

doc/manual/src/installation/env-variables.md

@@ -53,7 +53,8 @@ ssl-cert-file = /etc/ssl/my-certificate-bundle.crt
 
 The Nix installer has special handling for these proxy-related
 environment variables: `http_proxy`, `https_proxy`, `ftp_proxy`,
-`no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`, `NO_PROXY`.
+`all_proxy`, `no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`,
+`ALL_PROXY`, `NO_PROXY`.
 
 If any of these variables are set when running the Nix installer, then
 the installer will create an override file at

doc/manual/src/installation/uninstall.md

@@ -1,17 +1,8 @@
 # Uninstalling Nix
 
-## Single User
-
-If you have a [single-user installation](./installing-binary.md#single-user-installation) of Nix, uninstall it by running:
-
-```console
-$ rm -rf /nix ~/.nix-channels ~/.nix-defexpr ~/.nix-profile
-```
-You might also want to manually remove references to Nix from your `~/.profile`.
-
 ## Multi User
 
-Removing a [multi-user installation](./installing-binary.md#multi-user-installation) of Nix is more involved, and depends on the operating system.
+Removing a [multi-user installation](./installing-binary.md#multi-user-installation) depends on the operating system.
 
 ### Linux
 
@@ -52,7 +43,15 @@ which you may remove.
 
 ### macOS
 
-1. Edit `/etc/zshrc`, `/etc/bashrc`, and `/etc/bash.bashrc` to remove the lines sourcing `nix-daemon.sh`, which should look like this:
+1. If system-wide shell initialisation files haven't been altered since installing Nix, use the backups made by the installer:
+
+   ```console
+   sudo mv /etc/zshrc.backup-before-nix /etc/zshrc
+   sudo mv /etc/bashrc.backup-before-nix /etc/bashrc
+   sudo mv /etc/bash.bashrc.backup-before-nix /etc/bash.bashrc
+   ```
+
+   Otherwise, edit `/etc/zshrc`, `/etc/bashrc`, and `/etc/bash.bashrc` to remove the lines sourcing `nix-daemon.sh`, which should look like this:
 
    ```bash
    # Nix
@@ -62,18 +61,6 @@ which you may remove.
    # End Nix
    ```
 
-   If these files haven't been altered since installing Nix you can simply put
-   the backups back in place:
-
-   ```console
-   sudo mv /etc/zshrc.backup-before-nix /etc/zshrc
-   sudo mv /etc/bashrc.backup-before-nix /etc/bashrc
-   sudo mv /etc/bash.bashrc.backup-before-nix /etc/bash.bashrc
-   ```
-
-   This will stop shells from sourcing the file and bringing everything you
-   installed using Nix in scope.
-
 2. Stop and remove the Nix daemon services:
 
    ```console
@@ -83,8 +70,7 @@ which you may remove.
    sudo rm /Library/LaunchDaemons/org.nixos.darwin-store.plist
    ```
 
-   This stops the Nix daemon and prevents it from being started next time you
-   boot the system.
+   This stops the Nix daemon and prevents it from being started next time you boot the system.
 
 3. Remove the `nixbld` group and the `_nixbuildN` users:
 
@@ -95,25 +81,42 @@ which you may remove.
 
    This will remove all the build users that no longer serve a purpose.
 
-4. Edit fstab using `sudo vifs` to remove the line mounting the Nix Store
-   volume on `/nix`, which looks like
-   `UUID=<uuid> /nix apfs rw,noauto,nobrowse,suid,owners` or
-   `LABEL=Nix\040Store /nix apfs rw,nobrowse`. This will prevent automatic
-   mounting of the Nix Store volume.
+4. Edit fstab using `sudo vifs` to remove the line mounting the Nix Store volume on `/nix`, which looks like
 
-5. Edit `/etc/synthetic.conf` to remove the `nix` line. If this is the only
-   line in the file you can remove it entirely, `sudo rm /etc/synthetic.conf`.
-   This will prevent the creation of the empty `/nix` directory to provide a
-   mountpoint for the Nix Store volume.
+   ```
+   UUID=<uuid> /nix apfs rw,noauto,nobrowse,suid,owners
+   ```
+   or
 
-6. Remove the files Nix added to your system:
+   ```
+   LABEL=Nix\040Store /nix apfs rw,nobrowse
+   ```
+
+   by setting the cursor on the respective line using the error keys, and pressing `dd`, and then `:wq` to save the file.
+
+   This will prevent automatic mounting of the Nix Store volume.
+
+5. Edit `/etc/synthetic.conf` to remove the `nix` line.
+   If this is the only line in the file you can remove it entirely:
+
+   ```bash
+   if [ -f /etc/synthetic.conf ]; then
+     if [ "$(cat /etc/synthetic.conf)" = "nix" ]; then
+       sudo rm /etc/synthetic.conf
+     else
+       sudo vi /etc/synthetic.conf
+     fi
+   fi
+   ```
+
+   This will prevent the creation of the empty `/nix` directory.
+
+6. Remove the files Nix added to your system, except for the store:
 
    ```console
    sudo rm -rf /etc/nix /var/root/.nix-profile /var/root/.nix-defexpr /var/root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
    ```
 
-   This gets rid of any data Nix may have created except for the store which is
-   removed next.
 
 7. Remove the Nix Store volume:
 
@@ -121,29 +124,32 @@ which you may remove.
    sudo diskutil apfs deleteVolume /nix
    ```
 
-   This will remove the Nix Store volume and everything that was added to the
-   store.
+   This will remove the Nix Store volume and everything that was added to the store.
 
-   If the output indicates that the command couldn't remove the volume, you should
-   make sure you don't have an _unmounted_ Nix Store volume. Look for a
-   "Nix Store" volume in the output of the following command:
+   If the output indicates that the command couldn't remove the volume, you should make sure you don't have an _unmounted_ Nix Store volume.
+   Look for a "Nix Store" volume in the output of the following command:
 
    ```console
    diskutil list
    ```
 
-   If you _do_ see a "Nix Store" volume, delete it by re-running the diskutil
-   deleteVolume command, but replace `/nix` with the store volume's `diskXsY`
-   identifier.
+   If you _do_ find a "Nix Store" volume, delete it by running `diskutil deleteVolume` with the store volume's `diskXsY` identifier.
 
 > **Note**
 >
-> After you complete the steps here, you will still have an empty `/nix`
-> directory. This is an expected sign of a successful uninstall. The empty
-> `/nix` directory will disappear the next time you reboot.
+> After you complete the steps here, you will still have an empty `/nix` directory.
+> This is an expected sign of a successful uninstall.
+> The empty `/nix` directory will disappear the next time you reboot.
 >
-> You do not have to reboot to finish uninstalling Nix. The uninstall is
-> complete. macOS (Catalina+) directly controls root directories and its
-> read-only root will prevent you from manually deleting the empty `/nix`
-> mountpoint.
+> You do not have to reboot to finish uninstalling Nix.
+> The uninstall is complete.
+> macOS (Catalina+) directly controls root directories, and its read-only root will prevent you from manually deleting the empty `/nix` mountpoint.
 
+## Single User
+
+To remove a [single-user installation](./installing-binary.md#single-user-installation) of Nix, run:
+
+```console
+$ rm -rf /nix ~/.nix-channels ~/.nix-defexpr ~/.nix-profile
+```
+You might also want to manually remove references to Nix from your `~/.profile`.

doc/manual/src/language/advanced-attributes.md

@@ -120,12 +120,11 @@ Derivations can declare some infrequently used optional attributes.
     configuration setting.
 
   - [`outputHash`]{#adv-attr-outputHash}; [`outputHashAlgo`]{#adv-attr-outputHashAlgo}; [`outputHashMode`]{#adv-attr-outputHashMode}\
-    These attributes declare that the derivation is a so-called
-    *fixed-output derivation*, which means that a cryptographic hash of
-    the output is already known in advance. When the build of a
-    fixed-output derivation finishes, Nix computes the cryptographic
-    hash of the output and compares it to the hash declared with these
-    attributes. If there is a mismatch, the build fails.
+    These attributes declare that the derivation is a so-called *fixed-output derivation* (FOD), which means that a cryptographic hash of the output is already known in advance.
+
+    As opposed to regular derivations, the [`builder`] executable of a fixed-output derivation has access to the network.
+    Nix computes a cryptographic hash of its output and compares that to the hash declared with these attributes.
+    If there is a mismatch, the derivation fails.
 
     The rationale for fixed-output derivations is derivations such as
     those produced by the `fetchurl` function. This function downloads a
@@ -197,33 +196,40 @@ Derivations can declare some infrequently used optional attributes.
     `outputHashAlgo` can only be `null` when `outputHash` follows the SRI format.
 
     The `outputHashMode` attribute determines how the hash is computed.
-    It must be one of the following two values:
+    It must be one of the following values:
 
-      - `"flat"`\
-        The output must be a non-executable regular file. If it isn’t,
-        the build fails. The hash is simply computed over the contents
-        of that file (so it’s equal to what Unix commands like
-        `sha256sum` or `sha1sum` produce).
+      - [`"flat"`](@docroot@/store/store-object/content-address.md#method-flat)
 
         This is the default.
 
-      - `"recursive"` or `"nar"`\
-        The hash is computed over the [NAR archive](@docroot@/glossary.md#gloss-nar) dump of the output
-        (i.e., the result of [`nix-store --dump`](@docroot@/command-ref/nix-store/dump.md)). In
-        this case, the output can be anything, including a directory
-        tree.
+      - [`"recursive"` or `"nar"`](@docroot@/store/store-object/content-address.md#method-nix-archive)
 
-    `"recursive"` is the traditional way of indicating this,
-    and is supported since 2005 (virtually the entire history of Nix).
-    `"nar"` is more clear, and consistent with other parts of Nix (such as the CLI),
-    however support for it is only added in Nix version 2.21.
+        > **Compatibility**
+        >
+        > `"recursive"` is the traditional way of indicating this,
+        > and is supported since 2005 (virtually the entire history of Nix).
+        > `"nar"` is more clear, and consistent with other parts of Nix (such as the CLI),
+        > however support for it is only added in Nix version 2.21.
+
+      - [`"text"`](@docroot@/store/store-object/content-address.md#method-text)
+
+        > **Warning**
+        >
+        > The use of this method for derivation outputs is part of the [`dynamic-derivations`][xp-feature-dynamic-derivations] experimental feature.
+
+      - [`"git"`](@docroot@/store/store-object/content-address.md#method-git)
+
+        > **Warning**
+        >
+        > This method is part of the [`git-hashing`][xp-feature-git-hashing] experimental feature.
 
   - [`__contentAddressed`]{#adv-attr-__contentAddressed}
+
     > **Warning**
     > This attribute is part of an [experimental feature](@docroot@/contributing/experimental-features.md).
     >
     > To use this attribute, you must enable the
-    > [`ca-derivations`](@docroot@/contributing/experimental-features.md#xp-feature-ca-derivations) experimental feature.
+    > [`ca-derivations`][xp-feature-ca-derivations] experimental feature.
     > For example, in [nix.conf](../command-ref/conf-file.md) you could add:
     >
     > ```
@@ -272,7 +278,9 @@ Derivations can declare some infrequently used optional attributes.
 
     > **Note**
     >
-    > If set to `false`, the [`builder`](./derivations.md#attr-builder) should be able to run on the system type specified in the [`system` attribute](./derivations.md#attr-system), since the derivation cannot be substituted.
+    > If set to `false`, the [`builder`] should be able to run on the system type specified in the [`system` attribute](./derivations.md#attr-system), since the derivation cannot be substituted.
+
+    [`builder`]: ./derivations.md#attr-builder
 
   - [`__structuredAttrs`]{#adv-attr-structuredAttrs}\
     If the special attribute `__structuredAttrs` is set to `true`, the other derivation
@@ -294,6 +302,12 @@ Derivations can declare some infrequently used optional attributes.
     (associative) arrays. For example, the attribute `hardening.format = true`
     ends up as the Bash associative array element `${hardening[format]}`.
 
