Introduce bottom syntax 👉👈🥺

Here at lix.systems, we know that using your words is hard. That's why
we have introduced bottom syntax, a new alternative pipe operator syntax
that is obviously going to completely supplant the normal `|>` and `<|`
syntax in practical use.

To use it, simply enable the `bottom-syntax` experimental feature and
then you're good to go!

$ nix eval --expr '1 👉 (a: a)'
1

Change-Id: I65e8d82083cdb52c90e4dbdd42ed549fbe6e6542

.clang-tidy

@@ -16,3 +16,20 @@ Checks:
   - -bugprone-unchecked-optional-access
     # many warnings, seems like a questionable lint
   - -bugprone-branch-clone
+    # all thrown exceptions must derive from std::exception
+  - hicpp-exception-baseclass
+    # capturing async lambdas are dangerous
+  - cppcoreguidelines-avoid-capturing-lambda-coroutines
+    # crimes must be appropriately declared as crimes
+  - cppcoreguidelines-pro-type-cstyle-cast
+  - lix-*
+    # This can not yet be applied to Lix itself since we need to do source
+    # reorganization so that lix/ include paths work.
+  - -lix-fixincludes
+    # This lint is included as an example, but the lib function it replaces is
+    # already gone.
+  - -lix-hasprefixsuffix
+
+
+CheckOptions:
+  bugprone-reserved-identifier.AllowedIdentifiers: '__asan_default_options'

.editorconfig

@@ -29,3 +29,7 @@ trim_trailing_whitespace = false
 indent_style = space
 indent_size = 2
 max_line_length = 0
+
+[meson.build]
+indent_style = space
+indent_size = 2

.envrc

@@ -1,9 +1,5 @@
 # shellcheck shell=bash
 source_env_if_exists .envrc.local
-# TODO: `use flake .#native-clangStdenvPackages` on macOS?
-use flake ".#${LIX_SHELL_VARIANT:-default}" "${LIX_SHELL_EXTRA_ARGS[@]}"
-export MAKEFLAGS="$MAKEFLAGS -e"
-if [[ -n "$NIX_BUILD_CORES" ]]; then
-    export MAKEFLAGS="$MAKEFLAGS -j $NIX_BUILD_CORES"
-fi
+# Use native-clangStdenvPackages to get clangd by default.
+use flake ".#${LIX_SHELL_VARIANT:-native-clangStdenvPackages}" "${LIX_SHELL_EXTRA_ARGS[@]}"
 export GTEST_BRIEF=1

.github/ISSUE_TEMPLATE/missing_documentation.md

@@ -2,7 +2,7 @@
 name: Missing or incorrect documentation
 about: Help us improve the reference manual
 title: ''
-labels: documentation
+labels: docs
 assignees: ''
 
 ---
@@ -19,10 +19,10 @@ assignees: ''
 
 <!-- make sure this issue is not redundant or obsolete -->
 
-- [ ] checked [latest Lix manual] \([source]\)
+- [ ] checked [latest Lix manual] or its [source code]
 - [ ] checked [documentation issues] and [recent documentation changes] for possible duplicates
 
-[latest Nix manual]: https://docs.lix.systems/manual/lix/nightly
-[source]: https://git.lix.systems/lix-project/lix/src/main/doc/manual/src
+[latest Lix manual]: https://docs.lix.systems/manual/lix/nightly
+[source code]: https://git.lix.systems/lix-project/lix/src/main/doc/manual/src
 [documentation issues]: https://git.lix.systems/lix-project/lix/issues?labels=151&state=all
 [recent documentation changes]: https://gerrit.lix.systems/q/p:lix+path:%22%5Edoc/manual/.*%22

.gitignore

@@ -9,6 +9,10 @@ GTAGS
 # ccls
 /.ccls-cache
 
+# auto-generated compilation database
+compile_commands.json
+rust-project.json
+
 result
 result-*
 
@@ -29,3 +33,6 @@ buildtime.bin
 /.pre-commit-config.yaml
 /.nocontribmsg
 /release
+
+# Rust build files when using Cargo (not actually supported for building but it spews the files anyway)
+/target/

.this-is-lix

@@ -0,0 +1 @@
+This is a file used by the dev shell shellHook in package.nix to check that this is actually a Lix repo before installing git hooks. Its contents have no meaning.

Cargo.lock

@@ -0,0 +1,79 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "countme"
+version = "3.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7704b5fdd17b18ae31c4c1da5a2e0305a2bf17b5249300a9ee9ed7b72114c636"
+
+[[package]]
+name = "dissimilar"
+version = "1.0.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "59f8e79d1fbf76bdfbde321e902714bf6c49df88a7dda6fc682fc2979226962d"
+
+[[package]]
+name = "expect-test"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e0be0a561335815e06dab7c62e50353134c796e7a6155402a64bcff66b6a5e0"
+dependencies = [
+ "dissimilar",
+ "once_cell",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.14.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
+
+[[package]]
+name = "lix-doc"
+version = "0.0.1"
+dependencies = [
+ "expect-test",
+ "rnix",
+ "rowan",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
+
+[[package]]
+name = "rnix"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb35cedbeb70e0ccabef2a31bcff0aebd114f19566086300b8f42c725fc2cb5f"
+dependencies = [
+ "rowan",
+]
+
+[[package]]
+name = "rowan"
+version = "0.15.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0a542b0253fa46e632d27a1dc5cf7b930de4df8659dc6e720b647fc72147ae3d"
+dependencies = [
+ "countme",
+ "hashbrown",
+ "rustc-hash",
+ "text-size",
+]
+
+[[package]]
+name = "rustc-hash"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+
+[[package]]
+name = "text-size"
+version = "1.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f18aa187839b2bdb1ad2fa35ead8c4c2976b64e4363c386d45ac0f7ee85c9233"

Cargo.toml

@@ -0,0 +1,6 @@
+[workspace]
+resolver = "2"
+members = ["src/lix-doc"]
+
+[workspace.package]
+edition = "2021"

README.md

@@ -26,4 +26,4 @@ See our [Hacking guide](https://git.lix.systems/lix-project/lix/src/branch/main/
 
 ## License
 
-Lix is released under the [LGPL v2.1](./COPYING).
+Lix is released under [LGPL-2.1-or-later](./COPYING).

boehmgc-coroutine-sp-fallback.diff

@@ -1,54 +0,0 @@
-diff --git a/pthread_stop_world.c b/pthread_stop_world.c
-index 2b45489..0e6d8ef 100644
---- a/pthread_stop_world.c
-+++ b/pthread_stop_world.c
-@@ -776,6 +776,8 @@ STATIC void GC_restart_handler(int sig)
- /* world is stopped.  Should not fail if it isn't.                      */
- GC_INNER void GC_push_all_stacks(void)
- {
-+    size_t stack_limit;
-+    pthread_attr_t pattr;
-     GC_bool found_me = FALSE;
-     size_t nthreads = 0;
-     int i;
-@@ -868,6 +870,40 @@ GC_INNER void GC_push_all_stacks(void)
-             hi = p->altstack + p->altstack_size;
- #         endif
-           /* FIXME: Need to scan the normal stack too, but how ? */
-+        } else {
-+          #ifdef HAVE_PTHREAD_ATTR_GET_NP
-+          if (pthread_attr_init(&pattr) != 0) {
-+            ABORT("GC_push_all_stacks: pthread_attr_init failed!");
-+          }
-+          if (pthread_attr_get_np(p->id, &pattr) != 0) {
-+            ABORT("GC_push_all_stacks: pthread_attr_get_np failed!");
-+          }
-+          #else
-+          if (pthread_getattr_np(p->id, &pattr)) {
-+            ABORT("GC_push_all_stacks: pthread_getattr_np failed!");
-+          }
-+          #endif
-+          if (pthread_attr_getstacksize(&pattr, &stack_limit)) {
-+            ABORT("GC_push_all_stacks: pthread_attr_getstacksize failed!");
-+          }
-+          if (pthread_attr_destroy(&pattr)) {
-+            ABORT("GC_push_all_stacks: pthread_attr_destroy failed!");
-+          }
-+          // When a thread goes into a coroutine, we lose its original sp until
-+          // control flow returns to the thread.
-+          // While in the coroutine, the sp points outside the thread stack,
-+          // so we can detect this and push the entire thread stack instead,
-+          // as an approximation.
-+          // We assume that the coroutine has similarly added its entire stack.
-+          // This could be made accurate by cooperating with the application
-+          // via new functions and/or callbacks.
-+          #ifndef STACK_GROWS_UP
-+            if (lo >= hi || lo < hi - stack_limit) { // sp outside stack
-+              lo = hi - stack_limit;
-+            }
-+          #else
-+          #error "STACK_GROWS_UP not supported in boost_coroutine2 (as of june 2021), so we don't support it in Nix."
-+          #endif
-         }
- #       ifdef STACKPTR_CORRECTOR_AVAILABLE
-           if (GC_sp_corrector != 0)

clang-tidy/meson.build

@@ -1,13 +0,0 @@
-project('lix-clang-tidy', ['cpp', 'c'],
-  version : '0.1',
-  default_options : ['warning_level=3', 'cpp_std=c++20'])
-
-llvm = dependency('Clang', version: '>= 14', modules: ['libclang'])
-sources = files(
-  'HasPrefixSuffix.cc',
-  'LixClangTidyChecks.cc',
-  'FixIncludes.cc',
-)
-
-shared_module('lix-clang-tidy', sources,
-  dependencies: llvm)

doc/internal-api/doxygen.cfg.in

@@ -20,7 +20,7 @@ OUTPUT_DIRECTORY       = @docdir@
 # for a project that appears at the top of each page and should give viewer a
 # quick idea about the purpose of the project. Keep the description short.
 
-PROJECT_BRIEF          = "Nix, the purely functional package manager; unstable internal interfaces"
+PROJECT_BRIEF          = "Lix: A modern, delicious implementation of the Nix package manager; unstable internal interfaces"
 
 # If the GENERATE_LATEX tag is set to YES, doxygen will generate LaTeX output.
 # The default value is: YES.
@@ -33,32 +33,7 @@ GENERATE_LATEX         = NO
 # spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
 # Note: If this tag is empty the current directory is searched.
 
-# FIXME Make this list more maintainable somehow. We could maybe generate this
-# in the Makefile, but we would need to change how `.in` files are preprocessed
-# so they can expand variables despite configure variables.
-
-INPUT                  = \
-  src/libcmd \
-  src/libexpr \
-  src/libexpr/flake \
-  tests/unit/libexpr \
-  tests/unit/libexpr/value \
-  tests/unit/libexpr/test \
-  tests/unit/libexpr/test/value \
-  src/libexpr/value \
-  src/libfetchers \
-  src/libmain \
-  src/libstore \
-  src/libstore/build \
-  src/libstore/builtins \
-  tests/unit/libstore \
-  tests/unit/libstore/test \
-  src/libutil \
-  tests/unit/libutil \
-  tests/unit/libutil/test \
-  src/nix \
-  src/nix-env \
-  src/nix-store
+INPUT                  = @INPUT_PATHS@
 
 # If the MACRO_EXPANSION tag is set to YES, doxygen will expand all macro names
 # in the source code. If set to NO, only conditional compilation will be
@@ -97,3 +72,15 @@ EXPAND_AS_DEFINED      = \
   DECLARE_WORKER_SERIALISER \
   DECLARE_SERVE_SERIALISER \
   LENGTH_PREFIXED_PROTO_HELPER
+
+# The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path.
+# Stripping is only done if one of the specified strings matches the left-hand
+# part of the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the path to
+# strip.
+#
+# Note that you can specify absolute paths here, but also relative paths, which
+# will be relative from the directory where doxygen is started.
+# This tag requires that the tag FULL_PATH_NAMES is set to YES.
+
+STRIP_FROM_PATH        = "@PROJECT_SOURCE_ROOT@"

doc/internal-api/meson.build

@@ -1,3 +1,35 @@
+internal_api_sources = [
+  'src/libcmd',
+  'src/libexpr',
+  'src/libexpr/flake',
+  'tests/unit/libexpr',
+  'tests/unit/libexpr/value',
+  'tests/unit/libexpr/test',
+  'tests/unit/libexpr/test/value',
+  'src/libexpr/value',
+  'src/libfetchers',
+  'src/libmain',
+  'src/libstore',
+  'src/libstore/build',
+  'src/libstore/builtins',
+  'tests/unit/libstore',
+  'tests/unit/libstore/test',
+  'src/libutil',
+  'tests/unit/libutil',
+  'tests/unit/libutil/test',
+  'src/nix',
+  'src/nix-env',
+  'src/nix-store',
+]
+
+# We feed Doxygen absolute paths so it can be invoked from any working directory.
+internal_api_sources_absolute = []
+foreach src : internal_api_sources
+  internal_api_sources_absolute += '"' + (meson.project_source_root() / src) + '"'
+endforeach
+
+internal_api_sources_oneline = ' \\\n  '.join(internal_api_sources_absolute)
+
 doxygen_cfg = configure_file(
   input : 'doxygen.cfg.in',
   output : 'doxygen.cfg',
@@ -5,22 +37,16 @@ doxygen_cfg = configure_file(
     'PACKAGE_VERSION': meson.project_version(),
     'RAPIDCHECK_HEADERS': rapidcheck_meson.get_variable('includedir'),
     'docdir' : meson.current_build_dir(),
+    'INPUT_PATHS' : internal_api_sources_oneline,
+    'PROJECT_SOURCE_ROOT' : meson.project_source_root(),
   },
 )
 
 internal_api_docs = custom_target(
   'internal-api-docs',
   command : [
-    bash,
-    # Meson can you please just give us a `workdir` argument to custom targets...
-    '-c',
-    # We have to prefix the doxygen_cfg path with the project build root
-    # because of the cd in front.
-    'cd @0@ && @1@ @2@/@INPUT0@'.format(
-      meson.project_source_root(),
-      doxygen.full_path(),
-      meson.project_build_root(),
-    ),
+    doxygen.full_path(),
+    '@INPUT0@',
   ],
   input : [
     doxygen_cfg,

doc/manual/change-authors.yml

@@ -3,6 +3,10 @@
 #
 # It's used for crediting people accurately in release notes. The release notes
 # script will link to forgejo, then to GitHub if forgejo is not present.
+#
+# When adding someone from outside the Lix project, you generally want to simply link their GitHub profile without adding a display name unless they are well-known in the community by that display name.
+#
+# See doc/manual/src/contributing/hacking.md for more documentation on this file's format and typical usage.
 9999years:
   display_name: wiggles
   forgejo: rbt
@@ -40,6 +44,11 @@ cole-h:
   display_name: Cole Helbling
   github: cole-h
 
+delan:
+  display_name: delan
+  forgejo: delan
+  github: delan
+
 edolstra:
   display_name: Eelco Dolstra
   github: edolstra
@@ -48,6 +57,11 @@ ericson:
   display_name: John Ericson
   github: ericson2314
 
+goldstein:
+  display_name: goldstein
+  forgejo: goldstein
+  github: GoldsteinE
+
 horrors:
   display_name: eldritch horrors
   forgejo: pennae
@@ -56,10 +70,21 @@ horrors:
 iFreilicht:
   github: iFreilicht
 
+isabelroses:
+  forgejo: isabelroses
+  github: isabelroses
+
 jade:
   forgejo: jade
   github: lf-
 
+kjeremy:
+  github: kjeremy
+
+kloenk:
+  forgejo: kloenk
+  github: kloenk
+
 lovesegfault:
   github: lovesegfault
 
@@ -78,11 +103,20 @@ midnightveil:
 ncfavier:
   github: ncfavier
 
+piegames:
+  display_name: piegames
+  forgejo: piegames
+  github: piegamesde
+
 puck:
   display_name: puck
   forgejo: puck
   github: puckipedia
 
+quantumjump:
+  display_name: Quantum Jump
+  github: QuantumBJump
+
 r-vdp:
   github: r-vdp
 
@@ -113,3 +147,6 @@ winter:
 
 yshui:
   github: yshui
+
+zimbatm:
+  github: zimbatm

doc/manual/generate-features-shortlist.nix

@@ -1,9 +1,14 @@
+# Usually "experimental" or "deprecated"
+kind:
+# "xp" or "dp"
+kindShort:
+
 with builtins;
 with import ./utils.nix;
 
 let
   showExperimentalFeature = name: doc: ''
-    - [`${name}`](@docroot@/contributing/experimental-features.md#xp-feature-${name})
+    - [`${name}`](@docroot@/contributing/${kind}-features.md#${kindShort}-feature-${name})
   '';
 in
 xps: indent "  " (concatStrings (attrValues (mapAttrs showExperimentalFeature xps)))

doc/manual/generate-features.nix

@@ -0,0 +1,18 @@
+# Usually "experimental" or "deprecated"
+_kind:
+# "xp" or "dp"
+kindShort:
+
+with builtins;
+with import ./utils.nix;
+
+let
+  showFeature =
+    name: doc:
+    squash ''
+      ## [`${name}`]{#${kindShort}-feature-${name}}
+
+      ${doc}
+    '';
+in
+xps: (concatStringsSep "\n" (attrValues (mapAttrs showFeature xps)))

doc/manual/generate-xp-features.nix

@@ -1,13 +0,0 @@
-with builtins;
-with import ./utils.nix;
-
-let
-  showExperimentalFeature =
-    name: doc:
-    squash ''
-      ## [`${name}`]{#xp-feature-${name}}
-
-      ${doc}
-    '';
-in
-xps: (concatStringsSep "\n" (attrValues (mapAttrs showExperimentalFeature xps)))

doc/manual/meson.build

@@ -20,6 +20,8 @@ conf_file_json = custom_target(
   capture : true,
   output : 'conf-file.json',
   env : nix_env_for_docs,
+  # FIXME: put the actual lib targets in here? meson have introspection challenge 2024 though.
+  build_always_stale : true,
 )
 
 nix_conf_file_md_body = custom_target(
@@ -50,6 +52,8 @@ nix_exp_features_json = custom_target(
   command : [ nix, '__dump-xp-features' ],
   capture : true,
   output : 'xp-features.json',
+  # FIXME: put the actual lib targets in here? meson have introspection challenge 2024 though.
+  build_always_stale : true,
 )
 
 language_json = custom_target(
@@ -57,6 +61,8 @@ language_json = custom_target(
   output : 'language.json',
   capture : true,
   env : nix_env_for_docs,
+  # FIXME: put the actual lib targets in here? meson have introspection challenge 2024 though.
+  build_always_stale : true,
 )
 
 nix3_cli_json = custom_target(
@@ -64,6 +70,8 @@ nix3_cli_json = custom_target(
   capture : true,
   output : 'nix.json',
   env : nix_env_for_docs,
+  # FIXME: put the actual lib targets in here? meson have introspection challenge 2024 though.
+  build_always_stale : true,
 )
 
 generate_manual_deps = files(
@@ -72,9 +80,9 @@ generate_manual_deps = files(
 
 # Generates builtins.md and builtin-constants.md.
 subdir('src/language')
-# Generates new-cli pages, experimental-features-shortlist.md, and conf-file.md.
+# Generates new-cli pages, {experimental,deprecated}-features-shortlist.md, and conf-file.md.
 subdir('src/command-ref')
-# Generates experimental-feature-descriptions.md.
+# Generates {experimental,deprecated}-feature-descriptions.md.
 subdir('src/contributing')
 # Generates rl-next-generated.md.
 subdir('src/release-notes')
@@ -106,6 +114,8 @@ manual = custom_target(
     nix3_cli_files,
     experimental_features_shortlist_md,
     experimental_feature_descriptions_md,
+    deprecated_features_shortlist_md,
+    deprecated_feature_descriptions_md,
     conf_file_md,
     builtins_md,
     builtin_constants_md,
@@ -116,20 +126,19 @@ manual = custom_target(
     'manual',
     'markdown',
   ],
+  install : true,
+  install_dir : [
+    datadir / 'doc/nix',
+    false,
+  ],
   depfile : 'manual.d',
   env : {
     'RUST_LOG': 'info',
     'MDBOOK_SUBSTITUTE_SEARCH': meson.current_build_dir() / 'src',
   },
 )
-manual_html = manual[0]
 manual_md = manual[1]
 
-install_subdir(
-  manual_html.full_path(),
-  install_dir : datadir / 'doc/nix',
-)
-
 nix_nested_manpages = [
   [ 'nix-env',
     [

doc/manual/process-includes.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env bash
 
 set -euo pipefail
 

doc/manual/redirects.js

@@ -345,7 +345,7 @@ const redirects = {
     "linux": "uninstall.html#linux",
     "macos": "uninstall.html#macos",
     "uninstalling": "uninstall.html",
-  }
+  },
   "contributing/hacking.html": {
     "nix-with-flakes": "#building-nix-with-flakes",
     "classic-nix": "#building-nix",

doc/manual/render-manpage.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env bash
 
 set -euo pipefail
 

doc/manual/rl-next/allowsubstitutes-errors.md

@@ -0,0 +1,21 @@
+---
+synopsis: "Build failures caused by `allowSubstitutes = false` while being the wrong system now produce a decent error"
+issues: [fj#484]
+cls: [1841]
+category: Fixes
+credits: jade
+---
+
+Nix allows derivations to set `allowSubstitutes = false` in order to force them to be built locally without querying substituters for them.
+This is useful for derivations that are very fast to build (especially if they produce large output).
+However, this can shoot you in the foot if the derivation *has* to be substituted such as if the derivation is for another architecture, which is what `--always-allow-substitutes` is for.
+
+Perhaps such derivations that are known to be impossible to build locally should ignore `allowSubstitutes` (irrespective of remote builders) in the future, but this at least reports the failure and solution directly.
+
+```
+$ nix build -f fail.nix
+error: a 'unicornsandrainbows-linux' with features {} is required to build '/nix/store/...-meow.drv', but I am a 'x86_64-linux' with features {...}
+
+       Hint: the failing derivation has allowSubstitutes set to false, forcing it to be built rather than substituted.
+       Passing --always-allow-substitutes to force substitution may resolve this failure if the path is available in a substituter.
+```

doc/manual/rl-next/alt-left-and-alt-right-in-repl.md

@@ -0,0 +1,10 @@
+---
+synopsis: "`Alt+Left` and `Alt+Right` go back/forwards by words in `nix repl`"
+issues: [fj#501]
+cls: [1883]
+category: Fixes
+credits: 9999years
+---
+
+`nix repl` now recognizes `Alt+Left` and `Alt+Right` for navigating by words
+when entering input in `nix repl` on more terminals/platforms.

doc/manual/rl-next/ctrl-c-improved.md

@@ -0,0 +1,13 @@
+---
+synopsis: Ctrl-C stops Nix commands much more reliably and responsively
+issues: [7245, fj#393]
+cls: [2016]
+prs: [11618]
+category: Fixes
+credits: [roberth, 9999years]
+---
+
+CTRL-C will now stop Nix commands much more reliably and responsively. While
+there are still some cases where a Nix command can be slow or unresponsive
+following a `SIGINT` (please report these as issues!), the vast majority of
+signals will now cause the Nix command to quit quickly and consistently.

doc/manual/rl-next/deprecated-features.md

@@ -0,0 +1,17 @@
+---
+synopsis: Deprecated language features
+issues: [fj#437]
+cls: [1785, 1736, 1735, 1744]
+category: Breaking Changes
+credits: [piegames, horrors]
+---
+
+A system for deprecation (and then the planned removal) of undesired language features has been put into place.
+It is controlled via feature flags much like experimental features, except that the deprecations are enabled default,
+and can be disabled via the flags for backwards compatibility (opt-out with `--extra-deprecated-features` or the Nix configuration file).
+
+- `url-literals`: **URL literals** have long been obsolete and discouraged of use, and now they are officially deprecated.
+  This means that all URLs must be properly put within quotes like all other strings.
+- `rec-set-overrides`: **__overrides** is an old arcane syntax which has not been in use for more than a decade.
+  It is soft-deprecated with a warning only, with the plan to turn that into an error in a future release.
+- `ancient-let`: **The old `let` syntax** (`let { body = …; … }`) is soft-deprecated with a warning as well. Use the regular `let … in` instead.

doc/manual/rl-next/fetchGit-regression.md

@@ -0,0 +1,23 @@
+---
+synopsis: restore backwards-compatibility of `builtins.fetchGit` with Nix 2.3
+issues: [5291, 5128]
+credits: [ma27]
+category: Fixes
+---
+
+Compatibility with `builtins.fetchGit` from Nix 2.3 has been restored as follows:
+
+* Until now, each `ref` was prefixed with `refs/heads` unless it starts with `refs/` itself.
+
+  Now, this is not done if the `ref` looks like a commit hash.
+
+* Specifying `builtins.fetchGit { ref = "a-tag"; /* … */ }` was broken because `refs/heads` was appended.
+
+  Now, the fetcher doesn't turn a ref into `refs/heads/ref`, but into `refs/*/ref`. That way,
+  the value in `ref` can be either a tag or a branch.
+
+* The ref resolution happens the same way as in git:
+
+  * If `refs/ref` exists, it's used.
+  * If a tag `refs/tags/ref` exists, it's used.
+  * If a branch `refs/heads/ref` exists, it's used.

doc/manual/rl-next/http-proxy-for-s3.md

@@ -0,0 +1,10 @@
+---
+synopsis: HTTP proxy environment variables are now respected for S3 binary cache stores
+issues: [fj#433]
+cls: [1788]
+category: Fixes
+credits: jade
+---
+
+Due to "legacy reasons" (according to the AWS C++ SDK docs), the AWS SDK ignores system proxy configuration by default.
+We turned it back on.

