libexpr/nix2: Add ?: to supersede or

Also fixed up the precedence of ? by making it a special case of ?:. or
is kept as part of the language for now but will be removed in a future
commit.

Open TODOs:
- Fix the semantics around non-attrset null values
- Changelog

(and, as usual, tests)

Co-authored-by: eldritch horrors <pennae@lix.systems>
Change-Id: Iaac19101805c3e09fd98322ad1f7b35ae9a0225d

.clang-tidy

@@ -16,3 +16,20 @@ Checks:
   - -bugprone-unchecked-optional-access
     # many warnings, seems like a questionable lint
   - -bugprone-branch-clone
+    # all thrown exceptions must derive from std::exception
+  - hicpp-exception-baseclass
+    # capturing async lambdas are dangerous
+  - cppcoreguidelines-avoid-capturing-lambda-coroutines
+    # crimes must be appropriately declared as crimes
+  - cppcoreguidelines-pro-type-cstyle-cast
+  - lix-*
+    # This can not yet be applied to Lix itself since we need to do source
+    # reorganization so that lix/ include paths work.
+  - -lix-fixincludes
+    # This lint is included as an example, but the lib function it replaces is
+    # already gone.
+  - -lix-hasprefixsuffix
+
+
+CheckOptions:
+  bugprone-reserved-identifier.AllowedIdentifiers: '__asan_default_options'

.editorconfig

@@ -29,3 +29,7 @@ trim_trailing_whitespace = false
 indent_style = space
 indent_size = 2
 max_line_length = 0
+
+[meson.build]
+indent_style = space
+indent_size = 2

.github/ISSUE_TEMPLATE/missing_documentation.md

@@ -2,7 +2,7 @@
 name: Missing or incorrect documentation
 about: Help us improve the reference manual
 title: ''
-labels: documentation
+labels: docs
 assignees: ''
 
 ---
@@ -19,10 +19,10 @@ assignees: ''
 
 <!-- make sure this issue is not redundant or obsolete -->
 
-- [ ] checked [latest Lix manual] \([source]\)
+- [ ] checked [latest Lix manual] or its [source code]
 - [ ] checked [documentation issues] and [recent documentation changes] for possible duplicates
 
-[latest Nix manual]: https://docs.lix.systems/manual/lix/nightly
-[source]: https://git.lix.systems/lix-project/lix/src/main/doc/manual/src
+[latest Lix manual]: https://docs.lix.systems/manual/lix/nightly
+[source code]: https://git.lix.systems/lix-project/lix/src/main/doc/manual/src
 [documentation issues]: https://git.lix.systems/lix-project/lix/issues?labels=151&state=all
 [recent documentation changes]: https://gerrit.lix.systems/q/p:lix+path:%22%5Edoc/manual/.*%22

.gitignore

@@ -9,6 +9,10 @@ GTAGS
 # ccls
 /.ccls-cache
 
+# auto-generated compilation database
+compile_commands.json
+rust-project.json
+
 result
 result-*
 
@@ -29,3 +33,6 @@ buildtime.bin
 /.pre-commit-config.yaml
 /.nocontribmsg
 /release
+
+# Rust build files when using Cargo (not actually supported for building but it spews the files anyway)
+/target/

Cargo.lock

@@ -2,12 +2,6 @@
 # It is not intended for manual editing.
 version = 3
 
-[[package]]
-name = "autocfg"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
-
 [[package]]
 name = "countme"
 version = "3.0.1"
@@ -16,15 +10,15 @@ checksum = "7704b5fdd17b18ae31c4c1da5a2e0305a2bf17b5249300a9ee9ed7b72114c636"
 
 [[package]]
 name = "dissimilar"
-version = "1.0.7"
+version = "1.0.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "86e3bdc80eee6e16b2b6b0f87fbc98c04bee3455e35174c0de1a125d0688c632"
+checksum = "59f8e79d1fbf76bdfbde321e902714bf6c49df88a7dda6fc682fc2979226962d"
 
 [[package]]
 name = "expect-test"
-version = "1.4.1"
+version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30d9eafeadd538e68fb28016364c9732d78e420b9ff8853fa5e4058861e9f8d3"
+checksum = "9e0be0a561335815e06dab7c62e50353134c796e7a6155402a64bcff66b6a5e0"
 dependencies = [
  "dissimilar",
  "once_cell",
@@ -45,15 +39,6 @@ dependencies = [
  "rowan",
 ]
 
-[[package]]
-name = "memoffset"
-version = "0.9.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a"
-dependencies = [
- "autocfg",
-]
-
 [[package]]
 name = "once_cell"
 version = "1.19.0"
@@ -71,13 +56,12 @@ dependencies = [
 
 [[package]]
 name = "rowan"
-version = "0.15.15"
+version = "0.15.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32a58fa8a7ccff2aec4f39cc45bf5f985cec7125ab271cf681c279fd00192b49"
+checksum = "0a542b0253fa46e632d27a1dc5cf7b930de4df8659dc6e720b647fc72147ae3d"
 dependencies = [
  "countme",
  "hashbrown",
- "memoffset",
  "rustc-hash",
  "text-size",
 ]

Cargo.toml

@@ -0,0 +1,6 @@
+[workspace]
+resolver = "2"
+members = ["src/lix-doc"]
+
+[workspace.package]
+edition = "2021"

README.md

@@ -26,4 +26,4 @@ See our [Hacking guide](https://git.lix.systems/lix-project/lix/src/branch/main/
 
 ## License
 
-Lix is released under the [LGPL v2.1](./COPYING).
+Lix is released under [LGPL-2.1-or-later](./COPYING).

bench/bench.sh

@@ -1,4 +1,5 @@
-#!/usr/bin/env bash
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p bash -p hyperfine
 
 set -euo pipefail
 shopt -s inherit_errexit
@@ -21,16 +22,21 @@ fi
 _exit=""
 trap "$_exit" EXIT
 
-# XXX: yes this is very silly. flakes~!!
-nix build --impure --expr '(builtins.getFlake "git+file:.").inputs.nixpkgs.outPath' -o bench/nixpkgs
+flake_args=("--extra-experimental-features" "nix-command flakes")
 
+# XXX: yes this is very silly. flakes~!!
+nix build "${flake_args[@]}" --impure --expr '(builtins.getFlake "git+file:.").inputs.nixpkgs.outPath' -o bench/nixpkgs
+
+# We must ignore the global config, or else NIX_PATH won't work reliably.
+# See https://github.com/NixOS/nix/issues/9574
+export NIX_CONF_DIR='/var/empty'
 export NIX_REMOTE="$(mktemp -d)"
 _exit='rm -rfv "$NIX_REMOTE"; $_exit'
 export NIX_PATH="nixpkgs=bench/nixpkgs:nixos-config=bench/configuration.nix"
 
 builds=("$@")
 
-flake_args="--extra-experimental-features 'nix-command flakes'"
+flake_args="${flake_args[*]@Q}"
 
 hyperfineArgs=(
     --parameter-list BUILD "$(IFS=,; echo "${builds[*]}")"

clang-tidy/meson.build

@@ -1,13 +0,0 @@
-project('lix-clang-tidy', ['cpp', 'c'],
-  version : '0.1',
-  default_options : ['warning_level=3', 'cpp_std=c++20'])
-
-llvm = dependency('Clang', version: '>= 14', modules: ['libclang'])
-sources = files(
-  'HasPrefixSuffix.cc',
-  'LixClangTidyChecks.cc',
-  'FixIncludes.cc',
-)
-
-shared_module('lix-clang-tidy', sources,
-  dependencies: llvm)

doc/internal-api/doxygen.cfg.in

@@ -20,7 +20,7 @@ OUTPUT_DIRECTORY       = @docdir@
 # for a project that appears at the top of each page and should give viewer a
 # quick idea about the purpose of the project. Keep the description short.
 
-PROJECT_BRIEF          = "Nix, the purely functional package manager; unstable internal interfaces"
+PROJECT_BRIEF          = "Lix: A modern, delicious implementation of the Nix package manager; unstable internal interfaces"
 
 # If the GENERATE_LATEX tag is set to YES, doxygen will generate LaTeX output.
 # The default value is: YES.
@@ -33,32 +33,7 @@ GENERATE_LATEX         = NO
 # spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
 # Note: If this tag is empty the current directory is searched.
 
-# FIXME Make this list more maintainable somehow. We could maybe generate this
-# in the Makefile, but we would need to change how `.in` files are preprocessed
-# so they can expand variables despite configure variables.
-
-INPUT                  = \
-  src/libcmd \
-  src/libexpr \
-  src/libexpr/flake \
-  tests/unit/libexpr \
-  tests/unit/libexpr/value \
-  tests/unit/libexpr/test \
-  tests/unit/libexpr/test/value \
-  src/libexpr/value \
-  src/libfetchers \
-  src/libmain \
-  src/libstore \
-  src/libstore/build \
-  src/libstore/builtins \
-  tests/unit/libstore \
-  tests/unit/libstore/test \
-  src/libutil \
-  tests/unit/libutil \
-  tests/unit/libutil/test \
-  src/nix \
-  src/nix-env \
-  src/nix-store
+INPUT                  = @INPUT_PATHS@
 
 # If the MACRO_EXPANSION tag is set to YES, doxygen will expand all macro names
 # in the source code. If set to NO, only conditional compilation will be
@@ -97,3 +72,15 @@ EXPAND_AS_DEFINED      = \
   DECLARE_WORKER_SERIALISER \
   DECLARE_SERVE_SERIALISER \
   LENGTH_PREFIXED_PROTO_HELPER
+
+# The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path.
+# Stripping is only done if one of the specified strings matches the left-hand
+# part of the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the path to
+# strip.
+#
+# Note that you can specify absolute paths here, but also relative paths, which
+# will be relative from the directory where doxygen is started.
+# This tag requires that the tag FULL_PATH_NAMES is set to YES.
+
+STRIP_FROM_PATH        = "@PROJECT_SOURCE_ROOT@"

doc/internal-api/meson.build

@@ -1,3 +1,35 @@
+internal_api_sources = [
+  'src/libcmd',
+  'src/libexpr',
+  'src/libexpr/flake',
+  'tests/unit/libexpr',
+  'tests/unit/libexpr/value',
+  'tests/unit/libexpr/test',
+  'tests/unit/libexpr/test/value',
+  'src/libexpr/value',
+  'src/libfetchers',
+  'src/libmain',
+  'src/libstore',
+  'src/libstore/build',
+  'src/libstore/builtins',
+  'tests/unit/libstore',
+  'tests/unit/libstore/test',
+  'src/libutil',
+  'tests/unit/libutil',
+  'tests/unit/libutil/test',
+  'src/nix',
+  'src/nix-env',
+  'src/nix-store',
+]
+
+# We feed Doxygen absolute paths so it can be invoked from any working directory.
+internal_api_sources_absolute = []
+foreach src : internal_api_sources
+  internal_api_sources_absolute += '"' + (meson.project_source_root() / src) + '"'
+endforeach
+
+internal_api_sources_oneline = ' \\\n  '.join(internal_api_sources_absolute)
+
 doxygen_cfg = configure_file(
   input : 'doxygen.cfg.in',
   output : 'doxygen.cfg',
@@ -5,22 +37,16 @@ doxygen_cfg = configure_file(
     'PACKAGE_VERSION': meson.project_version(),
     'RAPIDCHECK_HEADERS': rapidcheck_meson.get_variable('includedir'),
     'docdir' : meson.current_build_dir(),
+    'INPUT_PATHS' : internal_api_sources_oneline,
+    'PROJECT_SOURCE_ROOT' : meson.project_source_root(),
   },
 )
 
 internal_api_docs = custom_target(
   'internal-api-docs',
   command : [
-    bash,
-    # Meson can you please just give us a `workdir` argument to custom targets...
-    '-c',
-    # We have to prefix the doxygen_cfg path with the project build root
-    # because of the cd in front.
-    'cd @0@ && @1@ @2@/@INPUT0@'.format(
-      meson.project_source_root(),
-      doxygen.full_path(),
-      meson.project_build_root(),
-    ),
+    doxygen.full_path(),
+    '@INPUT0@',
   ],
   input : [
     doxygen_cfg,

doc/manual/change-authors.yml

@@ -57,6 +57,11 @@ ericson:
   display_name: John Ericson
   github: ericson2314
 
+goldstein:
+  display_name: goldstein
+  forgejo: goldstein
+  github: GoldsteinE
+
 horrors:
   display_name: eldritch horrors
   forgejo: pennae
@@ -65,10 +70,17 @@ horrors:
 iFreilicht:
   github: iFreilicht
 