+    > **Warning**
+    >
+    > If set to `true`, other advanced attributes such as [`allowedReferences`](#adv-attr-allowedReferences), [`allowedReferences`](#adv-attr-allowedReferences), [`allowedRequisites`](#adv-attr-allowedRequisites),
+    [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites), maxSize, and maxClosureSize.
+    will have no effect.
+
   - [`outputChecks`]{#adv-attr-outputChecks}\
     When using [structured attributes](#adv-attr-structuredAttrs), the `outputChecks`
     attribute allows defining checks per-output.
@@ -303,7 +317,7 @@ Derivations can declare some infrequently used optional attributes.
     [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites),
     the following attributes are available:
 
-    - `maxSize` defines the maximum size of the resulting [store object](@docroot@/glossary.md#gloss-store-object).
+    - `maxSize` defines the maximum size of the resulting [store object](@docroot@/store/store-object.md).
     - `maxClosureSize` defines the maximum size of the output's closure.
     - `ignoreSelfRefs` controls whether self-references should be considered when
       checking for allowed references/requisites.
@@ -355,3 +369,7 @@ Derivations can declare some infrequently used optional attributes.
   ```
 
   ensures that the derivation can only be built on a machine with the `kvm` feature.
+
+[xp-feature-ca-derivations]: @docroot@/contributing/experimental-features.md#xp-feature-ca-derivations
+[xp-feature-dynamic-derivations]: @docroot@/contributing/experimental-features.md#xp-feature-dynamic-derivations
+[xp-feature-git-hashing]: @docroot@/contributing/experimental-features.md#xp-feature-git-hashing

doc/manual/src/language/builtin-constants-prefix.md

@@ -1,5 +0,0 @@
-# Built-in Constants
-
-These constants are built into the Nix language evaluator:
-
-<dl>

doc/manual/src/language/builtin-constants-suffix.md

@@ -1 +0,0 @@
-</dl>

doc/manual/src/language/builtins-prefix.md

@@ -1,9 +1,11 @@
-# Built-in Functions
+# Built-ins
 
-This section lists the functions built into the Nix language evaluator.
-All built-in functions are available through the global [`builtins`](./builtin-constants.md#builtins-builtins) constant.
+This section lists the values and functions built into the Nix language evaluator.
+All built-ins are available through the global [`builtins`](#builtins-builtins) constant.
 
-For convenience, some built-ins can be accessed directly:
+Some built-ins are also exposed directly in the global scope:
+
+<!-- TODO(@rhendric, #10970): this list is incomplete -->
 
 - [`derivation`](#builtins-derivation)
 - [`import`](#builtins-import)

doc/manual/src/language/constructs.md

@@ -1,408 +0,0 @@
-# Language Constructs
-
-## Recursive sets
-
-Recursive sets are like normal [attribute sets](./values.md#attribute-set), but the attributes can refer to each other.
-
-> *rec-attrset* = `rec {` [ *name* `=` *expr* `;` `]`... `}`
-
-Example:
-
-```nix
-rec {
-  x = y;
-  y = 123;
-}.x
-```
-
-This evaluates to `123`.
-
-Note that without `rec` the binding `x = y;` would
-refer to the variable `y` in the surrounding scope, if one exists, and
-would be invalid if no such variable exists. That is, in a normal
-(non-recursive) set, attributes are not added to the lexical scope; in a
-recursive set, they are.
-
-Recursive sets of course introduce the danger of infinite recursion. For
-example, the expression
-
-```nix
-rec {
-  x = y;
-  y = x;
-}.x
-```
-
-will crash with an `infinite recursion encountered` error message.
-
-## Let-expressions
-
-A let-expression allows you to define local variables for an expression.
-
-> *let-in* = `let` [ *identifier* = *expr* ]... `in` *expr*
-
-Example:
-
-```nix
-let
-  x = "foo";
-  y = "bar";
-in x + y
-```
-
-This evaluates to `"foobar"`.
-
-## Inheriting attributes
-
-When defining an [attribute set](./values.md#attribute-set) or in a [let-expression](#let-expressions) it is often convenient to copy variables from the surrounding lexical scope (e.g., when you want to propagate attributes).
-This can be shortened using the `inherit` keyword.
-
-Example:
-
-```nix
-let x = 123; in
-{
-  inherit x;
-  y = 456;
-}
-```
-
-is equivalent to
-
-```nix
-let x = 123; in
-{
-  x = x;
-  y = 456;
-}
-```
-
-and both evaluate to `{ x = 123; y = 456; }`.
-
-> **Note**
->
-> This works because `x` is added to the lexical scope by the `let` construct.
-
-It is also possible to inherit attributes from another attribute set.
-
-Example:
-
-In this fragment from `all-packages.nix`,
-
-```nix
-graphviz = (import ../tools/graphics/graphviz) {
-  inherit fetchurl stdenv libpng libjpeg expat x11 yacc;
-  inherit (xorg) libXaw;
-};
-
-xorg = {
-  libX11 = ...;
-  libXaw = ...;
-  ...
-}
-
-libpng = ...;
-libjpg = ...;
-...
-```
-
-the set used in the function call to the function defined in
-`../tools/graphics/graphviz` inherits a number of variables from the
-surrounding scope (`fetchurl` ... `yacc`), but also inherits `libXaw`
-(the X Athena Widgets) from the `xorg` set.
-
-Summarizing the fragment
-
-```nix
-...
-inherit x y z;
-inherit (src-set) a b c;
-...
-```
-
-is equivalent to
-
-```nix
-...
-x = x; y = y; z = z;
-a = src-set.a; b = src-set.b; c = src-set.c;
-...
-```
-
-when used while defining local variables in a let-expression or while
-defining a set.
-
-In a `let` expression, `inherit` can be used to selectively bring specific attributes of a set into scope. For example
-
-
-```nix
-let
-  x = { a = 1; b = 2; };
-  inherit (builtins) attrNames;
-in
-{
-  names = attrNames x;
-}
-```
-
-is equivalent to
-
-```nix
-let
-  x = { a = 1; b = 2; };
-in
-{
-  names = builtins.attrNames x;
-}
-```
-
-both evaluate to `{ names = [ "a" "b" ]; }`.
-
-## Functions
-
-Functions have the following form:
-
-```nix
-pattern: body
-```
-
-The pattern specifies what the argument of the function must look like,
-and binds variables in the body to (parts of) the argument. There are
-three kinds of patterns:
-
-  - If a pattern is a single identifier, then the function matches any
-    argument. Example:
-
-    ```nix
-    let negate = x: !x;
-        concat = x: y: x + y;
-    in if negate true then concat "foo" "bar" else ""
-    ```
-
-    Note that `concat` is a function that takes one argument and returns
-    a function that takes another argument. This allows partial
-    parameterisation (i.e., only filling some of the arguments of a
-    function); e.g.,
-
-    ```nix
-    map (concat "foo") [ "bar" "bla" "abc" ]
-    ```
-
-    evaluates to `[ "foobar" "foobla" "fooabc" ]`.
-
-  - A *set pattern* of the form `{ name1, name2, …, nameN }` matches a
-    set containing the listed attributes, and binds the values of those
-    attributes to variables in the function body. For example, the
-    function
-
-    ```nix
-    { x, y, z }: z + y + x
-    ```
-
-    can only be called with a set containing exactly the attributes `x`,
-    `y` and `z`. No other attributes are allowed. If you want to allow
-    additional arguments, you can use an ellipsis (`...`):
-
-    ```nix
-    { x, y, z, ... }: z + y + x
-    ```
-
-    This works on any set that contains at least the three named
-    attributes.
-
-    It is possible to provide *default values* for attributes, in
-    which case they are allowed to be missing. A default value is
-    specified by writing `name ?  e`, where *e* is an arbitrary
-    expression. For example,
-
-    ```nix
-    { x, y ? "foo", z ? "bar" }: z + y + x
-    ```
-
-    specifies a function that only requires an attribute named `x`, but
-    optionally accepts `y` and `z`.
-
-  - An `@`-pattern provides a means of referring to the whole value
-    being matched:
-
-    ```nix
-    args@{ x, y, z, ... }: z + y + x + args.a
-    ```
-
-    but can also be written as:
-
-    ```nix
-    { x, y, z, ... } @ args: z + y + x + args.a
-    ```
-
-    Here `args` is bound to the argument *as passed*, which is further
-    matched against the pattern `{ x, y, z, ... }`.
-    The `@`-pattern makes mainly sense with an ellipsis(`...`) as
-    you can access attribute names as `a`, using `args.a`, which was
-    given as an additional attribute to the function.
-
-    > **Warning**
-    >
-    > `args@` binds the name `args` to the attribute set that is passed to the function.
-    > In particular, `args` does *not* include any default values specified with `?` in the function's set pattern.
-    >
-    > For instance
-    >
-    > ```nix
-    > let
-    >   f = args@{ a ? 23, ... }: [ a args ];
-    > in
-    >   f {}
-    > ```
-    >
-    > is equivalent to
-    >
-    > ```nix
-    > let
-    >   f = args @ { ... }: [ (args.a or 23) args ];
-    > in
-    >   f {}
-    > ```
-    >
-    > and both expressions will evaluate to:
-    >
-    > ```nix
-    > [ 23 {} ]
-    > ```
-
-Note that functions do not have names. If you want to give them a name,
-you can bind them to an attribute, e.g.,
-
-```nix
-let concat = { x, y }: x + y;
-in concat { x = "foo"; y = "bar"; }
-```
-
-## Conditionals
-
-Conditionals look like this:
-
-```nix
-if e1 then e2 else e3
-```
-
-where *e1* is an expression that should evaluate to a Boolean value
-(`true` or `false`).
-
-## Assertions
-
-Assertions are generally used to check that certain requirements on or
-between features and dependencies hold. They look like this:
-
-```nix
-assert e1; e2
-```
-
-where *e1* is an expression that should evaluate to a Boolean value. If
-it evaluates to `true`, *e2* is returned; otherwise expression
-evaluation is aborted and a backtrace is printed.
-
-Here is a Nix expression for the Subversion package that shows how
-assertions can be used:.
-
-```nix
-{ localServer ? false
-, httpServer ? false
-, sslSupport ? false
-, pythonBindings ? false
-, javaSwigBindings ? false
-, javahlBindings ? false
-, stdenv, fetchurl
-, openssl ? null, httpd ? null, db4 ? null, expat, swig ? null, j2sdk ? null
-}:
-
-assert localServer -> db4 != null; ①
-assert httpServer -> httpd != null && httpd.expat == expat; ②
-assert sslSupport -> openssl != null && (httpServer -> httpd.openssl == openssl); ③
-assert pythonBindings -> swig != null && swig.pythonSupport;
-assert javaSwigBindings -> swig != null && swig.javaSupport;
-assert javahlBindings -> j2sdk != null;
-
-stdenv.mkDerivation {
-  name = "subversion-1.1.1";
-  ...
-  openssl = if sslSupport then openssl else null; ④
-  ...
-}
-```
-
-The points of interest are:
-
-1.  This assertion states that if Subversion is to have support for
-    local repositories, then Berkeley DB is needed. So if the Subversion
-    function is called with the `localServer` argument set to `true` but
-    the `db4` argument set to `null`, then the evaluation fails.
-
-    Note that `->` is the [logical
-    implication](https://en.wikipedia.org/wiki/Truth_table#Logical_implication)
-    Boolean operation.
-
-2.  This is a more subtle condition: if Subversion is built with Apache
-    (`httpServer`) support, then the Expat library (an XML library) used
-    by Subversion should be same as the one used by Apache. This is
-    because in this configuration Subversion code ends up being linked
-    with Apache code, and if the Expat libraries do not match, a build-
-    or runtime link error or incompatibility might occur.
-
-3.  This assertion says that in order for Subversion to have SSL support
-    (so that it can access `https` URLs), an OpenSSL library must be
-    passed. Additionally, it says that *if* Apache support is enabled,