doc/manual/rl-next/nix-fmt-default-argument.md

@@ -0,0 +1,38 @@
+---
+synopsis: Removing the `.` default argument passed to the `nix fmt` formatter
+issues: []
+prs: [11438]
+cls: [1902]
+category: Breaking Changes
+credits: zimbatm
+---
+
+The underlying formatter no longer receives the ". " default argument when `nix fmt` is called with no arguments.
+
+This change was necessary as the formatter wasn't able to distinguish between
+a user wanting to format the current folder with `nix fmt .` or the generic
+`nix fmt`.
+
+The default behaviour is now the responsibility of the formatter itself, and
+allows tools such as treefmt to format the whole tree instead of only the
+current directory and below.
+
+This may cause issues with some formatters: nixfmt, nixpkgs-fmt and alejandra currently format stdin when no arguments are passed.
+
+Here is a small wrapper example that will restore the previous behaviour for such a formatter:
+
+```nix
+{
+  outputs = { self, nixpkgs, systems }:
+    let
+      eachSystem = nixpkgs.lib.genAttrs (import systems) (system: nixpkgs.legacyPackages.${system});
+    in
+    {
+      formatter = eachSystem (pkgs:
+        pkgs.writeShellScriptBin "formatter" ''
+          if [[ $# = 0 ]]; set -- .; fi
+          exec "${pkgs.nixfmt-rfc-style}/bin/nixfmt "$@"
+        '');
+    };
+}
+```

doc/manual/rl-next/readline-support-removed.md

@@ -0,0 +1,17 @@
+---
+synopsis: readline support removed
+cls: [1885]
+category: Packaging
+credits: [9999years]
+---
+
+Support for building Lix with [`readline`][readline] instead of
+[`editline`][editline] has been removed. `readline` support hasn't worked for a
+long time (attempting to use it would lead to build errors) and would make Lix
+subject to the GPL if it did work. In the future, we're hoping to replace
+`editline` with [`rustyline`][rustyline] for improved ergonomics in the `nix
+repl`.
+
+[readline]: https://en.wikipedia.org/wiki/GNU_Readline
+[editline]: https://github.com/troglobit/editline
+[rustyline]: https://github.com/kkawakam/rustyline

doc/manual/rl-next/relative-and-tilde-paths-in-config.md

@@ -0,0 +1,30 @@
+---
+synopsis: Relative and tilde paths in configuration
+issues: [fj#482]
+cls: [1851, 1863, 1864]
+category: Features
+credits: [9999years]
+---
+
+[Configuration settings](@docroot@/command-ref/conf-file.md) can now refer to
+files with paths relative to the file they're written in or relative to your
+home directory (with `~/`).
+
+This makes settings like
+[`repl-overlays`](@docroot@/command-ref/conf-file.md#conf-repl-overlays) and
+[`secret-key-files`](@docroot@/command-ref/conf-file.md#conf-repl-overlays)
+much easier to set, especially if you'd like to refer to files in an existing
+dotfiles repo cloned into your home directory.
+
+If you put `repl-overlays = repl.nix` in your `~/.config/nix/nix.conf`, it'll
+load `~/.config/nix/repl.nix`. Similarly, you can set `repl-overlays =
+~/.dotfiles/repl.nix` to load a file relative to your home directory.
+
+Configuration files can also
+[`include`](@docroot@/command-ref/conf-file.md#file-format) paths relative to
+your home directory.
+
+Only user configuration files (like `$XDG_CONFIG_HOME/nix/nix.conf` or the
+files listed in `$NIX_USER_CONF_FILES`) can use tilde paths relative to your
+home directory. Configuration listed in the `$NIX_CONFIG` environment variable
+may not use relative paths.

doc/manual/rl-next/repl-complete-colon.md

@@ -1,8 +0,0 @@
----
-synopsis: "`nix repl` now allows tab-completing the special repl :colon commands"
-cls: 1367
-credits: Qyriad
-category: Improvements
----
-
-The REPL (`nix repl`) supports pressing `<TAB>` to complete a partial expression, but now also supports completing the special :colon commands as well (`:b`, `:edit`, `:doc`, etc), if the line starts with a colon.

doc/manual/rl-next/stack-traces.md

@@ -0,0 +1,26 @@
+---
+synopsis: "Some Lix crashes now produce reporting instructions and a stack trace, then abort"
+cls: [1854]
+category: Improvements
+credits: jade
+---
+
+Lix, being a C++ program, can crash in a few kinds of ways.
+It can obviously do a memory access violation, which will generate a core dump and thus be relatively debuggable.
+But, worse, it could throw an unhandled exception, and, in the past, we would just show the message but not where it comes from, in spite of this always being a bug, since we expect all such errors to be translated to a Lix specific error.
+Now the latter kind of bug should print reporting instructions, a rudimentary stack trace and (depending on system configuration) generate a core dump.
+
+Sample output:
+
+```
+Lix crashed. This is a bug. We would appreciate if you report it along with what caused it at https://git.lix.systems/lix-project/lix/issues with the following information included:
+
+Exception: std::runtime_error: test exception
+Stack trace:
+ 0# nix::printStackTrace() in /home/jade/lix/lix3/build/src/nix/../libutil/liblixutil.so
+ 1# 0x000073C9862331F2 in /home/jade/lix/lix3/build/src/nix/../libmain/liblixmain.so
+ 2# 0x000073C985F2E21A in /nix/store/p44qan69linp3ii0xrviypsw2j4qdcp2-gcc-13.2.0-lib/lib/libstdc++.so.6
+ 3# 0x000073C985F2E285 in /nix/store/p44qan69linp3ii0xrviypsw2j4qdcp2-gcc-13.2.0-lib/lib/libstdc++.so.6
+ 4# nix::handleExceptions(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>) in /home/jade/lix/lix3/build/src/nix/../libmain/liblixmain.so
+ ...
+```

doc/manual/rl-next/verify-tls.md

@@ -0,0 +1,10 @@
+---
+synopsis: "`<nix/fetchurl.nix>` now uses TLS verification"
+category: Fixes
+prs: [11585]
+credits: edolstra
+---
+
+Previously `<nix/fetchurl.nix>` did not do TLS verification. This was because the Nix sandbox in the past did not have access to TLS certificates, and Nix checks the hash of the fetched file anyway. However, this can expose authentication data from `netrc` and URLs to man-in-the-middle attackers. In addition, Nix now in some cases (such as when using impure derivations) does *not* check the hash. Therefore we have now enabled TLS verification. This means that downloads by `<nix/fetchurl.nix>` will now fail if you're fetching from a HTTPS server that does not have a valid certificate.
+
+`<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It's not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue.

doc/manual/src/SUMMARY.md

@@ -192,12 +192,14 @@
   - [Hacking](contributing/hacking.md)
   - [Testing](contributing/testing.md)
   - [Experimental Features](contributing/experimental-features.md)
+  - [Deprecated Features](contributing/deprecated-features.md)
   - [CLI guideline](contributing/cli-guideline.md)
   - [C++ style guide](contributing/cxx.md)
 - [Release Notes](release-notes/release-notes.md)
   - [Upcoming release](release-notes/rl-next.md)
-  <!-- RELENG-AUTO-INSERTION-MARKER (see releng/release_notes.py) -->
-  - [Lix 2.90 (FIXME date)](release-notes/rl-2.90.md)
+    <!-- RELENG-AUTO-INSERTION-MARKER (see releng/release_notes.py) -->
+  - [Lix 2.91 (2024-08-12)](release-notes/rl-2.91.md)
+  - [Lix 2.90 (2024-07-10)](release-notes/rl-2.90.md)
   - [Nix 2.18 (2023-09-20)](release-notes/rl-2.18.md)
   - [Nix 2.17 (2023-07-24)](release-notes/rl-2.17.md)
   - [Nix 2.16 (2023-05-31)](release-notes/rl-2.16.md)

doc/manual/src/command-ref/meson.build

@@ -1,23 +1,37 @@
-xp_features_json = custom_target(
-  command : [nix, '__dump-xp-features'],
-  capture : true,
-  output : 'xp-features.json',
-)
-
 experimental_features_shortlist_md = custom_target(
   command : nix_eval_for_docs + [
     '--expr',
-    'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
+    'import @INPUT0@ "experimental" "xp" (builtins.fromJSON (builtins.readFile @INPUT1@))',
   ],
   input : [
-    '../../generate-xp-features-shortlist.nix',
-    xp_features_json,
+    '../../generate-features-shortlist.nix',
+    nix_exp_features_json,
   ],
   capture : true,
   output : 'experimental-features-shortlist.md',
   env : nix_env_for_docs,
 )
 
+dp_features_json = custom_target(
+  command : [nix, '__dump-dp-features'],
+  capture : true,
+  output : 'dp-features.json',
+)
+
+deprecated_features_shortlist_md = custom_target(
+  command : nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT0@ "deprecated" "dp" (builtins.fromJSON (builtins.readFile @INPUT1@))',
+  ],
+  input : [
+    '../../generate-features-shortlist.nix',
+    dp_features_json,
+  ],
+  capture : true,
+  output : 'deprecated-features-shortlist.md',
+  env : nix_env_for_docs,
+)
+
 # Intermediate step for manpage generation.
 # This splorks the output of generate-manpage.nix as JSON,
 # which gets written as a directory tree below.
@@ -60,6 +74,7 @@ conf_file_md = custom_target(
     '../../utils.nix',
     conf_file_json,
     experimental_features_shortlist_md,
+    deprecated_features_shortlist_md,
   ],
   output : 'conf-file.md',
   env : nix_env_for_docs,

doc/manual/src/command-ref/opt-common.md

@@ -78,6 +78,16 @@ Most commands in Lix accept the following command-line options:
 
     Display the raw logs, with the progress bar at the bottom.
 
+  - `multiline`
+
+    Display a progress bar during the builds and in the lines below that one line per activity.
+
+
+  - `multiline-with-logs`
+
+    Displayes the raw logs, with a progress bar and activities each in a new line at the bottom.
+
+
 - <span id="opt-no-build-output">[`--no-build-output`](#opt-no-build-output)</span> / `-Q`
 
   By default, output written by builders to standard output and standard error is echoed to the Lix command's standard error.

doc/manual/src/contributing/deprecated-features.md

@@ -0,0 +1,37 @@
+This section describes the notion of *deprecated features*, and how it fits into the big picture of the development of Lix.
+
+# What are deprecated features?
+
+Deprecated features are disabled by default, with the intent to eventually remove them.
+Users must explicitly enable them to keep using them, by toggling the associated [deprecated feature flags](@docroot@/command-ref/conf-file.md#conf-deprecated-features).
+This allows backwards compatibility and a graceful transition away from undesired features.
+
+# Which features can be deprecated?
+
+Undesired features should be soft-deprecated by yielding a warning when used for a significant amount of time before the can be deprecated.
+Legacy obsolete feature with little to no usage may go through this process faster.
+Deprecated features should have a migration path to a preferred alternative.
+
+# Lifecycle of a deprecated feature
+
+This description is not normative, but a feature removal may roughly happen like this:
+
+1. Add a warning when the feature is being used.
+2. Disable the feature by default, putting it behind a deprecated feature flag.
+  - If disabling the feature started out as an opt-in experimental feature, turn that experimental flag into a no-op or remove it entirely.
+    For example, `--extra-experimental-features=no-url-literals` becomes `--extra-deprecated-features=url-literals`.
+3. Decide on a time frame for how long that feature will still be supported for backwards compatibility, and clearly communicate that in the error messages.
+  - Sometimes, automatic migration to alternatives is possible, and such should be provided if possible
+  - At least one NixOS release cycle should be the minimum
+4. Finally remove the feature entirely, only keeping the error message for those still using it.
+
+# Relation to language versioning
+
+Obviously, removing anything breaks backwards compatibility.
+In an ideal world, we'd have SemVer controls over the language and its features, cleanly allowing us to make breaking changes.
+See https://wiki.lix.systems/books/lix-contributors/page/language-versioning and [RFC 137](https://github.com/nixos/rfcs/pull/137) for efforts on that.
+However, we do not live in such an ideal world, and currently this goal is so far away, that "just disable it with some back-compat for a couple of years" is the most realistic solution, especially for comparatively minor changes.
+
+# Currently available deprecated features
+
+{{#include @generated@/contributing/deprecated-feature-descriptions.md}}

doc/manual/src/contributing/hacking.md

@@ -39,17 +39,19 @@ $ nix-shell -A native-clangStdenvPackages
 
 ### Building from the development shell
 
-As always you may run [stdenv's phases by name](https://nixos.org/manual/nixpkgs/unstable/#sec-building-stdenv-package-in-nix-shell), e.g.:
+You can build and test Lix with just:
 
 ```bash
-$ configurePhase
-$ buildPhase
-$ checkPhase
-$ installPhase
-$ installCheckPhase
+$ just setup
+$ just build
+$ just test --suite=check
+$ just install
+$ just test --suite=installcheck
 ```
 
-To build manually, however, use the following:
+(Check and installcheck may both be done after install, allowing you to omit the --suite argument entirely, but this is the order package.nix runs them in.)
+
+You can also build Lix manually:
 
 ```bash
 $ meson setup ./build "--prefix=$out" $mesonFlags
@@ -64,9 +66,7 @@ $ meson install -C build
 $ meson test -C build --suite=installcheck
 ```
 
-(Check and installcheck may both be done after install, allowing you to omit the --suite argument entirely, but this is the order package.nix runs them in.)
-
-This will install Lix to `$PWD/outputs`, the `/bin` of which is prepended to PATH in the development shells.
+In both cases, Lix will be installed to `$PWD/outputs`, the `/bin` of which is prepended to PATH in the development shells.
 
 If the tests fail and Meson helpfully has no output for why, use the `--print-error-logs` option to `meson test`.
 
@@ -168,8 +168,27 @@ or for Nix with the [`flakes`] and [`nix-command`] experimental features enabled
 $ nix build .#packages.aarch64-linux.default
 ```
 
-Cross-compiled builds are available for ARMv6 (`armv6l-linux`) and ARMv7 (`armv7l-linux`).
-Add more [system types](#system-type) to `crossSystems` in `flake.nix` to bootstrap Nix on unsupported platforms.
+### Cross compiling using the Lix flake
+
+Lix can also be easily cross compiled to the following arbitrarily-chosen system doubles, which can be useful for bootstrapping Lix on new platforms.
+These are specified in `crossSystems` in `flake.nix`; feel free to submit changes to add new ones if they are useful to you.
+
+- `armv6l-linux`
+- `armv7l-linux`
+- `aarch64-linux`
+- `riscv64-linux`
+
+For example, to cross-compile Lix for `armv6l-linux` from another Linux, use the following:
+
+```console
+$ nix build .#nix-armv6l-linux
+```
+
+It's also possible to cross-compile a tarball of binaries suitable for the Lix installer, for example, for `riscv64-linux`:
+
+```console
+$ nix build .#nix-riscv64-linux.passthru.binaryTarball
+```
 
 ### Building for multiple platforms at once
 
@@ -282,9 +301,8 @@ Regular markdown files used for the manual have a base path of their own and the
 
 ## API documentation
 
-Doxygen API documentation is [available
-online](https://hydra.nixos.org/job/nix/master/internal-api-docs/latest/download-by-type/doc/internal-api-docs). You
-can also build and view it yourself:
+Doxygen API documentation will be available online in the future ([tracking issue](https://git.lix.systems/lix-project/lix/issues/422)).
+You can also build and view it yourself:
 
 ```console
 # nix build .#hydraJobs.internal-api-docs
@@ -294,44 +312,50 @@ can also build and view it yourself:
 or inside a `nix develop` shell by running:
 
 ```bash
+$ meson configure build -Dinternal-api-docs=enabled
 $ meson compile -C build internal-api-docs
 $ xdg-open ./outputs/doc/share/doc/nix/internal-api/html/index.html
 ```
 
 ## Coverage analysis
 
-A coverage analysis report is [available
-online](https://hydra.nixos.org/job/nix/master/coverage/latest/download-by-type/report/coverage). You
-can build it yourself:
+A coverage analysis report will be available online in the future (FIXME(lix-hydra)).
+You can build it yourself:
 
 ```
 # nix build .#hydraJobs.coverage
 # xdg-open ./result/coverage/index.html
 ```
 
-Metrics about the change in line/function coverage over time are also
-[available](https://hydra.nixos.org/job/nix/master/coverage#tabs-charts).
+Metrics about the change in line/function coverage over time will be available in the future (FIXME(lix-hydra)).
 
 ## Add a release note
 
 `doc/manual/rl-next` contains release notes entries for all unreleased changes.
 
 User-visible changes should come with a release note.
+Developer-facing changes should have a release note in the Development category if they are significant and if developers should know about them.
 
 ### Add an entry
 
-Here's what a complete entry looks like. The file name is not incorporated in the document.
+Here's what a complete entry looks like.
+The file name is not incorporated in the final document, and is generally a super brief summary of the change synopsis.
 
-```
+```markdown
 ---
 synopsis: Basically a title
 # 1234 or gh#1234 will refer to CppNix GitHub, fj#1234 will refer to a Lix forgejo issue.
 issues: [1234, fj#1234]
-# Use this *only* if there is a CppNix pull request associated with this change
+# Use this *only* if there is a CppNix pull request associated with this change.
 prs: 1238
-# List of Lix Gerrit changelist numbers; if there is an associated Lix GitHub
-# PR, just put in the Gerrit CL number.
+# List of Lix Gerrit changelist numbers.
+# If there is an associated Lix GitHub PR, just put in the Gerrit CL number.
 cls: [123]
+# Heading that this release note will appear under.
+category: Breaking Changes
+# Add a credit mention in the bottom of the release note.
+# your-name is used as a key into doc/manual/change-authors.yml for metadata
+credits: [your-name]
 ---
 