+isabelroses:
+  forgejo: isabelroses
+  github: isabelroses
+
 jade:
   forgejo: jade
   github: lf-
 
+kjeremy:
+  github: kjeremy
+
 kloenk:
   forgejo: kloenk
   github: kloenk
@@ -91,6 +103,11 @@ midnightveil:
 ncfavier:
   github: ncfavier
 
+piegames:
+  display_name: piegames
+  forgejo: piegames
+  github: piegamesde
+
 puck:
   display_name: puck
   forgejo: puck
@@ -130,3 +147,6 @@ winter:
 
 yshui:
   github: yshui
+
+zimbatm:
+  github: zimbatm

doc/manual/generate-features-shortlist.nix

@@ -1,9 +1,14 @@
+# Usually "experimental" or "deprecated"
+kind:
+# "xp" or "dp"
+kindShort:
+
 with builtins;
 with import ./utils.nix;
 
 let
   showExperimentalFeature = name: doc: ''
-    - [`${name}`](@docroot@/contributing/experimental-features.md#xp-feature-${name})
+    - [`${name}`](@docroot@/contributing/${kind}-features.md#${kindShort}-feature-${name})
   '';
 in
 xps: indent "  " (concatStrings (attrValues (mapAttrs showExperimentalFeature xps)))

doc/manual/generate-features.nix

@@ -0,0 +1,18 @@
+# Usually "experimental" or "deprecated"
+_kind:
+# "xp" or "dp"
+kindShort:
+
+with builtins;
+with import ./utils.nix;
+
+let
+  showFeature =
+    name: doc:
+    squash ''
+      ## [`${name}`]{#${kindShort}-feature-${name}}
+
+      ${doc}
+    '';
+in
+xps: (concatStringsSep "\n" (attrValues (mapAttrs showFeature xps)))

doc/manual/generate-xp-features.nix

@@ -1,13 +0,0 @@
-with builtins;
-with import ./utils.nix;
-
-let
-  showExperimentalFeature =
-    name: doc:
-    squash ''
-      ## [`${name}`]{#xp-feature-${name}}
-
-      ${doc}
-    '';
-in
-xps: (concatStringsSep "\n" (attrValues (mapAttrs showExperimentalFeature xps)))

doc/manual/meson.build

@@ -20,6 +20,8 @@ conf_file_json = custom_target(
   capture : true,
   output : 'conf-file.json',
   env : nix_env_for_docs,
+  # FIXME: put the actual lib targets in here? meson have introspection challenge 2024 though.
+  build_always_stale : true,
 )
 
 nix_conf_file_md_body = custom_target(
@@ -50,6 +52,8 @@ nix_exp_features_json = custom_target(
   command : [ nix, '__dump-xp-features' ],
   capture : true,
   output : 'xp-features.json',
+  # FIXME: put the actual lib targets in here? meson have introspection challenge 2024 though.
+  build_always_stale : true,
 )
 
 language_json = custom_target(
@@ -57,6 +61,8 @@ language_json = custom_target(
   output : 'language.json',
   capture : true,
   env : nix_env_for_docs,
+  # FIXME: put the actual lib targets in here? meson have introspection challenge 2024 though.
+  build_always_stale : true,
 )
 
 nix3_cli_json = custom_target(
@@ -64,6 +70,8 @@ nix3_cli_json = custom_target(
   capture : true,
   output : 'nix.json',
   env : nix_env_for_docs,
+  # FIXME: put the actual lib targets in here? meson have introspection challenge 2024 though.
+  build_always_stale : true,
 )
 
 generate_manual_deps = files(
@@ -72,9 +80,9 @@ generate_manual_deps = files(
 
 # Generates builtins.md and builtin-constants.md.
 subdir('src/language')
-# Generates new-cli pages, experimental-features-shortlist.md, and conf-file.md.
+# Generates new-cli pages, {experimental,deprecated}-features-shortlist.md, and conf-file.md.
 subdir('src/command-ref')
-# Generates experimental-feature-descriptions.md.
+# Generates {experimental,deprecated}-feature-descriptions.md.
 subdir('src/contributing')
 # Generates rl-next-generated.md.
 subdir('src/release-notes')
@@ -106,6 +114,8 @@ manual = custom_target(
     nix3_cli_files,
     experimental_features_shortlist_md,
     experimental_feature_descriptions_md,
+    deprecated_features_shortlist_md,
+    deprecated_feature_descriptions_md,
     conf_file_md,
     builtins_md,
     builtin_constants_md,
@@ -116,20 +126,19 @@ manual = custom_target(
     'manual',
     'markdown',
   ],
+  install : true,
+  install_dir : [
+    datadir / 'doc/nix',
+    false,
+  ],
   depfile : 'manual.d',
   env : {
     'RUST_LOG': 'info',
     'MDBOOK_SUBSTITUTE_SEARCH': meson.current_build_dir() / 'src',
   },
 )
-manual_html = manual[0]
 manual_md = manual[1]
 
-install_subdir(
-  manual_html.full_path(),
-  install_dir : datadir / 'doc/nix',
-)
-
 nix_nested_manpages = [
   [ 'nix-env',
     [

doc/manual/redirects.js

@@ -345,7 +345,7 @@ const redirects = {
     "linux": "uninstall.html#linux",
     "macos": "uninstall.html#macos",
     "uninstalling": "uninstall.html",
-  }
+  },
   "contributing/hacking.html": {
     "nix-with-flakes": "#building-nix-with-flakes",
     "classic-nix": "#building-nix",

doc/manual/rl-next/allowsubstitutes-errors.md

@@ -0,0 +1,21 @@
+---
+synopsis: "Build failures caused by `allowSubstitutes = false` while being the wrong system now produce a decent error"
+issues: [fj#484]
+cls: [1841]
+category: Fixes
+credits: jade
+---
+
+Nix allows derivations to set `allowSubstitutes = false` in order to force them to be built locally without querying substituters for them.
+This is useful for derivations that are very fast to build (especially if they produce large output).
+However, this can shoot you in the foot if the derivation *has* to be substituted such as if the derivation is for another architecture, which is what `--always-allow-substitutes` is for.
+
+Perhaps such derivations that are known to be impossible to build locally should ignore `allowSubstitutes` (irrespective of remote builders) in the future, but this at least reports the failure and solution directly.
+
+```
+$ nix build -f fail.nix
+error: a 'unicornsandrainbows-linux' with features {} is required to build '/nix/store/...-meow.drv', but I am a 'x86_64-linux' with features {...}
+
+       Hint: the failing derivation has allowSubstitutes set to false, forcing it to be built rather than substituted.
+       Passing --always-allow-substitutes to force substitution may resolve this failure if the path is available in a substituter.
+```

doc/manual/rl-next/alt-left-and-alt-right-in-repl.md

@@ -0,0 +1,10 @@
+---
+synopsis: "`Alt+Left` and `Alt+Right` go back/forwards by words in `nix repl`"
+issues: [fj#501]
+cls: [1883]
+category: Fixes
+credits: 9999years
+---
+
+`nix repl` now recognizes `Alt+Left` and `Alt+Right` for navigating by words
+when entering input in `nix repl` on more terminals/platforms.

doc/manual/rl-next/ban-integer-overflow.md

@@ -1,23 +0,0 @@
----
-synopsis: Define integer overflow in the Nix language as an error
-issues: [fj#423]
-cls: [1594, 1595, 1597, 1609]
-category: Fixes
-credits: [jade]
----
-
-Previously, integer overflow in the Nix language invoked C++ level signed overflow, which was undefined behaviour, but *probably* manifested as wrapping around on overflow.
-
-Since prior to the public release of Lix, Lix had C++ signed overflow defined to crash the process and nobody noticed this having accidentally removed overflow from the Nix language for three months until it was caught by fiddling around.
-Given the significant body of actual Nix code that has been evaluated by Lix in that time, it does not appear that nixpkgs or much of importance depends on integer overflow, so it is safe to turn into an error.
-
-Some other overflows were fixed:
-- `builtins.fromJSON` of values greater than the maximum representable value in a signed 64-bit integer will generate an error.
-- `nixConfig` in flakes will no longer accept negative values for configuration options.
-
-Integer overflow now looks like the following:
-
-```
-» nix eval --expr '9223372036854775807 + 1'
-error: integer overflow in adding 9223372036854775807 + 1
-```

doc/manual/rl-next/better-attrpath-errors.md

@@ -1,90 +0,0 @@
----
-synopsis: "Trace which part of a `foo.bar.baz` expression errors"
-cls: 1505, 1506
-credits: Qyriad
-category: Improvements
----
-
-Previously, if an attribute path selection expression like `linux_4_9.meta.description` it wouldn't show you which one of those parts in the attribute path, or even that that line of code is what caused evaluation of the failing expression.
-The previous error looks like this:
-
-```
-pkgs.linuxKernel.kernels.linux_4_9.meta.description
-
-error:
-       … while evaluating the attribute 'linuxKernel.kernels.linux_4_9.meta.description'
-         at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:5:
-          277|   } // lib.optionalAttrs config.allowAliases {
-          278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
-             |     ^
-          279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
-
-       … while calling the 'throw' builtin
-         at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:17:
-          277|   } // lib.optionalAttrs config.allowAliases {
-          278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
-             |                 ^
-          279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
-
-       error: linux 4.9 was removed because it will reach its end of life within 22.11
-```
-
-Now, the error will look like this:
-
-```
-pkgs.linuxKernel.kernels.linux_4_9.meta.description
-
-error:
-       … while evaluating the attribute 'linuxKernel.kernels.linux_4_9.meta.description'
-         at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:5:
-          277|   } // lib.optionalAttrs config.allowAliases {
-          278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
-             |     ^
-          279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
-
-       … while evaluating 'pkgs.linuxKernel.kernels.linux_4_9' to select 'meta' on it
-         at «string»:1:1:
-            1| pkgs.linuxKernel.kernels.linux_4_9.meta.description
-             | ^
-
-       … caused by explicit throw
-         at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:17:
-          277|   } // lib.optionalAttrs config.allowAliases {
-          278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
-             |                 ^
-          279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
-
-       error: linux 4.9 was removed because it will reach its end of life within 22.11
-```
-
-Not only does the line of code that referenced the failing attribute show up in the trace, it also tells you that it was specifically the `linux_4_9` part that failed.
-
-This includes if the failing part is a top-level binding:
-
-```
-let
-  inherit (pkgs.linuxKernel.kernels) linux_4_9;
-in linux_4_9.meta.description
-error:
-       … while evaluating 'linux_4_9' to select 'meta.description' on it
-         at «string»:3:4:
-            2|   inherit (pkgs.linuxKernel.kernels) linux_4_9;
-            3| in linux_4_9.meta.description
-             |    ^
-
-       … while evaluating the attribute 'linux_4_9'
-         at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:5:
-          277|   } // lib.optionalAttrs config.allowAliases {
-          278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
-             |     ^
-          279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
-
-       … caused by explicit throw
-         at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:17:
-          277|   } // lib.optionalAttrs config.allowAliases {
-          278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
-             |                 ^
-          279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
-
-       error: linux 4.9 was removed because it will reach its end of life within 22.11
-```