-    then Apache's OpenSSL should match Subversion's. (Note that if
-    Apache support is not enabled, we don't care about Apache's
-    OpenSSL.)
-
-4.  The conditional here is not really related to assertions, but is
-    worth pointing out: it ensures that if SSL support is disabled, then
-    the Subversion derivation is not dependent on OpenSSL, even if a
-    non-`null` value was passed. This prevents an unnecessary rebuild of
-    Subversion if OpenSSL changes.
-
-## With-expressions
-
-A *with-expression*,
-
-```nix
-with e1; e2
-```
-
-introduces the set *e1* into the lexical scope of the expression *e2*.
-For instance,
-
-```nix
-let as = { x = "foo"; y = "bar"; };
-in with as; x + y
-```
-
-evaluates to `"foobar"` since the `with` adds the `x` and `y` attributes
-of `as` to the lexical scope in the expression `x + y`. The most common
-use of `with` is in conjunction with the `import` function. E.g.,
-
-```nix
-with (import ./definitions.nix); ...
-```
-
-makes all attributes defined in the file `definitions.nix` available as
-if they were defined locally in a `let`-expression.
-
-The bindings introduced by `with` do not shadow bindings introduced by
-other means, e.g.
-
-```nix
-let a = 3; in with { a = 1; }; let a = 4; in with { a = 2; }; ...
-```
-
-establishes the same scope as
-
-```nix
-let a = 1; in let a = 2; in let a = 3; in let a = 4; in ...
-```
-
-## Comments
-
-Comments can be single-line, started with a `#` character, or
-inline/multi-line, enclosed within `/* ... */`.

doc/manual/src/language/constructs/lookup-path.md

@@ -4,9 +4,9 @@
 >
 > *lookup-path* = `<` *identifier* [ `/` *identifier* ]... `>`
 
-A lookup path is an identifier with an optional path suffix that resolves to a [path value](@docroot@/language/values.md#type-path) if the identifier matches a search path entry.
+A lookup path is an identifier with an optional path suffix that resolves to a [path value](@docroot@/language/types.md#type-path) if the identifier matches a search path entry.
 
-The value of a lookup path is determined by [`builtins.nixPath`](@docroot@/language/builtin-constants.md#builtins-nixPath).
+The value of a lookup path is determined by [`builtins.nixPath`](@docroot@/language/builtins.md#builtins-nixPath).
 
 See [`builtins.findFile`](@docroot@/language/builtins.md#builtins-findFile) for details on lookup path resolution.
 

doc/manual/src/language/derivations.md

@@ -12,12 +12,12 @@ It outputs an attribute set, and produces a [store derivation] as a side effect
 
 ### Required
 
-- [`name`]{#attr-name} ([String](@docroot@/language/values.md#type-string))
+- [`name`]{#attr-name} ([String](@docroot@/language/types.md#type-string))
 
   A symbolic name for the derivation.
   It is added to the [store path] of the corresponding [store derivation] as well as to its [output paths](@docroot@/glossary.md#gloss-output-path).
 
-  [store path]: @docroot@/glossary.md#gloss-store-path
+  [store path]: @docroot@/store/store-path.md
 
   > **Example**
   >
@@ -31,7 +31,7 @@ It outputs an attribute set, and produces a [store derivation] as a side effect
   > The store derivation's path will be `/nix/store/<hash>-hello.drv`.
   > The [output](#attr-outputs) paths will be of the form `/nix/store/<hash>-hello[-<output>]`
 
-- [`system`]{#attr-system} ([String](@docroot@/language/values.md#type-string))
+- [`system`]{#attr-system} ([String](@docroot@/language/types.md#type-string))
 
   The system type on which the [`builder`](#attr-builder) executable is meant to be run.
 
@@ -64,9 +64,9 @@ It outputs an attribute set, and produces a [store derivation] as a side effect
   > }
   > ```
   >
-  > [`builtins.currentSystem`](@docroot@/language/builtin-constants.md#builtins-currentSystem) has the value of the [`system` configuration option], and defaults to the system type of the current Nix installation.
+  > [`builtins.currentSystem`](@docroot@/language/builtins.md#builtins-currentSystem) has the value of the [`system` configuration option], and defaults to the system type of the current Nix installation.
 
-- [`builder`]{#attr-builder} ([Path](@docroot@/language/values.md#type-path) | [String](@docroot@/language/values.md#type-string))
+- [`builder`]{#attr-builder} ([Path](@docroot@/language/types.md#type-path) | [String](@docroot@/language/types.md#type-string))
 
   Path to an executable that will perform the build.
 
@@ -113,7 +113,7 @@ It outputs an attribute set, and produces a [store derivation] as a side effect
 
 ### Optional
 
-- [`args`]{#attr-args} ([List](@docroot@/language/values.md#list) of [String](@docroot@/language/values.md#type-string))
+- [`args`]{#attr-args} ([List](@docroot@/language/types.md#list) of [String](@docroot@/language/types.md#type-string))
 
   Default: `[ ]`
 
@@ -132,7 +132,7 @@ It outputs an attribute set, and produces a [store derivation] as a side effect
   > };
   > ```
 
-- [`outputs`]{#attr-outputs} ([List](@docroot@/language/values.md#list) of [String](@docroot@/language/values.md#type-string))
+- [`outputs`]{#attr-outputs} ([List](@docroot@/language/types.md#list) of [String](@docroot@/language/types.md#type-string))
 
   Default: `[ "out" ]`
 
@@ -141,7 +141,7 @@ It outputs an attribute set, and produces a [store derivation] as a side effect
 
   By default, a derivation produces a single output called `out`.
   However, derivations can produce multiple outputs.
-  This allows the associated [store objects](@docroot@/glossary.md#gloss-store-object) and their [closures](@docroot@/glossary.md#gloss-closure) to be copied or garbage-collected separately.
+  This allows the associated [store objects](@docroot@/store/store-object.md) and their [closures](@docroot@/glossary.md#gloss-closure) to be copied or garbage-collected separately.
 
   > **Example**
   >

doc/manual/src/language/import-from-derivation.md

@@ -2,9 +2,9 @@
 
 The value of a Nix expression can depend on the contents of a [store object].
 
-[store object]: @docroot@/glossary.md#gloss-store-object
+[store object]: @docroot@/store/store-object.md
 
-Passing an expression `expr` that evaluates to a [store path](@docroot@/glossary.md#gloss-store-path) to any built-in function which reads from the filesystem constitutes Import From Derivation (IFD):
+Passing an expression `expr` that evaluates to a [store path](@docroot@/store/store-path.md) to any built-in function which reads from the filesystem constitutes Import From Derivation (IFD):
 
 - [`import`](./builtins.md#builtins-import)` expr`
 - [`builtins.readFile`](./builtins.md#builtins-readFile)` expr`

doc/manual/src/language/index.md

@@ -53,7 +53,7 @@ This is an incomplete overview of language features, by example.
   <td>
 
 
-   *Basic values*
+   *Basic values ([primitives](@docroot@/language/types.md#primitives))*
 
 
   </td>
@@ -71,7 +71,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A string
+   A [string](@docroot@/language/types.md#type-string)
 
   </td>
  </tr>
@@ -94,6 +94,18 @@ This is an incomplete overview of language features, by example.
 
   </td>
  </tr>
+ <tr>
+  <td>
+
+   `# Explanation`
+
+  </td>
+  <td>
+
+   A [comment](@docroot@/language/syntax.md#comments).
+
+  </td>
+ </tr>
  <tr>
   <td>
 
@@ -106,7 +118,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   String interpolation (expands to `"hello world"`, `"1 2 3"`, `"/nix/store/<hash>-bash-<version>/bin/sh"`)
+   [String interpolation](@docroot@/language/string-interpolation.md) (expands to `"hello world"`, `"1 2 3"`, `"/nix/store/<hash>-bash-<version>/bin/sh"`)
 
   </td>
  </tr>
@@ -118,7 +130,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Booleans
+   [Booleans](@docroot@/language/types.md#type-boolean)
 
   </td>
  </tr>
@@ -130,7 +142,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Null value
+   [Null](@docroot@/language/types.md#type-null) value
 
   </td>
  </tr>
@@ -142,7 +154,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   An integer
+   An [integer](@docroot@/language/types.md#type-int)
 
   </td>
  </tr>
@@ -154,7 +166,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A floating point number
+   A [floating point number](@docroot@/language/types.md#type-float)
 
   </td>
  </tr>
@@ -166,7 +178,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   An absolute path
+   An absolute [path](@docroot@/language/types.md#type-path)
 
   </td>
  </tr>
@@ -178,7 +190,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A path relative to the file containing this Nix expression
+   A [path](@docroot@/language/types.md#type-path) relative to the file containing this Nix expression
 
   </td>
  </tr>
@@ -190,7 +202,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A home path. Evaluates to the `"<user's home directory>/.config"`.
+   A home [path](@docroot@/language/types.md#type-path). Evaluates to the `"<user's home directory>/.config"`.
 
   </td>
  </tr>
@@ -202,7 +214,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Search path for Nix files. Value determined by [`$NIX_PATH` environment variable](../command-ref/env-common.md#env-NIX_PATH).
+   A [lookup path](@docroot@/language/constructs/lookup-path.md) for Nix files. Value determined by [`$NIX_PATH` environment variable](../command-ref/env-common.md#env-NIX_PATH).
 
   </td>
  </tr>
@@ -226,7 +238,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A set with attributes named `x` and `y`
+   An [attribute set](@docroot@/language/types.md#attribute-set) with attributes named `x` and `y`
 
   </td>
  </tr>
@@ -250,7 +262,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A recursive set, equivalent to `{ x = "foo"; y = "foobar"; }`
+   A [recursive set](@docroot@/language/syntax.md#recursive-sets), equivalent to `{ x = "foo"; y = "foobar"; }`.
 
   </td>
  </tr>
@@ -266,7 +278,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Lists with three elements.
+   [Lists](@docroot@/language/types.md#list) with three elements.
 
   </td>
  </tr>
@@ -350,7 +362,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Attribute selection (evaluates to `1`)
+   [Attribute selection](@docroot@/language/types.md#attribute-set) (evaluates to `1`)
 
   </td>
  </tr>
@@ -362,7 +374,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Attribute selection with default (evaluates to `3`)
+   [Attribute selection](@docroot@/language/types.md#attribute-set) with default (evaluates to `3`)
 
   </td>
  </tr>
@@ -398,7 +410,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Conditional expression
+   [Conditional expression](@docroot@/language/syntax.md#conditionals).
 
   </td>
  </tr>
@@ -410,7 +422,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Assertion check (evaluates to `"yes!"`).
+   [Assertion](@docroot@/language/syntax.md#assertions) check (evaluates to `"yes!"`).
 
   </td>
  </tr>
@@ -422,7 +434,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Variable definition
+   Variable definition. See [`let`-expressions](@docroot@/language/syntax.md#let-expressions).
 
   </td>
  </tr>
@@ -434,7 +446,9 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Add all attributes from the given set to the scope (evaluates to `1`)
+   Add all attributes from the given set to the scope (evaluates to `1`).
+
+   See [`with`-expressions](@docroot@/language/syntax.md#with-expressions) for details and shadowing caveats.
 
   </td>
  </tr>
@@ -447,7 +461,8 @@ This is an incomplete overview of language features, by example.
   <td>
 