 Here's one or more paragraphs that describe the change.
@@ -346,6 +370,31 @@ Significant changes should add the following header, which moves them to the top
 significance: significant
 ```
 
+The following categories of release notes are supported (see `maintainers/build-release-notes.py`):
+- Breaking Changes
+- Features
+- Improvements
+- Fixes
+- Packaging
+- Development
+- Miscellany
+
+The `credits` field, if present, gives credit to the author of the patch in the release notes with a message like "Many thanks to (your-name) for this" and linking to GitHub or Forgejo profiles if listed.
+
+If you are forward-porting a change from CppNix, please credit the original author, and optionally credit yourself.
+When adding credits metadata for people external to the project and deciding whether to put in a `display_name`, consider what they are generally known as in the community; even if you know their full name (e.g. from their GitHub profile), we suggest only adding it as a display name if that is what they go by in the community.
+There are multiple reasons we follow this practice, but it boils down to privacy and consent: we would rather not capture full names that are not widely used in the community without the consent of the parties involved, even if they are publicly available.
+As of this writing, the entries with full names as `display_name` are either members of the CppNix team or people who added them themselves.
+
+The names specified in `credits` are used as keys to look up the authorship info in `doc/manual/change-authors.yml`.
+The only mandatory part is that every key appearing in `credits` has an entry present in `change-authors.yml`.
+All of the following properties are optional; you can specify `{}` as the metadata if you want a simple non-hyperlinked mention.
+The following properties are supported:
+
+- `display_name`: display name used in place of the key when showing names, if present.
+- `forgejo`: Forgejo username. The name in the release notes will be a link to this, if present.
+- `github`: GitHub username, used if `forgejo` is not set, again making a link.
+
 ### Build process
 
 Releases have a precomputed `rl-MAJOR.MINOR.md`, and no `rl-next.md`.

doc/manual/src/contributing/meson.build

@@ -4,12 +4,25 @@
 experimental_feature_descriptions_md = custom_target(
   command : nix_eval_for_docs + [
     '--expr',
-    'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
+    'import @INPUT0@ "experimental" "xp" (builtins.fromJSON (builtins.readFile @INPUT1@))',
   ],
   input : [
-    '../../generate-xp-features.nix',
-    xp_features_json,
+    '../../generate-features.nix',
+    nix_exp_features_json,
   ],
   capture : true,
   output : 'experimental-feature-descriptions.md',
 )
+
+deprecated_feature_descriptions_md = custom_target(
+  command : nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT0@ "deprecated" "dp" (builtins.fromJSON (builtins.readFile @INPUT1@))',
+  ],
+  input : [
+    '../../generate-features.nix',
+    dp_features_json,
+  ],
+  capture : true,
+  output : 'deprecated-feature-descriptions.md',
+)

doc/manual/src/contributing/testing.md

@@ -247,7 +247,6 @@ To ensure that characterization testing doesn't make it harder to intentionally
 
 The integration tests are defined in the Nix flake under the `hydraJobs.tests` attribute.
 These tests include everything that needs to interact with external services or run Lix in a non-trivial distributed setup.
-Because these tests are expensive and require more than what the standard github-actions setup provides, they only run on the master branch (on <https://hydra.nixos.org/jobset/nix/master>).
 
 You can run them manually with `nix build .#hydraJobs.tests.{testName}` or `nix-build -A hydraJobs.tests.{testName}`
 
@@ -428,14 +427,12 @@ I grepped `src/` for `get[eE]nv\("` to find the mentions in Lix code.
 - `NIX_SHOW_STATS_PATH` - Writes those statistics into a file at the given path instead of stdout. Undocumented.
 - `NIX_SHOW_SYMBOLS` - Dumps the symbol table into the show-stats json output.
 - `TERM` - If `dumb` or unset, disables ANSI colour output.
+- `FORCE_COLOR`, `CLICOLOR_FORCE` - Enables ANSI colour output if `NO_COLOR`/`NOCOLOR` not set.
 - `NO_COLOR`, `NOCOLOR` - Disables ANSI colour output.
 - `_NIX_DEVELOPER_SHOW_UNKNOWN_LOCATIONS` - Highlights unknown locations in errors.
 - `NIX_PROFILE` - Selects which profile `nix-env` will operate on. Documented elsewhere.
 - `NIX_SSHOPTS` - Options passed to `ssh(1)` when using a ssh remote store.
   Incorrectly documented on `nix-copy-closure` which is *surely* not the only place they are used??
-- `_NIX_TEST_NO_LSOF` - Used on non-Linux, non-macOS platforms to disable using `lsof` when finding gc roots.
-
-  Since https://git.lix.systems/lix-project/lix/issues/156 was fixed, this should probably just be removed as it was a bad workaround for a macOS issue.
 - `_NIX_TEST_GC_SYNC_1` - Path to a pipe that is used to block the GC briefly to validate invariants from the test suite.
 - `_NIX_TEST_GC_SYNC_2` - Path to a pipe that is used to block the GC briefly to validate invariants from the test suite.
 - `_NIX_TEST_FREE_SPACE_FILE` - Path to a file containing a decimal number with the free space that the GC is to believe it has.

doc/manual/src/installation/multi-user.md

@@ -36,7 +36,10 @@ All users of the Lix daemon may do the following to bring things into the Nix st
     - Input-addressed, so they are run in the sandbox with no network access, with the following exceptions:
 
       - The (poorly named, since it is not *just* about chroot) property `__noChroot` is set on the derivation and `sandbox` is set to `relaxed`.
-      - On macOS, the derivation property `__darwinAllowLocalNetworking` allows network access to localhost from input-addressed derivations regardless of the `sandbox` setting value. This property exists with such semantics because macOS has no network namespace equivalent to isolate individual processes' localhost networking.
+      - On macOS, the derivation property `__darwinAllowLocalNetworking` allows network access to localhost from input-addressed derivations regardless of the `sandbox` setting value.
+        This property exists with such semantics because macOS has no network namespace equivalent to isolate individual processes' localhost networking.
+      - On macOS, the derivation property `__sandboxProfile` accepts extra sandbox profile S-expressions, allowing derivations to bypass arbitrary parts of the sandbox without altogether disabling it.
+        This is only permitted when `sandbox` is set to `relaxed`.
     - Output-addressed, so they are run with network access but their result must match an expected hash.
 
   Trusted users may set any setting, including `sandbox = false`, so the sandbox state can be different at runtime from what is described in `nix.conf` for builds invoked with such settings.

doc/manual/src/language/advanced-attributes.md

@@ -292,6 +292,12 @@ Derivations can declare some infrequently used optional attributes.
     (associative) arrays. For example, the attribute `hardening.format = true`
     ends up as the Bash associative array element `${hardening[format]}`.
 
+    > **Warning**
+    >
+    > If set to `true`, other advanced attributes such as [`allowedReferences`](#adv-attr-allowedReferences), [`allowedReferences`](#adv-attr-allowedReferences), [`allowedRequisites`](#adv-attr-allowedRequisites),
+    [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites), maxSize, and maxClosureSize.
+    will have no effect.
+
   - [`outputChecks`]{#adv-attr-outputChecks}\
     When using [structured attributes](#adv-attr-structuredAttrs), the `outputChecks`
     attribute allows defining checks per-output.
@@ -326,7 +332,6 @@ Derivations can declare some infrequently used optional attributes.
     ```
 
   - [`unsafeDiscardReferences`]{#adv-attr-unsafeDiscardReferences}\
-
     When using [structured attributes](#adv-attr-structuredAttrs), the
     attribute `unsafeDiscardReferences` is an attribute set with a boolean value for each output name.
     If set to `true`, it disables scanning the output for runtime dependencies.

doc/manual/src/language/operators.md

@@ -26,6 +26,8 @@
 | Logical conjunction (`AND`)            | *bool* `&&` *bool*                         | left          | 12         |
 | Logical disjunction (`OR`)             | *bool* <code>\|\|</code> *bool*            | left          | 13         |
 | [Logical implication]                  | *bool* `->` *bool*                         | none          | 14         |
+| \[Experimental\] [Function piping]     | *expr* |> *func*                           | left          | 15         |
+| \[Experimental\] [Function piping]     | *expr* <| *func*                           | right         | 16         |
 
 [string]: ./values.md#type-string
 [path]: ./values.md#type-path
@@ -59,8 +61,10 @@ The result is a [Boolean] value.
 
 ## Arithmetic
 
-Numbers are type-compatible:
-Pure integer operations will always return integers, whereas any operation involving at least one floating point number return a floating point number.
+Numbers will retain their type unless mixed with other numeric types:
+Pure integer operations will always return integers, whereas any operation involving at least one floating point number returns a floating point number.
+
+Integer overflow (of 64-bit signed integers) and division by zero are defined to throw an error.
 
 See also [Comparison] and [Equality].
 
@@ -143,21 +147,103 @@ All comparison operators are implemented in terms of `<`, and the following equi
 | *a* `>`  *b* |       *b* `<` *a*     |
 | *a* `>=` *b* | `! (` *a* `<` *b* `)` |
 
+Note that the above behaviour violates IEEE 754 for floating point numbers with respect to NaN, for instance.
+This may be fixed in a future major language revision.
+
 [Comparison]: #comparison-operators
 
 ## Equality
 
-- [Attribute sets][attribute set] and [list]s are compared recursively, and therefore are fully evaluated.
-- Comparison of [function]s always returns `false`.
-- Numbers are type-compatible, see [arithmetic] operators.
-- Floating point numbers only differ up to a limited precision.
+The following equality comparison rules are followed in order:
+
+- Comparisons are first, sometimes, performed by identity (pointer value), and whether or not this occurs varies depending on the context in which the comparison is performed; for example, through `builtins.elem`, comparison of lists, or other cases.
+  The exact instances in which this occurs, aside from direct list and attribute set comparisons as discussed below, are too dependent on implementation details to meaningfully document.
+
+  See [note on identity comparison](#identity-comparison) below.
+- Comparisons between a combination of integers and floating point numbers are first converted to floating point then compared as floating point.
+- Comparisons between values of differing types, besides the ones mentioned in the above rule, are unequal.
+- Strings are compared as their string values, disregarding string contexts.
+- Paths are compared as their absolute form (since they are stored as such).
+- [Functions][function] are always considered unequal, including with themselves.
+- The following are compared in the typical manner:
+  - Integers
+  - Floating point numbers have equality comparison per IEEE 754.
+
+    Note that this means that just like in most languages, floating point arithmetic results are not typically equality comparable, and should instead be compared by checking that the absolute difference is less than some error margin.
+  - Booleans
+  - Null
+- [Attribute sets][attribute set] are compared following these rules in order:
+  - If both attribute sets have the same identity (via pointer equality), they are considered equal, regardless of whether the contents have reflexive equality (e.g. even if there are functions contained within).
+
+    See [note on identity comparison](#identity-comparison) below.
+  - If both attribute sets have `type = "derivation"` and have an attribute `outPath` that is equal, they are considered equal.
+
+    This means that two results of `builtins.derivation`, regardless of other things added to their attributes via `//` afterwards (or `passthru` in nixpkgs), will compare equal if they passed the same arguments to `builtins.derivation`.
+  - Otherwise, they are compared element-wise in an unspecified order.
+    Although this order *may* be deterministic in some cases, this is not guaranteed, and correct code must not rely on this ordering behaviour.
+
+    The order determines which elements are evaluated first and thus, if there are throwing values in the attribute set, which of those get evaluated, if any, before the comparison returns an unequal result.
+- Lists are compared following these rules in order:
+  - If both lists have the same identity (via pointer equality), they are considered equal, regardless of whether the contents have reflexive equality (e.g. even if there are functions contained within).
+
+    See [note on identity comparison](#identity-comparison) below.
+  - Otherwise, they are compared element-wise in list order.
 
 [function]: ./constructs.md#functions
 
 [Equality]: #equality
 
+### Identity comparison
+
+In the current revision of the Nix language, values are first compared by identity (pointer equality).
+This means that values that are not reflexively equal (that is, they do not satisfy `a == a`), such as functions, are nonetheless sometimes compared as equal with themselves if they are placed in attribute sets or lists, or are compared through other indirect means.
+
+Whether identity comparison applies to a given usage of the language aside from direct list and attribute set comparison is strongly dependent on implementation details to the point it is not feasible to document the exact instances.
+
+This is rather unfortunate behaviour which is regrettably load-bearing on nixpkgs (such as with the `type` attribute of NixOS options) and cannot be changed for the time being.
+It may be changed in a future major language revision.
+
+Correct code must not rely on this behaviour.
+
+For example:
+
+```
+nix-repl> let f = x: 1; s = { func = f; }; in [ (f == f) (s == s) ]
+[ false true ]
+```
+
 ## Logical implication
 
 Equivalent to `!`*b1* `||` *b2*.
 
 [Logical implication]: #logical-implication
+
+## \[Experimental\] Function piping
+
+*This language feature is still experimental and may change at any time. Enable `--extra-experimental-features pipe-operator` to use it.*
+
+Pipes are a dedicated operator for function application, but with reverse order and a lower binding strength.
+This allows you to chain function calls together in way that is more natural to read and requires less parentheses.
+
+`a |> f b |> g` is equivalent to `g (f b a)`.
+`g <| f b <| a` is equivalent to `g (f b a)`.
+
+Example code snippet:
+
+```nix
+defaultPrefsFile = defaultPrefs
+  |> lib.mapAttrsToList (
+    key: value: ''
+      // ${value.reason}
+      pref("${key}", ${builtins.toJSON value.value});
+    ''
+  )
+  |> lib.concatStringsSep "\n"
+  |> pkgs.writeText "nixos-default-prefs.js";
+```
+
+Note how `mapAttrsToList` is called with two arguments (the lambda and `defaultPrefs`),
+but moving the last argument in front of the rest improves the reading flow.
+This is common for functions with long first argument, including all `map`-like functions.
+
+[Function piping]: #experimental-function-piping

doc/manual/src/language/values.md

@@ -7,13 +7,16 @@
   *Strings* can be written in three ways.
 
   The most common way is to enclose the string between double quotes,
-  e.g., `"foo bar"`. Strings can span multiple lines. The special
-  characters `"` and `\` and the character sequence `${` must be
-  escaped by prefixing them with a backslash (`\`). Newlines, carriage
-  returns and tabs can be written as `\n`, `\r` and `\t`,
-  respectively.
+  e.g., `"foo bar"`. Strings can span multiple lines. The backslash
+  (`\`) can be used to escape characters: newlines, carriage returns
+  and tabs may be written as `\n`, `\r` and `\t` respectively; any
+  other characters can be preceded by a backslash to remove any
+  special meaning they may have, like the special characters `"` and
+  `\` and the character sequence `${`.
 
   You can include the results of other expressions into a string by enclosing them in `${ }`, a feature known as [string interpolation].
+  Due to a parser issue that has since come to be relied upon, the character sequence `$${` is interpreted literally and does not introduce an interpolation.
+  To express a `$` character immediately followed by an interpolation, the former must be escaped.
 
   [string interpolation]: ./string-interpolation.md
 
@@ -43,16 +46,16 @@
   Note that the whitespace and newline following the opening `''` is
   ignored if there is no non-whitespace text on the initial line.
 
-  Indented strings support [string interpolation].
-
   Since `${` and `''` have special meaning in indented strings, you
   need a way to quote them. `$` can be escaped by prefixing it with
   `''` (that is, two single quotes), i.e., `''$`. `''` can be escaped
-  by prefixing it with `'`, i.e., `'''`. `$` removes any special
-  meaning from the following `$`. Linefeed, carriage-return and tab
+  by prefixing it with `'`, i.e., `'''`. Linefeed, carriage-return and tab
   characters can be written as `''\n`, `''\r`, `''\t`, and `''\`
   escapes any other character.
 
+  Indented strings support [string interpolation] using `${ }` the same way regular strings do.
+  `$${` is interpreted literally in indented strings as well, so the `$` character must be escaped if it is to be followed by an interpolation.
+
   Indented strings are primarily useful in that they allow multi-line
   string literals to follow the indentation of the enclosing Nix
   expression, and that less escaping is typically necessary for
@@ -74,17 +77,14 @@
   }
   ```
 
-  Finally, as a convenience, *URIs* as defined in appendix B of
-  [RFC 2396](http://www.ietf.org/rfc/rfc2396.txt) can be written *as
-  is*, without quotes. For instance, the string
-  `"http://example.org/foo.tar.bz2"` can also be written as
-  `http://example.org/foo.tar.bz2`.
-
 - <a id="type-number" href="#type-number">Number</a>
 
   Numbers, which can be *integers* (like `123`) or *floating point*
   (like `123.43` or `.27e13`).
 
+  Integers in the Nix language are 64-bit signed integers.
+  Integer overflow is defined to throw an error.
+
   See [arithmetic] and [comparison] operators for semantics.
 
   [arithmetic]: ./operators.md#arithmetic

doc/manual/src/release-notes/rl-2.90.md

@@ -1,7 +1,7 @@
-# Lix 2.90 "Vanilla Ice Cream" (FIXME date)
+# Lix 2.90 "Vanilla Ice Cream" (2024-07-10)
 
 
-# Lix 2.90.0 (FIXME date)
+# Lix 2.90.0 (2024-07-10)
 
 ## Breaking Changes
 - Deprecate the online flake registries and vendor the default registry [fj#183](https://git.lix.systems/lix-project/lix/issues/183) [fj#110](https://git.lix.systems/lix-project/lix/issues/110) [fj#116](https://git.lix.systems/lix-project/lix/issues/116) [#8953](https://github.com/NixOS/nix/issues/8953) [#9087](https://github.com/NixOS/nix/issues/9087) [cl/1127](https://gerrit.lix.systems/c/lix/+/1127)

doc/manual/src/release-notes/rl-2.91.md

@@ -0,0 +1,489 @@
+# Lix 2.91 "Dragon's Breath" (2024-08-12)
+
+
+# Lix 2.91.0 (2024-08-12)
+
+## Breaking Changes
+- Block io_uring in the Linux sandbox [cl/1611](https://gerrit.lix.systems/c/lix/+/1611)
+
+  The io\_uring API has the unfortunate property that it is not possible to selectively decide which operations should be allowed.
+  This, together with the fact that new operations are routinely added, makes it a hazard to the proper function of the sandbox.
+
+  Therefore, any access to io\_uring has been made unavailable inside the sandbox.
+  As such, attempts to execute any system calls forming part of this API will fail with the error `ENOSYS`, as if io\_uring support had not been configured into the kernel.
+
+  Many thanks to [alois31](https://git.lix.systems/alois31) for this.
+- The `build-hook` setting is now deprecated
+
+  Build hooks communicate with the daemon using a custom, internal, undocumented protocol that is entirely unversioned and cannot be changed.
+  Since we intend to change it anyway we must unfortunately deprecate the current build hook infrastructure.
+  We do not expect this to impact most users—we have not found any uses of `build-hook` in the wild—but if this does affect you, we'd like to hear from you!
+- Lix no longer speaks the Nix remote-build worker protocol to clients or servers older than CppNix 2.3 [fj#325](https://git.lix.systems/lix-project/lix/issues/325) [cl/1207](https://gerrit.lix.systems/c/lix/+/1207) [cl/1208](https://gerrit.lix.systems/c/lix/+/1208) [cl/1206](https://gerrit.lix.systems/c/lix/+/1206) [cl/1205](https://gerrit.lix.systems/c/lix/+/1205) [cl/1204](https://gerrit.lix.systems/c/lix/+/1204) [cl/1203](https://gerrit.lix.systems/c/lix/+/1203) [cl/1479](https://gerrit.lix.systems/c/lix/+/1479)
+
+  CppNix 2.3 was released in 2019, and is the new oldest supported version. We
+  will increase our support baseline in the future up to a final version of CppNix
+  2.18 (which may happen soon given that it is the only still-packaged and thus
+  still-tested >2.3 version), but this step already removes a significant amount
+  of dead, untested, code paths.
+
+  Lix speaks the same version of the protocol as CppNix 2.18 and that fact will
+  never change in the future; the Lix plans to replace the protocol for evolution
+  will entail a complete incompatible replacement that will be supported in
+  parallel with the old protocol. Lix will thus retain remote build compatibility
+  with CppNix as long as CppNix maintains protocol compatibility with 2.18, and
+  as long as Lix retains legacy protocol support (which will likely be a long
+  time given that we plan to convert it to a frozen-in-time shim).
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+
+## Features
+- Pipe operator `|>` (experimental) [fj#438](https://git.lix.systems/lix-project/lix/issues/438) [cl/1654](https://gerrit.lix.systems/c/lix/+/1654)
+
+  Implementation of the pipe operator (`|>`) in the language as described in [RFC 148](https://github.com/NixOS/rfcs/pull/148).
+  The feature is still marked experimental, enable `--extra-experimental-features pipe-operator` to use it.
+
+  Many thanks to [piegames](https://git.lix.systems/piegames) and [eldritch horrors](https://git.lix.systems/pennae) for this.
+
+## Improvements
+- Trace which part of a `foo.bar.baz` expression errors [cl/1505](https://gerrit.lix.systems/c/lix/+/1505) [cl/1506](https://gerrit.lix.systems/c/lix/+/1506)
+
+  Previously, if an attribute path selection expression like `linux_4_9.meta.description` it wouldn't show you which one of those parts in the attribute path, or even that that line of code is what caused evaluation of the failing expression.
+  The previous error looks like this:
+
+  ```
+  pkgs.linuxKernel.kernels.linux_4_9.meta.description
+
+  error:
+         … while evaluating the attribute 'linuxKernel.kernels.linux_4_9.meta.description'
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:5:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |     ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         … while calling the 'throw' builtin
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:17:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |                 ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         error: linux 4.9 was removed because it will reach its end of life within 22.11
+  ```
+
+  Now, the error will look like this:
+
+  ```
+  pkgs.linuxKernel.kernels.linux_4_9.meta.description
+
+  error:
+         … while evaluating the attribute 'linuxKernel.kernels.linux_4_9.meta.description'
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:5:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |     ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         … while evaluating 'pkgs.linuxKernel.kernels.linux_4_9' to select 'meta' on it
+           at «string»:1:1:
+              1| pkgs.linuxKernel.kernels.linux_4_9.meta.description
+               | ^
+
+         … caused by explicit throw
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:17:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |                 ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         error: linux 4.9 was removed because it will reach its end of life within 22.11
+  ```
+
+  Not only does the line of code that referenced the failing attribute show up in the trace, it also tells you that it was specifically the `linux_4_9` part that failed.
+
+  This includes if the failing part is a top-level binding:
+
+  ```
+  let
+    inherit (pkgs.linuxKernel.kernels) linux_4_9;
+  in linux_4_9.meta.description
+  error:
+         … while evaluating 'linux_4_9' to select 'meta.description' on it
+           at «string»:3:4:
+              2|   inherit (pkgs.linuxKernel.kernels) linux_4_9;
+              3| in linux_4_9.meta.description
+               |    ^
+
+         … while evaluating the attribute 'linux_4_9'
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:5:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |     ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         … caused by explicit throw
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:17:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |                 ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         error: linux 4.9 was removed because it will reach its end of life within 22.11
+  ```
+
+  Many thanks to [Qyriad](https://git.lix.systems/Qyriad) for this.
+- Confusing 'invalid path' errors are now 'path does not exist' [cl/1161](https://gerrit.lix.systems/c/lix/+/1161) [cl/1160](https://gerrit.lix.systems/c/lix/+/1160) [cl/1159](https://gerrit.lix.systems/c/lix/+/1159)
+
+  Previously, if a path did not exist in a Nix store, it was referred to as the internal name "path is invalid".
+  This is, however, very confusing, and there were numerous such errors that were exactly the same, making it hard to debug.
+  These errors are now more specific and refer to the path not existing in the store.
+
+  Many thanks to [julia](https://git.lix.systems/midnightveil) for this.
+- Add a `build-dir` setting to set the backing directory for builds [gh#10303](https://github.com/NixOS/nix/pull/10303) [gh#10312](https://github.com/NixOS/nix/pull/10312) [gh#10883](https://github.com/NixOS/nix/pull/10883) [cl/1514](https://gerrit.lix.systems/c/lix/+/1514)
+
+  `build-dir` can now be set in the Nix configuration to choose the backing directory for the build sandbox.
+  This can be useful on systems with `/tmp` on tmpfs, or simply to relocate large builds to another disk.
+
+  Also, `XDG_RUNTIME_DIR` is no longer considered when selecting the default temporary directory,
+  as it's not intended to be used for large amounts of data.
+
+  Many thanks to [Robert Hensing](https://github.com/roberth) and [Tom Bereknyei](https://github.com/tomberek) for this.
+- Better usage of colour control environment variables [cl/1699](https://gerrit.lix.systems/c/lix/+/1699) [cl/1702](https://gerrit.lix.systems/c/lix/+/1702)
+
+  Lix now heeds `NO_COLOR`/`NOCOLOR` for more output types, such as that used in `nix search`, `nix flake metadata` and similar.
+
+  It also now supports `CLICOLOR_FORCE`/`FORCE_COLOR` to force colours regardless of whether there is a terminal on the other side.
+
+  It now follows rules compatible with those described on <https://bixense.com/clicolors/> with `CLICOLOR` defaulted to enabled.
+
+  That is to say, the following procedure is followed in order:
+  - NO_COLOR or NOCOLOR set
+
+    Always disable colour
+  - CLICOLOR_FORCE or FORCE_COLOR set
+
+    Enable colour
+  - The output is a tty; TERM != "dumb"
+
+    Enable colour
+  - Otherwise
+
+    Disable colour
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Distinguish between explicit throws and errors that happened while evaluating a throw [cl/1511](https://gerrit.lix.systems/c/lix/+/1511)
+
+  Previously, errors caused by an expression like `throw "invalid argument"` were treated like an error that happened simply while some builtin function was being called:
+
+  ```
+  let
+    throwMsg = p: throw "${p} isn't the right package";
+  in throwMsg "linuz"
+
+  error:
+         … while calling the 'throw' builtin
+           at «string»:2:17:
+              1| let
+              2|   throwMsg = p: throw "${p} isn't the right package";
+               |                 ^
+              3| in throwMsg "linuz"
+
+         error: linuz isn't the right package
+  ```
+
+  But the error didn't just happen "while" calling the `throw` builtin — it's a throw error!
+  Now it looks like this:
+
+  ```
+  let
+    throwMsg = p: throw "${p} isn't the right package";
+  in throwMsg "linuz"
+
+  error:
+         … caused by explicit throw
+           at «string»:2:17:
+              1| let
+              2|   throwMsg = p: throw "${p} isn't the right package";
+               |                 ^
+              3| in throwMsg "linuz"
+
+         error: linuz isn't the right package
+  ```
+
+  This also means that incorrect usage of `throw` or errors evaluating its arguments are easily distinguishable from explicit throws:
+
+  ```
+  let
+    throwMsg = p: throw "${p} isn't the right package";
+  in throwMsg { attrs = "error when coerced in string interpolation"; }
+
+  error:
+         … while calling the 'throw' builtin
+           at «string»:2:17:
+              1| let
+              2|   throwMsg = p: throw "${p} isn't the right package";
+               |                 ^
+              3| in throwMsg { attrs = "error when coerced in string interpolation"; }
+
+         … while evaluating a path segment
+           at «string»:2:24:
+              1| let
+              2|   throwMsg = p: throw "${p} isn't the right package";
+               |                        ^
+              3| in throwMsg { attrs = "error when coerced in string interpolation"; }
+
+         error: cannot coerce a set to a string: { attrs = "error when coerced in string interpolation"; }
+  ```
+
+  Here, instead of an actual thrown error, a type error happens first (trying to coerce an attribute set to a string), but that type error happened *while* calling `throw`.
+
+  Many thanks to [Qyriad](https://git.lix.systems/Qyriad) for this.
+- `nix flake metadata` prints modified date [cl/1700](https://gerrit.lix.systems/c/lix/+/1700)
+
+  Ever wonder "gee, when *did* I update nixpkgs"?
+  Wonder no more, because `nix flake metadata` now simply tells you the times every locked flake input was updated:
+
+  ```
+  <...>
+  Description:   The purely functional package manager
+  Path:          /nix/store/c91yi8sxakc2ry7y4ac1smzwka4l5p78-source
+  Revision:      c52cff582043838bbe29768e7da232483d52b61d-dirty
+  Last modified: 2024-07-31 22:15:54
+  Inputs:
+  ├───flake-compat: github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33
+  │   Last modified: 2023-10-04 06:37:54
+  ├───nix2container: github:nlewo/nix2container/3853e5caf9ad24103b13aa6e0e8bcebb47649fe4
+  │   Last modified: 2024-07-10 13:15:56
+  ├───nixpkgs: github:NixOS/nixpkgs/e21630230c77140bc6478a21cd71e8bb73706fce
+  │   Last modified: 2024-07-25 11:26:27
+  ├───nixpkgs-regression: github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2
+  │   Last modified: 2022-01-24 11:20:45
+  └───pre-commit-hooks: github:cachix/git-hooks.nix/f451c19376071a90d8c58ab1a953c6e9840527fd
+      Last modified: 2024-07-15 04:21:09
+  ```
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Hash mismatch diagnostics for fixed-output derivations include the URL [cl/1536](https://gerrit.lix.systems/c/lix/+/1536)
+
+  Now, when building fixed-output derivations, Lix will guess the URL that was used in the derivation using the `url` or `urls` properties in the derivation environment.
+  This is a layering violation but making these diagnostics tractable when there are multiple instances of the `AAAA` hash is too significant of an improvement to pass it up.
+
+  ```
+  error: hash mismatch in fixed-output derivation '/nix/store/sjfw324j4533lwnpmr5z4icpb85r63ai-x1.drv':
+          likely URL: https://meow.puppy.forge/puppy.tar.gz
+           specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+              got:    sha256-a1Qvp3FOOkWpL9kFHgugU1ok5UtRPSu+NwCZKbbaEro=
+  ```
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Add log formats `multiline` and `multiline-with-logs` [cl/1369](https://gerrit.lix.systems/c/lix/+/1369)
+
+  Added two new log formats (`multiline` and `multiline-with-logs`) that display
+  current activities below each other for better visibility.
+
+  These formats attempt to use the maximum available lines
+  (defaulting to 25 if unable to determine) and print up to that many lines.
+  The status bar is displayed as the first line, with each subsequent
+  activity on its own line.
+
+  Many thanks to [kloenk](https://git.lix.systems/kloenk) for this.
+- Lix will now show the package descriptions in when running `nix flake show`. [cl/1540](https://gerrit.lix.systems/c/lix/+/1540)
+
+  When running `nix flake show`, Lix will now show the package descriptions, if they exist.
+
+  Before:
+
+  ```shell
+  $ nix flake show
+  path:/home/isabel/dev/lix-show?lastModified=1721736108&narHash=sha256-Zo8HP1ur7Q2b39hKUEG8EAh/opgq8xJ2jvwQ/htwO4Q%3D
+  └───packages
+      └───x86_64-linux
+          ├───aNoDescription: package 'simple'
+          ├───bOneLineDescription: package 'simple'
+          ├───cMultiLineDescription: package 'simple'
+          ├───dLongDescription: package 'simple'
+          └───eEmptyDescription: package 'simple'
+  ```
+
+  After:
+
+  ```shell
+  $ nix flake show
+  path:/home/isabel/dev/lix-show?lastModified=1721736108&narHash=sha256-Zo8HP1ur7Q2b39hKUEG8EAh/opgq8xJ2jvwQ/htwO4Q%3D
+  └───packages
+      └───x86_64-linux
+          ├───aNoDescription: package 'simple'
+          ├───bOneLineDescription: package 'simple' - 'one line'
+          ├───cMultiLineDescription: package 'simple' - 'line one'
+          ├───dLongDescription: package 'simple' - 'abcdefghijklmnopqrstuvwxyz'
+          └───eEmptyDescription: package 'simple'
+  ```
+
+  Many thanks to [kjeremy](https://github.com/kjeremy) and [isabelroses](https://git.lix.systems/isabelroses) for this.
+- Eliminate some pretty-printing surprises [#11100](https://github.com/NixOS/nix/pull/11100) [cl/1616](https://gerrit.lix.systems/c/lix/+/1616) [cl/1617](https://gerrit.lix.systems/c/lix/+/1617) [cl/1618](https://gerrit.lix.systems/c/lix/+/1618)
+
+  Some inconsistent and surprising behaviours have been eliminated from the pretty-printing used by the REPL and `nix eval`:
+  * Lists and attribute sets that contain only a single item without nested structures are no longer sometimes inappropriately indented in the REPL, depending on internal state of the evaluator.
+  * Empty attribute sets and derivations are no longer shown as `«repeated»`, since they are always cheap to print.
+    This matches the existing behaviour of `nix-instantiate` on empty attribute sets.
+    Empty lists were never printed as `«repeated»` already.
+  * The REPL by default does not print nested attribute sets and lists, and indicates elided items with an ellipsis.
+    Previously, the ellipsis was printed even when the structure was empty, so that such items do not in fact exist.
+    Since this behaviour was confusing, it does not happen any more.
+
+  Before:
+  ```
+  nix-repl> :p let x = 1 + 2; in [ [ x ] [ x ] ]
+  [
+    [
+      3
+    ]
+    [ 3 ]
+  ]
+
+  nix-repl> let inherit (import <nixpkgs> { }) hello; in [ hello hello ]
+  [
+    «derivation /nix/store/fqs92lzychkm6p37j7fnj4d65nq9fzla-hello-2.12.1.drv»
+    «repeated»
+  ]
+
+  nix-repl> let x = {}; in [ x ]
+  [
+    { ... }
+  ]
+  ```
+
+  After:
+  ```
+  nix-repl> :p let x = 1 + 2; in [ [ x ] [ x ] ]
+  [
+    [ 3 ]
+    [ 3 ]
+  ]
+
+  nix-repl> let inherit (import <nixpkgs> { }) hello; in [ hello hello ]
+  [
+    «derivation /nix/store/fqs92lzychkm6p37j7fnj4d65nq9fzla-hello-2.12.1.drv»
+    «derivation /nix/store/fqs92lzychkm6p37j7fnj4d65nq9fzla-hello-2.12.1.drv»
+  ]
+
+  nix-repl> let x = {}; in [ x ]
+  [
+    { }
+  ]
+  ```
+
+  Many thanks to [alois31](https://git.lix.systems/alois31) and [Robert Hensing](https://github.com/roberth) for this.
+- `nix registry add` now requires a shorthand flakeref on the 'from' side [cl/1494](https://gerrit.lix.systems/c/lix/+/1494)
+
+  The 'from' argument must now be a shorthand flakeref like `nixpkgs` or `nixpkgs/nixos-20.03`, making it harder to accidentally swap the 'from' and 'to' arguments.
+
+  Registry entries that map from other flake URLs can still be specified in registry.json, the `nix.registry` option in NixOS, or the `--override-flake` option in the CLI, but they are not guaranteed to work correctly.
+
+  Many thanks to [delan](https://git.lix.systems/delan) for this.
+- Allow automatic rejection of configuration options from flakes [cl/1541](https://gerrit.lix.systems/c/lix/+/1541)
+
+  Setting `accept-flake-config` to `false` now respects user choice by automatically rejecting configuration options set by flakes.
+  The old behaviour of asking each time is still available (and default) by setting it to the special value `ask`.
+
+  Many thanks to [alois31](https://git.lix.systems/alois31) for this.
+- `nix repl` now allows tab-completing the special repl :colon commands [cl/1367](https://gerrit.lix.systems/c/lix/+/1367)
+
+  The REPL (`nix repl`) supports pressing `<TAB>` to complete a partial expression, but now also supports completing the special :colon commands as well (`:b`, `:edit`, `:doc`, etc), if the line starts with a colon.
+
+  Many thanks to [Qyriad](https://git.lix.systems/Qyriad) for this.
+- `:edit`ing a file in Nix store no longer reloads the repl [fj#341](https://git.lix.systems/lix-project/lix/issues/341) [cl/1620](https://gerrit.lix.systems/c/lix/+/1620)
+
+  Calling `:edit` from the repl now only reloads if the file being edited was outside of Nix store.
+  That means that all the local variables are now preserved across `:edit`s of store paths.
+  This is always safe because the store is read-only.
+
+  Many thanks to [goldstein](https://git.lix.systems/goldstein) for this.
+- `:log` in repl now works on derivation paths [fj#51](https://git.lix.systems/lix-project/lix/issues/51) [cl/1716](https://gerrit.lix.systems/c/lix/+/1716)
+
+  `:log` can now accept store derivation paths in addition to derivation expressions.
+
+  Many thanks to [goldstein](https://git.lix.systems/goldstein) for this.
+
+## Fixes
+- Define integer overflow in the Nix language as an error [fj#423](https://git.lix.systems/lix-project/lix/issues/423) [cl/1594](https://gerrit.lix.systems/c/lix/+/1594) [cl/1595](https://gerrit.lix.systems/c/lix/+/1595) [cl/1597](https://gerrit.lix.systems/c/lix/+/1597) [cl/1609](https://gerrit.lix.systems/c/lix/+/1609)
+
+  Previously, integer overflow in the Nix language invoked C++ level signed overflow, which was undefined behaviour, but *probably* manifested as wrapping around on overflow.
+
+  Since prior to the public release of Lix, Lix had C++ signed overflow defined to crash the process and nobody noticed this having accidentally removed overflow from the Nix language for three months until it was caught by fiddling around.
+  Given the significant body of actual Nix code that has been evaluated by Lix in that time, it does not appear that nixpkgs or much of importance depends on integer overflow, so it is safe to turn into an error.
+
+  Some other overflows were fixed:
+  - `builtins.fromJSON` of values greater than the maximum representable value in a signed 64-bit integer will generate an error.
+  - `nixConfig` in flakes will no longer accept negative values for configuration options.
+
+  Integer overflow now looks like the following:
+
+  ```
+  » nix eval --expr '9223372036854775807 + 1'
+  error: integer overflow in adding 9223372036854775807 + 1
+  ```
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Fix nix-collect-garbage --dry-run [fj#432](https://git.lix.systems/lix-project/lix/issues/432) [cl/1566](https://gerrit.lix.systems/c/lix/+/1566)
+
+  `nix-collect-garbage --dry-run` did not previously give any output - it simply
+  exited without even checking to see what paths would be deleted.
+
+  ```
+  $ nix-collect-garbage --dry-run
+  $
+  ```
+
+  We updated the behaviour of the flag such that instead it prints out how many
+  paths it *would* delete, but doesn't actually delete them.
+
+  ```
+  $ nix-collect-garbage --dry-run
+  finding garbage collector roots...
+  determining live/dead paths...
+  ...
+  <nix store paths>
+  ...
+  2670 store paths deleted, 0.00MiB freed
+  $
+  ```
+
+  Many thanks to [Quantum Jump](https://github.com/QuantumBJump) for this.
+- Fix unexpectedly-successful GC failures on macOS [fj#446](https://git.lix.systems/lix-project/lix/issues/446) [cl/1723](https://gerrit.lix.systems/c/lix/+/1723)
+
+  Has the following happened to you on macOS? This failure has been successfully eliminated, thanks to our successful deployment of advanced successful-failure detection technology (it's just `if (failed && errno == 0)`. Patent pending<sup>not really</sup>):
+
+  ```
+  $ nix-store --gc --print-dead
+  finding garbage collector roots...
+  error: Listing pid 87261 file descriptors: Undefined error: 0
+  ```
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- `nix copy` is now several times faster at `querying info about /nix/store/...` [fj#366](https://git.lix.systems/lix-project/lix/issues/366) [cl/1462](https://gerrit.lix.systems/c/lix/+/1462)
+
+  We fixed a locking bug that serialized `querying info about /nix/store/...`
+  onto just one thread such that it was eating `O(paths to copy * latency)` time
+  while setting up to copy paths to s3 and other stores. It is now `nproc` times
+  faster.
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+
+## Development
+- clang-tidy support [fj#147](https://git.lix.systems/lix-project/lix/issues/147) [cl/1697](https://gerrit.lix.systems/c/lix/+/1697)
+
+  `clang-tidy` can be used to lint Lix with a limited set of lints using `ninja -C build clang-tidy` and `ninja -C build clang-tidy-fix`.
+  In practice, this fixes the built-in meson rule that was used the same as above being broken ever since precompiled headers were introduced.
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Lix now supports building with UndefinedBehaviorSanitizer [cl/1483](https://gerrit.lix.systems/c/lix/+/1483) [cl/1481](https://gerrit.lix.systems/c/lix/+/1481) [cl/1669](https://gerrit.lix.systems/c/lix/+/1669)
+
+  You can now build Lix with the configuration option `-Db_sanitize=undefined,address` and it will both work and pass tests with both AddressSanitizer and UndefinedBehaviorSanitizer enabled.
+  To use ASan specifically, you have to set `-Dgc=disabled`, which an error message will tell you to do if necessary anyhow.
+
+  Furthermore, tests passing with Clang ASan+UBSan is checked on every change in CI.
+
+  For a list of undefined behaviour found by tooling usage, see [the gerrit topic "undefined-behaviour"](https://gerrit.lix.systems/q/topic:%22undefined-behaviour%22).
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.