doc/manual/rl-next/build-dir.md

@@ -1,12 +0,0 @@
----
-synopsis: "Add a `build-dir` setting to set the backing directory for builds"
-cls: 1514
-credits: [roberth, tomberek]
-category: Improvements
----
-
-`build-dir` can now be set in the Nix configuration to choose the backing directory for the build sandbox.
-This can be useful on systems with `/tmp` on tmpfs, or simply to relocate large builds to another disk.
-
-Also, `XDG_RUNTIME_DIR` is no longer considered when selecting the default temporary directory,
-as it's not intended to be used for large amounts of data.

doc/manual/rl-next/ctrl-c-improved.md

@@ -0,0 +1,13 @@
+---
+synopsis: Ctrl-C stops Nix commands much more reliably and responsively
+issues: [7245, fj#393]
+cls: [2016]
+prs: [11618]
+category: Fixes
+credits: [roberth, 9999years]
+---
+
+CTRL-C will now stop Nix commands much more reliably and responsively. While
+there are still some cases where a Nix command can be slow or unresponsive
+following a `SIGINT` (please report these as issues!), the vast majority of
+signals will now cause the Nix command to quit quickly and consistently.

doc/manual/rl-next/deprecated-features.md

@@ -0,0 +1,17 @@
+---
+synopsis: Deprecated language features
+issues: [fj#437]
+cls: [1785, 1736, 1735, 1744]
+category: Breaking Changes
+credits: [piegames, horrors]
+---
+
+A system for deprecation (and then the planned removal) of undesired language features has been put into place.
+It is controlled via feature flags much like experimental features, except that the deprecations are enabled default,
+and can be disabled via the flags for backwards compatibility (opt-out with `--extra-deprecated-features` or the Nix configuration file).
+
+- `url-literals`: **URL literals** have long been obsolete and discouraged of use, and now they are officially deprecated.
+  This means that all URLs must be properly put within quotes like all other strings.
+- `rec-set-overrides`: **__overrides** is an old arcane syntax which has not been in use for more than a decade.
+  It is soft-deprecated with a warning only, with the plan to turn that into an error in a future release.
+- `ancient-let`: **The old `let` syntax** (`let { body = …; … }`) is soft-deprecated with a warning as well. Use the regular `let … in` instead.

doc/manual/rl-next/distinguish-throw-errors.md

@@ -1,70 +0,0 @@
----
-synopsis: "Distinguish between explicit throws and errors that happened while evaluating a throw"
-cls: 1511
-credits: Qyriad
-category: Improvements
----
-
-Previously, errors caused by an expression like `throw "invalid argument"` were treated like an error that happened simply while some builtin function was being called:
-
-```
-let
-  throwMsg = p: throw "${p} isn't the right package";
-in throwMsg "linuz"
-
-error:
-       … while calling the 'throw' builtin
-         at «string»:2:17:
-            1| let
-            2|   throwMsg = p: throw "${p} isn't the right package";
-             |                 ^
-            3| in throwMsg "linuz"
-
-       error: linuz isn't the right package
-```
-
-But the error didn't just happen "while" calling the `throw` builtin — it's a throw error!
-Now it looks like this:
-
-```
-let
-  throwMsg = p: throw "${p} isn't the right package";
-in throwMsg "linuz"
-
-error:
-       … caused by explicit throw
-         at «string»:2:17:
-            1| let
-            2|   throwMsg = p: throw "${p} isn't the right package";
-             |                 ^
-            3| in throwMsg "linuz"
-
-       error: linuz isn't the right package
-```
-
-This also means that incorrect usage of `throw` or errors evaluating its arguments are easily distinguishable from explicit throws:
-
-```
-let
-  throwMsg = p: throw "${p} isn't the right package";
-in throwMsg { attrs = "error when coerced in string interpolation"; }
-
-error:
-       … while calling the 'throw' builtin
-         at «string»:2:17:
-            1| let
-            2|   throwMsg = p: throw "${p} isn't the right package";
-             |                 ^
-            3| in throwMsg { attrs = "error when coerced in string interpolation"; }
-
-       … while evaluating a path segment
-         at «string»:2:24:
-            1| let
-            2|   throwMsg = p: throw "${p} isn't the right package";
-             |                        ^
-            3| in throwMsg { attrs = "error when coerced in string interpolation"; }
-
-       error: cannot coerce a set to a string: { attrs = "error when coerced in string interpolation"; }
-```
-
-Here, instead of an actual thrown error, a type error happens first (trying to coerce an attribute set to a string), but that type error happened *while* calling `throw`.

doc/manual/rl-next/fetchGit-regression.md

@@ -0,0 +1,23 @@
+---
+synopsis: restore backwards-compatibility of `builtins.fetchGit` with Nix 2.3
+issues: [5291, 5128]
+credits: [ma27]
+category: Fixes
+---
+
+Compatibility with `builtins.fetchGit` from Nix 2.3 has been restored as follows:
+
+* Until now, each `ref` was prefixed with `refs/heads` unless it starts with `refs/` itself.
+
+  Now, this is not done if the `ref` looks like a commit hash.
+
+* Specifying `builtins.fetchGit { ref = "a-tag"; /* … */ }` was broken because `refs/heads` was appended.
+
+  Now, the fetcher doesn't turn a ref into `refs/heads/ref`, but into `refs/*/ref`. That way,
+  the value in `ref` can be either a tag or a branch.
+
+* The ref resolution happens the same way as in git:
+
+  * If `refs/ref` exists, it's used.
+  * If a tag `refs/tags/ref` exists, it's used.
+  * If a branch `refs/heads/ref` exists, it's used.

doc/manual/rl-next/fix-gc-dry-run.md

@@ -1,29 +0,0 @@
----
-synopsis: Fix nix-collect-garbage --dry-run
-issues: [fj#432]
-cls: [1566]
-category: Fixes
-credits: [quantumjump]
----
-
-`nix-collect-garbage --dry-run` did not previously give any output - it simply
-exited without even checking to see what paths would be deleted.
-
-```
-$ nix-collect-garbage --dry-run
-$
-```
-
-We updated the behaviour of the flag such that instead it prints out how many
-paths it *would* delete, but doesn't actually delete them.
-
-```
-$ nix-collect-garbage --dry-run
-finding garbage collector roots...
-determining live/dead paths...
-...
-<nix store paths>
-...
-2670 store paths deleted, 0.00MiB freed
-$
-```

doc/manual/rl-next/fod-failure-includes-url.md

@@ -1,16 +0,0 @@
----
-synopsis: "Hash mismatch diagnostics for fixed-output derivations include the URL"
-cls: [1536]
-credits: [jade]
-category: Improvements
----
-
-Now, when building fixed-output derivations, Lix will guess the URL that was used in the derivation using the `url` or `urls` properties in the derivation environment.
-This is a layering violation but making these diagnostics tractable when there are multiple instances of the `AAAA` hash is too significant of an improvement to pass it up.
-
-```
-error: hash mismatch in fixed-output derivation '/nix/store/sjfw324j4533lwnpmr5z4icpb85r63ai-x1.drv':
-        likely URL: https://meow.puppy.forge/puppy.tar.gz
-         specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-            got:    sha256-a1Qvp3FOOkWpL9kFHgugU1ok5UtRPSu+NwCZKbbaEro=
-```

doc/manual/rl-next/http-proxy-for-s3.md

@@ -0,0 +1,10 @@
+---
+synopsis: HTTP proxy environment variables are now respected for S3 binary cache stores
+issues: [fj#433]
+cls: [1788]
+category: Fixes
+credits: jade
+---
+
+Due to "legacy reasons" (according to the AWS C++ SDK docs), the AWS SDK ignores system proxy configuration by default.
+We turned it back on.

doc/manual/rl-next/multiline-log-format.md

@@ -1,14 +0,0 @@
----
-synopsis: Add log formats `multiline` and `multiline-with-logs`
-cls: [1369]
-credits: [kloenk]
-category: Improvements
----
-
-Added two new log formats (`multiline` and `multiline-with-logs`) that display
-current activities below each other for better visibility.
-
-These formats attempt to use the maximum available lines
-(defaulting to 25 if unable to determine) and print up to that many lines.
-The status bar is displayed as the first line, with each subsequent
-activity on its own line.

doc/manual/rl-next/nix-copy-is-fast.md

@@ -1,12 +0,0 @@
----
-synopsis: "`nix copy` is now several times faster at `querying info about /nix/store/...`"
-cls: [1462]
-issues: [fj#366]
-credits: [jade]
-category: Fixes
----
-
-We fixed a locking bug that serialized `querying info about /nix/store/...`
-onto just one thread such that it was eating `O(paths to copy * latency)` time
-while setting up to copy paths to s3 and other stores. It is now `nproc` times
-faster.