    Adds the variables to the current scope (attribute set or `let` binding).
-   Desugars to `pkgs = pkgs; src = src;`
+   Desugars to `pkgs = pkgs; src = src;`.
+   See [Inheriting attributes](@docroot@/language/syntax.md#inheriting-attributes).
 
   </td>
  </tr>
@@ -460,14 +475,15 @@ This is an incomplete overview of language features, by example.
   <td>
 
    Adds the attributes, from the attribute set in parentheses, to the current scope (attribute set or `let` binding).
-   Desugars to `lib = pkgs.lib; stdenv = pkgs.stdenv;`
+   Desugars to `lib = pkgs.lib; stdenv = pkgs.stdenv;`.
+   See [Inheriting attributes](@docroot@/language/syntax.md#inheriting-attributes).
 
   </td>
  </tr>
  <tr>
   <td>
 
-   *Functions (lambdas)*
+   *[Functions](@docroot@/language/syntax.md#functions) (lambdas)*
 
   </td>
   <td>
@@ -484,7 +500,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A function that expects an integer and returns it increased by 1
+   A [function](@docroot@/language/syntax.md#functions) that expects an integer and returns it increased by 1.
 
   </td>
  </tr>
@@ -496,7 +512,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Curried function, equivalent to `x: (y: x + y)`. Can be used like a function that takes two arguments and returns their sum.
+   Curried [function](@docroot@/language/syntax.md#functions), equivalent to `x: (y: x + y)`. Can be used like a function that takes two arguments and returns their sum.
 
   </td>
  </tr>
@@ -508,7 +524,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A function call (evaluates to 101)
+   A [function](@docroot@/language/syntax.md#functions) call (evaluates to 101)
 
   </td>
  </tr>
@@ -520,7 +536,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A function bound to a variable and subsequently called by name (evaluates to 103)
+   A [function](@docroot@/language/syntax.md#functions) bound to a variable and subsequently called by name (evaluates to 103)
 
   </td>
  </tr>
@@ -532,7 +548,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A function that expects a set with required attributes `x` and `y` and concatenates them
+   A [function](@docroot@/language/syntax.md#functions) that expects a set with required attributes `x` and `y` and concatenates them
 
   </td>
  </tr>
@@ -544,7 +560,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A function that expects a set with required attribute `x` and optional `y`, using `"bar"` as default value for `y`
+   A [function](@docroot@/language/syntax.md#functions) that expects a set with required attribute `x` and optional `y`, using `"bar"` as default value for `y`
 
   </td>
  </tr>
@@ -556,7 +572,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A function that expects a set with required attributes `x` and `y` and ignores any other attributes
+   A [function](@docroot@/language/syntax.md#functions) that expects a set with required attributes `x` and `y` and ignores any other attributes
 
   </td>
  </tr>
@@ -570,7 +586,7 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   A function that expects a set with required attributes `x` and `y`, and binds the whole set to `args`
+   A [function](@docroot@/language/syntax.md#functions) that expects a set with required attributes `x` and `y`, and binds the whole set to `args`
 
   </td>
  </tr>
@@ -594,7 +610,8 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Load and return Nix expression in given file
+   Load and return Nix expression in given file.
+   See [import](@docroot@/language/builtins.md#builtins-import).
 
   </td>
  </tr>
@@ -606,7 +623,8 @@ This is an incomplete overview of language features, by example.
   </td>
   <td>
 
-   Apply a function to every element of a list (evaluates to `[ 2 4 6 ]`)
+   Apply a function to every element of a list (evaluates to `[ 2 4 6 ]`).
+   See [`map`](@docroot@/language/builtins.md#builtins-map).
 
   </td>
  </tr>

doc/manual/src/language/operators.md

@@ -27,11 +27,11 @@
 | Logical disjunction (`OR`)             | *bool* <code>\|\|</code> *bool*            | left          | 13         |
 | [Logical implication]                  | *bool* `->` *bool*                         | right         | 14         |
 
-[string]: ./values.md#type-string
-[path]: ./values.md#type-path
-[number]: ./values.md#type-number
-[list]: ./values.md#list
-[attribute set]: ./values.md#attribute-set
+[string]: ./types.md#type-string
+[path]: ./types.md#type-path
+[number]: ./types.md#type-float <!-- TODO(@rhendric, #10970): rationalize this -->
+[list]: ./types.md#list
+[attribute set]: ./types.md#attribute-set
 
 ## Attribute selection
 
@@ -42,7 +42,7 @@
 Select the attribute denoted by attribute path *attrpath* from [attribute set] *attrset*.
 If the attribute doesn’t exist, return the *expr* after `or` if provided, otherwise abort evaluation.
 
-An attribute path is a dot-separated list of [attribute names](./values.md#attribute-set).
+An attribute path is a dot-separated list of [attribute names](./types.md#attribute-set).
 
 > **Syntax**
 >
@@ -61,7 +61,7 @@ The result is a [Boolean] value.
 
 See also: [`builtins.hasAttr`](@docroot@/language/builtins.md#builtins-hasAttr)
 
-[Boolean]: ./values.md#type-boolean
+[Boolean]: ./types.md#type-boolean
 
 [Has attribute]: #has-attribute
 
@@ -128,7 +128,7 @@ The result is a string.
 > The file or directory at *path* must exist and is copied to the [store].
 > The path appears in the result as the corresponding [store path].
 
-[store path]: @docroot@/glossary.md#gloss-store-path
+[store path]: @docroot@/store/store-path.md
 [store]: @docroot@/glossary.md#gloss-store
 
 [String and path concatenation]: #string-and-path-concatenation
@@ -141,7 +141,7 @@ The result is a string.
 
 Update [attribute set] *attrset1* with names and values from *attrset2*.
 
-The returned attribute set will have of all the attributes in *attrset1* and *attrset2*.
+The returned attribute set will have all of the attributes in *attrset1* and *attrset2*.
 If an attribute name is present in both, the attribute value from the latter is taken.
 
 [Update]: #update
@@ -172,7 +172,7 @@ All comparison operators are implemented in terms of `<`, and the following equi
 - Numbers are type-compatible, see [arithmetic] operators.
 - Floating point numbers only differ up to a limited precision.
 
-[function]: ./constructs.md#functions
+[function]: ./syntax.md#functions
 
 [Equality]: #equality
 

doc/manual/src/language/scope.md

@@ -0,0 +1,14 @@
+# Scoping rules
+
+Nix is [statically scoped](https://en.wikipedia.org/wiki/Scope_(computer_science)#Lexical_scope), but with multiple scopes and shadowing rules.
+
+* primary scope: explicitly-bound variables
+  * [`let`](./syntax.md#let-expressions)
+  * [`inherit`](./syntax.md#inheriting-attributes)
+  * [function](./syntax.md#functions) arguments
+
+* secondary scope: implicitly-bound variables
+  * [`with`](./syntax.md#with-expressions)
+
+Primary scope takes precedence over secondary scope.
+See [`with`](./syntax.md#with-expressions) for a detailed example.

doc/manual/src/language/string-context.md

@@ -0,0 +1,134 @@
+# String context
+
+> **Note**
+>
+> This is an advanced topic.
+> The Nix language is designed to be used without the programmer consciously dealing with string contexts or even knowing what they are.
+
+A string in the Nix language is not just a sequence of characters like strings in other languages.
+It is actually a pair of a sequence of characters and a *string context*.
+The string context is an (unordered) set of *string context elements*.
+
+The purpose of string contexts is to collect non-string values attached to strings via
+[string concatenation](./operators.md#string-concatenation),
+[string interpolation](./string-interpolation.md),
+and similar operations.
+The idea is that a user can combine together values to create a build instructions for derivations without manually keeping track of where they come from.
+Then the Nix language implicitly does that bookkeeping to efficiently obtain the closure of derivation inputs.
+
+> **Note**
+>
+> String contexts are *not* explicitly manipulated in idiomatic Nix language code.
+
+String context elements come in different forms:
+
+- [deriving path]{#string-context-element-derived-path}
+
+  A string context element of this type is a [deriving path](@docroot@/glossary.md#gloss-deriving-path).
+  They can be either of type [constant](#string-context-constant) or [output](#string-context-output), which correspond to the types of deriving paths.
+
+  - [Constant string context elements]{#string-context-constant}
+
+    > **Example**
+    >
+    > [`builtins.storePath`] creates a string with a single constant string context element:
+    >
+    > ```nix
+    > builtins.getContext (builtins.storePath "/nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10")
+    > ```
+    > evaluates to
+    > ```nix
+    > {
+    >   "/nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10" = {
+    >     path = true;
+    >   };
+    > }
+    > ```
+
+    [deriving path]: @docroot@/glossary.md#gloss-deriving-path
+    [store path]: @docroot@/glossary.md#gloss-store-path
+    [`builtins.storePath`]: ./builtins.md#builtins-storePath
+
+  - [Output string context elements]{#string-context-output}
+
+    > **Example**
+    >
+    > The behavior of string contexts are best demonstrated with a built-in function that is still experimental: [`builtins.outputOf`].
+    > This example will *not* work with stable Nix!
+    >
+    > ```nix
+    > builtins.getContext
+    >   (builtins.outputOf
+    >     (builtins.storePath "/nix/store/fvchh9cvcr7kdla6n860hshchsba305w-hello-2.12.drv")
+    >     "out")
+    > ```
+    > evaluates to
+    > ```nix
+    > {
+    >   "/nix/store/fvchh9cvcr7kdla6n860hshchsba305w-hello-2.12.drv" = {
+    >     outputs = [ "out" ];
+    >   };
+    > }
+    > ```
+
+    [`builtins.outputOf`]: ./builtins.md#builtins-outputOf
+
+- [*derivation deep*]{#string-context-element-derivation-deep}
+
+  *derivation deep* is an advanced feature intended to be used with the
+  [`exportReferencesGraph` derivation attribute](./advanced-attributes.html#adv-attr-exportReferencesGraph).
+  A *derivation deep* string context element is a derivation path, and refers to both its outputs and the entire build closure of that derivation:
+  all its outputs, all the other derivations the given derivation depends on, and all the outputs of those.
+
+  > **Example**
+  >
+  > The best way to illustrate *derivation deep* string contexts is with [`builtins.addDrvOutputDependencies`].
+  > Take a regular constant string context element pointing to a derivation, and transform it into a "Derivation deep" string context element.
+  >
+  > ```nix
+  > builtins.getContext
+  >   (builtins.addDrvOutputDependencies
+  >     (builtins.storePath "/nix/store/fvchh9cvcr7kdla6n860hshchsba305w-hello-2.12.drv"))
+  > ```
+  > evaluates to
+  > ```nix
+  > {
+  >   "/nix/store/fvchh9cvcr7kdla6n860hshchsba305w-hello-2.12.drv" = {
+  >     allOutputs = true;
+  >   };
+  > }
+  > ```
+
+  [`builtins.addDrvOutputDependencies`]: ./builtins.md#builtins-addDrvOutputDependencies
+  [`builtins.unsafeDiscardOutputDependency`]: ./builtins.md#builtins-unsafeDiscardOutputDependency
+
+## Inspecting string contexts
+
+Most basically, [`builtins.hasContext`] will tell whether a string has a non-empty context.
+
+When more granular information is needed, [`builtins.getContext`] can be used.