flake.lock

@@ -19,11 +19,11 @@
     "nix2container": {
       "flake": false,
       "locked": {
-        "lastModified": 1712990762,
-        "narHash": "sha256-hO9W3w7NcnYeX8u8cleHiSpK2YJo7ecarFTUlbybl7k=",
+        "lastModified": 1720642556,
+        "narHash": "sha256-qsnqk13UmREKmRT7c8hEnz26X3GFFyIQrqx4EaRc1Is=",
         "owner": "nlewo",
         "repo": "nix2container",
-        "rev": "20aad300c925639d5d6cbe30013c8357ce9f2a2e",
+        "rev": "3853e5caf9ad24103b13aa6e0e8bcebb47649fe4",
         "type": "github"
       },
       "original": {
@@ -34,11 +34,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1718111384,
-        "narHash": "sha256-7tSst0S5FOmcgvNtfy6cjZX5w8CabCVAfAeCkhY4OVg=",
+        "lastModified": 1721931987,
+        "narHash": "sha256-1Zg8LY0T5EfXtv0Kf4M6SFnjH7Eto4VV+EKJ/YSnhiI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a508a44af0c1b1b57785c34d8b54783536273eeb",
+        "rev": "e21630230c77140bc6478a21cd71e8bb73706fce",
         "type": "github"
       },
       "original": {
@@ -67,11 +67,11 @@
     "pre-commit-hooks": {
       "flake": false,
       "locked": {
-        "lastModified": 1712055707,
-        "narHash": "sha256-4XLvuSIDZJGS17xEwSrNuJLL7UjDYKGJSbK1WWX2AK8=",
+        "lastModified": 1721042469,
+        "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "e35aed5fda3cc79f88ed7f1795021e559582093a",
+        "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,5 +1,5 @@
 {
-  description = "The purely functional package manager";
+  description = "Lix: A modern, delicious implementation of the Nix package manager";
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
@@ -33,7 +33,7 @@
 
       # This notice gets echoed as a dev shell hook, and can be turned off with
       # `touch .nocontribmsg`
-      sgr = ''['';
+      sgr = builtins.fromJSON ''"\u001b["'';
       freezePage = "https://wiki.lix.systems/books/lix-contributors/page/freezes-and-recommended-contributions";
       codebaseOverview = "https://wiki.lix.systems/books/lix-contributors/page/codebase-overview";
       contribNotice = builtins.toFile "lix-contrib-notice" ''
@@ -59,7 +59,8 @@
         (Run `touch .nocontribmsg` to hide this message.)
       '';
 
-      officialRelease = false;
+      versionJson = builtins.fromJSON (builtins.readFile ./version.json);
+      officialRelease = versionJson.official_release;
 
       # Set to true to build the release notes for the next release.
       buildUnreleasedNotes = true;
@@ -84,10 +85,13 @@
       ];
       systems = linuxSystems ++ darwinSystems;
 
+      # If you add something here, please update the list in doc/manual/src/contributing/hacking.md.
+      # Thanks~
       crossSystems = [
         "armv6l-linux"
         "armv7l-linux"
         "riscv64-linux"
+        "aarch64-linux"
         # FIXME: still broken in 24.05: fails to build rustc(??) due to missing -lstdc++ dep
         # "x86_64-freebsd"
         # FIXME: broken dev shell due to python
@@ -95,9 +99,10 @@
       ];
 
       stdenvs = [
-        "gccStdenv"
+        # see assertion in package.nix why these two are disabled
+        # "stdenv"
+        # "gccStdenv"
         "clangStdenv"
-        "stdenv"
         "libcxxStdenv"
         "ccacheStdenv"
       ];
@@ -117,7 +122,11 @@
             name = "${stdenvName}Packages";
             value = f stdenvName;
           }) stdenvs
-        );
+        )
+        // {
+          # TODO delete this and reënable gcc stdenvs once gcc compiles kj coros correctly
+          stdenvPackages = f "clangStdenv";
+        };
 
       # Memoize nixpkgs for different platforms for efficiency.
       nixpkgsFor = forAllSystems (
@@ -137,10 +146,7 @@
                     system = crossSystem;
                   }
                   // lib.optionalAttrs (crossSystem == "x86_64-freebsd") { useLLVM = true; };
-              overlays = [
-                (overlayFor (p: p.${stdenv}))
-                (final: prev: { nixfmt = final.callPackage ./nix-support/nixfmt.nix { }; })
-              ];
+              overlays = [ (overlayFor (p: p.${stdenv})) ];
             };
           stdenvs = forAllStdenvs (make-pkgs null);
           native = stdenvs.stdenvPackages;
@@ -164,6 +170,7 @@
           nixUnstable = prev.nixUnstable;
 
           check-headers = final.buildPackages.callPackage ./maintainers/check-headers.nix { };
+          check-syscalls = final.buildPackages.callPackage ./maintainers/check-syscalls.nix { };
 
           default-busybox-sandbox-shell = final.busybox.override {
             useMusl = true;
@@ -195,17 +202,22 @@
             busybox-sandbox-shell = final.busybox-sandbox-shell or final.default-busybox-sandbox-shell;
           };
 
+          lix-clang-tidy = final.callPackage ./subprojects/lix-clang-tidy { };
+
           # Export the patched version of boehmgc that Lix uses into the overlay
           # for consumers of this flake.
-          boehmgc-nix = final.nix.boehmgc-nix;
+          boehmgc-nix = final.nix.passthru.boehmgc-nix;
           # And same thing for our build-release-notes package.
-          build-release-notes = final.nix.build-release-notes;
+          build-release-notes = final.nix.passthru.build-release-notes;
         };
     in
     {
+      # for repl debugging
+      inherit self;
+
       # A Nixpkgs overlay that overrides the 'nix' and
       # 'nix.perl-bindings' packages.
-      overlays.default = overlayFor (p: p.stdenv);
+      overlays.default = overlayFor (p: p.clangStdenv);
 
       hydraJobs = {
         # Binary package for various platforms.
@@ -271,6 +283,52 @@
 
         # System tests.
         tests = import ./tests/nixos { inherit lib nixpkgs nixpkgsFor; } // {
+          # This is x86_64-linux only, just because we have significantly
+          # cheaper x86_64-linux compute in CI.
+          # It is clangStdenv because clang's sanitizers are nicer.
+          asanBuild = self.packages.x86_64-linux.nix-clangStdenv.override {
+            # Improve caching of non-code changes by not changing the
+            # derivation name every single time, since this will never be seen
+            # by users anyway.
+            versionSuffix = "";
+            sanitize = [
+              "address"
+              "undefined"
+            ];
+            # it is very hard to make *every* CI build use this option such
+            # that we don't wind up building Lix twice, so we do it here where
+            # we are already doing so.
+            werror = true;
+          };
+
+          # Although this might be nicer to do with pre-commit, that would
+          # require adding 12MB of nodejs to the dev shell, whereas building it
+          # in CI with Nix avoids that at a cost of slower feedback on rarely
+          # touched files.
+          jsSyntaxCheck =
+            let
+              nixpkgs = nixpkgsFor.x86_64-linux.native;
+              inherit (nixpkgs) pkgs;
+              docSources = lib.fileset.toSource {
+                root = ./doc;
+                fileset = lib.fileset.fileFilter (f: f.hasExt "js") ./doc;
+              };
+            in
+            pkgs.runCommand "js-syntax-check" { } ''
+              find ${docSources} -type f -print -exec ${pkgs.nodejs-slim}/bin/node --check '{}' ';'
+              touch $out
+            '';
+
+          # clang-tidy run against the Lix codebase using the Lix clang-tidy plugin
+          clang-tidy =
+            let
+              nixpkgs = nixpkgsFor.x86_64-linux.native;
+              inherit (nixpkgs) pkgs;
+            in
+            pkgs.callPackage ./package.nix {
+              versionSuffix = "";
+              lintInsteadOfBuild = true;
+            };
 
           # Make sure that nix-env still produces the exact same result
           # on a particular version of Nixpkgs.
@@ -321,6 +379,25 @@
         pkgs = nixpkgsFor.x86_64-linux.native;
       };
 
+      releaseTests = lib.foldl lib.recursiveUpdate { } [
+        (lib.genAttrs (linux64BitSystems ++ darwinSystems) (system: {
+          nativeBuild = self.packages.${system}.nix;
+        }))
+        (lib.genAttrs (linux64BitSystems) (system: {
+          staticBuild = self.packages.${system}.nix-static;
+        }))
+        {
+          x86_64-linux = {
+            # TODO add more cross/static release targets?
+            crossBuild.aarch64-linux = self.packages.x86_64-linux.nix-aarch64-linux;
+
+            # TODO wire up a nixos installer test with that lix and
+            # run it, once nixpkgs can actually do that (again). :/
+            # # nix build .#nixosTests.installer.{btrfsSimple,luksroot,lvm,simple,switchToFlake}
+          };
+        }
+      ];
+
       # NOTE *do not* add fresh derivations to checks, always add them to
       # hydraJobs first (so CI will pick them up) and only link them here
       checks = forAvailableSystems (
@@ -347,6 +424,8 @@
         rec {
           inherit (nixpkgsFor.${system}.native) nix;
           default = nix;
+
+          inherit (nixpkgsFor.${system}.native) lix-clang-tidy;
         }
         // (
           lib.optionalAttrs (builtins.elem system linux64BitSystems) {
@@ -383,9 +462,9 @@
             pkgs: stdenv:
             let
               nix = pkgs.callPackage ./package.nix {
-                inherit stdenv officialRelease versionSuffix;
+                inherit stdenv versionSuffix;
                 busybox-sandbox-shell = pkgs.busybox-sandbox-shell or pkgs.default-busybox-sandbox;
-                internalApiDocs = true;
+                internalApiDocs = false;
               };
               pre-commit = self.hydraJobs.pre-commit.${pkgs.system} or { };
             in
@@ -413,7 +492,7 @@
             makeShell pkgs pkgs.stdenv
           ))
           // {
-            default = self.devShells.${system}.native-stdenvPackages;
+            default = self.devShells.${system}.native-clangStdenvPackages;
           }
         );
     };

justfile

@@ -9,8 +9,8 @@ clean:
     rm -rf build
 
 # Prepare meson for building
-setup:
-    meson setup build --prefix="$PWD/outputs/out"
+setup *OPTIONS:
+    meson setup build --prefix="$PWD/outputs/out" $mesonFlags {{ OPTIONS }}
 
 # Build lix
 build *OPTIONS:
@@ -25,3 +25,13 @@ install *OPTIONS: (build OPTIONS)
 # Run tests
 test *OPTIONS:
     meson test -C build --print-errorlogs {{ OPTIONS }}
+
+alias clang-tidy := lint
+
+lint:
+    ninja -C build clang-tidy
+
+alias clang-tidy-fix := lint-fix
+
+lint-fix:
+    ninja -C build clang-tidy-fix

lix-doc/Cargo.lock

@@ -1,161 +0,0 @@
-# This file is automatically @generated by Cargo.
-# It is not intended for manual editing.
-version = 3
-
-[[package]]
-name = "autocfg"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
-
-[[package]]
-name = "cbitset"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "29b6ad25ae296159fb0da12b970b2fe179b234584d7cd294c891e2bbb284466b"
-dependencies = [
- "num-traits",
-]
-
-[[package]]
-name = "dissimilar"
-version = "1.0.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86e3bdc80eee6e16b2b6b0f87fbc98c04bee3455e35174c0de1a125d0688c632"
-
-[[package]]
-name = "expect-test"
-version = "1.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30d9eafeadd538e68fb28016364c9732d78e420b9ff8853fa5e4058861e9f8d3"
-dependencies = [
- "dissimilar",
- "once_cell",
-]
-
-[[package]]
-name = "lix-doc"
-version = "0.0.1"
-dependencies = [
- "expect-test",
- "rnix",
-]
-
-[[package]]
-name = "num-traits"
-version = "0.2.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a"
-dependencies = [
- "autocfg",
-]
-
-[[package]]
-name = "once_cell"
-version = "1.19.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
-
-[[package]]
-name = "proc-macro2"
-version = "1.0.79"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e"
-dependencies = [
- "unicode-ident",
-]
-
-[[package]]
-name = "quote"
-version = "1.0.35"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef"
-dependencies = [
- "proc-macro2",
-]
-
-[[package]]
-name = "rnix"
-version = "0.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a9b645f0edba447dbfc6473dd22999f46a1d00ab39e777a2713a1cf34a1597b"
-dependencies = [
- "cbitset",
- "rowan",
-]
-
-[[package]]
-name = "rowan"
-version = "0.9.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ea7cadf87a9d8432e85cb4eb86bd2e765ace60c24ef86e79084dcae5d1c5a19"
-dependencies = [
- "rustc-hash",
- "smol_str",
- "text_unit",
- "thin-dst",
-]
-
-[[package]]
-name = "rustc-hash"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
-
-[[package]]
-name = "serde"
-version = "1.0.197"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2"
-dependencies = [
- "serde_derive",
-]
-
-[[package]]
-name = "serde_derive"
-version = "1.0.197"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "smol_str"
-version = "0.1.24"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fad6c857cbab2627dcf01ec85a623ca4e7dcb5691cbaa3d7fb7653671f0d09c9"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "syn"
-version = "2.0.53"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7383cd0e49fff4b6b90ca5670bfd3e9d6a733b3f90c686605aa7eec8c4996032"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
-[[package]]
-name = "text_unit"
-version = "0.1.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20431e104bfecc1a40872578dbc390e10290a0e9c35fffe3ce6f73c15a9dbfc2"
-
-[[package]]
-name = "thin-dst"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db3c46be180f1af9673ebb27bc1235396f61ef6965b3fe0dbb2e624deb604f0e"
-
-[[package]]
-name = "unicode-ident"
-version = "1.0.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"