doc/manual/rl-next/nix-fmt-default-argument.md

@@ -0,0 +1,38 @@
+---
+synopsis: Removing the `.` default argument passed to the `nix fmt` formatter
+issues: []
+prs: [11438]
+cls: [1902]
+category: Breaking Changes
+credits: zimbatm
+---
+
+The underlying formatter no longer receives the ". " default argument when `nix fmt` is called with no arguments.
+
+This change was necessary as the formatter wasn't able to distinguish between
+a user wanting to format the current folder with `nix fmt .` or the generic
+`nix fmt`.
+
+The default behaviour is now the responsibility of the formatter itself, and
+allows tools such as treefmt to format the whole tree instead of only the
+current directory and below.
+
+This may cause issues with some formatters: nixfmt, nixpkgs-fmt and alejandra currently format stdin when no arguments are passed.
+
+Here is a small wrapper example that will restore the previous behaviour for such a formatter:
+
+```nix
+{
+  outputs = { self, nixpkgs, systems }:
+    let
+      eachSystem = nixpkgs.lib.genAttrs (import systems) (system: nixpkgs.legacyPackages.${system});
+    in
+    {
+      formatter = eachSystem (pkgs:
+        pkgs.writeShellScriptBin "formatter" ''
+          if [[ $# = 0 ]]; set -- .; fi
+          exec "${pkgs.nixfmt-rfc-style}/bin/nixfmt "$@"
+        '');
+    };
+}
+```

doc/manual/rl-next/old-protocol-removal.md

@@ -1,21 +0,0 @@
----
-synopsis: "Lix no longer speaks the Nix remote-build worker protocol to clients or servers older than CppNix 2.3"
-cls: [1207, 1208, 1206, 1205, 1204, 1203, 1479]
-issues: [fj#325]
-credits: [jade]
-category: Breaking Changes
----
-
-CppNix 2.3 was released in 2019, and is the new oldest supported version. We
-will increase our support baseline in the future up to a final version of CppNix
-2.18 (which may happen soon given that it is the only still-packaged and thus
-still-tested >2.3 version), but this step already removes a significant amount
-of dead, untested, code paths.
-
-Lix speaks the same version of the protocol as CppNix 2.18 and that fact will
-never change in the future; the Lix plans to replace the protocol for evolution
-will entail a complete incompatible replacement that will be supported in
-parallel with the old protocol. Lix will thus retain remote build compatibility
-with CppNix as long as CppNix maintains protocol compatibility with 2.18, and
-as long as Lix retains legacy protocol support (which will likely be a long
-time given that we plan to convert it to a frozen-in-time shim).

doc/manual/rl-next/pretty-printing.md

@@ -1,58 +0,0 @@
----
-synopsis: "Eliminate some pretty-printing surprises"
-cls: [1616, 1617, 1618]
-prs: [11100]
-credits: [alois31, roberth]
-category: Improvements
----
-
-Some inconsistent and surprising behaviours have been eliminated from the pretty-printing used by the REPL and `nix eval`:
-* Lists and attribute sets that contain only a single item without nested structures are no longer sometimes inappropriately indented in the REPL, depending on internal state of the evaluator.
-* Empty attribute sets and derivations are no longer shown as `«repeated»`, since they are always cheap to print.
-  This matches the existing behaviour of `nix-instantiate` on empty attribute sets.
-  Empty lists were never printed as `«repeated»` already.
-* The REPL by default does not print nested attribute sets and lists, and indicates elided items with an ellipsis.
-  Previously, the ellipsis was printed even when the structure was empty, so that such items do not in fact exist.
-  Since this behaviour was confusing, it does not happen any more.
-
-Before:
-```
-nix-repl> :p let x = 1 + 2; in [ [ x ] [ x ] ]
-[
-  [
-    3
-  ]
-  [ 3 ]
-]
-
-nix-repl> let inherit (import <nixpkgs> { }) hello; in [ hello hello ]
-[
-  «derivation /nix/store/fqs92lzychkm6p37j7fnj4d65nq9fzla-hello-2.12.1.drv»
-  «repeated»
-]
-
-nix-repl> let x = {}; in [ x ]
-[
-  { ... }
-]
-```
-
-After:
-```
-nix-repl> :p let x = 1 + 2; in [ [ x ] [ x ] ]
-[
-  [ 3 ]
-  [ 3 ]
-]
-
-nix-repl> let inherit (import <nixpkgs> { }) hello; in [ hello hello ]
-[
-  «derivation /nix/store/fqs92lzychkm6p37j7fnj4d65nq9fzla-hello-2.12.1.drv»
-  «derivation /nix/store/fqs92lzychkm6p37j7fnj4d65nq9fzla-hello-2.12.1.drv»
-]
-
-nix-repl> let x = {}; in [ x ]
-[
-  { }
-]
-```

doc/manual/rl-next/pytest-suite.md

@@ -0,0 +1,10 @@
+---
+synopsis: "The beginnings of a new pytest-based functional test suite"
+category: Development
+cls: [2036, 2037]
+credits: jade
+---
+
+The existing integration/functional test suite is based on a large volume of shell scripts.
+This often makes it somewhat challenging to debug at the best of times.
+The goal of the pytest test suite is to make tests have more obvious dependencies on files and to make tests more concise and easier to write, as well as making new testing methods like snapshot testing easy.

doc/manual/rl-next/readline-support-removed.md

@@ -0,0 +1,17 @@
+---
+synopsis: readline support removed
+cls: [1885]
+category: Packaging
+credits: [9999years]
+---
+
+Support for building Lix with [`readline`][readline] instead of
+[`editline`][editline] has been removed. `readline` support hasn't worked for a
+long time (attempting to use it would lead to build errors) and would make Lix
+subject to the GPL if it did work. In the future, we're hoping to replace
+`editline` with [`rustyline`][rustyline] for improved ergonomics in the `nix
+repl`.
+
+[readline]: https://en.wikipedia.org/wiki/GNU_Readline
+[editline]: https://github.com/troglobit/editline
+[rustyline]: https://github.com/kkawakam/rustyline

doc/manual/rl-next/registry-add-shorthand-only.md

@@ -1,10 +0,0 @@
----
-synopsis: "`nix registry add` now requires a shorthand flakeref on the 'from' side"
-cls: 1494
-credits: delan
-category: Improvements
----
-
-The 'from' argument must now be a shorthand flakeref like `nixpkgs` or `nixpkgs/nixos-20.03`, making it harder to accidentally swap the 'from' and 'to' arguments.
-
-Registry entries that map from other flake URLs can still be specified in registry.json, the `nix.registry` option in NixOS, or the `--override-flake` option in the CLI, but they are not guaranteed to work correctly.

doc/manual/rl-next/reject-flake-config.md

@@ -1,9 +0,0 @@
----
-synopsis: Allow automatic rejection of configuration options from flakes
-cls: [1541]
-credits: [alois31]
-category: Improvements
----
-
-Setting `accept-flake-config` to `false` now respects user choice by automatically rejecting configuration options set by flakes.
-The old behaviour of asking each time is still available (and default) by setting it to the special value `ask`.

doc/manual/rl-next/relative-and-tilde-paths-in-config.md

@@ -0,0 +1,30 @@
+---
+synopsis: Relative and tilde paths in configuration
+issues: [fj#482]
+cls: [1851, 1863, 1864]
+category: Features
+credits: [9999years]
+---
+
+[Configuration settings](@docroot@/command-ref/conf-file.md) can now refer to
+files with paths relative to the file they're written in or relative to your
+home directory (with `~/`).
+
+This makes settings like
+[`repl-overlays`](@docroot@/command-ref/conf-file.md#conf-repl-overlays) and
+[`secret-key-files`](@docroot@/command-ref/conf-file.md#conf-repl-overlays)
+much easier to set, especially if you'd like to refer to files in an existing
+dotfiles repo cloned into your home directory.
+
+If you put `repl-overlays = repl.nix` in your `~/.config/nix/nix.conf`, it'll
+load `~/.config/nix/repl.nix`. Similarly, you can set `repl-overlays =
+~/.dotfiles/repl.nix` to load a file relative to your home directory.
+
+Configuration files can also
+[`include`](@docroot@/command-ref/conf-file.md#file-format) paths relative to
+your home directory.
+
+Only user configuration files (like `$XDG_CONFIG_HOME/nix/nix.conf` or the
+files listed in `$NIX_USER_CONF_FILES`) can use tilde paths relative to your
+home directory. Configuration listed in the `$NIX_CONFIG` environment variable
+may not use relative paths.

doc/manual/rl-next/repl-complete-colon.md

@@ -1,8 +0,0 @@
----
-synopsis: "`nix repl` now allows tab-completing the special repl :colon commands"
-cls: 1367
-credits: Qyriad
-category: Improvements
----
-
-The REPL (`nix repl`) supports pressing `<TAB>` to complete a partial expression, but now also supports completing the special :colon commands as well (`:b`, `:edit`, `:doc`, etc), if the line starts with a colon.

doc/manual/rl-next/sanitizers.md

@@ -1,10 +0,0 @@
----
-synopsis: "Lix now supports building with UndefinedBehaviorSanitizer"
-cls: [1483]
-credits: [jade]
-category: Development
----
-
-You can now build Lix with the configuration option `-Db_sanitize=undefined` and it will both work and pass tests. AddressSanitizer support is also coming soon.
-
-For a list of undefined behaviour fixed by sanitizer usage, see [the gerrit topic "undefined-behaviour"](https://gerrit.lix.systems/q/topic:%22undefined-behaviour%22).

doc/manual/rl-next/stack-traces.md

@@ -0,0 +1,26 @@
+---
+synopsis: "Some Lix crashes now produce reporting instructions and a stack trace, then abort"
+cls: [1854]
+category: Improvements
+credits: jade
+---
+
+Lix, being a C++ program, can crash in a few kinds of ways.
+It can obviously do a memory access violation, which will generate a core dump and thus be relatively debuggable.
+But, worse, it could throw an unhandled exception, and, in the past, we would just show the message but not where it comes from, in spite of this always being a bug, since we expect all such errors to be translated to a Lix specific error.
+Now the latter kind of bug should print reporting instructions, a rudimentary stack trace and (depending on system configuration) generate a core dump.
+
+Sample output:
+
+```
+Lix crashed. This is a bug. We would appreciate if you report it along with what caused it at https://git.lix.systems/lix-project/lix/issues with the following information included:
+
+Exception: std::runtime_error: test exception
+Stack trace:
+ 0# nix::printStackTrace() in /home/jade/lix/lix3/build/src/nix/../libutil/liblixutil.so
+ 1# 0x000073C9862331F2 in /home/jade/lix/lix3/build/src/nix/../libmain/liblixmain.so
+ 2# 0x000073C985F2E21A in /nix/store/p44qan69linp3ii0xrviypsw2j4qdcp2-gcc-13.2.0-lib/lib/libstdc++.so.6
+ 3# 0x000073C985F2E285 in /nix/store/p44qan69linp3ii0xrviypsw2j4qdcp2-gcc-13.2.0-lib/lib/libstdc++.so.6
+ 4# nix::handleExceptions(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()>) in /home/jade/lix/lix3/build/src/nix/../libmain/liblixmain.so
+ ...
+```

doc/manual/rl-next/verify-tls.md

@@ -0,0 +1,10 @@
+---
+synopsis: "`<nix/fetchurl.nix>` now uses TLS verification"
+category: Fixes
+prs: [11585]
+credits: edolstra
+---
+
+Previously `<nix/fetchurl.nix>` did not do TLS verification. This was because the Nix sandbox in the past did not have access to TLS certificates, and Nix checks the hash of the fetched file anyway. However, this can expose authentication data from `netrc` and URLs to man-in-the-middle attackers. In addition, Nix now in some cases (such as when using impure derivations) does *not* check the hash. Therefore we have now enabled TLS verification. This means that downloads by `<nix/fetchurl.nix>` will now fail if you're fetching from a HTTPS server that does not have a valid certificate.
+
+`<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It's not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue.