+It creates an [attribute set] representing the string context, which can be inspected as usual.
+
+[`builtins.hasContext`]: ./builtins.md#builtins-hasContext
+[`builtins.getContext`]: ./builtins.md#builtins-getContext
+[attribute set]: ./types.md#attribute-set
+
+## Clearing string contexts
+
+[`buitins.unsafeDiscardStringContext`](./builtins.md#builtins-unsafeDiscardStringContext) will make a copy of a string, but with an empty string context.
+The returned string can be used in more ways, e.g. by operators that require the string context to be empty.
+The requirement to explicitly discard the string context in such use cases helps ensure that string context elements are not lost by mistake.
+The "unsafe" marker is only there to remind that Nix normally guarantees that dependencies are tracked, whereas the returned string has lost them.
+
+## Constructing string contexts
+
+[`builtins.appendContext`] will create a copy of a string, but with additional string context elements.
+The context is specified explicitly by an [attribute set] in the format that [`builtins.hasContext`] produces.
+A string with arbitrary contexts can be made like this:
+
+1. Create a string with the desired string context elements.
+   (The contents of the string do not matter.)
+2. Dump its context with [`builtins.getContext`].
+3. Combine it with a base string and repeated [`builtins.appendContext`] calls.
+
+[`builtins.appendContext`]: ./builtins.md#builtins-appendContext

doc/manual/src/language/string-interpolation.md

@@ -4,9 +4,9 @@ String interpolation is a language feature where a [string], [path], or [attribu
 
 Such a construct is called *interpolated string*, and the expression inside is an [interpolated expression](#interpolated-expression).
 
-[string]: ./values.md#type-string
-[path]: ./values.md#type-path
-[attribute set]: ./values.md#attribute-set
+[string]: ./types.md#type-string
+[path]: ./types.md#type-path
+[attribute set]: ./types.md#attribute-set
 
 ## Examples
 
@@ -43,6 +43,47 @@ configureFlags = "
 Note that Nix expressions and strings can be arbitrarily nested;
 in this case the outer string contains various interpolated expressions that themselves contain strings (e.g., `"-thread"`), some of which in turn contain interpolated expressions (e.g., `${mesa}`).
 
+To write a literal `${` in an regular string, escape it with a backslash (`\`).
+
+> **Example**
+>
+> ```nix
+> "echo \${PATH}"
+> ```
+>
+>     "echo ${PATH}"
+
+To write a literal `${` in an indented string, escape it with two single quotes (`''`).
+
+> **Example**
+>
+> ```nix
+> ''
+>   echo ''${PATH}
+> ''
+> ```
+>
+>     "echo ${PATH}\n"
+
+`$${` can be written literally in any string.
+
+> **Example**
+>
+> In Make, `$` in file names or recipes is represented as `$$`, see [GNU `make`: Basics of Variable Reference](https://www.gnu.org/software/make/manual/html_node/Reference.html#Basics-of-Variable-References).
+> This can be expressed directly in the Nix language strings:
+>
+> ```nix
+> ''
+>   MAKEVAR = Hello
+>   all:
+>   	@export BASHVAR=world; echo $(MAKEVAR) $${BASHVAR}
+> ''
+> ```
+>
+>     "MAKEVAR = Hello\nall:\n\t@export BASHVAR=world; echo $(MAKEVAR) $\${BASHVAR}\n"
+
+See the [documentation on strings][string] for details.
+
 ### Path
 
 Rather than writing
@@ -107,9 +148,9 @@ An expression that is interpolated must evaluate to one of the following:
 
 A string interpolates to itself.
 
-A path in an interpolated expression is first copied into the Nix store, and the resulting string is the [store path] of the newly created [store object](@docroot@/glossary.md#gloss-store-object).
+A path in an interpolated expression is first copied into the Nix store, and the resulting string is the [store path] of the newly created [store object](@docroot@/store/store-object.md).
 
-[store path]: @docroot@/glossary.md#gloss-store-path
+[store path]: @docroot@/store/store-path.md
 
 > **Example**
 >

doc/manual/src/language/syntax.md

@@ -0,0 +1,827 @@
+# Language Constructs
+
+This section covers syntax and semantics of the Nix language.
+
+## Basic Literals
+
+### String {#string-literal}
+
+  *Strings* can be written in three ways.
+
+  The most common way is to enclose the string between double quotes, e.g., `"foo bar"`.
+  Strings can span multiple lines.
+  The results of other expressions can be included into a string by enclosing them in `${ }`, a feature known as [string interpolation].
+
+  [string interpolation]: ./string-interpolation.md
+
+  The following must be escaped to represent them within a string, by prefixing with a backslash (`\`):
+
+  - Double quote (`"`)
+
+    > **Example**
+    >
+    > ```nix
+    > "\""
+    > ```
+    >
+    >    "\""
+
+  - Backslash (`\`)
+
+    > **Example**
+    >
+    > ```nix
+    > "\\"
+    > ```
+    >
+    >    "\\"
+
+  - Dollar sign followed by an opening curly bracket (`${`) – "dollar-curly"
+
+    > **Example**
+    >
+    > ```nix
+    > "\${"
+    > ```
+    >
+    >    "\${"
+
+  The newline, carriage return, and tab characters can be written as `\n`, `\r` and `\t`, respectively.
+
+  A "double-dollar-curly" (`$${`) can be written literally.
+
+  > **Example**
+  >
+  > ```nix
+  > "$${"
+  > ```
+  >
+  >    "$\${"
+
+  String values are output on the terminal with Nix-specific escaping.
+  Strings written to files will contain the characters encoded by the escaping.
+
+  The second way to write string literals is as an *indented string*, which is enclosed between pairs of *double single-quotes* (`''`), like so:
+
+  ```nix
+  ''
+    This is the first line.
+    This is the second line.
+      This is the third line.
+  ''
+  ```
+
+  This kind of string literal intelligently strips indentation from
+  the start of each line. To be precise, it strips from each line a
+  number of spaces equal to the minimal indentation of the string as a
+  whole (disregarding the indentation of empty lines). For instance,
+  the first and second line are indented two spaces, while the third
+  line is indented four spaces. Thus, two spaces are stripped from
+  each line, so the resulting string is
+
+  ```nix
+  "This is the first line.\nThis is the second line.\n  This is the third line.\n"
+  ```
+
+  > **Note**
+  >
+  > Whitespace and newline following the opening `''` is ignored if there is no non-whitespace text on the initial line.
+
+  > **Warning**
+  >
+  > Prefixed tab characters are not stripped.
+  >
+  > > **Example**
+  > >
+  > > The following indented string is prefixed with tabs:
+  > >
+  > > ''
+  > > 	all:
+  > > 		@echo hello
+  > > ''
+  > >
+  > >     "\tall:\n\t\t@echo hello\n"
+
+  Indented strings support [string interpolation].
+
+  The following must be escaped to represent them in an indented string:
+
+  - `$` is escaped by prefixing it with two single quotes (`''`)
+
+    > **Example**
+    >
+    > ```nix
+    > ''
+    >   ''$
+    > ''
+    > ```
+    >
+    >     "$\n"
+
+  - `''` is escaped by prefixing it with one single quote (`'`)
+
+    > **Example**
+    >
+    > ```nix
+    > ''
+    >   '''
+    > ''
+    > ```
+    >
+    >     "''\n"
+
+  These special characters are escaped as follows:
+  - Linefeed (`\n`): `''\n`
+  - Carriage return (`\r`): `''\r`
+  - Tab (`\t`): `''\t`
+
+  `''\` escapes any other character.
+
+  A "double-dollar-curly" (`$${`) can be written literally.
+
+  > **Example**
+  >
+  > ```nix
+  > ''
+  >   $${
+  > ''
+  > ```
+  >
+  >     "$\${\n"
+
+  Indented strings are primarily useful in that they allow multi-line
+  string literals to follow the indentation of the enclosing Nix
+  expression, and that less escaping is typically necessary for
+  strings representing languages such as shell scripts and
+  configuration files because `''` is much less common than `"`.
+  Example:
+
+  ```nix
+  stdenv.mkDerivation {
+    ...
+    postInstall =
+      ''
+        mkdir $out/bin $out/etc
+        cp foo $out/bin
+        echo "Hello World" > $out/etc/foo.conf
+        ${if enableBar then "cp bar $out/bin" else ""}
+      '';
+    ...
+  }
+  ```
+
+  Finally, as a convenience, *URIs* as defined in appendix B of
+  [RFC 2396](http://www.ietf.org/rfc/rfc2396.txt) can be written *as
+  is*, without quotes. For instance, the string
+  `"http://example.org/foo.tar.bz2"` can also be written as
+  `http://example.org/foo.tar.bz2`.
+
+### Number {#number-literal}
+
+<!-- TODO(@rhendric, #10970): split this into int and float -->
+
+  Numbers, which can be *integers* (like `123`) or *floating point*
+  (like `123.43` or `.27e13`).
+
+  See [arithmetic] and [comparison] operators for semantics.
+
+  [arithmetic]: ./operators.md#arithmetic
+  [comparison]: ./operators.md#comparison
+
+### Path {#path-literal}
+
+  *Paths* can be expressed by path literals such as `./builder.sh`.
+
+  A path literal must contain at least one slash to be recognised as such.
+  For instance, `builder.sh` is not a path:
+  it's parsed as an expression that selects the attribute `sh` from the variable `builder`.
+
+  Path literals are resolved relative to their [base directory](@docroot@/glossary.md#gloss-base-directory).
+  Path literals may also refer to absolute paths by starting with a slash.
+
+  > **Note**
+  >
+  > Absolute paths make expressions less portable.
+  > In the case where a function translates a path literal into an absolute path string for a configuration file, it is recommended to write a string literal instead.
+  > This avoids some confusion about whether files at that location will be used during evaluation.
+  > It also avoids unintentional situations where some function might try to copy everything at the location into the store.
+
+  If the first component of a path is a `~`, it is interpreted such that the rest of the path were relative to the user's home directory.
+  For example, `~/foo` would be equivalent to `/home/edolstra/foo` for a user whose home directory is `/home/edolstra`.
+  Path literals that start with `~` are not allowed in [pure](@docroot@/command-ref/conf-file.md#conf-pure-eval) evaluation.
+
+  Path literals can also include [string interpolation], besides being [interpolated into other expressions].
+
+  [interpolated into other expressions]: ./string-interpolation.md#interpolated-expressions
+
+  At least one slash (`/`) must appear *before* any interpolated expression for the result to be recognized as a path.
+
+  `a.${foo}/b.${bar}` is a syntactically valid number division operation.
+  `./a.${foo}/b.${bar}` is a path.
+
+  [Lookup path](./constructs/lookup-path.md) literals such as `<nixpkgs>` also resolve to path values.
+
+## List {#list-literal}
+
+Lists are formed by enclosing a whitespace-separated list of values
+between square brackets. For example,
+
+```nix
+[ 123 ./foo.nix "abc" (f { x = y; }) ]
+```
+
+defines a list of four elements, the last being the result of a call to
+the function `f`. Note that function calls have to be enclosed in
+parentheses. If they had been omitted, e.g.,
+
+```nix
+[ 123 ./foo.nix "abc" f { x = y; } ]
+```
+
+the result would be a list of five elements, the fourth one being a
+function and the fifth being a set.
+
+Note that lists are only lazy in values, and they are strict in length.
+
+Elements in a list can be accessed using [`builtins.elemAt`](./builtins.md#builtins-elemAt).
+
+## Attribute Set {#attrs-literal}
+
+An attribute set is a collection of name-value-pairs (called *attributes*) enclosed in curly brackets (`{ }`).
+