lix-doc/src/lib.rs

@@ -1,338 +0,0 @@
-// SPDX-FileCopyrightText: 2024 Jade Lovelace
-//
-// SPDX-License-Identifier: BSD-2-Clause OR MIT
-
-//! library components of nix-doc
-pub mod pprint;
-
-use crate::pprint::pprint_args;
-
-use rnix::types::{Lambda, TypedNode};
-use rnix::SyntaxKind::*;
-use rnix::{NodeOrToken, SyntaxNode, TextUnit, WalkEvent};
-
-use std::ffi::{CStr, CString};
-use std::fs;
-use std::iter;
-use std::os::raw::c_char;
-use std::panic;
-
-use std::ptr;
-
-use std::{fmt::Display, str};
-
-pub type Result<T> = std::result::Result<T, Box<dyn std::error::Error>>;
-
-const DOC_INDENT: usize = 3;
-
-struct SearchResult {
-    /// Name of the function
-    identifier: String,
-
-    /// Dedented documentation comments
-    doc: String,
-
-    /// Parameter block for the function
-    param_block: String,
-}
-
-fn find_pos(file: &str, line: usize, col: usize) -> usize {
-    let mut lines = 1;
-    let mut line_start = 0;
-    let mut it = file.chars().enumerate().peekable();
-    while let Some((count, ch)) = it.next() {
-        if ch == '\n' || ch == '\r' {
-            lines += 1;
-            let addend = if ch == '\r' && it.peek().map(|x| x.1) == Some('\n') {
-                it.next();
-                1
-            } else {
-                0
-            };
-            line_start = count + addend;
-        }
-
-        let col_diff = ((count as i32) - (line_start as i32)).abs() as usize;
-        if lines == line && col_diff == col {
-            return count;
-        }
-    }
-    unreachable!();
-}
-
-impl SearchResult {
-    fn format<P: Display>(&self, filename: P, line: usize) -> String {
-        format!(
-            "**Synopsis:** `{}` = {}\n\n{}\n\n# {}",
-            self.identifier.as_str(),
-            self.param_block,
-            indented(&self.doc, DOC_INDENT),
-            format!("{}:{}", filename, line).as_str(),
-        )
-    }
-}
-
-/// Emits a string `s` indented by `indent` spaces
-fn indented(s: &str, indent: usize) -> String {
-    let indent_s = iter::repeat(' ').take(indent).collect::<String>();
-    s.split('\n')
-        .map(|line| indent_s.clone() + line)
-        .collect::<Vec<_>>()
-        .join("\n")
-}
-
-/// Cleans up a single line, erasing prefix single line comments but preserving indentation
-fn cleanup_single_line<'a>(s: &'a str) -> &'a str {
-    let mut cmt_new_start = 0;
-    let mut iter = s.char_indices().peekable();
-    while let Some((idx, ch)) = iter.next() {
-        // peek at the next character, with an explicit '\n' as "next character" at end of line
-        let (_, next_ch) = iter.peek().unwrap_or(&(0, '\n'));
-
-        // if we find a character, save the byte position after it as our new string start
-        if ch == '#' || (ch == '*' && next_ch.is_whitespace()) {
-            cmt_new_start = idx + 1;
-            break;
-        }
-        // if, instead, we are on a line with no starting comment characters, leave it alone as it
-        // will be handled by dedent later
-        if !ch.is_whitespace() {
-            break;
-        }
-    }
-    &s[cmt_new_start..]
-}
-
-/// Erases indents in comments. This is *almost* a normal dedent function, but it starts by looking
-/// at the second line if it can.
-fn dedent_comment(s: &str) -> String {
-    let mut whitespaces = 0;
-    let mut lines = s.lines();
-    let first = lines.next();
-
-    // scan for whitespace
-    for line in lines.chain(first) {
-        let line_whitespace = line.chars().take_while(|ch| ch.is_whitespace()).count();
-
-        if line_whitespace != line.len() {
-            // a non-whitespace line, perfect for taking whitespace off of
-            whitespaces = line_whitespace;
-            break;
-        }
-    }
-
-    // maybe the first considered line we found was indented further, so let's look for more lines
-    // that might have a shorter indent. In the case of one line, do nothing.
-    for line in s.lines().skip(1) {
-        let line_whitespace = line.chars().take_while(|ch| ch.is_whitespace()).count();
-
-        if line_whitespace != line.len() {
-            whitespaces = line_whitespace.min(whitespaces);
-        }
-    }
-
-    // delete up to `whitespaces` whitespace characters from each line and reconstitute the string
-    let mut out = String::new();
-    for line in s.lines() {
-        let content_begin = line.find(|ch: char| !ch.is_whitespace()).unwrap_or(0);
-        out.push_str(&line[content_begin.min(whitespaces)..]);
-        out.push('\n');
-    }
-
-    out.truncate(out.trim_end_matches('\n').len());
-    out
-}
-
-/// Deletes whitespace and leading comment characters
-///
-/// Oversight we are choosing to ignore: if you put # characters at the beginning of lines in a
-/// multiline comment, they will be deleted.
-fn cleanup_comments<S: AsRef<str>, I: DoubleEndedIterator<Item = S>>(comment: &mut I) -> String {
-    dedent_comment(
-        &comment
-            .rev()
-            .map(|small_comment| {
-                small_comment
-                    .as_ref()
-                    // space before multiline start
-                    .trim_start()
-                    // multiline starts
-                    .trim_start_matches("/*")
-                    // trailing so we can grab multiline end
-                    .trim_end()
-                    // multiline ends
-                    .trim_end_matches("*/")
-                    // extra space that was in the multiline
-                    .trim()
-                    .split('\n')
-                    // erase single line comments and such
-                    .map(cleanup_single_line)
-                    .collect::<Vec<_>>()
-                    .join("\n")
-            })
-            .collect::<Vec<_>>()
-            .join("\n"),
-    )
-}
-
-/// Get the docs for a specific function
-pub fn get_function_docs(filename: &str, line: usize, col: usize) -> Option<String> {
-    let content = fs::read(filename).ok()?;
-    let decoded = str::from_utf8(&content).ok()?;
-    let pos = find_pos(&decoded, line, col);
-    let rowan_pos = TextUnit::from_usize(pos);
-    let tree = rnix::parse(decoded);
-
-    let mut lambda = None;
-    for node in tree.node().preorder() {
-        match node {
-            WalkEvent::Enter(n) => {
-                if n.text_range().start() >= rowan_pos && n.kind() == NODE_LAMBDA {
-                    lambda = Lambda::cast(n);
-                    break;
-                }
-            }
-            WalkEvent::Leave(_) => (),
-        }
-    }
-    let lambda = lambda?;
-    let res = visit_lambda("func".to_string(), &lambda);
-    Some(res.format(filename, line))
-}
-
-fn visit_lambda(name: String, lambda: &Lambda) -> SearchResult {
-    // grab the arguments
-    let param_block = pprint_args(&lambda);
-
-    // find the doc comment
-    let comment = find_comment(lambda.node().clone()).unwrap_or_else(|| "".to_string());
-
-    SearchResult {
-        identifier: name,
-        doc: comment,
-        param_block,
-    }
-}
-
-fn find_comment(node: SyntaxNode) -> Option<String> {
-    let mut node = NodeOrToken::Node(node);
-    let mut comments = Vec::new();
-    loop {
-        loop {
-            if let Some(new) = node.prev_sibling_or_token() {
-                node = new;
-                break;
-            } else {
-                node = NodeOrToken::Node(node.parent()?);
-            }
-        }
-
-        match node.kind() {
-            TOKEN_COMMENT => match &node {
-                NodeOrToken::Token(token) => comments.push(token.text().clone()),
-                NodeOrToken::Node(_) => unreachable!(),
-            },
-            // This stuff is found as part of `the-fn = f: ...`
-            // here:                           ^^^^^^^^
-            NODE_KEY | TOKEN_ASSIGN => (),
-            t if t.is_trivia() => (),
-            _ => break,
-        }
-    }
-    let doc = cleanup_comments(&mut comments.iter().map(|c| c.as_str()));
-    Some(doc).filter(|it| !it.is_empty())
-}
-
-/// Get the docs for a function in the given file path at the given file position and return it as
-/// a C string pointer
-#[no_mangle]
-pub extern "C" fn nd_get_function_docs(
-    filename: *const c_char,
-    line: usize,
-    col: usize,
-) -> *const c_char {
-    let fname = unsafe { CStr::from_ptr(filename) };
-    fname
-        .to_str()
-        .ok()
-        .and_then(|f| {
-            panic::catch_unwind(|| get_function_docs(f, line, col))
-                .map_err(|e| {
-                    eprintln!("panic!! {:#?}", e);
-                    e
-                })
-                .ok()
-        })
-        .flatten()
-        .and_then(|s| CString::new(s).ok())
-        .map(|s| s.into_raw() as *const c_char)
-        .unwrap_or(ptr::null())
-}
-
-/// Call this to free a string from nd_get_function_docs
-#[no_mangle]
-pub extern "C" fn nd_free_string(s: *const c_char) {
-    unsafe {
-        // cast note: this cast is turning something that was cast to const
-        // back to mut
-        drop(CString::from_raw(s as *mut c_char));
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_bytepos() {
-        let fakefile = "abc\ndef\nghi";
-        assert_eq!(find_pos(fakefile, 2, 2), 5);
-    }
-
-    #[test]
-    fn test_bytepos_cursed() {
-        let fakefile = "abc\rdef\r\nghi";
-        assert_eq!(find_pos(fakefile, 2, 2), 5);
-        assert_eq!(find_pos(fakefile, 3, 2), 10);
-    }
-
-    #[test]
-    fn test_comment_stripping() {
-        let ex1 = ["/* blah blah blah\n      foooo baaar\n   blah */"];
-        assert_eq!(
-            cleanup_comments(&mut ex1.iter()),
-            "blah blah blah\n   foooo baaar\nblah"
-        );
-
-        let ex2 = ["# a1", "#    a2", "# aa"];
-        assert_eq!(cleanup_comments(&mut ex2.iter()), "aa\n   a2\na1");
-    }
-
-    #[test]
-    fn test_dedent() {
-        let ex1 = "a\n   b\n   c\n     d";
-        assert_eq!(dedent_comment(ex1), "a\nb\nc\n  d");
-        let ex2 = "a\nb\nc";
-        assert_eq!(dedent_comment(ex2), ex2);
-        let ex3 = "   a\n   b\n\n     c";
-        assert_eq!(dedent_comment(ex3), "a\nb\n\n  c");
-    }
-
-    #[test]
-    fn test_single_line_comment_stripping() {
-        let ex1 = "    * a";
-        let ex2 = "    # a";
-        let ex3 = "   a";
-        let ex4 = "   *";
-        assert_eq!(cleanup_single_line(ex1), " a");
-        assert_eq!(cleanup_single_line(ex2), " a");
-        assert_eq!(cleanup_single_line(ex3), ex3);
-        assert_eq!(cleanup_single_line(ex4), "");
-    }
-
-    #[test]
-    fn test_single_line_retains_bold_headings() {
-        let ex1 = "   **Foo**:";
-        assert_eq!(cleanup_single_line(ex1), ex1);
-    }
-}

lix-doc/src/pprint.rs

@@ -1,40 +0,0 @@
-// SPDX-FileCopyrightText: 2024 Jade Lovelace
-//
-// SPDX-License-Identifier: BSD-2-Clause OR MIT
-
-use rnix::types::{Lambda, TypedNode};
-use rnix::SyntaxKind::*;
-
-/// Pretty-prints the arguments to a function
-pub fn pprint_args(lambda: &Lambda) -> String {
-    // TODO: handle docs directly on NODE_IDENT args (uncommon case)
-    let mut lambda = lambda.clone();
-    let mut out = String::new();
-    loop {
-        let arg = lambda.arg().unwrap();
-        match arg.kind() {
-            NODE_IDENT => {
-                out += &format!("*{}*", &arg.to_string());
-                out.push_str(": ");
-                let body = lambda.body().unwrap();
-                if body.kind() == NODE_LAMBDA {
-                    lambda = Lambda::cast(body).unwrap();
-                } else {
-                    break;
-                }
-            }
-            NODE_PATTERN => {
-                out += &format!("*{}*", &arg.to_string());
-                out.push_str(": ");
-                break;
-            }
-            t => {
-                unreachable!("unhandled arg type {:?}", t);
-            }
-        }
-    }
-    out.push_str("...");
-    out
-
-    //pprint_arg(lambda.arg());
-}

maintainers/build-release-notes.py

@@ -20,6 +20,8 @@ SIGNIFICANCECES = {
 
 # This is just hardcoded for better validation. If you think there should be
 # more of them, feel free to add more.
+#
+# Please update doc/manual/src/contributing/hacking.md if you do. Thanks~
 CATEGORIES = [
     'Breaking Changes',
     'Features',
@@ -104,7 +106,7 @@ def do_category(author_info: AuthorInfoDB, entries: list[Tuple[pathlib.Path, Any
             links = []
             links += [format_issue(str(s)) for s in listify(entry.metadata.get('issues', []))]
             links += [format_pr(str(s)) for s in listify(entry.metadata.get('prs', []))]
-            links += [format_cl(cl) for cl in listify(entry.metadata.get('cls', []))]
+            links += [format_cl(int(cl)) for cl in listify(entry.metadata.get('cls', []))]
             if links != []:
                 header += " " + " ".join(links)
             if header:
@@ -127,7 +129,7 @@ def run_on_dir(author_info: AuthorInfoDB, d):
     entries = defaultdict(list)
     for p in paths:
         try:
-            e = frontmatter.load(p)
+            e = frontmatter.load(p) # type: ignore
             if 'synopsis' not in e.metadata:
                 raise Exception('missing synopsis')
             unknownKeys = set(e.metadata.keys()) - set(KNOWN_KEYS)

maintainers/buildtime_report.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env bash
 
 # Generates a report of build time based on a meson build using -ftime-trace in
 # Clang.

maintainers/check-syscalls.nix

@@ -0,0 +1,16 @@
+{
+  runCommandNoCC,
+  lib,
+  libseccomp,
+  writeShellScriptBin,
+}:
+let
+  syscalls-csv = runCommandNoCC "syscalls.csv" { } ''
+    echo ${lib.escapeShellArg libseccomp.src}
+    tar -xf ${lib.escapeShellArg libseccomp.src} --strip-components=2 ${libseccomp.name}/src/syscalls.csv
+    mv syscalls.csv "$out"
+  '';
+in
+writeShellScriptBin "check-syscalls" ''
+  ${./check-syscalls.sh} ${syscalls-csv}
+''

maintainers/check-syscalls.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -e
+
+diff -u <(awk < src/libstore/platform/linux.cc '/BEGIN extract-syscalls/ { extracting = 1; next }
+match($0, /allowSyscall\(ctx, SCMP_SYS\(([^)]*)\)\);|\/\/ skip ([^ ]*)/, result) { print result[1] result[2] }
+/END extract-syscalls/ { extracting = 0; next }') <(tail -n+2 "$1" | cut -d, -f 1)

meson.build

@@ -30,6 +30,14 @@
 # FIXME: This hack should be removed when https://git.lix.systems/lix-project/lix/issues/359
 # is fixed.
 #
+# lix-doc is built with Meson in lix-doc/meson.build, and linked into libcmd in
+# src/libcmd/meson.build. When building outside the Nix sandbox, Meson will use the .wrap
+# files in subprojects/ to download and extract the dependency crates into subprojects/.
+# When building inside the Nix sandbox, Lix's derivation in package.nix uses a
+# fixed-output derivation to fetch those crates in advance instead, and then symlinks
+# them into subprojects/ with the same names that Meson uses when downloading them
+# itself -- perfect for --wrap-mode=nodownload, which mesonConfigurePhase uses.
+#
 # Unit tests are setup in tests/unit/meson.build, under the test suite "check".
 #
 # Functional tests are a bit more complicated. Generally they're defined in
@@ -38,12 +46,13 @@
 # be placed in specific directories' meson.build files to create the right directory tree
 # in the build directory.
 
-project('lix', 'cpp',
+project('lix', 'cpp', 'rust',
+  meson_version : '>=1.4.0',
   version : run_command('bash', '-c', 'echo -n $(jq -r .version < ./version.json)$VERSION_SUFFIX', check : true).stdout().strip(),
   default_options : [
-    'cpp_std=c++2a',
-    # TODO(Qyriad): increase the warning level
-    'warning_level=1',
+    'cpp_std=c++23',
+    'rust_std=2021',
+    'warning_level=2',
     'debug=true',
     'optimization=2',
     'errorlogs=true', # Please print logs for tests that fail
@@ -138,10 +147,39 @@ if should_pch
   # Unlike basically everything else that takes a file, Meson requires the arguments to
   # cpp_pch : to be strings and doesn't accept files(). So absolute path it is.
   cpp_pch = [meson.project_source_root() / 'src/pch/precompiled-headers.hh']
+
+  # Saves about 400s (30% at time of writing) from compile time on-cpu, mostly
+  # by removing instantiations of nlohmann from every single damned compilation
+  # unit.
+  # There is no equivalent in gcc.
+  if cxx.get_id() == 'clang'
+    add_project_arguments(
+      '-fpch-instantiate-templates',
+      language : 'cpp',
+    )
+  endif
 else
   cpp_pch = []
 endif
 
+# gcc 12 is known to miscompile some coroutine-based code quite horribly,
+# causing (among other things) copies of move-only objects and the double
+# frees one would expect when the objects are unique_ptrs. these problems
+# often show up as memory corruption when nesting generators (since we do
+# treat generators like owned memory) and will cause inexplicable crashs.
+#
+# gcc 13 does not compile capnp coroutine code correctly. a newer version
+# may fix this. (cf. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102051)
+# we allow gcc 13 here anyway because CI uses it for clang-tidy, and when
+# the compiler crashes outright if won't produce any bad binaries either.
+assert(
+  cxx.get_id() != 'gcc' or cxx.version().version_compare('>=13'),
+  'GCC is known to miscompile coroutines, use clang.'
+)
+if cxx.get_id() == 'gcc'
+  warning('GCC is known to crash while building coroutines, use clang.')
+endif
+
 
 # Translate some historical and Mesony CPU names to Lixy CPU names.
 # FIXME(Qyriad): the 32-bit x86 code is not tested right now, because cross compilation for Lix
@@ -189,23 +227,28 @@ configdata = { }
 # Dependencies
 #
 
-boehm = dependency('bdw-gc', required : get_option('gc'), version : '>=8.2.6')
+gc_opt = get_option('gc').disable_if(
+  'address' in get_option('b_sanitize'),
+  error_message: 'gc does far too many memory crimes for ASan'
+)
+boehm = dependency('bdw-gc', required : gc_opt, version : '>=8.2.6', include_type : 'system')
 configdata += {
   'HAVE_BOEHMGC': boehm.found().to_int(),
 }
 
-boost = dependency('boost', required : true, modules : ['context', 'coroutine', 'container'])
+boost = dependency('boost', required : true, modules : ['container'], include_type : 'system')
+kj = dependency('kj-async', required : true, include_type : 'system')
 
 # cpuid only makes sense on x86_64
 cpuid_required = is_x64 ? get_option('cpuid') : false
-cpuid = dependency('libcpuid', 'cpuid', required : cpuid_required)
+cpuid = dependency('libcpuid', 'cpuid', required : cpuid_required, include_type : 'system')
 configdata += {
   'HAVE_LIBCPUID': cpuid.found().to_int(),
 }
 
 # seccomp only makes sense on Linux
 seccomp_required = is_linux ? get_option('seccomp-sandboxing') : false
-seccomp = dependency('libseccomp', 'seccomp', required : seccomp_required, version : '>=2.5.5')
+seccomp = dependency('libseccomp', 'seccomp', required : seccomp_required, version : '>=2.5.5', include_type : 'system')
 if is_linux and not seccomp.found()
   warning('Sandbox security is reduced because libseccomp has not been found! Please provide libseccomp if it supports your CPU architecture.')
 endif
@@ -213,19 +256,24 @@ configdata += {
   'HAVE_SECCOMP': seccomp.found().to_int(),
 }
 
-libarchive = dependency('libarchive', required : true)
+libarchive = dependency('libarchive', required : true, include_type : 'system')
 
 brotli = [
-  dependency('libbrotlicommon', required : true),
-  dependency('libbrotlidec', required : true),
-  dependency('libbrotlienc', required : true),
+  dependency('libbrotlicommon', required : true, include_type : 'system'),
+  dependency('libbrotlidec', required : true, include_type : 'system'),
+  dependency('libbrotlienc', required : true, include_type : 'system'),
 ]
 
-openssl = dependency('libcrypto', 'openssl', required : true)
+openssl = dependency('libcrypto', 'openssl', required : true, include_type : 'system')
 
 # FIXME: confirm we actually support such old versions of aws-sdk-cpp
-aws_sdk = dependency('aws-cpp-sdk-core', required : false, version : '>=1.8')
-aws_sdk_transfer = dependency('aws-cpp-sdk-transfer', required : aws_sdk.found(), fallback : ['aws_sdk', 'aws_cpp_sdk_transfer_dep'])
+aws_sdk = dependency('aws-cpp-sdk-core', required : false, version : '>=1.8', include_type : 'system')
+aws_sdk_transfer = dependency(
+  'aws-cpp-sdk-transfer',
+  required : aws_sdk.found(),
+  fallback : ['aws_sdk', 'aws_cpp_sdk_transfer_dep'],
+  include_type : 'system',
+)
 if aws_sdk.found()
   # The AWS pkg-config adds -std=c++11.
   # https://github.com/aws/aws-sdk-cpp/issues/2673
@@ -245,7 +293,12 @@ if aws_sdk.found()
   )
 endif
 
-aws_s3 = dependency('aws-cpp-sdk-s3', required : aws_sdk.found(), fallback : ['aws_sdk', 'aws_cpp_sdk_s3_dep'])
+aws_s3 = dependency(
+  'aws-cpp-sdk-s3',
+  required : aws_sdk.found(),
+  fallback : ['aws_sdk', 'aws_cpp_sdk_s3_dep'],
+  include_type : 'system',
+)
 if aws_s3.found()
   # The AWS pkg-config adds -std=c++11.
   # https://github.com/aws/aws-sdk-cpp/issues/2673
@@ -262,39 +315,45 @@ configdata += {
   'ENABLE_S3': aws_s3.found().to_int(),
 }
 
-sqlite = dependency('sqlite3', 'sqlite', version : '>=3.6.19', required : true)
+sqlite = dependency('sqlite3', 'sqlite', version : '>=3.6.19', required : true, include_type : 'system')
 
-sodium = dependency('libsodium', 'sodium', required : true)
+sodium = dependency('libsodium', 'sodium', required : true, include_type : 'system')
 
-curl = dependency('libcurl', 'curl', required : true)
+curl = dependency('libcurl', 'curl', required : true, include_type : 'system')
 
-editline = dependency('libeditline', 'editline', version : '>=1.14', required : true)
+editline = dependency('libeditline', 'editline', version : '>=1.14', required : true, include_type : 'system')
 
-lowdown = dependency('lowdown', version : '>=0.9.0', required : true)
+lowdown = dependency('lowdown', version : '>=0.9.0', required : true, include_type : 'system')
 
 # HACK(Qyriad): rapidcheck's pkg-config doesn't include the libs lol
 # Note: technically we 'check' for rapidcheck twice, for the internal-api-docs handling above,
 # but Meson will cache the result of the first one, and the required : arguments are different.
-rapidcheck_meson = dependency('rapidcheck', required : enable_tests)
+rapidcheck_meson = dependency('rapidcheck', required : enable_tests, include_type : 'system')
 rapidcheck = declare_dependency(dependencies : rapidcheck_meson, link_args : ['-lrapidcheck'])
 
 gtest = [
-  dependency('gtest', required : enable_tests),
-  dependency('gtest_main', required : enable_tests),
-  dependency('gmock', required : enable_tests),
-  dependency('gmock_main', required : enable_tests),
+  dependency('gtest', required : enable_tests, include_type : 'system'),
+  dependency('gtest_main', required : enable_tests, include_type : 'system'),
+  dependency('gmock', required : enable_tests, include_type : 'system'),
+  dependency('gmock_main', required : enable_tests, include_type : 'system'),
 ]
 
-toml11 = dependency('toml11', version : '>=3.7.0', required : true, method : 'cmake')
+toml11 = dependency('toml11', version : '>=3.7.0', required : true, method : 'cmake', include_type : 'system')
 
-nlohmann_json = dependency('nlohmann_json', required : true)
+pegtl = dependency(
+  'pegtl',
+  version : '>=3.2.7',
+  required : true,
+  method : 'cmake',
+  modules : [ 'taocpp::pegtl' ],
+  include_type : 'system',
+)
 
-# lix-doc is a Rust project provided via buildInputs and unfortunately doesn't have any way to be detected.
-# Just declare it manually to resolve this.
-#
-# FIXME: build this with meson in the future after we drop Make (with which we
-# *absolutely* are not going to make it work)
-lix_doc = declare_dependency(link_args : [ '-llix_doc' ])
+nlohmann_json = dependency('nlohmann_json', required : true, include_type : 'system')
+
+if is_freebsd
+  libprocstat = declare_dependency(link_args : [ '-lprocstat' ])
+endif
 
 #
 # Build-time tools
@@ -335,8 +394,6 @@ endif
 # that busybox sh won't run busybox applets as builtins (which would break our sandbox).
 
 lsof = find_program('lsof', native : true)
-bison = find_program('bison', native : true)
-flex = find_program('flex', native : true)
 
 # This is how Nix does generated headers...
 # other instances of header generation use a very similar command.
@@ -382,6 +439,11 @@ check_funcs = [
   'strsignal',
   'sysconf',
 ]
+if is_linux or is_freebsd
+  # musl does not have close_range as of 2024-08-10
+  # patch: https://www.openwall.com/lists/musl/2024/08/01/9
+  check_funcs += [ 'close_range' ]
+endif
 foreach funcspec : check_funcs
   define_name = 'HAVE_' + funcspec.underscorify().to_upper()
   define_value = cxx.has_function(funcspec).to_int()
@@ -422,22 +484,21 @@ add_project_arguments(
   # TODO(Qyriad): Yes this is how the autoconf+Make system did it.
   # It would be nice for our headers to be idempotent instead.
   '-include', 'config.h',
+  '-Wno-unused-parameter',
   '-Wno-deprecated-declarations',
   '-Wimplicit-fallthrough',
   '-Werror=switch',
   '-Werror=switch-enum',
+  '-Werror=unused-result',
   '-Wdeprecated-copy',
   '-Wignored-qualifiers',
-  # Enable assertions in libstdc++ by default. Harmless on libc++. Benchmarked
-  # at ~1% overhead in `nix search`.
-  #
-  # FIXME: remove when we get meson 1.4.0 which will default this to on for us:
-  # https://mesonbuild.com/Release-notes-for-1-4-0.html#ndebug-setting-now-controls-c-stdlib-assertions
-  '-D_GLIBCXX_ASSERTIONS=1',
+  '-Werror=suggest-override',
   language : 'cpp',
 )
 
-if cxx.get_id() in ['gcc', 'clang']
+# We turn off the production UBSan if the slower dev UBSan is requested, to
+# give better diagnostics.
+if cxx.get_id() in ['gcc', 'clang'] and 'undefined' not in get_option('b_sanitize')
   # 2024-03-24: jade benchmarked the default sanitize reporting in clang and got
   # a regression of about 10% on hackage-packages.nix with clang. So we are trapping instead.
   #
@@ -452,8 +513,20 @@ if cxx.get_id() in ['gcc', 'clang']
   add_project_arguments(sanitize_args, language: 'cpp')
   add_project_link_arguments(sanitize_args, language: 'cpp')
 endif
+# Clang's default of -no-shared-libsan on Linux causes link errors; on macOS it defaults to shared.
+# GCC defaults to shared libsan so is fine.
+if cxx.get_id() == 'clang' and get_option('b_sanitize') != ''
+  add_project_link_arguments('-shared-libsan', language : 'cpp')
+endif
+
+# Clang gets grumpy about missing libasan symbols if -shared-libasan is not
+# passed when building shared libs, at least on Linux
+if cxx.get_id() == 'clang' and 'address' in get_option('b_sanitize')
+  add_project_link_arguments('-shared-libasan', language : 'cpp')
+endif
 
 add_project_link_arguments('-pthread', language : 'cpp')
+
 if cxx.get_linker_id() in ['ld.bfd', 'ld.gold']
   add_project_link_arguments('-Wl,--no-copy-dt-needed-entries', language : 'cpp')
 endif
@@ -468,7 +541,7 @@ endif
 # maintainers/buildtime_report.sh BUILD-DIR to simply work in clang builds.
 #
 # They can also be manually viewed at https://ui.perfetto.dev
-if get_option('profile-build').require(meson.get_compiler('cpp').get_id() == 'clang').enabled()
+if get_option('profile-build').require(cxx.get_id() == 'clang').enabled()
   add_project_arguments('-ftime-trace', language: 'cpp')
 endif
 