doc/manual/src/SUMMARY.md

@@ -192,11 +192,13 @@
   - [Hacking](contributing/hacking.md)
   - [Testing](contributing/testing.md)
   - [Experimental Features](contributing/experimental-features.md)
+  - [Deprecated Features](contributing/deprecated-features.md)
   - [CLI guideline](contributing/cli-guideline.md)
   - [C++ style guide](contributing/cxx.md)
 - [Release Notes](release-notes/release-notes.md)
   - [Upcoming release](release-notes/rl-next.md)
     <!-- RELENG-AUTO-INSERTION-MARKER (see releng/release_notes.py) -->
+  - [Lix 2.91 (2024-08-12)](release-notes/rl-2.91.md)
   - [Lix 2.90 (2024-07-10)](release-notes/rl-2.90.md)
   - [Nix 2.18 (2023-09-20)](release-notes/rl-2.18.md)
   - [Nix 2.17 (2023-07-24)](release-notes/rl-2.17.md)

doc/manual/src/command-ref/meson.build

@@ -1,23 +1,37 @@
-xp_features_json = custom_target(
-  command : [nix, '__dump-xp-features'],
-  capture : true,
-  output : 'xp-features.json',
-)
-
 experimental_features_shortlist_md = custom_target(
   command : nix_eval_for_docs + [
     '--expr',
-    'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
+    'import @INPUT0@ "experimental" "xp" (builtins.fromJSON (builtins.readFile @INPUT1@))',
   ],
   input : [
-    '../../generate-xp-features-shortlist.nix',
-    xp_features_json,
+    '../../generate-features-shortlist.nix',
+    nix_exp_features_json,
   ],
   capture : true,
   output : 'experimental-features-shortlist.md',
   env : nix_env_for_docs,
 )
 
+dp_features_json = custom_target(
+  command : [nix, '__dump-dp-features'],
+  capture : true,
+  output : 'dp-features.json',
+)
+
+deprecated_features_shortlist_md = custom_target(
+  command : nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT0@ "deprecated" "dp" (builtins.fromJSON (builtins.readFile @INPUT1@))',
+  ],
+  input : [
+    '../../generate-features-shortlist.nix',
+    dp_features_json,
+  ],
+  capture : true,
+  output : 'deprecated-features-shortlist.md',
+  env : nix_env_for_docs,
+)
+
 # Intermediate step for manpage generation.
 # This splorks the output of generate-manpage.nix as JSON,
 # which gets written as a directory tree below.
@@ -60,6 +74,7 @@ conf_file_md = custom_target(
     '../../utils.nix',
     conf_file_json,
     experimental_features_shortlist_md,
+    deprecated_features_shortlist_md,
   ],
   output : 'conf-file.md',
   env : nix_env_for_docs,

doc/manual/src/contributing/deprecated-features.md

@@ -0,0 +1,37 @@
+This section describes the notion of *deprecated features*, and how it fits into the big picture of the development of Lix.
+
+# What are deprecated features?
+
+Deprecated features are disabled by default, with the intent to eventually remove them.
+Users must explicitly enable them to keep using them, by toggling the associated [deprecated feature flags](@docroot@/command-ref/conf-file.md#conf-deprecated-features).
+This allows backwards compatibility and a graceful transition away from undesired features.
+
+# Which features can be deprecated?
+
+Undesired features should be soft-deprecated by yielding a warning when used for a significant amount of time before the can be deprecated.
+Legacy obsolete feature with little to no usage may go through this process faster.
+Deprecated features should have a migration path to a preferred alternative.
+
+# Lifecycle of a deprecated feature
+
+This description is not normative, but a feature removal may roughly happen like this:
+
+1. Add a warning when the feature is being used.
+2. Disable the feature by default, putting it behind a deprecated feature flag.
+  - If disabling the feature started out as an opt-in experimental feature, turn that experimental flag into a no-op or remove it entirely.
+    For example, `--extra-experimental-features=no-url-literals` becomes `--extra-deprecated-features=url-literals`.
+3. Decide on a time frame for how long that feature will still be supported for backwards compatibility, and clearly communicate that in the error messages.
+  - Sometimes, automatic migration to alternatives is possible, and such should be provided if possible
+  - At least one NixOS release cycle should be the minimum
+4. Finally remove the feature entirely, only keeping the error message for those still using it.
+
+# Relation to language versioning
+
+Obviously, removing anything breaks backwards compatibility.
+In an ideal world, we'd have SemVer controls over the language and its features, cleanly allowing us to make breaking changes.
+See https://wiki.lix.systems/books/lix-contributors/page/language-versioning and [RFC 137](https://github.com/nixos/rfcs/pull/137) for efforts on that.
+However, we do not live in such an ideal world, and currently this goal is so far away, that "just disable it with some back-compat for a couple of years" is the most realistic solution, especially for comparatively minor changes.
+
+# Currently available deprecated features
+
+{{#include @generated@/contributing/deprecated-feature-descriptions.md}}

doc/manual/src/contributing/meson.build

@@ -4,12 +4,25 @@
 experimental_feature_descriptions_md = custom_target(
   command : nix_eval_for_docs + [
     '--expr',
-    'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
+    'import @INPUT0@ "experimental" "xp" (builtins.fromJSON (builtins.readFile @INPUT1@))',
   ],
   input : [
-    '../../generate-xp-features.nix',
-    xp_features_json,
+    '../../generate-features.nix',
+    nix_exp_features_json,
   ],
   capture : true,
   output : 'experimental-feature-descriptions.md',
 )
+
+deprecated_feature_descriptions_md = custom_target(
+  command : nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT0@ "deprecated" "dp" (builtins.fromJSON (builtins.readFile @INPUT1@))',
+  ],
+  input : [
+    '../../generate-features.nix',
+    dp_features_json,
+  ],
+  capture : true,
+  output : 'deprecated-feature-descriptions.md',
+)

doc/manual/src/contributing/testing.md

@@ -427,6 +427,7 @@ I grepped `src/` for `get[eE]nv\("` to find the mentions in Lix code.
 - `NIX_SHOW_STATS_PATH` - Writes those statistics into a file at the given path instead of stdout. Undocumented.
 - `NIX_SHOW_SYMBOLS` - Dumps the symbol table into the show-stats json output.
 - `TERM` - If `dumb` or unset, disables ANSI colour output.
+- `FORCE_COLOR`, `CLICOLOR_FORCE` - Enables ANSI colour output if `NO_COLOR`/`NOCOLOR` not set.
 - `NO_COLOR`, `NOCOLOR` - Disables ANSI colour output.
 - `_NIX_DEVELOPER_SHOW_UNKNOWN_LOCATIONS` - Highlights unknown locations in errors.
 - `NIX_PROFILE` - Selects which profile `nix-env` will operate on. Documented elsewhere.

doc/manual/src/installation/multi-user.md

@@ -36,7 +36,10 @@ All users of the Lix daemon may do the following to bring things into the Nix st
     - Input-addressed, so they are run in the sandbox with no network access, with the following exceptions:
 
       - The (poorly named, since it is not *just* about chroot) property `__noChroot` is set on the derivation and `sandbox` is set to `relaxed`.
-      - On macOS, the derivation property `__darwinAllowLocalNetworking` allows network access to localhost from input-addressed derivations regardless of the `sandbox` setting value. This property exists with such semantics because macOS has no network namespace equivalent to isolate individual processes' localhost networking.
+      - On macOS, the derivation property `__darwinAllowLocalNetworking` allows network access to localhost from input-addressed derivations regardless of the `sandbox` setting value.
+        This property exists with such semantics because macOS has no network namespace equivalent to isolate individual processes' localhost networking.
+      - On macOS, the derivation property `__sandboxProfile` accepts extra sandbox profile S-expressions, allowing derivations to bypass arbitrary parts of the sandbox without altogether disabling it.
+        This is only permitted when `sandbox` is set to `relaxed`.
     - Output-addressed, so they are run with network access but their result must match an expected hash.
 
   Trusted users may set any setting, including `sandbox = false`, so the sandbox state can be different at runtime from what is described in `nix.conf` for builds invoked with such settings.

doc/manual/src/language/advanced-attributes.md

@@ -292,6 +292,12 @@ Derivations can declare some infrequently used optional attributes.
     (associative) arrays. For example, the attribute `hardening.format = true`
     ends up as the Bash associative array element `${hardening[format]}`.
 
+    > **Warning**
+    >
+    > If set to `true`, other advanced attributes such as [`allowedReferences`](#adv-attr-allowedReferences), [`allowedReferences`](#adv-attr-allowedReferences), [`allowedRequisites`](#adv-attr-allowedRequisites),
+    [`disallowedReferences`](#adv-attr-disallowedReferences) and [`disallowedRequisites`](#adv-attr-disallowedRequisites), maxSize, and maxClosureSize.
+    will have no effect.
+
   - [`outputChecks`]{#adv-attr-outputChecks}\
     When using [structured attributes](#adv-attr-structuredAttrs), the `outputChecks`
     attribute allows defining checks per-output.
@@ -326,7 +332,6 @@ Derivations can declare some infrequently used optional attributes.
     ```
 
   - [`unsafeDiscardReferences`]{#adv-attr-unsafeDiscardReferences}\
-
     When using [structured attributes](#adv-attr-structuredAttrs), the
     attribute `unsafeDiscardReferences` is an attribute set with a boolean value for each output name.
     If set to `true`, it disables scanning the output for runtime dependencies.

doc/manual/src/language/operators.md

@@ -26,6 +26,8 @@
 | Logical conjunction (`AND`)            | *bool* `&&` *bool*                         | left          | 12         |
 | Logical disjunction (`OR`)             | *bool* <code>\|\|</code> *bool*            | left          | 13         |
 | [Logical implication]                  | *bool* `->` *bool*                         | none          | 14         |
+| \[Experimental\] [Function piping]     | *expr* |> *func*                           | left          | 15         |
+| \[Experimental\] [Function piping]     | *expr* <| *func*                           | right         | 16         |
 
 [string]: ./values.md#type-string
 [path]: ./values.md#type-path
@@ -215,3 +217,33 @@ nix-repl> let f = x: 1; s = { func = f; }; in [ (f == f) (s == s) ]
 Equivalent to `!`*b1* `||` *b2*.
 