+An attribute name can be an identifier or a [string](#string).
+An identifier must start with a letter (`a-z`, `A-Z`) or underscore (`_`), and can otherwise contain letters (`a-z`, `A-Z`), numbers (`0-9`), underscores (`_`), apostrophes (`'`), or dashes (`-`).
+
+> **Syntax**
+>
+> *name* = *identifier* | *string* \
+> *identifier* ~ `[a-zA-Z_][a-zA-Z0-9_'-]*`
+
+Names and values are separated by an equal sign (`=`).
+Each value is an arbitrary expression terminated by a semicolon (`;`).
+
+> **Syntax**
+>
+> *attrset* = `{` [ *name* `=` *expr* `;` ]... `}`
+
+Attributes can appear in any order.
+An attribute name may only occur once.
+
+Example:
+
+```nix
+{
+  x = 123;
+  text = "Hello";
+  y = f { bla = 456; };
+}
+```
+
+This defines a set with attributes named `x`, `text`, `y`.
+
+Attributes can be accessed with the [`.` operator](./operators.md#attribute-selection).
+
+Example:
+
+```nix
+{ a = "Foo"; b = "Bar"; }.a
+```
+
+This evaluates to `"Foo"`.
+
+It is possible to provide a default value in an attribute selection using the `or` keyword.
+
+Example:
+
+```nix
+{ a = "Foo"; b = "Bar"; }.c or "Xyzzy"
+```
+
+```nix
+{ a = "Foo"; b = "Bar"; }.c.d.e.f.g or "Xyzzy"
+```
+
+will both evaluate to `"Xyzzy"` because there is no `c` attribute in the set.
+
+You can use arbitrary double-quoted strings as attribute names:
+
+```nix
+{ "$!@#?" = 123; }."$!@#?"
+```
+
+```nix
+let bar = "bar"; in
+{ "foo ${bar}" = 123; }."foo ${bar}"
+```
+
+Both will evaluate to `123`.
+
+Attribute names support [string interpolation]:
+
+```nix
+let bar = "foo"; in
+{ foo = 123; }.${bar}
+```
+
+```nix
+let bar = "foo"; in
+{ ${bar} = 123; }.foo
+```
+
+Both will evaluate to `123`.
+
+In the special case where an attribute name inside of a set declaration
+evaluates to `null` (which is normally an error, as `null` cannot be coerced to
+a string), that attribute is simply not added to the set:
+
+```nix
+{ ${if foo then "bar" else null} = true; }
+```
+
+This will evaluate to `{}` if `foo` evaluates to `false`.
+
+A set that has a `__functor` attribute whose value is callable (i.e. is
+itself a function or a set with a `__functor` attribute whose value is
+callable) can be applied as if it were a function, with the set itself
+passed in first , e.g.,
+
+```nix
+let add = { __functor = self: x: x + self.x; };
+    inc = add // { x = 1; };
+in inc 1
+```
+
+evaluates to `2`. This can be used to attach metadata to a function
+without the caller needing to treat it specially, or to implement a form
+of object-oriented programming, for example.
+
+## Recursive sets
+
+Recursive sets are like normal [attribute sets](./types.md#attribute-set), but the attributes can refer to each other.
+
+> *rec-attrset* = `rec {` [ *name* `=` *expr* `;` `]`... `}`
+
+Example:
+
+```nix
+rec {
+  x = y;
+  y = 123;
+}.x
+```
+
+This evaluates to `123`.
+
+Note that without `rec` the binding `x = y;` would
+refer to the variable `y` in the surrounding scope, if one exists, and
+would be invalid if no such variable exists. That is, in a normal
+(non-recursive) set, attributes are not added to the lexical scope; in a
+recursive set, they are.
+
+Recursive sets of course introduce the danger of infinite recursion. For
+example, the expression
+
+```nix
+rec {
+  x = y;
+  y = x;
+}.x
+```
+
+will crash with an `infinite recursion encountered` error message.
+
+## Let-expressions
+
+A let-expression allows you to define local variables for an expression.
+
+> *let-in* = `let` [ *identifier* = *expr* ]... `in` *expr*
+
+Example:
+
+```nix
+let
+  x = "foo";
+  y = "bar";
+in x + y
+```
+
+This evaluates to `"foobar"`.
+
+## Inheriting attributes
+
+When defining an [attribute set](./types.md#attribute-set) or in a [let-expression](#let-expressions) it is often convenient to copy variables from the surrounding lexical scope (e.g., when you want to propagate attributes).
+This can be shortened using the `inherit` keyword.
+
+Example:
+
+```nix
+let x = 123; in
+{
+  inherit x;
+  y = 456;
+}
+```
+
+is equivalent to
+
+```nix
+let x = 123; in
+{
+  x = x;
+  y = 456;
+}
+```
+
+and both evaluate to `{ x = 123; y = 456; }`.
+
+> **Note**
+>
+> This works because `x` is added to the lexical scope by the `let` construct.
+
+It is also possible to inherit attributes from another attribute set.
+
+Example:
+
+In this fragment from `all-packages.nix`,
+
+```nix
+graphviz = (import ../tools/graphics/graphviz) {
+  inherit fetchurl stdenv libpng libjpeg expat x11 yacc;
+  inherit (xorg) libXaw;
+};
+
+xorg = {
+  libX11 = ...;
+  libXaw = ...;
+  ...
+}
+
+libpng = ...;
+libjpg = ...;
+...
+```
+
+the set used in the function call to the function defined in
+`../tools/graphics/graphviz` inherits a number of variables from the
+surrounding scope (`fetchurl` ... `yacc`), but also inherits `libXaw`
+(the X Athena Widgets) from the `xorg` set.
+
+Summarizing the fragment
+
+```nix
+...
+inherit x y z;
+inherit (src-set) a b c;
+...
+```
+
+is equivalent to
+
+```nix
+...
+x = x; y = y; z = z;
+a = src-set.a; b = src-set.b; c = src-set.c;
+...
+```
+
+when used while defining local variables in a let-expression or while
+defining a set.
+
+In a `let` expression, `inherit` can be used to selectively bring specific attributes of a set into scope. For example
+
+
+```nix
+let
+  x = { a = 1; b = 2; };
+  inherit (builtins) attrNames;
+in
+{
+  names = attrNames x;
+}
+```
+
+is equivalent to
+
+```nix
+let
+  x = { a = 1; b = 2; };
+in
+{
+  names = builtins.attrNames x;
+}
+```
+
+both evaluate to `{ names = [ "a" "b" ]; }`.
+
+## Functions
+
+Functions have the following form:
+
+```nix
+pattern: body
+```
+
+The pattern specifies what the argument of the function must look like,
+and binds variables in the body to (parts of) the argument. There are
+three kinds of patterns:
+
+  - If a pattern is a single identifier, then the function matches any
+    argument. Example:
+
+    ```nix
+    let negate = x: !x;
+        concat = x: y: x + y;
+    in if negate true then concat "foo" "bar" else ""
+    ```
+
+    Note that `concat` is a function that takes one argument and returns
+    a function that takes another argument. This allows partial
+    parameterisation (i.e., only filling some of the arguments of a
+    function); e.g.,
+
+    ```nix
+    map (concat "foo") [ "bar" "bla" "abc" ]
+    ```
+
+    evaluates to `[ "foobar" "foobla" "fooabc" ]`.
+
+  - A *set pattern* of the form `{ name1, name2, …, nameN }` matches a
+    set containing the listed attributes, and binds the values of those
+    attributes to variables in the function body. For example, the
+    function
+
+    ```nix
+    { x, y, z }: z + y + x
+    ```
+
+    can only be called with a set containing exactly the attributes `x`,
+    `y` and `z`. No other attributes are allowed. If you want to allow
+    additional arguments, you can use an ellipsis (`...`):
+
+    ```nix
+    { x, y, z, ... }: z + y + x
+    ```
+
+    This works on any set that contains at least the three named
+    attributes.
+
+    It is possible to provide *default values* for attributes, in
+    which case they are allowed to be missing. A default value is
+    specified by writing `name ?  e`, where *e* is an arbitrary
+    expression. For example,
+
+    ```nix
+    { x, y ? "foo", z ? "bar" }: z + y + x
+    ```
+
+    specifies a function that only requires an attribute named `x`, but
+    optionally accepts `y` and `z`.
+
+  - An `@`-pattern provides a means of referring to the whole value
+    being matched:
+
+    ```nix
+    args@{ x, y, z, ... }: z + y + x + args.a
+    ```
+
+    but can also be written as:
+
+    ```nix
+    { x, y, z, ... } @ args: z + y + x + args.a
+    ```
+
+    Here `args` is bound to the argument *as passed*, which is further
+    matched against the pattern `{ x, y, z, ... }`.
+    The `@`-pattern makes mainly sense with an ellipsis(`...`) as
+    you can access attribute names as `a`, using `args.a`, which was
+    given as an additional attribute to the function.
+
+    > **Warning**
+    >
+    > `args@` binds the name `args` to the attribute set that is passed to the function.
+    > In particular, `args` does *not* include any default values specified with `?` in the function's set pattern.
+    >
+    > For instance
+    >
+    > ```nix
+    > let
+    >   f = args@{ a ? 23, ... }: [ a args ];
+    > in
+    >   f {}
+    > ```
+    >
+    > is equivalent to
+    >
+    > ```nix
+    > let
+    >   f = args @ { ... }: [ (args.a or 23) args ];
+    > in
+    >   f {}
+    > ```
+    >
+    > and both expressions will evaluate to:
+    >
+    > ```nix
+    > [ 23 {} ]
+    > ```
+
+Note that functions do not have names. If you want to give them a name,
+you can bind them to an attribute, e.g.,
+
+```nix
+let concat = { x, y }: x + y;
+in concat { x = "foo"; y = "bar"; }
+```
+
+## Conditionals
+
+Conditionals look like this:
+
+```nix
+if e1 then e2 else e3
+```
+
+where *e1* is an expression that should evaluate to a Boolean value
+(`true` or `false`).
+
+## Assertions
+
+Assertions are generally used to check that certain requirements on or
+between features and dependencies hold. They look like this:
+
+```nix
+assert e1; e2
+```
+
+where *e1* is an expression that should evaluate to a Boolean value. If
+it evaluates to `true`, *e2* is returned; otherwise expression
+evaluation is aborted and a backtrace is printed.
+
+Here is a Nix expression for the Subversion package that shows how
+assertions can be used:.
+
+```nix
+{ localServer ? false
+, httpServer ? false
+, sslSupport ? false
+, pythonBindings ? false
+, javaSwigBindings ? false
+, javahlBindings ? false
+, stdenv, fetchurl
+, openssl ? null, httpd ? null, db4 ? null, expat, swig ? null, j2sdk ? null
+}:
+
+assert localServer -> db4 != null; ①
+assert httpServer -> httpd != null && httpd.expat == expat; ②
+assert sslSupport -> openssl != null && (httpServer -> httpd.openssl == openssl); ③
+assert pythonBindings -> swig != null && swig.pythonSupport;
+assert javaSwigBindings -> swig != null && swig.javaSupport;
+assert javahlBindings -> j2sdk != null;
+
+stdenv.mkDerivation {
+  name = "subversion-1.1.1";
+  ...
+  openssl = if sslSupport then openssl else null; ④
+  ...
+}
+```
+
+The points of interest are:
+
+1.  This assertion states that if Subversion is to have support for
+    local repositories, then Berkeley DB is needed. So if the Subversion
+    function is called with the `localServer` argument set to `true` but
+    the `db4` argument set to `null`, then the evaluation fails.
+
+    Note that `->` is the [logical
+    implication](https://en.wikipedia.org/wiki/Truth_table#Logical_implication)
+    Boolean operation.
+
+2.  This is a more subtle condition: if Subversion is built with Apache
+    (`httpServer`) support, then the Expat library (an XML library) used
+    by Subversion should be same as the one used by Apache. This is
+    because in this configuration Subversion code ends up being linked
+    with Apache code, and if the Expat libraries do not match, a build-
+    or runtime link error or incompatibility might occur.
+
+3.  This assertion says that in order for Subversion to have SSL support
+    (so that it can access `https` URLs), an OpenSSL library must be
+    passed. Additionally, it says that *if* Apache support is enabled,
+    then Apache's OpenSSL should match Subversion's. (Note that if
+    Apache support is not enabled, we don't care about Apache's
+    OpenSSL.)