@@ -487,11 +560,38 @@ if cxx.get_id() in ['clang', 'gcc']
   )
 endif
 
+# Until Meson 1.5¹, we can't just give Meson a Cargo.lock file and be done with it.
+# Meson will *detect* what dependencies are needed from Cargo files; it just won't
+# fetch them. The Meson 1.5 feature essentially internally translates Cargo.lock entries
+# to .wrap files, and that translation is incredibly straightforward, so let's just
+# use a simple Python script to generate the .wrap files ourselves while we wait for
+# Meson 1.5. Weirdly, it seems Meson will only detect dependencies from other
+# dependency() calls, so we have to specify lix-doc's two top-level dependencies,
+# rnix and rowan, manually, and then their dependencies will be recursively translated
+# into more dependency() calls.
+#
+# When Meson translates a Cargo dependency, the string passed to `dependency()` follows
+# a fixed format, which is important as the .wrap files' basenames must match the string
+# passed to `dependency()` exactly.
+# In Meson 1.4, this format is `$packageName-rs`. Meson 1.5 changes this to
+# `$packageName-$shortenedVersionString-rs`, because of course it does, but we'll cross
+# that bridge when we get there...
+#
+# [1]: https://github.com/mesonbuild/meson/commit/9b8378985dbdc0112d11893dd42b33b7bc8d1e62
+# FIXME: remove (along with its generated wrap files) when we get rid of meson 1.4
+run_command(
+  python,
+  meson.project_source_root() / 'meson/cargo-lock-to-wraps.py',
+  meson.project_source_root() / 'Cargo.lock',
+  meson.project_source_root() / 'subprojects',
+  check : true,
+)
+
 if is_darwin
-  configure_file(
-    input : 'misc/launchd/org.nixos.nix-daemon.plist.in',
-    output : 'org.nixos.nix-daemon.plist',
-    copy : true,
+  fs.copyfile(
+    'misc/launchd/org.nixos.nix-daemon.plist.in',
+    'org.nixos.nix-daemon.plist',
+    install : true,
     install_dir : prefix / 'Library/LaunchDaemons',
   )
 endif
@@ -508,3 +608,5 @@ if enable_tests
   subdir('tests/unit')
   subdir('tests/functional')
 endif
+
+subdir('meson/clang-tidy')

meson.options

@@ -1,7 +1,7 @@
 # vim: filetype=meson
 
 option('enable-build', type : 'boolean', value : true,
-  description : 'Set to false to not actually build. Only really makes sense with -Dinternal-api-docs=true',
+  description : 'set to false to not actually build. Only really makes sense with -Dinternal-api-docs=true',
 )
 
 option('gc', type : 'feature',
@@ -37,7 +37,7 @@ option('tests-brief', type : 'boolean', value : false,
 )
 
 option('profile-build', type : 'feature', value: 'disabled',
-  description : 'whether to enable -ftime-trace in clang builds, allowing for speeding up the build.'
+  description : 'whether to enable -ftime-trace in clang builds, allowing for diagnosing the cause of build time.'
 )
 
 option('store-dir', type : 'string', value : '/nix/store',
@@ -68,3 +68,7 @@ option('profile-dir', type : 'string', value : 'etc/profile.d',
 option('enable-pch-std', type : 'boolean', value : true,
   description : 'whether to use precompiled headers for C++\'s standard library (breaks clangd if you\'re using GCC)',
 )
+
+option('lix-clang-tidy-checks-path', type : 'string', value : '',
+  description: 'path to lix-clang-tidy-checks library file, if providing it externally. Uses an internal one if this is not set',
+)

meson/cargo-lock-to-wraps.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+
+import argparse
+import tomllib
+import sys
+
+DOWNLOAD_URI_FORMAT = 'https://crates.io/api/v1/crates/{crate}/{version}/download'
+
+WRAP_TEMPLATE = """
+[wrap-file]
+method = cargo
+directory = {crate}-{version}
+source_url = {url}
+source_filename = {crate}-{version}.tar.gz
+source_hash = {hash}
+""".lstrip()
+
+parser = argparse.ArgumentParser()
+parser.add_argument('lockfile', help='path to the Cargo lockfile to generate wraps from')
+parser.add_argument('outdir', help="the 'subprojects' directory to write .wrap files to")
+
+args = parser.parse_args()
+
+with open(args.lockfile, 'rb') as f:
+    lock_toml = tomllib.load(f)
+
+for dependency in lock_toml['package']:
+    try:
+        hash = dependency['checksum']
+    except KeyError:
+        # The base package, e.g. lix-doc, won't have a checksum, and conveniently
+        # the base package is also not something we want a wrap file for.
+        # Doesn't that work out nicely?
+        continue
+
+    crate = dependency['name']
+    version = dependency['version']
+
+    url = DOWNLOAD_URI_FORMAT.format(crate=crate, version=version)
+
+    wrap_text = WRAP_TEMPLATE.format(crate=crate, version=version, url=url, hash=hash)
+    with open(f'{args.outdir}/{crate}-rs.wrap', 'w') as f:
+        f.write(wrap_text)

meson/clang-tidy/build_required_targets.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+import subprocess
+
+def get_targets_of_rule(build_root: str, rule_name: str) -> list[str]:
+    return subprocess.check_output(['ninja', '-C', build_root, '-t', 'targets', 'rule', rule_name]).decode().strip().splitlines()
+
+def ninja_build(build_root: str, targets: list[str]):
+    subprocess.check_call(['ninja', '-C', build_root, '--', *targets])
+
+def main():
+    import argparse
+    ap = argparse.ArgumentParser(description='Builds required targets for clang-tidy')
+    ap.add_argument('build_root', help='Ninja build root', type=str)
+
+    args = ap.parse_args()
+
+    targets = [t for t in get_targets_of_rule(args.build_root, 'CUSTOM_COMMAND') if t.endswith('gen.hh')]
+    ninja_build(args.build_root, targets)
+
+if __name__ == '__main__':
+    main()

meson/clang-tidy/clang-tidy-runner.py

@@ -0,0 +1,89 @@
+#!/usr/bin/env python3
+"""
+Runs run-clang-tidy. A bit meta. Maybe it will replace run-clang-tidy one day
+because the run-clang-tidy UX is so questionable.
+"""
+
+# I hereby dedicate this script to fuck you meson.
+# I cannot simply write my code to invoke a subprocess in a meson file because
+# Meson corrupts backslashes in command line args to subprocesses.
+# This is allegedly for "Windows support", but last time I checked Windows
+# neither needs nor wants you to corrupt its command lines.
+# https://github.com/mesonbuild/meson/issues/1564
+
+import multiprocessing
+import subprocess
+import os
+import sys
+from pathlib import Path
+
+
+def default_concurrency():
+    return min(multiprocessing.cpu_count(),
+               int(os.environ.get("NIX_BUILD_CORES", "16")))
+
+
+def go(exe: str, plugin_path: Path, compile_commands_json_dir: Path, jobs: int,
+       paths: list[Path], werror: bool, fix: bool):
+    args = [
+        # XXX: This explicitly invokes it with python because of a nixpkgs bug
+        # where clang-unwrapped does not patch interpreters in run-clang-tidy.
+        # However, making clang-unwrapped depend on python is also silly, so idk.
+        sys.executable,
+        exe,
+        '-quiet',
+        '-load',
+        plugin_path,
+        '-p',
+        compile_commands_json_dir,
+        '-j',
+        str(jobs),
+        '-header-filter',
+        r'src/[^/]+/.*\.hh'
+    ]
+    if werror:
+        args += ['-warnings-as-errors', '*']
+    if fix:
+        args += ['-fix']
+    args += ['--']
+    args += paths
+    os.execvp(sys.executable, args)
+
+
+def main():
+    import argparse
+
+    ap = argparse.ArgumentParser(description='Runs run-clang-tidy for you')
+    ap.add_argument('--jobs',
+                    '-j',
+                    type=int,
+                    default=default_concurrency(),
+                    help='Parallel linting jobs to run')
+    ap.add_argument('--plugin-path',
+                    type=Path,
+                    help='Path to the Lix clang-tidy plugin')
+    # FIXME: maybe we should integrate this so it just fixes the compdb for you and throws it in a tempdir?
+    ap.add_argument(
+        '--compdb-path',
+        type=Path,
+        help=
+        'Path to the directory containing the fixed-up compilation database from clean_compdb'
+    )
+    ap.add_argument('--werror',
+                    action='store_true',
+                    help='Warnings get turned into errors')
+    ap.add_argument('--fix',
+                    action='store_true',
+                    help='Apply fixes for warnings')
+    ap.add_argument('--run-clang-tidy-path',
+                    default='run-clang-tidy',
+                    help='Path to run-clang-tidy')
+    ap.add_argument('paths', nargs='*', help='Source paths to check')
+    args = ap.parse_args()
+
+    go(args.run_clang_tidy_path, args.plugin_path, args.compdb_path, args.jobs,
+       args.paths, args.werror, args.fix)
+
+
+if __name__ == '__main__':
+    main()

meson/clang-tidy/clean_compdb.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+# Deletes the PCH arguments from a compilation database, to workaround nixpkgs
+# stdenv having a cc-wrapper that is impossible to use for anything except cc
+# itself, for example, clang-tidy.
+
+import json
+import shlex
+
+
+def process_compdb(compdb: list[dict]) -> list[dict]:
+
+    def munch_command(args: list[str]) -> list[str]:
+        out = []
+        eat_next = False
+        for i, arg in enumerate(args):
+            if arg in ['-fpch-preprocess', '-fpch-instantiate-templates']:
+                # -fpch-preprocess as used with gcc, -fpch-instantiate-templates as used by clang
+                continue
+            elif arg == '-include-pch' or (arg == '-include' and args[i + 1] == 'precompiled-headers.hh'):
+                # -include-pch some-pch (clang), or -include some-pch (gcc)
+                eat_next = True
+                continue
+            if not eat_next:
+                out.append(arg)
+            eat_next = False
+        return out
+
+    def chomp(item: dict) -> dict:
+        item = item.copy()
+        item['command'] = shlex.join(munch_command(shlex.split(item['command'])))
+        return item
+
+    def cmdfilter(item: dict) -> bool:
+        file = item['file']
+        return (
+            not file.endswith('precompiled-headers.hh')
+            and not file.endswith('.rs')
+        )
+
+    return [chomp(x) for x in compdb if cmdfilter(x)]
+
+
+def main():
+    import argparse
+    ap = argparse.ArgumentParser(
+        description='Delete pch arguments from compilation database')
+    ap.add_argument('input',
+                    type=argparse.FileType('r'),
+                    help='Input json file')
+    ap.add_argument('output',
+                    type=argparse.FileType('w'),
+                    help='Output json file')
+    args = ap.parse_args()
+
+    input_json = json.load(args.input)
+    json.dump(process_compdb(input_json), args.output, indent=2)
+
+
+if __name__ == '__main__':
+    main()

meson/clang-tidy/meson.build

@@ -0,0 +1,88 @@
+# The clang-tidy target for Lix
+
+run_clang_tidy = find_program('run-clang-tidy', required : false)
+# Although this looks like it wants to be pkg-config, pkg-config does not
+# really work for *plugins*, which are executable-like .so files that also
+# cannot be found via find_program. Fun!
+if get_option('lix-clang-tidy-checks-path') != ''
+  lix_clang_tidy_so = get_option('lix-clang-tidy-checks-path')
+  lix_clang_tidy_so_found = true
+else
+  lix_clang_tidy_subproj = subproject(
+    'lix-clang-tidy',
+    required : false,
+    default_options : {'build-by-default': false}
+  )
+  if lix_clang_tidy_subproj.found()
+    lix_clang_tidy_so = lix_clang_tidy_subproj.get_variable('lix_clang_tidy')
+    lix_clang_tidy_so_found = true
+  else
+    lix_clang_tidy_so_found = false
+  endif
+endif
+
+# Due to numerous problems, such as:
+# - Meson does not expose pch targets, but *fine*, I can just ask Ninja for
+#   them with `ninja -t targets rule cpp_PCH` and build them manually:
+#   https://github.com/mesonbuild/meson/issues/13499
+# - Nixpkgs stdenv buries the cc-wrapper under a giant pile of assumptions
+#   about the cc-wrapper actually being used on the cc of a stdenv, rather than
+#   independently for clang-tidy, and we need to use cc-wrapper to get the
+#   correct hardening flags so that clang-tidy can actually parse the PCH file
+#
+# I give up. I am going to delete the damn PCH args and then it will work.
+meson.add_postconf_script(
+  python,
+  meson.current_source_dir() / 'clean_compdb.py',
+  meson.global_build_root() / 'compile_commands.json',
+  meson.current_build_dir() / 'compile_commands.json',
+)
+
+# Horrible hack to get around not being able to depend on another target's
+# generated headers in any way in the meson DSL
+# https://github.com/mesonbuild/meson/issues/12817 which was incorrectly
+# closed, if you *actually* need to generate the files once.
+# Also related: https://github.com/mesonbuild/meson/issues/3667
+#
+# Or we could ban meson generators because their design is broken.
+build_all_generated_headers = custom_target(
+  command : [
+    python,
+    meson.current_source_dir() / 'build_required_targets.py',
+    meson.global_build_root(),
+  ],
+  output : 'generated_headers.stamp',
+  build_by_default : false,
+  build_always_stale : true,
+)
+
+if lix_clang_tidy_so_found
+  run_clang_tidy_args = [
+    meson.current_source_dir() / 'clang-tidy-runner.py',
+    '--run-clang-tidy-path', run_clang_tidy,
+    '--compdb-path', meson.current_build_dir(),
+    '--plugin-path', lix_clang_tidy_so,
+  ]
+  run_target(
+    'clang-tidy',
+    command : [
+      python,
+      run_clang_tidy_args,
+      '--werror',
+    ],
+    depends : [
+      build_all_generated_headers,
+    ],
+  )
+  run_target(
+    'clang-tidy-fix',
+    command : [
+      python,
+      run_clang_tidy_args,
+      '--fix',
+    ],
+    depends : [
+      build_all_generated_headers,
+    ],
+  )
+endif

meson/cleanup-install.bash

@@ -1,50 +0,0 @@
-#!/usr/bin/env bash
-# Meson will call this with an absolute path to Bash.
-# The shebang is just for convenience.
-
-# The parser and lexer tab are generated via custom Meson targets in src/libexpr/meson.build,
-# but Meson doesn't support marking only part of a target for install. The generation creates
-# both headers (parser-tab.hh, lexer-tab.hh) and source files (parser-tab.cc, lexer-tab.cc),
-# and we definitely want the former installed, but not the latter. This script is added to
-# Meson's install steps to correct this, as the logic for it is just complex enough to
-# warrant separate and careful handling, because both Meson's configured include directory
-# may or may not be an absolute path, and DESTDIR may or may not be set at all, but can't be
-# manipulated in Meson logic.
-
-set -euo pipefail
-
-echo "cleanup-install: removing Meson-placed C++ sources from dest includedir"
-
-if [[ "${1/--help/}" != "$1" ]]; then
-	echo "cleanup-install: this script should only be called from the Meson build system"
-	exit 1
-fi
-
-# Ensure the includedir was passed as the first argument
-# (set -u will make this fail otherwise).
-includedir="$1"
-# And then ensure that first argument is a directory that exists.
-if ! [[ -d "$1" ]]; then
-	echo "cleanup-install: this script should only be called from the Meson build system"
-	echo "argv[1] (${1@Q}) is not a directory"
-	exit 2
-fi
-
-# If DESTDIR environment variable is set, prepend it to the include dir.
-# Unfortunately, we cannot do this on the Meson side. We do have an environment variable
-# `MESON_INSTALL_DESTDIR_PREFIX`, but that will not refer to the include directory if
-# includedir has been set separately, which Lix's split-output derivation does.
-# We also cannot simply do an inline bash conditional like "${DESTDIR:=}" or similar,
-# because we need to specifically *join* DESTDIR and includedir with a slash, and *not*
-# have a slash if DESTDIR isn't set at all, since $includedir could be a relative directory.
-# Finally, DESTDIR is only available to us as an environment variable in these install scripts,
-# not in Meson logic.
-# Therefore, our best option is to have Meson pass this script the configured includedir,
-# and perform this dance with it and $DESTDIR.
-if [[ -n "${DESTDIR:-}" ]]; then
-	includedir="$DESTDIR/$includedir"
-fi
-
-# Intentionally not using -f.
-# If these files don't exist then our assumptions have been violated and we should fail.
-rm -v "$includedir/lix/libexpr/parser-tab.cc" "$includedir/lix/libexpr/lexer-tab.cc"

misc/bash/meson.build

@@ -1,8 +1,7 @@
-configure_file(
-  input : 'completion.sh',
-  output : 'nix',
+fs.copyfile(
+  'completion.sh',
+  'nix',
   install : true,
   install_dir : datadir / 'bash-completion/completions',
   install_mode : 'rw-r--r--',
-  copy : true,
 )

misc/fish/completion.fish

@@ -14,7 +14,7 @@ function _nix_complete
   # But the variable also misses the current token so it cancels out.
   set -l nix_arg_to_complete (count $nix_args)
 
-  env NIX_GET_COMPLETIONS=$nix_arg_to_complete $nix_args $current_token
+  env NIX_GET_COMPLETIONS=$nix_arg_to_complete $nix_args $current_token 2>/dev/null
 end
 
 function _nix_accepts_files

misc/fish/meson.build

@@ -1,8 +1,7 @@
-configure_file(
-  input : 'completion.fish',
-  output : 'nix.fish',
+fs.copyfile(
+  'completion.fish',
+  'nix.fish',
   install : true,
   install_dir : datadir / 'fish/vendor_completions.d',
   install_mode : 'rw-r--r--',
-  copy : true,
 )

misc/meson.build

@@ -4,3 +4,5 @@ subdir('zsh')
 
 subdir('systemd')
 subdir('flake-registry')
+
+runinpty = fs.copyfile('runinpty.py')

misc/pre-commit.nix

@@ -106,7 +106,7 @@ pre-commit-run {
     };
     treefmt = {
       enable = true;
-      settings.formatters = [ pkgs.nixfmt ];
+      settings.formatters = [ pkgs.nixfmt-rfc-style ];
     };
   };
 }

misc/runinpty.py

@@ -0,0 +1,77 @@
+#!/usr/bin/env python3
+# SPDX-FileCopyrightText: 2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation; All Rights Reserved
+# SPDX-FileCopyrightText: 2024 Jade Lovelace
+# SPDX-License-Identifier: LGPL-2.1-or-later
+"""
+This script exists to lose Lix a dependency on expect(1) for the ability to run
+something in a pty.
+
+Yes, it could be replaced by script(1) but macOS and Linux script(1) have
+diverged sufficiently badly that even specifying a subcommand to run is not the
+same.
+"""
+import pty
+import sys
+import os
+from termios import ONLCR, ONLRET, ONOCR, OPOST, TCSAFLUSH, tcgetattr, tcsetattr
+from tty import setraw
+import termios
+
+def setup_terminal():
+    # does not matter which fd we use because we are in a fresh pty
+    modi = tcgetattr(pty.STDOUT_FILENO)
+    [iflag, oflag, cflag, lflag, ispeed, ospeed, cc] = modi
+
+    # Turning \n into \r\n is not cool, Linux!
+    oflag &= ~ONLCR
+    # I don't know what "implementation dependent postprocessing means" but it
+    # sounds bad
+    oflag &= ~OPOST
+    # Assume that NL performs the role of CR; do not insert CRs at column 0
+    oflag |= ONLRET | ONOCR
+
+    modi = [iflag, oflag, cflag, lflag, ispeed, ospeed, cc]
+
+    tcsetattr(pty.STDOUT_FILENO, TCSAFLUSH, modi)
+
+
+def spawn(argv: list[str]):
+    """
+    As opposed to pty.spawn, this one more seriously controls the pty settings.
+    Necessary to turn off such fun functionality as onlcr (LF to CRLF).
+
+    This is essentially copy pasted from pty.spawn, since there is no way to
+    hook the child pre-execve
+    """
+    pid, master_fd = pty.fork()
+    if pid == pty.CHILD:
+        setup_terminal()
+        os.execlp(argv[0], *argv)
+
+    try:
+        mode = tcgetattr(pty.STDIN_FILENO)
+        setraw(pty.STDIN_FILENO)
+        restore = True
+    except termios.error:
+        restore = False
+
+    try:
+        pty._copy(master_fd, pty._read, pty._read) # type: ignore
+    finally:
+        if restore:
+            tcsetattr(pty.STDIN_FILENO, TCSAFLUSH, mode) # type: ignore
+
+    os.close(master_fd)
+    return os.waitpid(pid, 0)[1]
+
+
+def main():
+    if len(sys.argv) == 1:
+        print(f'Usage: {sys.argv[0]} [command args]', file=sys.stderr)
+        sys.exit(1)
+
+    sys.exit(os.waitstatus_to_exitcode(spawn(sys.argv[1:])))
+
+
+if __name__ == '__main__':
+    main()

misc/systemd/nix-daemon.service.in

@@ -1,6 +1,6 @@
 [Unit]
 Description=Nix Daemon
-Documentation=man:nix-daemon https://nixos.org/manual
+Documentation=man:nix-daemon https://docs.lix.systems/manual/lix/stable
 RequiresMountsFor=@storedir@
 RequiresMountsFor=@localstatedir@
 RequiresMountsFor=@localstatedir@/nix/db

misc/zsh/meson.build

@@ -1,10 +1,9 @@
 foreach script : [ [ 'completion.zsh', '_nix' ], [ 'run-help-nix' ] ]
-  configure_file(
-    input : script[0],
-    output : script.get(1, script[0]),
+  fs.copyfile(
+    script[0],
+    script.get(1, script[0]),
     install : true,
     install_dir : datadir / 'zsh/site-functions',
     install_mode : 'rw-r--r--',
-    copy : true,
   )
 endforeach

nix-support/binary-tarball.nix

@@ -5,29 +5,33 @@
   system,
 }:
 let
-  installerClosureInfo = buildPackages.closureInfo {
-    rootPaths = [
-      nix
-      cacert
-    ];
-  };
+  rootPaths = [
+    nix
+    cacert
+  ];
+  installerClosureInfo = buildPackages.closureInfo { inherit rootPaths; };
 
   meta.description = "Distribution-independent Lix bootstrap binaries for ${system}";
 in
-buildPackages.runCommand "lix-binary-tarball-${nix.version}" { inherit meta; } ''
-  cp ${installerClosureInfo}/registration $TMPDIR/reginfo
+buildPackages.runCommand "lix-binary-tarball-${nix.version}"
+  {
+    inherit meta;
+    passthru.rootPaths = rootPaths;
+  }
+  ''
+    cp ${installerClosureInfo}/registration $TMPDIR/reginfo
 