 [Logical implication]: #logical-implication
+
+## \[Experimental\] Function piping
+
+*This language feature is still experimental and may change at any time. Enable `--extra-experimental-features pipe-operator` to use it.*
+
+Pipes are a dedicated operator for function application, but with reverse order and a lower binding strength.
+This allows you to chain function calls together in way that is more natural to read and requires less parentheses.
+
+`a |> f b |> g` is equivalent to `g (f b a)`.
+`g <| f b <| a` is equivalent to `g (f b a)`.
+
+Example code snippet:
+
+```nix
+defaultPrefsFile = defaultPrefs
+  |> lib.mapAttrsToList (
+    key: value: ''
+      // ${value.reason}
+      pref("${key}", ${builtins.toJSON value.value});
+    ''
+  )
+  |> lib.concatStringsSep "\n"
+  |> pkgs.writeText "nixos-default-prefs.js";
+```
+
+Note how `mapAttrsToList` is called with two arguments (the lambda and `defaultPrefs`),
+but moving the last argument in front of the rest improves the reading flow.
+This is common for functions with long first argument, including all `map`-like functions.
+
+[Function piping]: #experimental-function-piping

doc/manual/src/language/values.md

@@ -77,12 +77,6 @@
   }
   ```
 
-  Finally, as a convenience, *URIs* as defined in appendix B of
-  [RFC 2396](http://www.ietf.org/rfc/rfc2396.txt) can be written *as
-  is*, without quotes. For instance, the string
-  `"http://example.org/foo.tar.bz2"` can also be written as
-  `http://example.org/foo.tar.bz2`.
-
 - <a id="type-number" href="#type-number">Number</a>
 
   Numbers, which can be *integers* (like `123`) or *floating point*

doc/manual/src/release-notes/rl-2.91.md

@@ -0,0 +1,489 @@
+# Lix 2.91 "Dragon's Breath" (2024-08-12)
+
+
+# Lix 2.91.0 (2024-08-12)
+
+## Breaking Changes
+- Block io_uring in the Linux sandbox [cl/1611](https://gerrit.lix.systems/c/lix/+/1611)
+
+  The io\_uring API has the unfortunate property that it is not possible to selectively decide which operations should be allowed.
+  This, together with the fact that new operations are routinely added, makes it a hazard to the proper function of the sandbox.
+
+  Therefore, any access to io\_uring has been made unavailable inside the sandbox.
+  As such, attempts to execute any system calls forming part of this API will fail with the error `ENOSYS`, as if io\_uring support had not been configured into the kernel.
+
+  Many thanks to [alois31](https://git.lix.systems/alois31) for this.
+- The `build-hook` setting is now deprecated
+
+  Build hooks communicate with the daemon using a custom, internal, undocumented protocol that is entirely unversioned and cannot be changed.
+  Since we intend to change it anyway we must unfortunately deprecate the current build hook infrastructure.
+  We do not expect this to impact most users—we have not found any uses of `build-hook` in the wild—but if this does affect you, we'd like to hear from you!
+- Lix no longer speaks the Nix remote-build worker protocol to clients or servers older than CppNix 2.3 [fj#325](https://git.lix.systems/lix-project/lix/issues/325) [cl/1207](https://gerrit.lix.systems/c/lix/+/1207) [cl/1208](https://gerrit.lix.systems/c/lix/+/1208) [cl/1206](https://gerrit.lix.systems/c/lix/+/1206) [cl/1205](https://gerrit.lix.systems/c/lix/+/1205) [cl/1204](https://gerrit.lix.systems/c/lix/+/1204) [cl/1203](https://gerrit.lix.systems/c/lix/+/1203) [cl/1479](https://gerrit.lix.systems/c/lix/+/1479)
+
+  CppNix 2.3 was released in 2019, and is the new oldest supported version. We
+  will increase our support baseline in the future up to a final version of CppNix
+  2.18 (which may happen soon given that it is the only still-packaged and thus
+  still-tested >2.3 version), but this step already removes a significant amount
+  of dead, untested, code paths.
+
+  Lix speaks the same version of the protocol as CppNix 2.18 and that fact will
+  never change in the future; the Lix plans to replace the protocol for evolution
+  will entail a complete incompatible replacement that will be supported in
+  parallel with the old protocol. Lix will thus retain remote build compatibility
+  with CppNix as long as CppNix maintains protocol compatibility with 2.18, and
+  as long as Lix retains legacy protocol support (which will likely be a long
+  time given that we plan to convert it to a frozen-in-time shim).
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+
+## Features
+- Pipe operator `|>` (experimental) [fj#438](https://git.lix.systems/lix-project/lix/issues/438) [cl/1654](https://gerrit.lix.systems/c/lix/+/1654)
+
+  Implementation of the pipe operator (`|>`) in the language as described in [RFC 148](https://github.com/NixOS/rfcs/pull/148).
+  The feature is still marked experimental, enable `--extra-experimental-features pipe-operator` to use it.
+
+  Many thanks to [piegames](https://git.lix.systems/piegames) and [eldritch horrors](https://git.lix.systems/pennae) for this.
+
+## Improvements
+- Trace which part of a `foo.bar.baz` expression errors [cl/1505](https://gerrit.lix.systems/c/lix/+/1505) [cl/1506](https://gerrit.lix.systems/c/lix/+/1506)
+
+  Previously, if an attribute path selection expression like `linux_4_9.meta.description` it wouldn't show you which one of those parts in the attribute path, or even that that line of code is what caused evaluation of the failing expression.
+  The previous error looks like this:
+
+  ```
+  pkgs.linuxKernel.kernels.linux_4_9.meta.description
+
+  error:
+         … while evaluating the attribute 'linuxKernel.kernels.linux_4_9.meta.description'
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:5:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |     ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         … while calling the 'throw' builtin
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:17:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |                 ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         error: linux 4.9 was removed because it will reach its end of life within 22.11
+  ```
+
+  Now, the error will look like this:
+
+  ```
+  pkgs.linuxKernel.kernels.linux_4_9.meta.description
+
+  error:
+         … while evaluating the attribute 'linuxKernel.kernels.linux_4_9.meta.description'
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:5:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |     ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         … while evaluating 'pkgs.linuxKernel.kernels.linux_4_9' to select 'meta' on it
+           at «string»:1:1:
+              1| pkgs.linuxKernel.kernels.linux_4_9.meta.description
+               | ^
+
+         … caused by explicit throw
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:17:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |                 ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         error: linux 4.9 was removed because it will reach its end of life within 22.11
+  ```
+
+  Not only does the line of code that referenced the failing attribute show up in the trace, it also tells you that it was specifically the `linux_4_9` part that failed.
+
+  This includes if the failing part is a top-level binding:
+
+  ```
+  let
+    inherit (pkgs.linuxKernel.kernels) linux_4_9;
+  in linux_4_9.meta.description
+  error:
+         … while evaluating 'linux_4_9' to select 'meta.description' on it
+           at «string»:3:4:
+              2|   inherit (pkgs.linuxKernel.kernels) linux_4_9;
+              3| in linux_4_9.meta.description
+               |    ^
+
+         … while evaluating the attribute 'linux_4_9'
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:5:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |     ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         … caused by explicit throw
+           at /nix/store/dk2rpyb6ndvfbf19bkb2plcz5y3k8i5v-source/pkgs/top-level/linux-kernels.nix:278:17:
+            277|   } // lib.optionalAttrs config.allowAliases {
+            278|     linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
+               |                 ^
+            279|     linux_4_14 = throw "linux 4.14 was removed because it will reach its end of life within 23.11";
+
+         error: linux 4.9 was removed because it will reach its end of life within 22.11
+  ```
+
+  Many thanks to [Qyriad](https://git.lix.systems/Qyriad) for this.
+- Confusing 'invalid path' errors are now 'path does not exist' [cl/1161](https://gerrit.lix.systems/c/lix/+/1161) [cl/1160](https://gerrit.lix.systems/c/lix/+/1160) [cl/1159](https://gerrit.lix.systems/c/lix/+/1159)
+
+  Previously, if a path did not exist in a Nix store, it was referred to as the internal name "path is invalid".
+  This is, however, very confusing, and there were numerous such errors that were exactly the same, making it hard to debug.
+  These errors are now more specific and refer to the path not existing in the store.
+
+  Many thanks to [julia](https://git.lix.systems/midnightveil) for this.
+- Add a `build-dir` setting to set the backing directory for builds [gh#10303](https://github.com/NixOS/nix/pull/10303) [gh#10312](https://github.com/NixOS/nix/pull/10312) [gh#10883](https://github.com/NixOS/nix/pull/10883) [cl/1514](https://gerrit.lix.systems/c/lix/+/1514)
+
+  `build-dir` can now be set in the Nix configuration to choose the backing directory for the build sandbox.
+  This can be useful on systems with `/tmp` on tmpfs, or simply to relocate large builds to another disk.
+
+  Also, `XDG_RUNTIME_DIR` is no longer considered when selecting the default temporary directory,
+  as it's not intended to be used for large amounts of data.
+
+  Many thanks to [Robert Hensing](https://github.com/roberth) and [Tom Bereknyei](https://github.com/tomberek) for this.
+- Better usage of colour control environment variables [cl/1699](https://gerrit.lix.systems/c/lix/+/1699) [cl/1702](https://gerrit.lix.systems/c/lix/+/1702)
+
+  Lix now heeds `NO_COLOR`/`NOCOLOR` for more output types, such as that used in `nix search`, `nix flake metadata` and similar.
+
+  It also now supports `CLICOLOR_FORCE`/`FORCE_COLOR` to force colours regardless of whether there is a terminal on the other side.
+
+  It now follows rules compatible with those described on <https://bixense.com/clicolors/> with `CLICOLOR` defaulted to enabled.
+
+  That is to say, the following procedure is followed in order:
+  - NO_COLOR or NOCOLOR set
+
+    Always disable colour
+  - CLICOLOR_FORCE or FORCE_COLOR set
+
+    Enable colour
+  - The output is a tty; TERM != "dumb"
+
+    Enable colour
+  - Otherwise
+
+    Disable colour
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Distinguish between explicit throws and errors that happened while evaluating a throw [cl/1511](https://gerrit.lix.systems/c/lix/+/1511)
+
+  Previously, errors caused by an expression like `throw "invalid argument"` were treated like an error that happened simply while some builtin function was being called:
+
+  ```
+  let
+    throwMsg = p: throw "${p} isn't the right package";
+  in throwMsg "linuz"
+
+  error:
+         … while calling the 'throw' builtin
+           at «string»:2:17:
+              1| let
+              2|   throwMsg = p: throw "${p} isn't the right package";
+               |                 ^
+              3| in throwMsg "linuz"
+
+         error: linuz isn't the right package
+  ```
+
+  But the error didn't just happen "while" calling the `throw` builtin — it's a throw error!
+  Now it looks like this:
+
+  ```
+  let