+
+4.  The conditional here is not really related to assertions, but is
+    worth pointing out: it ensures that if SSL support is disabled, then
+    the Subversion derivation is not dependent on OpenSSL, even if a
+    non-`null` value was passed. This prevents an unnecessary rebuild of
+    Subversion if OpenSSL changes.
+
+## With-expressions
+
+A *with-expression*,
+
+```nix
+with e1; e2
+```
+
+introduces the set *e1* into the lexical scope of the expression *e2*.
+For instance,
+
+```nix
+let as = { x = "foo"; y = "bar"; };
+in with as; x + y
+```
+
+evaluates to `"foobar"` since the `with` adds the `x` and `y` attributes
+of `as` to the lexical scope in the expression `x + y`. The most common
+use of `with` is in conjunction with the `import` function. E.g.,
+
+```nix
+with (import ./definitions.nix); ...
+```
+
+makes all attributes defined in the file `definitions.nix` available as
+if they were defined locally in a `let`-expression.
+
+The bindings introduced by `with` do not shadow bindings introduced by
+other means, e.g.
+
+```nix
+let a = 3; in with { a = 1; }; let a = 4; in with { a = 2; }; ...
+```
+
+establishes the same scope as
+
+```nix
+let a = 1; in let a = 2; in let a = 3; in let a = 4; in ...
+```
+
+Variables coming from outer `with` expressions *are* shadowed:
+
+```nix
+with { a = "outer"; };
+with { a = "inner"; };
+a
+```
+
+Does evaluate to `"inner"`.
+
+## Comments
+
+- Inline comments start with `#` and run until the end of the line.
+
+  > **Example**
+  >
+  > ```nix
+  > # A number
+  > 2 # Equals 1 + 1
+  > ```
+  >
+  > ```console
+  > 2
+  > ```
+
+- Block comments start with `/*` and run until the next occurrence of `*/`.
+
+  > **Example**
+  >
+  > ```nix
+  > /*
+  > Block comments
+  > can span multiple lines.
+  > */ "hello"
+  > ```
+  >
+  > ```console
+  > "hello"
+  > ```
+
+  This means that block comments cannot be nested.
+
+  > **Example**
+  >
+  > ```nix
+  > /* /* nope */ */ 1
+  > ```
+  >
+  > ```console
+  > error: syntax error, unexpected '*'
+  >
+  >        at «string»:1:15:
+  >
+  >             1| /* /* nope */ *
+  >              |               ^
+  > ```
+
+  Consider escaping nested comments and unescaping them in post-processing.
+
+  > **Example**
+  >
+  > ```nix
+  > /* /* nested *\/ */ 1
+  > ```
+  >
+  > ```console
+  > 1
+  > ```

doc/manual/src/language/types.md

@@ -0,0 +1,120 @@
+# Data Types
+
+Every value in the Nix language has one of the following types:
+
+* [Integer](#type-int)
+* [Float](#type-float)
+* [Boolean](#type-bool)
+* [String](#type-string)
+* [Path](#type-path)
+* [Null](#type-null)
+* [Attribute set](#type-attrs)
+* [List](#type-list)
+* [Function](#type-function)
+* [External](#type-external)
+
+## Primitives
+
+### Integer {#type-int}
+
+An _integer_ in the Nix language is a signed 64-bit integer.
+
+Non-negative integers can be expressed as [integer literals](syntax.md#number-literal).
+Negative integers are created with the [arithmetic negation operator](./operators.md#arithmetic).
+The function [`builtins.isInt`](builtins.md#builtins-isInt) can be used to determine if a value is an integer.
+
+### Float {#type-float}
+
+A _float_ in the Nix language is a 64-bit [IEEE 754](https://en.wikipedia.org/wiki/IEEE_754) floating-point number.
+
+Most non-negative floats can be expressed as [float literals](syntax.md#number-literal).
+Negative floats are created with the [arithmetic negation operator](./operators.md#arithmetic).
+The function [`builtins.isFloat`](builtins.md#builtins-isFloat) can be used to determine if a value is a float.
+
+### Boolean {#type-bool}
+
+A _boolean_ in the Nix language is one of _true_ or _false_.
+
+<!-- TODO: mention the top-level environment -->
+
+These values are available as attributes of [`builtins`](builtins.md#builtins-builtins) as [`builtins.true`](builtins.md#builtins-true) and [`builtins.false`](builtins.md#builtins-false).
+The function [`builtins.isBool`](builtins.md#builtins-isBool) can be used to determine if a value is a boolean.
+
+### String {#type-string}
+
+A _string_ in the Nix language is an immutable, finite-length sequence of bytes, along with a [string context](string-context.md).
+Nix does not assume or support working natively with character encodings.
+
+String values without string context can be expressed as [string literals](syntax.md#string-literal).
+The function [`builtins.isString`](builtins.md#builtins-isString) can be used to determine if a value is a string.
+
+### Path {#type-path}
+
+A _path_ in the Nix language is an immutable, finite-length sequence of bytes starting with `/`, representing a POSIX-style, canonical file system path.
+Path values are distinct from string values, even if they contain the same sequence of bytes.
+Operations that produce paths will simplify the result as the standard C function [`realpath`] would, except that there is no symbolic link resolution.
+
+[`realpath`]: https://pubs.opengroup.org/onlinepubs/9699919799/functions/realpath.html
+
+Paths are suitable for referring to local files, and are often preferable over strings.
+- Path values do not contain trailing or duplicate slashes, `.`, or `..`.
+- Relative path literals are automatically resolved relative to their [base directory].
+- Tooling can recognize path literals and provide additional features, such as autocompletion, refactoring automation and jump-to-file.
+
+[base directory]: @docroot@/glossary.md#gloss-base-directory
+
+A file is not required to exist at a given path in order for that path value to be valid, but a path that is converted to a string with [string interpolation] or [string-and-path concatenation] must resolve to a readable file or directory which will be copied into the Nix store.
+For instance, evaluating `"${./foo.txt}"` will cause `foo.txt` from the same directory to be copied into the Nix store and result in the string `"/nix/store/<hash>-foo.txt"`.
+Operations such as [`import`] can also expect a path to resolve to a readable file or directory.
+
+[string interpolation]: string-interpolation.md#interpolated-expression
+[string-and-path concatenation]: operators.md#string-and-path-concatenation
+[`import`]: builtins.md#builtins-import
+
+> **Note**
+>
+> The Nix language assumes that all input files will remain _unchanged_ while evaluating a Nix expression.
+> For example, assume you used a file path in an interpolated string during a `nix repl` session.
+> Later in the same session, after having changed the file contents, evaluating the interpolated string with the file path again might not return a new [store path], since Nix might not re-read the file contents.
+> Use `:r` to reset the repl as needed.
+
+[store path]: @docroot@/store/store-path.md
+
+Path values can be expressed as [path literals](syntax.md#path-literal).
+The function [`builtins.isPath`](builtins.md#builtins-isPath) can be used to determine if a value is a path.
+
+### Null {#type-null}
+
+There is a single value of type _null_ in the Nix language.
+
+<!-- TODO: mention the top-level environment -->
+
+This value is available as an attribute on the [`builtins`](builtins.md#builtins-builtins) attribute set as [`builtins.null`](builtins.md#builtins-null).
+
+## Compound values
+
+### Attribute set {#type-attrs}
+
+<!-- TODO(@rhendric, #10970): fill this out -->
+
+An attribute set can be constructed with an [attribute set literal](syntax.md#attrs-literal).
+The function [`builtins.isAttrs`](builtins.md#builtins-isAttrs) can be used to determine if a value is an attribute set.
+
+### List {#type-list}
+
+<!-- TODO(@rhendric, #10970): fill this out -->
+
+A list can be constructed with a [list literal](syntax.md#list-literal).
+The function [`builtins.isList`](builtins.md#builtins-isList) can be used to determine if a value is a list.
+
+## Function {#type-function}
+
+<!-- TODO(@rhendric, #10970): fill this out -->
+
+A function can be constructed with a [function expression](syntax.md#functions).
+The function [`builtins.isFunction`](builtins.md#builtins-isFunction) can be used to determine if a value is a function.
+
+## External {#type-external}
+
+An _external_ value is an opaque value created by a Nix [plugin](../command-ref/conf-file.md#conf-plugin-files).
+Such a value can be substituted in Nix expressions but only created and used by plugin code.

doc/manual/src/language/values.md

@@ -1,269 +0,0 @@
-# Data Types
-
-## Primitives
-
-- <a id="type-string" href="#type-string">String</a>
-
-  *Strings* can be written in three ways.
-
-  The most common way is to enclose the string between double quotes,
-  e.g., `"foo bar"`. Strings can span multiple lines. The special
-  characters `"` and `\` and the character sequence `${` must be
-  escaped by prefixing them with a backslash (`\`). Newlines, carriage
-  returns and tabs can be written as `\n`, `\r` and `\t`,
-  respectively.
-
-  You can include the results of other expressions into a string by enclosing them in `${ }`, a feature known as [string interpolation].
-
-  [string interpolation]: ./string-interpolation.md
-
-  The second way to write string literals is as an *indented string*,
-  which is enclosed between pairs of *double single-quotes*, like so:
-
-  ```nix
-  ''
-    This is the first line.
-    This is the second line.
-      This is the third line.
-  ''
-  ```
-
-  This kind of string literal intelligently strips indentation from
-  the start of each line. To be precise, it strips from each line a
-  number of spaces equal to the minimal indentation of the string as a
-  whole (disregarding the indentation of empty lines). For instance,
-  the first and second line are indented two spaces, while the third
-  line is indented four spaces. Thus, two spaces are stripped from
-  each line, so the resulting string is
-
-  ```nix
-  "This is the first line.\nThis is the second line.\n  This is the third line.\n"
-  ```
-
-  Note that the whitespace and newline following the opening `''` is
-  ignored if there is no non-whitespace text on the initial line.
-
-  Indented strings support [string interpolation].
-
-  Since `${` and `''` have special meaning in indented strings, you
-  need a way to quote them. `$` can be escaped by prefixing it with
-  `''` (that is, two single quotes), i.e., `''$`. `''` can be escaped
-  by prefixing it with `'`, i.e., `'''`. `$` removes any special
-  meaning from the following `$`. Linefeed, carriage-return and tab
-  characters can be written as `''\n`, `''\r`, `''\t`, and `''\`
-  escapes any other character.
-
-  Indented strings are primarily useful in that they allow multi-line
-  string literals to follow the indentation of the enclosing Nix
-  expression, and that less escaping is typically necessary for
-  strings representing languages such as shell scripts and
-  configuration files because `''` is much less common than `"`.
-  Example:
-
-  ```nix
-  stdenv.mkDerivation {
-    ...
-    postInstall =
-      ''
-        mkdir $out/bin $out/etc
-        cp foo $out/bin
-        echo "Hello World" > $out/etc/foo.conf
-        ${if enableBar then "cp bar $out/bin" else ""}
-      '';
-    ...
-  }
-  ```
-
-  Finally, as a convenience, *URIs* as defined in appendix B of
-  [RFC 2396](http://www.ietf.org/rfc/rfc2396.txt) can be written *as
-  is*, without quotes. For instance, the string
-  `"http://example.org/foo.tar.bz2"` can also be written as
-  `http://example.org/foo.tar.bz2`.
-
-- <a id="type-number" href="#type-number">Number</a>