-  dir=lix-${nix.version}-${system}
-  fn=$out/$dir.tar.xz
-  mkdir -p $out/nix-support
-  echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products
-  tar cvfJ $fn \
-    --owner=0 --group=0 --mode=u+rw,uga+r \
-    --mtime='1970-01-01' \
-    --absolute-names \
-    --hard-dereference \
-    --transform "s,$TMPDIR/reginfo,$dir/.reginfo," \
-    --transform "s,$NIX_STORE,$dir/store,S" \
-    $TMPDIR/reginfo \
-    $(cat ${installerClosureInfo}/store-paths)
-''
+    dir=lix-${nix.version}-${system}
+    fn=$out/$dir.tar.xz
+    mkdir -p $out/nix-support
+    echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products
+    tar cvfJ $fn \
+      --owner=0 --group=0 --mode=u+rw,uga+r \
+      --mtime='1970-01-01' \
+      --absolute-names \
+      --hard-dereference \
+      --transform "s,$TMPDIR/reginfo,$dir/.reginfo," \
+      --transform "s,$NIX_STORE,$dir/store,S" \
+      $TMPDIR/reginfo \
+      $(cat ${installerClosureInfo}/store-paths)
+  ''

nix-support/editline.patch

@@ -0,0 +1,106 @@
+From d0f2a5bc2300b96b2434c7838184c1dfd6a639f5 Mon Sep 17 00:00:00 2001
+From: Rebecca Turner <rbt@sent.as>
+Date: Sun, 8 Sep 2024 15:42:42 -0700
+Subject: [PATCH 1/2] Recognize Meta+Left and Meta+Right
+
+Recognize `Alt-Left` and `Alt-Right` for navigating by words in more
+terminals/shells/platforms.
+
+I'm not sure exactly where to find canonical documentation for these
+codes, but this seems to match what my terminal produces (macOS + iTerm2
++ Fish + Tmux).
+
+It might also be nice to have some more support for editing the bindings
+for these characters; sequences of more than one character are not
+supported by `el_bind_key` and similar.
+
+Originally from: https://github.com/troglobit/editline/pull/70
+This patch is applied upstream: https://gerrit.lix.systems/c/lix/+/1883
+
+---
+ src/editline.c | 29 +++++++++++++++++++++++++++--
+ 1 file changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/src/editline.c b/src/editline.c
+index 5ec9afb..d1cfbbc 100644
+--- a/src/editline.c
++++ b/src/editline.c
+@@ -1034,6 +1034,30 @@ static el_status_t meta(void)
+         return CSeof;
+
+ #ifdef CONFIG_ANSI_ARROWS
++    /* See: https://en.wikipedia.org/wiki/ANSI_escape_code */
++    /* Recognize ANSI escapes for `Meta+Left` and `Meta+Right`. */
++    if (c == '\e') {
++        switch (tty_get()) {
++        case '[':
++        {
++            switch (tty_get()) {
++            /* \e\e[C = Meta+Left */
++            case 'C': return fd_word();
++            /* \e\e[D = Meta+Right */
++            case 'D': return bk_word();
++            default:
++                break;
++            }
++
++            return el_ring_bell();
++        }
++        default:
++            break;
++        }
++
++        return el_ring_bell();
++    }
++
+     /* Also include VT-100 arrows. */
+     if (c == '[' || c == 'O') {
+         switch (tty_get()) {
+@@ -1043,6 +1067,7 @@ static el_status_t meta(void)
+             char seq[4] = { 0 };
+             seq[0] = tty_get();
+
++            /* \e[1~ */
+             if (seq[0] == '~')
+                 return beg_line(); /* Home */
+
+@@ -1050,9 +1075,9 @@ static el_status_t meta(void)
+                 seq[c] = tty_get();
+
+             if (!strncmp(seq, ";5C", 3))
+-                return fd_word(); /* Ctrl+Right */
++                return fd_word(); /* \e[1;5C = Ctrl+Right */
+             if (!strncmp(seq, ";5D", 3))
+-                return bk_word(); /* Ctrl+Left */
++                return bk_word(); /* \e[1;5D = Ctrl+Left */
+
+             break;
+         }
+
+From 4c4455353a0a88bee09d5f27c28f81f747682fed Mon Sep 17 00:00:00 2001
+From: Rebecca Turner <rbt@sent.as>
+Date: Mon, 9 Sep 2024 09:44:44 -0700
+Subject: [PATCH 2/2] Add support for \e[1;3C and \e[1;3D
+
+---
+ src/editline.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/editline.c b/src/editline.c
+index d1cfbbc..350b5cb 100644
+--- a/src/editline.c
++++ b/src/editline.c
+@@ -1074,9 +1074,11 @@ static el_status_t meta(void)
+             for (c = 1; c < 3; c++)
+                 seq[c] = tty_get();
+
+-            if (!strncmp(seq, ";5C", 3))
++            if (!strncmp(seq, ";5C", 3)
++                || !strncmp(seq, ";3C", 3))
+                 return fd_word(); /* \e[1;5C = Ctrl+Right */
+-            if (!strncmp(seq, ";5D", 3))
++            if (!strncmp(seq, ";5D", 3)
++                || !strncmp(seq, ";3D", 3))
+                 return bk_word(); /* \e[1;5D = Ctrl+Left */
+
+             break;

nix-support/nixfmt.nix

@@ -1,65 +0,0 @@
-# Copy of `nixfmt-rfc-style` vendored from `nixpkgs` master:
-# https://github.com/NixOS/nixpkgs/blob/ab6071eb54cc9b66dda436111d4f569e4e56cbf4/pkgs/by-name/ni/nixfmt-rfc-style/package.nix
-{
-  haskell,
-  haskellPackages,
-  fetchFromGitHub,
-}:
-let
-  inherit (haskell.lib.compose) justStaticExecutables;
-  raw-pkg = haskellPackages.callPackage (
-    {
-      mkDerivation,
-      base,
-      cmdargs,
-      directory,
-      fetchzip,
-      filepath,
-      lib,
-      megaparsec,
-      mtl,
-      parser-combinators,
-      safe-exceptions,
-      scientific,
-      text,
-      transformers,
-      unix,
-    }:
-    mkDerivation {
-      pname = "nixfmt";
-      version = "0.6.0-unstable-2024-03-14";
-      src = fetchFromGitHub {
-        owner = "serokell";
-        repo = "nixfmt";
-        rev = "8d13b593fa8d8d6e5075f541f3231222a08e84df";
-        hash = "sha256-HtXvzmfN4wk45qiKZ7V+/5WBV7jnTHfd7iBwF4XGl64=";
-      };
-      isLibrary = true;
-      isExecutable = true;
-      libraryHaskellDepends = [
-        base
-        megaparsec
-        mtl
-        parser-combinators
-        scientific
-        text
-        transformers
-      ];
-      executableHaskellDepends = [
-        base
-        cmdargs
-        directory
-        filepath
-        safe-exceptions
-        text
-        unix
-      ];
-      jailbreak = true;
-      homepage = "https://github.com/serokell/nixfmt";
-      description = "An opinionated formatter for Nix";
-      license = lib.licenses.mpl20;
-      mainProgram = "nixfmt";
-    }
-  ) { };
-in
-justStaticExecutables raw-pkg

package.nix

@@ -10,17 +10,18 @@
   boehmgc-nix ? __forDefaults.boehmgc-nix,
   boehmgc,
   nlohmann_json,
-  bison,
   build-release-notes ? __forDefaults.build-release-notes,
   boost,
   brotli,
   bzip2,
+  callPackage,
+  capnproto-lix ? __forDefaults.capnproto-lix,
+  capnproto,
   cmake,
   curl,
   doxygen,
   editline-lix ? __forDefaults.editline-lix,
   editline,
-  flex,
   git,
   gtest,
   jq,
@@ -28,6 +29,8 @@
   libcpuid,
   libseccomp,
   libsodium,
+  lix-clang-tidy ? null,
+  llvmPackages,
   lsof,
   lowdown,
   mdbook,
@@ -35,10 +38,14 @@
   mercurial,
   meson,
   ninja,
+  ncurses,
   openssl,
+  pegtl,
   pkg-config,
   python3,
   rapidcheck,
+  rustPlatform,
+  rustc,
   sqlite,
   toml11,
   util-linuxMinimal ? utillinuxMinimal,
@@ -47,89 +54,102 @@
 
   busybox-sandbox-shell,
 
-  # internal fork of nix-doc providing :doc in the repl
-  lix-doc ? __forDefaults.lix-doc,
-
   pname ? "lix",
   versionSuffix ? "",
-  officialRelease ? false,
+  officialRelease ? __forDefaults.versionJson.official_release,
   # Set to true to build the release notes for the next release.
   buildUnreleasedNotes ? true,
   internalApiDocs ? false,
 
+  # Support garbage collection in the evaluator.
+  enableGC ? sanitize == null || !builtins.elem "address" sanitize,
+  # List of Meson sanitize options. Accepts values of b_sanitize, e.g.
+  # "address", "undefined", "thread".
+  # Enabling the "address" sanitizer will disable garbage collection in the evaluator.
+  sanitize ? null,
+  # Turn compiler warnings into errors.
+  werror ? false,
+
+  lintInsteadOfBuild ? false,
+
   # Not a real argument, just the only way to approximate let-binding some
   # stuff for argument defaults.
   __forDefaults ? {
     canRunInstalled = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
 
-    boehmgc-nix = (boehmgc.override { enableLargeConfig = true; }).overrideAttrs {
-      patches = [
-        # We do *not* include prev.patches (which doesn't exist in normal pkgs.boehmgc anyway)
-        # because if the caller of this package passed a patched boehm as `boehmgc` instead of
-        # `boehmgc-nix` then this will almost certainly have duplicate patches, which means
-        # the patches won't apply and we'll get a build failure.
-        ./boehmgc-coroutine-sp-fallback.diff
-      ];
-    };
+    versionJson = builtins.fromJSON (builtins.readFile ./version.json);
+
+    boehmgc-nix = boehmgc.override { enableLargeConfig = true; };
 
     editline-lix = editline.overrideAttrs (prev: {
-      configureFlags = prev.configureFlags or [ ] ++ [ (lib.enableFeature true "sigstop") ];
+      patches = (prev.patches or [ ]) ++ [
+        # Recognize `Alt-Left` and `Alt-Right` for navigating by words in more
+        # terminals/shells/platforms.
+        #
+        # See: https://github.com/troglobit/editline/pull/70
+        ./nix-support/editline.patch
+      ];
+
+      configureFlags = (prev.configureFlags or [ ]) ++ [
+        # Enable SIGSTOP (Ctrl-Z) behavior.
+        (lib.enableFeature true "sigstop")
+        # Enable ANSI arrow keys.
+        (lib.enableFeature true "arrow-keys")
+        # Use termcap library to query terminal size.
+        (lib.enableFeature (ncurses != null) "termcap")
+      ];
+
+      buildInputs = (prev.buildInputs or [ ]) ++ [ ncurses ];
     });
 
-    lix-doc = pkgs.callPackage ./lix-doc/package.nix { };
-    build-release-notes = pkgs.callPackage ./maintainers/build-release-notes.nix { };
+    build-release-notes = callPackage ./maintainers/build-release-notes.nix { };
+
+    # needs explicit c++20 to enable coroutine support
+    capnproto-lix = capnproto.overrideAttrs { CXXFLAGS = "-std=c++20"; };
   },
 }:
+
+# gcc miscompiles coroutines at least until 13.2, possibly longer
+assert stdenv.cc.isClang || lintInsteadOfBuild || internalApiDocs;
+
 let
   inherit (__forDefaults) canRunInstalled;
   inherit (lib) fileset;
   inherit (stdenv) hostPlatform buildPlatform;
 
-  versionJson = builtins.fromJSON (builtins.readFile ./version.json);
-  version = versionJson.version + versionSuffix;
+  version = __forDefaults.versionJson.version + versionSuffix;
 
-  aws-sdk-cpp-nix = aws-sdk-cpp.override {
-    apis = [
-      "s3"
-      "transfer"
-    ];
-    customMemoryManagement = false;
-  };
+  aws-sdk-cpp-nix =
+    if aws-sdk-cpp == null then
+      null
+    else
+      aws-sdk-cpp.override {
+        apis = [
+          "s3"
+          "transfer"
+        ];
+        customMemoryManagement = false;
+      };
 
   # Reimplementation of Nixpkgs' Meson cross file, with some additions to make
   # it actually work.
-  mesonCrossFile =
-    let
-      cpuFamily =
-        platform:
-        with platform;
-        if isAarch32 then
-          "arm"
-        else if isx86_32 then
-          "x86"
-        else
-          platform.uname.processor;
-    in
-    builtins.toFile "lix-cross-file.conf" ''
-      [properties]
-      # Meson is convinced that if !buildPlatform.canExecute hostPlatform then we cannot
-      # build anything at all, which is not at all correct. If we can't execute the host
-      # platform, we'll just disable tests and doc gen.
-      needs_exe_wrapper = false
+  mesonCrossFile = builtins.toFile "lix-cross-file.conf" ''
+    [properties]
+    # Meson is convinced that if !buildPlatform.canExecute hostPlatform then we cannot
+    # build anything at all, which is not at all correct. If we can't execute the host
+    # platform, we'll just disable tests and doc gen.
+    needs_exe_wrapper = false
 
-      [binaries]
-      # Meson refuses to consider any CMake binary during cross compilation if it's
-      # not explicitly specified here, in the cross file.
-      # https://github.com/mesonbuild/meson/blob/0ed78cf6fa6d87c0738f67ae43525e661b50a8a2/mesonbuild/cmake/executor.py#L72
-      cmake = 'cmake'
-    '';
+    [binaries]
+    # Meson refuses to consider any CMake binary during cross compilation if it's
+    # not explicitly specified here, in the cross file.
+    # https://github.com/mesonbuild/meson/blob/0ed78cf6fa6d87c0738f67ae43525e661b50a8a2/mesonbuild/cmake/executor.py#L72
+    cmake = 'cmake'
+  '';
 
   # The internal API docs need these for the build, but if we're not building
   # Nix itself, then these don't need to be propagated.
-  maybePropagatedInputs = [
-    boehmgc-nix
-    nlohmann_json
-  ];
+  maybePropagatedInputs = lib.optional enableGC boehmgc-nix ++ [ nlohmann_json ];
 
   # .gitignore has already been processed, so any changes in it are irrelevant
   # at this point. It is not represented verbatim for test purposes because
@@ -144,6 +164,8 @@ let
     ./meson
     ./scripts/meson.build
     ./subprojects
+    # Required for meson to generate Cargo wraps
+    ./Cargo.lock
   ]);
 
   functionalTestFiles = fileset.unions [
@@ -152,6 +174,7 @@ let
     (fileset.fileFilter (f: lib.strings.hasPrefix "nix-profile" f.name) ./scripts)
   ];
 in
+assert (lintInsteadOfBuild -> lix-clang-tidy != null);
 stdenv.mkDerivation (finalAttrs: {
   inherit pname version;
 
@@ -164,13 +187,13 @@ stdenv.mkDerivation (finalAttrs: {
           topLevelBuildFiles
           functionalTestFiles
         ]
-        ++ lib.optionals (!finalAttrs.dontBuild || internalApiDocs) [
-          ./boehmgc-coroutine-sp-fallback.diff
+        ++ lib.optionals (!finalAttrs.dontBuild || internalApiDocs || lintInsteadOfBuild) [
           ./doc
           ./misc
           ./src
           ./COPYING
         ]
+        ++ lib.optionals lintInsteadOfBuild [ ./.clang-tidy ]
       )
     );
   };
@@ -184,9 +207,14 @@ stdenv.mkDerivation (finalAttrs: {
       "doc"
     ];
 
-  dontBuild = false;
+  dontBuild = lintInsteadOfBuild;
 
   mesonFlags =
+    let
+      sanitizeOpts = lib.optional (
+        sanitize != null
+      ) "-Db_sanitize=${builtins.concatStringsSep "," sanitize}";
+    in
     lib.optionals hostPlatform.isLinux [
       # You'd think meson could just find this in PATH, but busybox is in buildInputs,
       # which don't actually get added to PATH. And buildInputs is correct over
@@ -194,28 +222,32 @@ stdenv.mkDerivation (finalAttrs: {
       "-Dsandbox-shell=${lib.getExe' busybox-sandbox-shell "busybox"}"
     ]
     ++ lib.optional hostPlatform.isStatic "-Denable-embedded-sandbox-shell=true"
-    ++ lib.optional (finalAttrs.dontBuild) "-Denable-build=false"
+    ++ lib.optional (finalAttrs.dontBuild && !lintInsteadOfBuild) "-Denable-build=false"
+    ++ lib.optional lintInsteadOfBuild "-Dlix-clang-tidy-checks-path=${lix-clang-tidy}/lib/liblix-clang-tidy.so"
     ++ [
       # mesonConfigurePhase automatically passes -Dauto_features=enabled,
       # so we must explicitly enable or disable features that we are not passing
       # dependencies for.
+      (lib.mesonEnable "gc" enableGC)
       (lib.mesonEnable "internal-api-docs" internalApiDocs)
-      (lib.mesonBool "enable-tests" finalAttrs.finalPackage.doCheck)
+      (lib.mesonBool "enable-tests" (finalAttrs.finalPackage.doCheck || lintInsteadOfBuild))
       (lib.mesonBool "enable-docs" canRunInstalled)
+      (lib.mesonBool "werror" werror)
     ]
-    ++ lib.optional (hostPlatform != buildPlatform) "--cross-file=${mesonCrossFile}";
+    ++ lib.optional (hostPlatform != buildPlatform) "--cross-file=${mesonCrossFile}"
+    ++ sanitizeOpts;
 
   # We only include CMake so that Meson can locate toml11, which only ships CMake dependency metadata.
   dontUseCmakeConfigure = true;
 
   nativeBuildInputs =
     [
-      bison
-      flex
       python3
       meson
       ninja
       cmake
+      rustc
+      capnproto-lix
     ]
     ++ [
       (lib.getBin lowdown)
@@ -233,7 +265,13 @@ stdenv.mkDerivation (finalAttrs: {
     ]
     ++ lib.optional hostPlatform.isLinux util-linuxMinimal
     ++ lib.optional (!officialRelease && buildUnreleasedNotes) build-release-notes
-    ++ lib.optional internalApiDocs doxygen;
+    ++ lib.optional internalApiDocs doxygen
+    ++ lib.optionals lintInsteadOfBuild [
+      # required for a wrapped clang-tidy
+      llvmPackages.clang-tools
+      # required for run-clang-tidy
+      llvmPackages.clang-unwrapped
+    ];
 
   buildInputs =
     [
@@ -249,7 +287,8 @@ stdenv.mkDerivation (finalAttrs: {
       lowdown
       libsodium
       toml11
-      lix-doc
+      pegtl
+      capnproto-lix
     ]
     ++ lib.optionals hostPlatform.isLinux [
       libseccomp
@@ -259,7 +298,10 @@ stdenv.mkDerivation (finalAttrs: {
     ++ lib.optional hostPlatform.isx86_64 libcpuid
     # There have been issues building these dependencies
     ++ lib.optional (hostPlatform.canExecute buildPlatform) aws-sdk-cpp-nix
-    ++ lib.optionals (finalAttrs.dontBuild) maybePropagatedInputs;
+    ++ lib.optionals (finalAttrs.dontBuild) maybePropagatedInputs
+    # I am so sorry. This is because checkInputs are required to pass
+    # configure, but we don't actually want to *run* the checks here.
+    ++ lib.optionals lintInsteadOfBuild finalAttrs.checkInputs;
 
   checkInputs = [
     gtest
@@ -275,8 +317,15 @@ stdenv.mkDerivation (finalAttrs: {
   env = {
     BOOST_INCLUDEDIR = "${lib.getDev boost}/include";
     BOOST_LIBRARYDIR = "${lib.getLib boost}/lib";
+
+    # Meson allows referencing a /usr/share/cargo/registry shaped thing for subproject sources.
+    # Turns out the Nix-generated Cargo dependencies are named the same as they
+    # would be in a Cargo registry cache.
+    MESON_PACKAGE_CACHE_DIR = finalAttrs.cargoDeps;
   };
 
+  cargoDeps = rustPlatform.importCargoLock { lockFile = ./Cargo.lock; };
+
   preConfigure =
     lib.optionalString (!finalAttrs.dontBuild && !hostPlatform.isStatic) ''
       # Copy libboost_context so we don't get all of Boost in our closure.
@@ -298,12 +347,8 @@ stdenv.mkDerivation (finalAttrs: {
       install_name_tool -change ${boost}/lib/libboost_system.dylib $out/lib/libboost_system.dylib $out/lib/libboost_thread.dylib
     ''
     + ''
-      # Workaround https://github.com/NixOS/nixpkgs/issues/294890.
-      if [[ -n "''${doCheck:-}" ]]; then
-        appendToVar configureFlags "--enable-tests"
-      else
-        appendToVar configureFlags "--disable-tests"
-      fi
+      # Fix up /usr/bin/env shebangs relied on by the build
+      patchShebangs --build tests/ doc/manual/
     '';
 
   mesonBuildType = "debugoptimized";
@@ -312,7 +357,7 @@ stdenv.mkDerivation (finalAttrs: {
 
   enableParallelBuilding = true;
 
-  doCheck = canRunInstalled;
+  doCheck = canRunInstalled && !lintInsteadOfBuild;
 
   mesonCheckFlags = [
     "--suite=check"
@@ -324,8 +369,19 @@ stdenv.mkDerivation (finalAttrs: {
   # Make sure the internal API docs are already built, because mesonInstallPhase
   # won't let us build them there. They would normally be built in buildPhase,
   # but the internal API docs are conventionally built with doBuild = false.
-  preInstall = lib.optional internalApiDocs ''
-    meson ''${mesonBuildFlags:-} compile "$installTargets"
+  preInstall =
+    (lib.optionalString internalApiDocs ''
+      meson ''${mesonBuildFlags:-} compile "$installTargets"
+    '')
+    # evil, but like above, we do not want to run an actual build phase
+    + lib.optionalString lintInsteadOfBuild ''
+      ninja clang-tidy
+    '';
+
+  installPhase = lib.optionalString lintInsteadOfBuild ''
+    runHook preInstall
+    touch $out
+    runHook postInstall
   '';
 
   postInstall =
@@ -379,9 +435,12 @@ stdenv.mkDerivation (finalAttrs: {
   # Export the patched version of boehmgc.
   # flake.nix exports that into its overlay.
   passthru = {
-    inherit (__forDefaults) boehmgc-nix editline-lix build-release-notes;
-
-    inherit officialRelease;
+    inherit (__forDefaults)
+      boehmgc-nix
+      editline-lix
+      build-release-notes
+      pegtl
+      ;
 
     # The collection of dependency logic for this derivation is complicated enough that
     # it's easier to parameterize the devShell off an already called package.nix.
@@ -390,18 +449,22 @@ stdenv.mkDerivation (finalAttrs: {
         mkShell,
 
         bashInteractive,
-        clang-tools,
         clangbuildanalyzer,
+        doxygen,
         glibcLocales,
         just,
-        llvmPackages,
-        nixfmt,
+        nixfmt-rfc-style,
         skopeo,
         xonsh,
 
         # Lix specific packages
         pre-commit-checks,
         contribNotice,
+        check-syscalls,
+
+        # debuggers
+        gdb,
+        rr,
       }:
       let
         glibcFix = lib.optionalAttrs (buildPlatform.isLinux && glibcLocales != null) {
@@ -415,6 +478,7 @@ stdenv.mkDerivation (finalAttrs: {
             p.python-frontmatter
             p.requests
             p.xdg-base-dirs
+            p.packaging
             (p.toPythonModule xonsh.passthru.unwrapped)
           ]
         );
@@ -446,20 +510,33 @@ stdenv.mkDerivation (finalAttrs: {
             ++ [ (lib.mesonBool "enable-pch-std" stdenv.cc.isClang) ];
 
           packages =
-            lib.optional (stdenv.cc.isClang && hostPlatform == buildPlatform) clang-tools
+            lib.optional (stdenv.cc.isClang && hostPlatform == buildPlatform) llvmPackages.clang-tools
             ++ [
               # Why are we providing a bashInteractive? Well, when you run
               # `bash` from inside `nix develop`, say, because you are using it
               # via direnv, you will by default get bash (unusable edition).
               bashInteractive
+              check-syscalls
               pythonEnv
               # docker image tool
               skopeo
               just
-              nixfmt
+              nixfmt-rfc-style
+              # Included above when internalApiDocs is true, but we set that to
+              # false intentionally to save dev build time.
+              # To build them in a dev shell, you can set -Dinternal-api-docs=enabled when configuring.
+              doxygen
               # Load-bearing order. Must come before clang-unwrapped below, but after clang_tools above.
               stdenv.cc
             ]
+            ++ [
+              pkgs.rust-analyzer
+              pkgs.cargo
+              pkgs.rustc
+              pkgs.rustfmt
+              pkgs.rustPlatform.rustLibSrc
+              pkgs.rustPlatform.rustcSrc
+            ]
             ++ lib.optionals stdenv.cc.isClang [
               # Required for clang-tidy checks.
               llvmPackages.llvm
@@ -467,6 +544,8 @@ stdenv.mkDerivation (finalAttrs: {
             ]
             ++ lib.optional (pre-commit-checks ? enabledPackages) pre-commit-checks.enabledPackages
             ++ lib.optional (lib.meta.availableOn buildPlatform clangbuildanalyzer) clangbuildanalyzer
+            ++ lib.optional (!stdenv.isDarwin) gdb
+            ++ lib.optional (lib.meta.availableOn buildPlatform rr) rr
             ++ finalAttrs.checkInputs;
 
           shellHook = ''
@@ -476,16 +555,21 @@ stdenv.mkDerivation (finalAttrs: {
               # https://git.lix.systems/lix-project/lix/src/commit/7575db522e9008685c4009423398f6900a16bcce/src/nix/develop.cc#L240-L241
               # this is, of course, absurd.
               if [[ $name != lix-shell-env && $name != lix-shell-env-env ]]; then
-                return;
+                return
               fi
 
-              PATH=$prefix/bin:$PATH
+              PATH=$prefix/bin''${PATH:+:''${PATH}}
               unset PYTHONPATH
-              export MANPATH=$out/share/man:$MANPATH
+              export MANPATH=$out/share/man:''${MANPATH:-}
 