+    throwMsg = p: throw "${p} isn't the right package";
+  in throwMsg "linuz"
+
+  error:
+         … caused by explicit throw
+           at «string»:2:17:
+              1| let
+              2|   throwMsg = p: throw "${p} isn't the right package";
+               |                 ^
+              3| in throwMsg "linuz"
+
+         error: linuz isn't the right package
+  ```
+
+  This also means that incorrect usage of `throw` or errors evaluating its arguments are easily distinguishable from explicit throws:
+
+  ```
+  let
+    throwMsg = p: throw "${p} isn't the right package";
+  in throwMsg { attrs = "error when coerced in string interpolation"; }
+
+  error:
+         … while calling the 'throw' builtin
+           at «string»:2:17:
+              1| let
+              2|   throwMsg = p: throw "${p} isn't the right package";
+               |                 ^
+              3| in throwMsg { attrs = "error when coerced in string interpolation"; }
+
+         … while evaluating a path segment
+           at «string»:2:24:
+              1| let
+              2|   throwMsg = p: throw "${p} isn't the right package";
+               |                        ^
+              3| in throwMsg { attrs = "error when coerced in string interpolation"; }
+
+         error: cannot coerce a set to a string: { attrs = "error when coerced in string interpolation"; }
+  ```
+
+  Here, instead of an actual thrown error, a type error happens first (trying to coerce an attribute set to a string), but that type error happened *while* calling `throw`.
+
+  Many thanks to [Qyriad](https://git.lix.systems/Qyriad) for this.
+- `nix flake metadata` prints modified date [cl/1700](https://gerrit.lix.systems/c/lix/+/1700)
+
+  Ever wonder "gee, when *did* I update nixpkgs"?
+  Wonder no more, because `nix flake metadata` now simply tells you the times every locked flake input was updated:
+
+  ```
+  <...>
+  Description:   The purely functional package manager
+  Path:          /nix/store/c91yi8sxakc2ry7y4ac1smzwka4l5p78-source
+  Revision:      c52cff582043838bbe29768e7da232483d52b61d-dirty
+  Last modified: 2024-07-31 22:15:54
+  Inputs:
+  ├───flake-compat: github:edolstra/flake-compat/0f9255e01c2351cc7d116c072cb317785dd33b33
+  │   Last modified: 2023-10-04 06:37:54
+  ├───nix2container: github:nlewo/nix2container/3853e5caf9ad24103b13aa6e0e8bcebb47649fe4
+  │   Last modified: 2024-07-10 13:15:56
+  ├───nixpkgs: github:NixOS/nixpkgs/e21630230c77140bc6478a21cd71e8bb73706fce
+  │   Last modified: 2024-07-25 11:26:27
+  ├───nixpkgs-regression: github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2
+  │   Last modified: 2022-01-24 11:20:45
+  └───pre-commit-hooks: github:cachix/git-hooks.nix/f451c19376071a90d8c58ab1a953c6e9840527fd
+      Last modified: 2024-07-15 04:21:09
+  ```
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Hash mismatch diagnostics for fixed-output derivations include the URL [cl/1536](https://gerrit.lix.systems/c/lix/+/1536)
+
+  Now, when building fixed-output derivations, Lix will guess the URL that was used in the derivation using the `url` or `urls` properties in the derivation environment.
+  This is a layering violation but making these diagnostics tractable when there are multiple instances of the `AAAA` hash is too significant of an improvement to pass it up.
+
+  ```
+  error: hash mismatch in fixed-output derivation '/nix/store/sjfw324j4533lwnpmr5z4icpb85r63ai-x1.drv':
+          likely URL: https://meow.puppy.forge/puppy.tar.gz
+           specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
+              got:    sha256-a1Qvp3FOOkWpL9kFHgugU1ok5UtRPSu+NwCZKbbaEro=
+  ```
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Add log formats `multiline` and `multiline-with-logs` [cl/1369](https://gerrit.lix.systems/c/lix/+/1369)
+
+  Added two new log formats (`multiline` and `multiline-with-logs`) that display
+  current activities below each other for better visibility.
+
+  These formats attempt to use the maximum available lines
+  (defaulting to 25 if unable to determine) and print up to that many lines.
+  The status bar is displayed as the first line, with each subsequent
+  activity on its own line.
+
+  Many thanks to [kloenk](https://git.lix.systems/kloenk) for this.
+- Lix will now show the package descriptions in when running `nix flake show`. [cl/1540](https://gerrit.lix.systems/c/lix/+/1540)
+
+  When running `nix flake show`, Lix will now show the package descriptions, if they exist.
+
+  Before:
+
+  ```shell
+  $ nix flake show
+  path:/home/isabel/dev/lix-show?lastModified=1721736108&narHash=sha256-Zo8HP1ur7Q2b39hKUEG8EAh/opgq8xJ2jvwQ/htwO4Q%3D
+  └───packages
+      └───x86_64-linux
+          ├───aNoDescription: package 'simple'
+          ├───bOneLineDescription: package 'simple'
+          ├───cMultiLineDescription: package 'simple'
+          ├───dLongDescription: package 'simple'
+          └───eEmptyDescription: package 'simple'
+  ```
+
+  After:
+
+  ```shell
+  $ nix flake show
+  path:/home/isabel/dev/lix-show?lastModified=1721736108&narHash=sha256-Zo8HP1ur7Q2b39hKUEG8EAh/opgq8xJ2jvwQ/htwO4Q%3D
+  └───packages
+      └───x86_64-linux
+          ├───aNoDescription: package 'simple'
+          ├───bOneLineDescription: package 'simple' - 'one line'
+          ├───cMultiLineDescription: package 'simple' - 'line one'
+          ├───dLongDescription: package 'simple' - 'abcdefghijklmnopqrstuvwxyz'
+          └───eEmptyDescription: package 'simple'
+  ```
+
+  Many thanks to [kjeremy](https://github.com/kjeremy) and [isabelroses](https://git.lix.systems/isabelroses) for this.
+- Eliminate some pretty-printing surprises [#11100](https://github.com/NixOS/nix/pull/11100) [cl/1616](https://gerrit.lix.systems/c/lix/+/1616) [cl/1617](https://gerrit.lix.systems/c/lix/+/1617) [cl/1618](https://gerrit.lix.systems/c/lix/+/1618)
+
+  Some inconsistent and surprising behaviours have been eliminated from the pretty-printing used by the REPL and `nix eval`:
+  * Lists and attribute sets that contain only a single item without nested structures are no longer sometimes inappropriately indented in the REPL, depending on internal state of the evaluator.
+  * Empty attribute sets and derivations are no longer shown as `«repeated»`, since they are always cheap to print.
+    This matches the existing behaviour of `nix-instantiate` on empty attribute sets.
+    Empty lists were never printed as `«repeated»` already.
+  * The REPL by default does not print nested attribute sets and lists, and indicates elided items with an ellipsis.
+    Previously, the ellipsis was printed even when the structure was empty, so that such items do not in fact exist.
+    Since this behaviour was confusing, it does not happen any more.
+
+  Before:
+  ```
+  nix-repl> :p let x = 1 + 2; in [ [ x ] [ x ] ]
+  [
+    [
+      3
+    ]
+    [ 3 ]
+  ]
+
+  nix-repl> let inherit (import <nixpkgs> { }) hello; in [ hello hello ]
+  [
+    «derivation /nix/store/fqs92lzychkm6p37j7fnj4d65nq9fzla-hello-2.12.1.drv»
+    «repeated»
+  ]
+
+  nix-repl> let x = {}; in [ x ]
+  [
+    { ... }
+  ]
+  ```
+
+  After:
+  ```
+  nix-repl> :p let x = 1 + 2; in [ [ x ] [ x ] ]
+  [
+    [ 3 ]
+    [ 3 ]
+  ]
+
+  nix-repl> let inherit (import <nixpkgs> { }) hello; in [ hello hello ]
+  [
+    «derivation /nix/store/fqs92lzychkm6p37j7fnj4d65nq9fzla-hello-2.12.1.drv»
+    «derivation /nix/store/fqs92lzychkm6p37j7fnj4d65nq9fzla-hello-2.12.1.drv»
+  ]
+
+  nix-repl> let x = {}; in [ x ]
+  [
+    { }
+  ]
+  ```
+
+  Many thanks to [alois31](https://git.lix.systems/alois31) and [Robert Hensing](https://github.com/roberth) for this.
+- `nix registry add` now requires a shorthand flakeref on the 'from' side [cl/1494](https://gerrit.lix.systems/c/lix/+/1494)
+
+  The 'from' argument must now be a shorthand flakeref like `nixpkgs` or `nixpkgs/nixos-20.03`, making it harder to accidentally swap the 'from' and 'to' arguments.
+
+  Registry entries that map from other flake URLs can still be specified in registry.json, the `nix.registry` option in NixOS, or the `--override-flake` option in the CLI, but they are not guaranteed to work correctly.
+
+  Many thanks to [delan](https://git.lix.systems/delan) for this.
+- Allow automatic rejection of configuration options from flakes [cl/1541](https://gerrit.lix.systems/c/lix/+/1541)
+
+  Setting `accept-flake-config` to `false` now respects user choice by automatically rejecting configuration options set by flakes.
+  The old behaviour of asking each time is still available (and default) by setting it to the special value `ask`.
+
+  Many thanks to [alois31](https://git.lix.systems/alois31) for this.
+- `nix repl` now allows tab-completing the special repl :colon commands [cl/1367](https://gerrit.lix.systems/c/lix/+/1367)
+
+  The REPL (`nix repl`) supports pressing `<TAB>` to complete a partial expression, but now also supports completing the special :colon commands as well (`:b`, `:edit`, `:doc`, etc), if the line starts with a colon.
+
+  Many thanks to [Qyriad](https://git.lix.systems/Qyriad) for this.
+- `:edit`ing a file in Nix store no longer reloads the repl [fj#341](https://git.lix.systems/lix-project/lix/issues/341) [cl/1620](https://gerrit.lix.systems/c/lix/+/1620)
+
+  Calling `:edit` from the repl now only reloads if the file being edited was outside of Nix store.
+  That means that all the local variables are now preserved across `:edit`s of store paths.
+  This is always safe because the store is read-only.
+
+  Many thanks to [goldstein](https://git.lix.systems/goldstein) for this.
+- `:log` in repl now works on derivation paths [fj#51](https://git.lix.systems/lix-project/lix/issues/51) [cl/1716](https://gerrit.lix.systems/c/lix/+/1716)
+
+  `:log` can now accept store derivation paths in addition to derivation expressions.
+
+  Many thanks to [goldstein](https://git.lix.systems/goldstein) for this.
+
+## Fixes
+- Define integer overflow in the Nix language as an error [fj#423](https://git.lix.systems/lix-project/lix/issues/423) [cl/1594](https://gerrit.lix.systems/c/lix/+/1594) [cl/1595](https://gerrit.lix.systems/c/lix/+/1595) [cl/1597](https://gerrit.lix.systems/c/lix/+/1597) [cl/1609](https://gerrit.lix.systems/c/lix/+/1609)
+
+  Previously, integer overflow in the Nix language invoked C++ level signed overflow, which was undefined behaviour, but *probably* manifested as wrapping around on overflow.
+
+  Since prior to the public release of Lix, Lix had C++ signed overflow defined to crash the process and nobody noticed this having accidentally removed overflow from the Nix language for three months until it was caught by fiddling around.
+  Given the significant body of actual Nix code that has been evaluated by Lix in that time, it does not appear that nixpkgs or much of importance depends on integer overflow, so it is safe to turn into an error.
+
+  Some other overflows were fixed:
+  - `builtins.fromJSON` of values greater than the maximum representable value in a signed 64-bit integer will generate an error.
+  - `nixConfig` in flakes will no longer accept negative values for configuration options.
+
+  Integer overflow now looks like the following:
+
+  ```
+  » nix eval --expr '9223372036854775807 + 1'
+  error: integer overflow in adding 9223372036854775807 + 1
+  ```
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Fix nix-collect-garbage --dry-run [fj#432](https://git.lix.systems/lix-project/lix/issues/432) [cl/1566](https://gerrit.lix.systems/c/lix/+/1566)
+
+  `nix-collect-garbage --dry-run` did not previously give any output - it simply