-
-  Numbers, which can be *integers* (like `123`) or *floating point*
-  (like `123.43` or `.27e13`).
-
-  See [arithmetic] and [comparison] operators for semantics.
-
-  [arithmetic]: ./operators.md#arithmetic
-  [comparison]: ./operators.md#comparison
-
-- <a id="type-path" href="#type-path">Path</a>
-
-  *Paths*, e.g., `/bin/sh` or `./builder.sh`. A path must contain at
-  least one slash to be recognised as such. For instance, `builder.sh`
-  is not a path: it's parsed as an expression that selects the
-  attribute `sh` from the variable `builder`. If the file name is
-  relative, i.e., if it does not begin with a slash, it is made
-  absolute at parse time relative to the [base directory](@docroot@/glossary.md#gloss-base-directory).
-  For instance, if a Nix expression in
-  `/foo/bar/bla.nix` refers to `../xyzzy/fnord.nix`, the absolute path
-  is `/foo/xyzzy/fnord.nix`.
-
-  If the first component of a path is a `~`, it is interpreted as if
-  the rest of the path were relative to the user's home directory.
-  e.g. `~/foo` would be equivalent to `/home/edolstra/foo` for a user
-  whose home directory is `/home/edolstra`.
-
-  For instance, evaluating `"${./foo.txt}"` will cause `foo.txt` in the base directory to be copied into the Nix store and result in the string `"/nix/store/<hash>-foo.txt"`.
-
-  Note that the Nix language assumes that all input files will remain _unchanged_ while  evaluating a Nix expression.
-  For example, assume you used a file path in an interpolated string during a `nix repl` session.
-  Later in the same session, after having changed the file contents, evaluating the interpolated string with the file path again might not return a new [store path], since Nix might not re-read the file contents.
-
-  [store path]: @docroot@/glossary.md#gloss-store-path
-
-  Paths can include [string interpolation] and can themselves be [interpolated in other expressions].
-
-  [interpolated in other expressions]: ./string-interpolation.md#interpolated-expressions
-
-  At least one slash (`/`) must appear *before* any interpolated expression for the result to be recognized as a path.
-
-  `a.${foo}/b.${bar}` is a syntactically valid division operation.
-  `./a.${foo}/b.${bar}` is a path.
-
-  [Lookup paths](./constructs/lookup-path.md) such as `<nixpkgs>` resolve to path values.
-
-- <a id="type-boolean" href="#type-boolean">Boolean</a>
-
-  *Booleans* with values `true` and `false`.
-
-- <a id="type-null" href="#type-null">Null</a>
-
-  The null value, denoted as `null`.
-
-## List
-
-Lists are formed by enclosing a whitespace-separated list of values
-between square brackets. For example,
-
-```nix
-[ 123 ./foo.nix "abc" (f { x = y; }) ]
-```
-
-defines a list of four elements, the last being the result of a call to
-the function `f`. Note that function calls have to be enclosed in
-parentheses. If they had been omitted, e.g.,
-
-```nix
-[ 123 ./foo.nix "abc" f { x = y; } ]
-```
-
-the result would be a list of five elements, the fourth one being a
-function and the fifth being a set.
-
-Note that lists are only lazy in values, and they are strict in length.
-
-Elements in a list can be accessed using [`builtins.elemAt`](./builtins.md#builtins-elemAt). 
-
-## Attribute Set
-
-An attribute set is a collection of name-value-pairs (called *attributes*) enclosed in curly brackets (`{ }`).
-
-An attribute name can be an identifier or a [string](#string).
-An identifier must start with a letter (`a-z`, `A-Z`) or underscore (`_`), and can otherwise contain letters (`a-z`, `A-Z`), numbers (`0-9`), underscores (`_`), apostrophes (`'`), or dashes (`-`).
-
-> **Syntax**
->
-> *name* = *identifier* | *string* \
-> *identifier* ~ `[a-zA-Z_][a-zA-Z0-9_'-]*`
-
-Names and values are separated by an equal sign (`=`).
-Each value is an arbitrary expression terminated by a semicolon (`;`).
-
-> **Syntax**
->
-> *attrset* = `{` [ *name* `=` *expr* `;` ]... `}`
-
-Attributes can appear in any order.
-An attribute name may only occur once.
-
-Example:
-
-```nix
-{
-  x = 123;
-  text = "Hello";
-  y = f { bla = 456; };
-}
-```
-
-This defines a set with attributes named `x`, `text`, `y`.
-
-Attributes can be accessed with the [`.` operator](./operators.md#attribute-selection).
-
-Example:
-
-```nix
-{ a = "Foo"; b = "Bar"; }.a
-```
-
-This evaluates to `"Foo"`.
-
-It is possible to provide a default value in an attribute selection using the `or` keyword.
-
-Example:
-
-```nix
-{ a = "Foo"; b = "Bar"; }.c or "Xyzzy"
-```
-
-```nix
-{ a = "Foo"; b = "Bar"; }.c.d.e.f.g or "Xyzzy"
-```
-
-will both evaluate to `"Xyzzy"` because there is no `c` attribute in the set.
-
-You can use arbitrary double-quoted strings as attribute names:
-
-```nix
-{ "$!@#?" = 123; }."$!@#?"
-```
-
-```nix
-let bar = "bar"; in
-{ "foo ${bar}" = 123; }."foo ${bar}"
-```
-
-Both will evaluate to `123`.
-
-Attribute names support [string interpolation]:
-
-```nix
-let bar = "foo"; in
-{ foo = 123; }.${bar}
-```
-
-```nix
-let bar = "foo"; in
-{ ${bar} = 123; }.foo
-```
-
-Both will evaluate to `123`.
-
-In the special case where an attribute name inside of a set declaration
-evaluates to `null` (which is normally an error, as `null` cannot be coerced to
-a string), that attribute is simply not added to the set:
-
-```nix
-{ ${if foo then "bar" else null} = true; }
-```
-
-This will evaluate to `{}` if `foo` evaluates to `false`.
-
-A set that has a `__functor` attribute whose value is callable (i.e. is
-itself a function or a set with a `__functor` attribute whose value is
-callable) can be applied as if it were a function, with the set itself
-passed in first , e.g.,
-
-```nix
-let add = { __functor = self: x: x + self.x; };
-    inc = add // { x = 1; };
-in inc 1
-```
-
-evaluates to `2`. This can be used to attach metadata to a function
-without the caller needing to treat it specially, or to implement a form
-of object-oriented programming, for example.

doc/manual/src/package-management/copy-closure.md

@@ -1,34 +0,0 @@
-# Copying Closures via SSH
-
-The command `nix-copy-closure` copies a Nix store path along with all
-its dependencies to or from another machine via the SSH protocol. It
-doesn’t copy store paths that are already present on the target machine.
-For example, the following command copies Firefox with all its
-dependencies:
-
-    $ nix-copy-closure --to alice@itchy.example.org $(type -p firefox)
-
-See the [manpage for `nix-copy-closure`](../command-ref/nix-copy-closure.md) for details.
-
-With `nix-store
---export` and `nix-store --import` you can write the closure of a store
-path (that is, the path and all its dependencies) to a file, and then
-unpack that file into another Nix store. For example,
-
-    $ nix-store --export $(nix-store --query --requisites $(type -p firefox)) > firefox.closure
-
-writes the closure of Firefox to a file. You can then copy this file to
-another machine and install the closure:
-
-    $ nix-store --import < firefox.closure
-
-Any store paths in the closure that are already present in the target
-store are ignored. It is also possible to pipe the export into another
-command, e.g. to copy and install a closure directly to/on another
-machine:
-
-    $ nix-store --export $(nix-store --query --requisites $(type -p firefox)) | bzip2 | \
-        ssh alice@itchy.example.org "bunzip2 | nix-store --import"
-
-However, `nix-copy-closure` is generally more efficient because it only
-copies paths that are not already present in the target Nix store.

doc/manual/src/protocols/json/derivation.md

@@ -18,10 +18,30 @@ is a JSON object with the following fields:
   Information about the output paths of the derivation.
   This is a JSON object with one member per output, where the key is the output name and the value is a JSON object with these fields:
 
-  * `path`: The output path.
+  * `path`:
+    The output path, if it is known in advanced.
+    Otherwise, `null`.
+
+
+  * `method`:
+    For an output which will be [content addresed], a string representing the [method](@docroot@/store/store-object/content-address.md) of content addressing that is chosen.
+    Valid method strings are:
+
+    - [`flat`](@docroot@/store/store-object/content-address.md#method-flat)
+    - [`nar`](@docroot@/store/store-object/content-address.md#method-nix-archive)
+    - [`text`](@docroot@/store/store-object/content-address.md#method-text)
+    - [`git`](@docroot@/store/store-object/content-address.md#method-git)
+
+    Otherwise, `null`.
 
   * `hashAlgo`:
-    For fixed-output derivations, the hashing algorithm (e.g. `sha256`), optionally prefixed by `r:` if `hash` denotes a NAR hash rather than a flat file hash.
+    For an output which will be [content addresed], the name of the hash algorithm used.
+    Valid algorithm strings are:
+
+    - `md5`
+    - `sha1`
+    - `sha256`
+    - `sha512`
 
   * `hash`:
     For fixed-output derivations, the expected content hash in base-16.
@@ -32,7 +52,8 @@ is a JSON object with the following fields:
   > "outputs": {
   >   "out": {
   >     "path": "/nix/store/2543j7c6jn75blc3drf4g5vhb1rhdq29-source",
-  >     "hashAlgo": "r:sha256",
+  >     "method": "nar",
+  >     "hashAlgo": "sha256",
   >     "hash": "6fc80dcc62179dbc12fc0b5881275898f93444833d21b89dfe5f7fbcbb1d0d62"
   >   }
   > }

doc/manual/src/protocols/json/store-object-info.md

@@ -24,41 +24,45 @@ Info about a [store object].
 
   An array of [store paths][store path], possibly including this one.
 
-* `ca` (optional):
+* `ca`:
 
-  Content address of this store object's file system object, used to compute its store path.
+  If the store object is [content-addressed],
+  this is the content address of this store object's file system object, used to compute its store path.
+  Otherwise (i.e. if it is [input-addressed]), this is `null`.
 
-[store path]: @docroot@/glossary.md#gloss-store-path
+[store path]: @docroot@/store/store-path.md
 [file system object]: @docroot@/store/file-system-object.md
-[Nix Archive]: @docroot@/glossary.md#gloss-nar
+[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
 
 ## Impure fields
 
 These are not intrinsic properties of the store object.
 In other words, the same store object residing in different store could have different values for these properties.
 
-* `deriver` (optional):
+* `deriver`:
 
-  The path to the [derivation] from which this store object is produced.
+  If known, the path to the [derivation] from which this store object was produced.
+  Otherwise `null`.
 
   [derivation]: @docroot@/glossary.md#gloss-store-derivation
 
 * `registrationTime` (optional):
 
-  When this derivation was added to the store.
+  If known, when this derivation was added to the store.
+  Otherwise `null`.
 
-* `ultimate` (optional):
+* `ultimate`:
 
   Whether this store object is trusted because we built it ourselves, rather than substituted a build product from elsewhere.
 
-* `signatures` (optional):
+* `signatures`:
 
   Signatures claiming that this store object is what it claims to be.
   Not relevant for [content-addressed] store objects,
   but useful for [input-addressed] store objects.
 
-  [content-addressed]: @docroot@/glossary.md#gloss-content-addressed-store-object
-  [input-addressed]: @docroot@/glossary.md#gloss-input-addressed-store-object
+[content-addressed]: @docroot@/store/store-object/content-address.md
+[input-addressed]: @docroot@/glossary.md#gloss-input-addressed-store-object
 
 ### `.narinfo` extra fields