               # Make bash completion work.
               XDG_DATA_DIRS+=:$out/share
 
+              if [[ ! -f ./.this-is-lix ]]; then
+                echo "Dev shell not started from inside a Lix repo, skipping repo setup" >&2
+                return
+              fi
+
               ${lib.optionalString (pre-commit-checks ? shellHook) pre-commit-checks.shellHook}
               # Allow `touch .nocontribmsg` to turn this notice off.
               if ! [[ -f .nocontribmsg ]]; then

perl/configure.ac

@@ -1,84 +0,0 @@
-AC_INIT(nix-perl, m4_esyscmd([bash -c "echo -n $(cat ../.version)$VERSION_SUFFIX"]))
-AC_CONFIG_SRCDIR(MANIFEST)
-AC_CONFIG_AUX_DIR(../config)
-
-CFLAGS=
-CXXFLAGS=
-AC_PROG_CC
-AC_PROG_CXX
-
-AC_CANONICAL_HOST
-
-# Use 64-bit file system calls so that we can support files > 2 GiB.
-AC_SYS_LARGEFILE
-
-AC_DEFUN([NEED_PROG],
-[
-AC_PATH_PROG($1, $2)
-if test -z "$$1"; then
-    AC_MSG_ERROR([$2 is required])
-fi
-])
-
-NEED_PROG(perl, perl)
-NEED_PROG(curl, curl)
-NEED_PROG(bzip2, bzip2)
-NEED_PROG(xz, xz)
-
-# Test that Perl has the open/fork feature (Perl 5.8.0 and beyond).
-AC_MSG_CHECKING([whether Perl is recent enough])
-if ! $perl -e 'open(FOO, "-|", "true"); while (<FOO>) { print; }; close FOO or die;'; then
-    AC_MSG_RESULT(no)
-    AC_MSG_ERROR([Your Perl version is too old.  Lix requires Perl 5.8.0 or newer.])
-fi
-AC_MSG_RESULT(yes)
-
-
-# Figure out where to install Perl modules.
-AC_MSG_CHECKING([for the Perl installation prefix])
-perlversion=$($perl -e 'use Config; print $Config{version};')
-perlarchname=$($perl -e 'use Config; print $Config{archname};')
-AC_SUBST(perllibdir, [${libdir}/perl5/site_perl/$perlversion/$perlarchname])
-AC_MSG_RESULT($perllibdir)
-
-# Look for libsodium.
-PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"])
-
-# Check for the required Perl dependencies (DBI and DBD::SQLite).
-perlFlags="-I$perllibdir"
-
-AC_ARG_WITH(dbi, AC_HELP_STRING([--with-dbi=PATH],
-  [prefix of the Perl DBI library]),
-  perlFlags="$perlFlags -I$withval")
-
-AC_ARG_WITH(dbd-sqlite, AC_HELP_STRING([--with-dbd-sqlite=PATH],
-  [prefix of the Perl DBD::SQLite library]),
-  perlFlags="$perlFlags -I$withval")
-
-AC_MSG_CHECKING([whether DBD::SQLite works])
-if ! $perl $perlFlags -e 'use DBI; use DBD::SQLite;' 2>&5; then
-    AC_MSG_RESULT(no)
-    AC_MSG_FAILURE([The Perl modules DBI and/or DBD::SQLite are missing.])
-fi
-AC_MSG_RESULT(yes)
-
-AC_SUBST(perlFlags)
-
-PKG_CHECK_MODULES([NIX], [nix-store])
-
-NEED_PROG([NIX], [nix])
-
-# Expand all variables in config.status.
-test "$prefix" = NONE && prefix=$ac_default_prefix
-test "$exec_prefix" = NONE && exec_prefix='${prefix}'
-for name in $ac_subst_vars; do
-    declare $name="$(eval echo "${!name}")"
-    declare $name="$(eval echo "${!name}")"
-    declare $name="$(eval echo "${!name}")"
-done
-
-rm -f Makefile.config
-ln -sfn ../mk mk
-
-AC_CONFIG_FILES([])
-AC_OUTPUT

perl/lib/Nix/Store.xs

@@ -77,7 +77,7 @@ SV * queryReferences(char * path)
 SV * queryPathHash(char * path)
     PPCODE:
         try {
-            auto s = store()->queryPathInfo(store()->parseStorePath(path))->narHash.to_string(Base32, true);
+            auto s = store()->queryPathInfo(store()->parseStorePath(path))->narHash.to_string(Base::Base32, true);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());
@@ -103,7 +103,7 @@ SV * queryPathInfo(char * path, int base32)
                 XPUSHs(&PL_sv_undef);
             else
                 XPUSHs(sv_2mortal(newSVpv(store()->printStorePath(*info->deriver).c_str(), 0)));
-            auto s = info->narHash.to_string(base32 ? Base32 : Base16, true);
+            auto s = info->narHash.to_string(base32 ? Base::Base32 : Base::Base16, true);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
             mXPUSHi(info->registrationTime);
             mXPUSHi(info->narSize);
@@ -205,7 +205,7 @@ SV * hashPath(char * algo, int base32, char * path)
     PPCODE:
         try {
             Hash h = hashPath(parseHashType(algo), path).first;
-            auto s = h.to_string(base32 ? Base32 : Base16, false);
+            auto s = h.to_string(base32 ? Base::Base32 : Base::Base16, false);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());
@@ -216,7 +216,7 @@ SV * hashFile(char * algo, int base32, char * path)
     PPCODE:
         try {
             Hash h = hashFile(parseHashType(algo), path);
-            auto s = h.to_string(base32 ? Base32 : Base16, false);
+            auto s = h.to_string(base32 ? Base::Base32 : Base::Base16, false);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());
@@ -227,7 +227,7 @@ SV * hashString(char * algo, int base32, char * s)
     PPCODE:
         try {
             Hash h = hashString(parseHashType(algo), s);
-            auto s = h.to_string(base32 ? Base32 : Base16, false);
+            auto s = h.to_string(base32 ? Base::Base32 : Base::Base16, false);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());
@@ -238,7 +238,7 @@ SV * convertHash(char * algo, char * s, int toBase32)
     PPCODE:
         try {
             auto h = Hash::parseAny(s, parseHashType(algo));
-            auto s = h.to_string(toBase32 ? Base32 : Base16, false);
+            auto s = h.to_string(toBase32 ? Base::Base32 : Base::Base16, false);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());

perl/meson.build

@@ -65,5 +65,6 @@ if cxx.get_linker_id() in ['ld.bfd', 'ld.gold']
 endif
 
 libstore = dependency('lixstore', 'lix-store', required : true)
+libutil = dependency('lixutil', 'lix-util', required : true)
 
 subdir('lib/Nix')

releng/README.md

@@ -30,7 +30,7 @@ First, we prepare the release. `python -m releng prepare` is used for this.
 Then we tag the release with `python -m releng tag`:
 
 * Git HEAD is detached.
-* `officialRelease = true` is set in `flake.nix`, this is committed, and a
+* `"official_release": true` is set in `version.json`, this is committed, and a
   release is tagged.
 * The tag is merged back into the last branch (either `main` for new releases
   or `release-MAJOR` for maintenance releases) with `git merge -s ours VERSION`
@@ -57,12 +57,10 @@ Next, we do the publication with `python -m releng upload`:
     `nix upgrade-nix`.
   * s3://releases/lix/lix-VERSION/ gets the following contents
     * Binary tarballs
-    * Docs: `manual/` (FIXME: should we actually do this? what about putting it
-      on docs.lix.systems? I think doing both is correct, since the Web site
-      should not be an archive of random old manuals)
+    * Docs: `manual/`, primarily as an archive of old manuals
     * Docs as tarball in addition to web.
     * Source tarball
-    * Docker image (FIXME: upload to forgejo registry and github registry [in the future][upload-docker])
+    * Docker image
   * s3://docs/manual/lix/MAJOR
   * s3://docs/manual/lix/stable
 
@@ -80,6 +78,7 @@ Next, we do the publication with `python -m releng upload`:
   FIXME: automate branch-off to `release-*` branch.
 * **Manually** (FIXME?) switch back to the release branch, which now has the
   correct revision.
+* Deal with the external systems (see sections below).
 * Post!!
   * Merge release blog post to [lix-website].
   * Toot about it! https://chaos.social/@lix_project
@@ -87,22 +86,33 @@ Next, we do the publication with `python -m releng upload`:
 
 [lix-website]: https://git.lix.systems/lix-project/lix-website
 
-[upload-docker]: https://git.lix.systems/lix-project/lix/issues/252
-
 ### Installer
 
-The installer is cross-built to several systems from a Mac using
-`build-all.xsh` and `upload-to-lix.xsh` in the installer repo (FIXME: currently
-at least; maybe this should be moved here?) .
+The installer is cross-built to several systems from a Mac using `build-all.xsh` and `upload-to-lix.xsh` in the installer repo (FIXME: currently at least; maybe this should be moved here?).
 
-It installs a binary tarball (FIXME: [it should be taught to substitute from
-cache instead][installer-substitute])
-from some URL; this is the `hydraJobs.binaryTarball`. The default URLs differ
-by architecture and are [configured here][tarball-urls].
+It installs a binary tarball (FIXME: [it should be taught to substitute from cache instead][installer-substitute]) from some URL; this is the `hydraJobs.binaryTarball`.
+The default URLs differ by architecture and are [configured here][tarball-urls].
+
+To automatically do the file changes for a new version, run `python3 set_version.py NEW_VERSION`, and submit the result for review.
 
 [installer-substitute]: https://git.lix.systems/lix-project/lix-installer/issues/13
 [tarball-urls]: https://git.lix.systems/lix-project/lix-installer/src/commit/693592ed10d421a885bec0a9dd45e87ab87eb90a/src/settings.rs#L14-L28
 
+### Web site
+
+The website has various release-version dependent pieces.
+You can update them with `python3 update_version.py NEW_VERSION`, which will regenerate the affected page sources.
+
+These need the release to have been done first as they need hashes for tarballs and such.
+
+### NixOS module
+
+The NixOS module has underdeveloped releng in it.
+Currently you have to do the whole branch-off dance manually to a `release-VERSION` branch and update the tarball URLs to point to the release versions manually.
+
+FIXME: this should be unified with the `set_version.py` work in `lix-installer` and probably all the releng kept in here, or kept elsewhere.
+Related: https://git.lix.systems/lix-project/lix/issues/439
+
 ## Infrastructure summary
 
 * releases.lix.systems (`s3://releases`):

releng/cli.py

@@ -1,10 +1,13 @@
+import logging
+import argparse
+import sys
+
 from . import create_release
 from . import docker
 from .environment import RelengEnvironment
 from . import environment
-import argparse
-import sys
 
+log = logging.getLogger(__name__)
 
 def do_build(args):
     if args.target == 'all':
@@ -21,6 +24,9 @@ def do_tag(args):
     create_release.do_tag_merge(force_tag=args.force_tag,
                                 no_check_git=args.no_check_git)
 
+    log.info('Merged the release commit into your last branch, and switched to a detached HEAD of the artifact to be released.')
+    log.info('After you are done with releasing, switch to your previous branch and push that branch for review.')
+
 
 def do_upload(env: RelengEnvironment, args):
     create_release.setup_creds(env)

releng/create_release.xsh

@@ -2,6 +2,7 @@ import json
 import subprocess
 import itertools
 import textwrap
+import logging
 from pathlib import Path
 import tempfile
 import hashlib
@@ -11,10 +12,12 @@ from . import environment
 from .environment import RelengEnvironment
 from . import keys
 from . import docker
-from .version import VERSION, RELEASE_NAME, MAJOR
+from .version import VERSION, RELEASE_NAME, MAJOR, OFFICIAL_RELEASE
 from .gitutils import verify_are_on_tag, git_preconditions
 from . import release_notes
 
+log = logging.getLogger(__name__)
+
 $RAISE_SUBPROC_ERROR = True
 $XONSH_SHOW_TRACEBACK = True
 
@@ -39,16 +42,25 @@ def setup_creds(env: RelengEnvironment):
 
 
 def official_release_commit_tag(force_tag=False):
-    print('[+] Setting officialRelease in flake.nix and tagging')
+    print('[+] Setting officialRelease in version.json and tagging')
     prev_branch = $(git symbolic-ref --short HEAD).strip()
 
     git switch --detach
-    sed -i 's/officialRelease = false/officialRelease = true/' flake.nix
-    git add flake.nix
+
+    # Must be done in two parts due to buffering (opening the file immediately
+    # would truncate it).
+    new_version_json = $(jq --indent 4 '.official_release = true' version.json)
+    with open('version.json', 'w') as fh:
+        fh.write(new_version_json)
+    git add version.json
+
     message = f'release: {VERSION} "{RELEASE_NAME}"\n\nRelease produced with releng/create_release.xsh'
     git commit -m @(message)
     git tag @(['-f'] if force_tag else []) -a -m @(message) @(VERSION)
 
+    with open('releng/prev-git-branch.txt', 'w') as fh:
+        fh.write(prev_branch)
+
     return prev_branch
 
 
@@ -229,8 +241,24 @@ def upload_artifacts(env: RelengEnvironment, noconfirm=False, no_check_git=False
     print('[+] Upload manual')
     upload_manual(env)
 
-    print('[+] git push tag')
-    git push @(['-f'] if force_push_tag else []) @(env.git_repo) f'{VERSION}:refs/tags/{VERSION}'
+    prev_branch = None
+    try:
+        with open('releng/prev-git-branch.txt', 'r') as fh:
+            prev_branch = fh.read().strip()
+    except FileNotFoundError:
+        log.warn('Cannot find previous git branch file, skipping pushing git objects')
+
+    if prev_branch:
+        print('[+] git push to the repo')
+        # We have to push the ref to gerrit for review at least such that the
+        # commit is known, before we can push it as a tag.
+        if env.git_repo_is_gerrit:
+            git push @(env.git_repo) f'{prev_branch}:refs/for/{prev_branch}'
+        else:
+            git push @(env.git_repo) f'{prev_branch}:{prev_branch}'
+
+        print('[+] git push tag')
+        git push @(['-f'] if force_push_tag else []) @(env.git_repo) f'{VERSION}:refs/tags/{VERSION}'
 
 
 def do_tag_merge(force_tag=False, no_check_git=False):
@@ -250,15 +278,14 @@ def build_manual(eval_result):
 
 
 def upload_manual(env: RelengEnvironment):
-    stable = json.loads($(nix eval --json '.#nix.officialRelease'))
-    if stable:
+    if OFFICIAL_RELEASE:
         version = MAJOR
     else:
         version = 'nightly'
 
     print('[+] aws s3 sync manual')
     aws s3 sync @(MANUAL)/ @(env.docs_bucket)/manual/lix/@(version)/
-    if stable:
+    if OFFICIAL_RELEASE:
         aws s3 sync @(MANUAL)/ @(env.docs_bucket)/manual/lix/stable/
 
 

releng/docker.xsh

@@ -44,23 +44,8 @@ def upload_docker_images(target: DockerTarget, paths: list[Path]):
 
         for path in paths:
             digest_file = tmp / (path.name + '.digest')
-            tmp_image = tmp / 'tmp-image.tar.gz'
 
-            # insecure-policy: we don't have any signature policy, we are just uploading an image
-            #
-            # Absurd: we copy it into an OCI image first so we can get the hash
-            # we need to upload it untagged, because skopeo has no "don't tag
-            # this" option.
-            # The reason for this is that forgejo's container registry throws
-            # away old versions of tags immediately, so we cannot use a temp
-            # tag, and it *does* reduce confusion to not upload tags that
-            # should not be used.
-            #
-            # Workaround for: https://github.com/containers/skopeo/issues/2354
-            log.info('skopeo copy to temp oci-archive %s', tmp_image)
-            skopeo --insecure-policy copy --format oci --all --digestfile @(digest_file) docker-archive:@(path) oci-archive:@(tmp_image)
-
-            inspection = json.loads($(skopeo inspect oci-archive:@(tmp_image)))
+            inspection = json.loads($(skopeo inspect docker-archive:@(path)))
 
             docker_arch = inspection['Architecture']
             docker_os = inspection['Os']
@@ -68,8 +53,9 @@ def upload_docker_images(target: DockerTarget, paths: list[Path]):
 
             log.info('Pushing image %s for %s to %s', path, docker_arch, target.registry_path)
 
+            # insecure-policy: we don't have any signature policy, we are just uploading an image
+            skopeo --insecure-policy copy --digestfile @(digest_file) --all docker-archive:@(path) f'docker://{target.registry_path}@@unknown-digest@@'
             digest = digest_file.read_text().strip()
-            skopeo --insecure-policy copy --preserve-digests --all oci-archive:@(tmp_image) f'docker://{target.registry_path}@{digest}'
 
             # skopeo doesn't give us the manifest size directly, so we just ask the registry
             metadata = reg.image_info(target.registry_path, digest)

releng/environment.py

@@ -52,6 +52,7 @@ class RelengEnvironment:
     releases_bucket: str
     docs_bucket: str
     git_repo: str
+    git_repo_is_gerrit: bool
 
     docker_targets: list[DockerTarget]
 
@@ -79,6 +80,7 @@ STAGING = RelengEnvironment(
     cache_store_overlay={'secret-key': 'staging.key'},
     releases_bucket='s3://staging-releases',
     git_repo='ssh://git@git.lix.systems/lix-project/lix-releng-staging',
+    git_repo_is_gerrit=False,
     docker_targets=[
         # latest will be auto tagged if appropriate
         DockerTarget('git.lix.systems/lix-project/lix-releng-staging',
@@ -113,6 +115,7 @@ PROD = RelengEnvironment(
     cache_store_overlay={'secret-key': 'prod.key'},
     releases_bucket='s3://releases',
     git_repo=guess_gerrit_remote(),
+    git_repo_is_gerrit=True,
     docker_targets=[
         # latest will be auto tagged if appropriate
         DockerTarget('git.lix.systems/lix-project/lix',

releng/gitutils.xsh

@@ -1,11 +1,24 @@
 import subprocess
-import json
+from packaging.version import Version
 
 from .version import VERSION
 
 
+def remote_is_plausible(url: str) -> bool:
+    return ('git.lix.systems' in url and 'lix-project/lix' in url) or ('gerrit.lix.systems' in url and url.endswith('lix'))
+
+
 def version_compare(v1: str, v2: str):
-    return json.loads($(nix-instantiate --eval --json --argstr v1 @(v1) --argstr v2 @(v2) --expr '{v1, v2}: builtins.compareVersions v1 v2'))
+    v1 = Version(v1)
+    v2 = Version(v2)
+    if v1 < v2:
+        return -1
+    elif v1 > v2:
+        return 1
+    elif v1 == v2:
+        return 0
+    else:
+        raise ValueError('these versions are beyond each others celestial plane')
 
 
 def latest_tag_on_branch(branch: str) -> str:
@@ -13,16 +26,18 @@ def latest_tag_on_branch(branch: str) -> str:
 
 
 def is_maintenance_branch(branch: str) -> bool:
-    try:
-        main_tag = latest_tag_on_branch('main')
-        current_tag = latest_tag_on_branch(branch)
+    """
+    Returns whether the given branch is probably a maintenance branch.
 
-        return version_compare(current_tag, main_tag) < 0
-    except subprocess.CalledProcessError:
-        # This is the case before Lix releases 2.90, since main *has* no
-        # release tag on it.
-        # FIXME: delete this case after 2.91
-        return False
+    This uses a heuristic: `main` should have a newer tag than a given
+    maintenance branch if there has been a major release since that maintenance
+    branch.
+    """
+    assert remote_is_plausible($(git remote get-url origin).strip())
+    main_tag = latest_tag_on_branch('origin/main')
+    current_tag = latest_tag_on_branch(branch)
+
+    return version_compare(current_tag, main_tag) < 0
 
 
 def verify_are_on_tag():

releng/release-tests.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+shopt -s inherit_errexit failglob
+
+nixpkgss=(
+    "$(nix eval --impure --raw --expr '(import ./flake.nix).inputs.nixpkgs.url')"
+    "github:NixOS/nixpkgs/nixos-unstable-small"
+)
+jobs=(
+    $(nix eval \
+        --json --apply '
+          let f = n: t:
+            if builtins.isAttrs t
+            then (if t.type or "" == "derivation"
+                  then [ n ]
+                  else builtins.concatMap (m: f "${n}.${m}" t.${m}) (builtins.attrNames t))
+            else [];
+          in f ".#.releaseTests"
+        ' \
+        '.#.releaseTests' \
+        | jq -r '.[]'
+    )
+)
+
+for override in "${nixpkgss}"
+do
+    (
+        set -x
+        nix build \
+            --log-format multiline \
+            --no-link \
+            --override-input nixpkgs "$override" \
+            "${jobs[@]}"
+    )
+done

releng/release_notes.py

@@ -16,7 +16,7 @@ def add_to_summary(date: str):
     if VERSION_RL.exists():
         return
 
-    MARKER = '<!-- RELENG-AUTO-INSERTION-MARKER'
+    MARKER = '  <!-- RELENG-AUTO-INSERTION-MARKER'
 
     new_lines = []
     for line in SUMMARY.read_text().splitlines():

releng/version.py

@@ -4,3 +4,4 @@ version_json = json.load(open('version.json'))
 VERSION = version_json['version']
 MAJOR = '.'.join(VERSION.split('.')[:2])
 RELEASE_NAME = version_json['release_name']
+OFFICIAL_RELEASE = version_json['official_release']

scripts/meson.build

@@ -8,12 +8,7 @@ configure_file(
   }
 )
 
-# https://github.com/mesonbuild/meson/issues/860
-configure_file(
-  input : 'nix-profile.sh.in',
-  output : 'nix-profile.sh.in',
-  copy : true,
-)
+fs.copyfile('nix-profile.sh.in')
 
 foreach rc : [ '.sh', '.fish', '-daemon.sh', '-daemon.fish' ]
   configure_file(

src/asan-options/asan-options.cc

@@ -0,0 +1,17 @@
+/// @file This is very bothersome code that has to be included in every
+/// executable to get the correct default ASan options. I am so sorry.
+
+extern "C" [[gnu::retain]] const char *__asan_default_options()
+{
+    // We leak a bunch of memory knowingly on purpose. It's not worthwhile to
+    // diagnose that memory being leaked for now.
+    //
+    // Instruction bytes are useful for finding the actual code that
+    // corresponds to an ASan report.
+    //
+    // TODO: setting log_path=asan.log or not: neither works, since you can't
+    // write to the fs in certain places in the testsuite, but you also cannot
+    // write arbitrarily to stderr in other places so the reports get eaten.
+    // pain 🥖
+    return "halt_on_error=1:abort_on_error=1:detect_leaks=0:print_summary=1:dump_instruction_bytes=1";
+}

src/legacy/build-remote.cc

@@ -1,11 +1,7 @@
-#include <cstdlib>
-#include <cstring>
 #include <algorithm>
 #include <set>
 #include <memory>
-#include <string_view>
 #include <tuple>
-#include <iomanip>
 #if __APPLE__
 #include <sys/time.h>
 #endif
@@ -18,12 +14,14 @@
 #include "build-result.hh"
 #include "store-api.hh"
 #include "derivations.hh"
+#include "strings.hh"
 #include "local-store.hh"
 #include "legacy.hh"
 #include "experimental-features.hh"
 #include "hash.hh"
+#include "build-remote.hh"
 
-using namespace nix;
+namespace nix {
 
 static void handleAlarm(int sig) {
 }
@@ -42,7 +40,7 @@ static std::string makeLockFilename(const std::string & storeUri) {
     // This avoids issues with the escaped URI being very long and causing
     // path too long errors, while also avoiding any possibility of collision
     // caused by simple truncation.
-    auto hash = hashString(HashType::htSHA256, storeUri).to_string(Base::Base32, false);
+    auto hash = hashString(HashType::SHA256, storeUri).to_string(Base::Base32, false);
     return escapeUri(storeUri).substr(0, 48) + "-" + hash.substr(0, 16);
 }
 
@@ -236,9 +234,9 @@ static int main_build_remote(int argc, char * * argv)
                 }
 
 #if __APPLE__
-                futimes(bestSlotLock.get(), NULL);
+                futimes(bestSlotLock.get(), nullptr);
 #else
-                futimens(bestSlotLock.get(), NULL);
+                futimens(bestSlotLock.get(), nullptr);
 #endif
 
                 lock.reset();
@@ -391,4 +389,8 @@ connected:
     }
 }
 
-static RegisterLegacyCommand r_build_remote("build-remote", main_build_remote);
+void registerBuildRemote() {
+    LegacyCommands::add("build-remote", main_build_remote);
+}
+
+}

src/legacy/build-remote.hh

@@ -0,0 +1,8 @@
+#pragma once
+/// @file
+
+namespace nix {
+
+void registerBuildRemote();
+
+}

src/legacy/meson.build

@@ -0,0 +1,35 @@
+legacy_include_directories = include_directories('.')
+
+legacy_sources = files(
+  # `build-remote` is not really legacy (it powers all remote builds), but it's
+  # not a `nix3` command.
+  'build-remote.cc',
+  'dotgraph.cc',
+  'graphml.cc',
+  'nix-build.cc',
+  'nix-channel.cc',
+  'nix-collect-garbage.cc',
+  'nix-copy-closure.cc',
+  'nix-env.cc',
+  'nix-env.hh',
+  'nix-instantiate.cc',
+  'nix-store.cc',
+  'user-env.cc',
+)
+
+legacy_headers = files(
+  'build-remote.hh',
+  'nix-build.hh',
+  'nix-channel.hh',
+  'nix-collect-garbage.hh',
+  'nix-copy-closure.hh',
+  'nix-instantiate.hh',
+  'nix-store.hh',
+)
+
+legacy_generated_headers = [
+  gen_header.process('buildenv.nix', preserve_path_from: meson.current_source_dir()),
+  gen_header.process('unpack-channel.nix', preserve_path_from: meson.current_source_dir()),
+]
+
+fs.copyfile('unpack-channel.nix')

src/legacy/nix-build.cc

@@ -24,12 +24,14 @@
 #include "attr-path.hh"
 #include "legacy.hh"
 #include "shlex.hh"
+#include "nix-build.hh"
+
+extern char * * environ __attribute__((weak)); // Man what even is this
+
+namespace nix {
 
-using namespace nix;
 using namespace std::string_literals;
 
-extern char * * environ __attribute__((weak));
-
 static void main_nix_build(int argc, char * * argv)
 {
     auto dryRun = false;
@@ -414,8 +416,7 @@ static void main_nix_build(int argc, char * * argv)
         // Set the environment.
         auto env = getEnv();
 
-        auto tmp = getEnv("TMPDIR");
-        if (!tmp) tmp = getEnv("XDG_RUNTIME_DIR").value_or("/tmp");
+        auto tmp = defaultTempDir();
 
         if (pure) {
             decltype(env) newEnv;
@@ -427,7 +428,7 @@ static void main_nix_build(int argc, char * * argv)
             env["__ETC_PROFILE_SOURCED"] = "1";
         }
 
-        env["NIX_BUILD_TOP"] = env["TMPDIR"] = env["TEMPDIR"] = env["TMP"] = env["TEMP"] = *tmp;
+        env["NIX_BUILD_TOP"] = env["TMPDIR"] = env["TEMPDIR"] = env["TMP"] = env["TEMP"] = tmp;
         env["NIX_STORE"] = store->storeDir;
         env["NIX_BUILD_CORES"] = std::to_string(settings.buildCores);
 
@@ -544,7 +545,7 @@ static void main_nix_build(int argc, char * * argv)
 
         restoreProcessContext();
 
-        logger->stop();
+        logger->pause();
 
         execvp(shell->c_str(), argPtrs.data());
 
@@ -607,12 +608,16 @@ static void main_nix_build(int argc, char * * argv)
             outPaths.push_back(outputPath);
         }
 
-        logger->stop();
+        logger->pause();
 
         for (auto & path : outPaths)
             std::cout << store->printStorePath(path) << '\n';
     }
 }
 
-static RegisterLegacyCommand r_nix_build("nix-build", main_nix_build);
-static RegisterLegacyCommand r_nix_shell("nix-shell", main_nix_build);
+void registerNixBuildAndNixShell() {
+    LegacyCommands::add("nix-build", main_nix_build);
+    LegacyCommands::add("nix-shell", main_nix_build);
+}
+
+}

src/legacy/nix-build.hh

@@ -0,0 +1,8 @@
+#pragma once
+/// @file
+
+namespace nix {
+
+void registerNixBuildAndNixShell();
+
+}