+  exited without even checking to see what paths would be deleted.
+
+  ```
+  $ nix-collect-garbage --dry-run
+  $
+  ```
+
+  We updated the behaviour of the flag such that instead it prints out how many
+  paths it *would* delete, but doesn't actually delete them.
+
+  ```
+  $ nix-collect-garbage --dry-run
+  finding garbage collector roots...
+  determining live/dead paths...
+  ...
+  <nix store paths>
+  ...
+  2670 store paths deleted, 0.00MiB freed
+  $
+  ```
+
+  Many thanks to [Quantum Jump](https://github.com/QuantumBJump) for this.
+- Fix unexpectedly-successful GC failures on macOS [fj#446](https://git.lix.systems/lix-project/lix/issues/446) [cl/1723](https://gerrit.lix.systems/c/lix/+/1723)
+
+  Has the following happened to you on macOS? This failure has been successfully eliminated, thanks to our successful deployment of advanced successful-failure detection technology (it's just `if (failed && errno == 0)`. Patent pending<sup>not really</sup>):
+
+  ```
+  $ nix-store --gc --print-dead
+  finding garbage collector roots...
+  error: Listing pid 87261 file descriptors: Undefined error: 0
+  ```
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- `nix copy` is now several times faster at `querying info about /nix/store/...` [fj#366](https://git.lix.systems/lix-project/lix/issues/366) [cl/1462](https://gerrit.lix.systems/c/lix/+/1462)
+
+  We fixed a locking bug that serialized `querying info about /nix/store/...`
+  onto just one thread such that it was eating `O(paths to copy * latency)` time
+  while setting up to copy paths to s3 and other stores. It is now `nproc` times
+  faster.
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+
+## Development
+- clang-tidy support [fj#147](https://git.lix.systems/lix-project/lix/issues/147) [cl/1697](https://gerrit.lix.systems/c/lix/+/1697)
+
+  `clang-tidy` can be used to lint Lix with a limited set of lints using `ninja -C build clang-tidy` and `ninja -C build clang-tidy-fix`.
+  In practice, this fixes the built-in meson rule that was used the same as above being broken ever since precompiled headers were introduced.
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.
+- Lix now supports building with UndefinedBehaviorSanitizer [cl/1483](https://gerrit.lix.systems/c/lix/+/1483) [cl/1481](https://gerrit.lix.systems/c/lix/+/1481) [cl/1669](https://gerrit.lix.systems/c/lix/+/1669)
+
+  You can now build Lix with the configuration option `-Db_sanitize=undefined,address` and it will both work and pass tests with both AddressSanitizer and UndefinedBehaviorSanitizer enabled.
+  To use ASan specifically, you have to set `-Dgc=disabled`, which an error message will tell you to do if necessary anyhow.
+
+  Furthermore, tests passing with Clang ASan+UBSan is checked on every change in CI.
+
+  For a list of undefined behaviour found by tooling usage, see [the gerrit topic "undefined-behaviour"](https://gerrit.lix.systems/q/topic:%22undefined-behaviour%22).
+
+  Many thanks to [jade](https://git.lix.systems/jade) for this.

flake.lock

@@ -19,11 +19,11 @@
     "nix2container": {
       "flake": false,
       "locked": {
-        "lastModified": 1712990762,
-        "narHash": "sha256-hO9W3w7NcnYeX8u8cleHiSpK2YJo7ecarFTUlbybl7k=",
+        "lastModified": 1724996935,
+        "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",
         "owner": "nlewo",
         "repo": "nix2container",
-        "rev": "20aad300c925639d5d6cbe30013c8357ce9f2a2e",
+        "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",
         "type": "github"
       },
       "original": {
@@ -34,11 +34,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1718111384,
-        "narHash": "sha256-7tSst0S5FOmcgvNtfy6cjZX5w8CabCVAfAeCkhY4OVg=",
+        "lastModified": 1727184566,
+        "narHash": "sha256-mgdK8BcFsLSNhe780+cHbEUbZ3OruLa1T/xgQlL4Aj4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a508a44af0c1b1b57785c34d8b54783536273eeb",
+        "rev": "48c3030083c46042584531bc9d931020f1975677",
         "type": "github"
       },
       "original": {
@@ -67,11 +67,11 @@
     "pre-commit-hooks": {
       "flake": false,
       "locked": {
-        "lastModified": 1712055707,
-        "narHash": "sha256-4XLvuSIDZJGS17xEwSrNuJLL7UjDYKGJSbK1WWX2AK8=",
+        "lastModified": 1726745158,
+        "narHash": "sha256-D5AegvGoEjt4rkKedmxlSEmC+nNLMBPWFxvmYnVLhjk=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "e35aed5fda3cc79f88ed7f1795021e559582093a",
+        "rev": "4e743a6920eab45e8ba0fbe49dc459f1423a4b74",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,5 +1,5 @@
 {
-  description = "The purely functional package manager";
+  description = "Lix: A modern, delicious implementation of the Nix package manager";
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
@@ -33,7 +33,7 @@
 
       # This notice gets echoed as a dev shell hook, and can be turned off with
       # `touch .nocontribmsg`
-      sgr = ''['';
+      sgr = builtins.fromJSON ''"\u001b["'';
       freezePage = "https://wiki.lix.systems/books/lix-contributors/page/freezes-and-recommended-contributions";
       codebaseOverview = "https://wiki.lix.systems/books/lix-contributors/page/codebase-overview";
       contribNotice = builtins.toFile "lix-contrib-notice" ''
@@ -59,7 +59,8 @@
         (Run `touch .nocontribmsg` to hide this message.)
       '';
 
-      officialRelease = false;
+      versionJson = builtins.fromJSON (builtins.readFile ./version.json);
+      officialRelease = versionJson.official_release;
 
       # Set to true to build the release notes for the next release.
       buildUnreleasedNotes = true;
@@ -98,9 +99,10 @@
       ];
 
       stdenvs = [
-        "gccStdenv"
+        # see assertion in package.nix why these two are disabled
+        # "stdenv"
+        # "gccStdenv"
         "clangStdenv"
-        "stdenv"
         "libcxxStdenv"
         "ccacheStdenv"
       ];
@@ -120,7 +122,11 @@
             name = "${stdenvName}Packages";
             value = f stdenvName;
           }) stdenvs
-        );
+        )
+        // {
+          # TODO delete this and reënable gcc stdenvs once gcc compiles kj coros correctly
+          stdenvPackages = f "clangStdenv";
+        };
 
       # Memoize nixpkgs for different platforms for efficiency.
       nixpkgsFor = forAllSystems (
@@ -164,6 +170,7 @@
           nixUnstable = prev.nixUnstable;
 
           check-headers = final.buildPackages.callPackage ./maintainers/check-headers.nix { };
+          check-syscalls = final.buildPackages.callPackage ./maintainers/check-syscalls.nix { };
 
           default-busybox-sandbox-shell = final.busybox.override {
             useMusl = true;
@@ -195,7 +202,7 @@
             busybox-sandbox-shell = final.busybox-sandbox-shell or final.default-busybox-sandbox-shell;
           };
 
-          pegtl = final.nix.passthru.pegtl;
+          lix-clang-tidy = final.callPackage ./subprojects/lix-clang-tidy { };
 
           # Export the patched version of boehmgc that Lix uses into the overlay
           # for consumers of this flake.
@@ -210,7 +217,7 @@
 
       # A Nixpkgs overlay that overrides the 'nix' and
       # 'nix.perl-bindings' packages.
-      overlays.default = overlayFor (p: p.stdenv);
+      overlays.default = overlayFor (p: p.clangStdenv);
 
       hydraJobs = {
         # Binary package for various platforms.
@@ -262,6 +269,8 @@
             nix = pkgs.callPackage ./package.nix {
               inherit versionSuffix officialRelease buildUnreleasedNotes;
               inherit (pkgs) build-release-notes;
+              # Required since we don't support gcc stdenv
+              stdenv = pkgs.clangStdenv;
               internalApiDocs = true;
               busybox-sandbox-shell = pkgs.busybox-sandbox-shell;
             };
@@ -276,6 +285,54 @@
 
         # System tests.
         tests = import ./tests/nixos { inherit lib nixpkgs nixpkgsFor; } // {
+          # This is x86_64-linux only, just because we have significantly
+          # cheaper x86_64-linux compute in CI.
+          # It is clangStdenv because clang's sanitizers are nicer.
+          asanBuild = self.packages.x86_64-linux.nix-clangStdenv.override {
+            # Improve caching of non-code changes by not changing the
+            # derivation name every single time, since this will never be seen
+            # by users anyway.
+            versionSuffix = "";
+            sanitize = [
+              "address"
+              "undefined"
+            ];
+            # it is very hard to make *every* CI build use this option such
+            # that we don't wind up building Lix twice, so we do it here where
+            # we are already doing so.
+            werror = true;
+          };
+
+          # Although this might be nicer to do with pre-commit, that would
+          # require adding 12MB of nodejs to the dev shell, whereas building it
+          # in CI with Nix avoids that at a cost of slower feedback on rarely
+          # touched files.
+          jsSyntaxCheck =
+            let
+              nixpkgs = nixpkgsFor.x86_64-linux.native;
+              inherit (nixpkgs) pkgs;
+              docSources = lib.fileset.toSource {
+                root = ./doc;
+                fileset = lib.fileset.fileFilter (f: f.hasExt "js") ./doc;
+              };
+            in
+            pkgs.runCommand "js-syntax-check" { } ''
+              find ${docSources} -type f -print -exec ${pkgs.nodejs-slim}/bin/node --check '{}' ';'
+              touch $out
+            '';
+
+          # clang-tidy run against the Lix codebase using the Lix clang-tidy plugin
+          clang-tidy =
+            let
+              nixpkgs = nixpkgsFor.x86_64-linux.native;
+              inherit (nixpkgs) pkgs;
+            in
+            pkgs.callPackage ./package.nix {
+              # Required since we don't support gcc stdenv
+              stdenv = pkgs.clangStdenv;
+              versionSuffix = "";
+              lintInsteadOfBuild = true;
+            };
 
           # Make sure that nix-env still produces the exact same result
           # on a particular version of Nixpkgs.
@@ -371,6 +428,8 @@
         rec {
           inherit (nixpkgsFor.${system}.native) nix;
           default = nix;
+
+          inherit (nixpkgsFor.${system}.native) lix-clang-tidy;
         }
         // (
           lib.optionalAttrs (builtins.elem system linux64BitSystems) {
@@ -407,7 +466,7 @@
             pkgs: stdenv:
             let
               nix = pkgs.callPackage ./package.nix {
-                inherit stdenv officialRelease versionSuffix;
+                inherit stdenv versionSuffix;
                 busybox-sandbox-shell = pkgs.busybox-sandbox-shell or pkgs.default-busybox-sandbox;
                 internalApiDocs = false;
               };

justfile

@@ -25,3 +25,13 @@ install *OPTIONS: (build OPTIONS)
 # Run tests
 test *OPTIONS:
     meson test -C build --print-errorlogs {{ OPTIONS }}
+
+alias clang-tidy := lint
+
+lint:
+    ninja -C build clang-tidy
+
+alias clang-tidy-fix := lint-fix
+
+lint-fix:
+    ninja -C build clang-tidy-fix

maintainers/build-release-notes.py

@@ -106,7 +106,7 @@ def do_category(author_info: AuthorInfoDB, entries: list[Tuple[pathlib.Path, Any
             links = []
             links += [format_issue(str(s)) for s in listify(entry.metadata.get('issues', []))]
             links += [format_pr(str(s)) for s in listify(entry.metadata.get('prs', []))]
-            links += [format_cl(cl) for cl in listify(entry.metadata.get('cls', []))]
+            links += [format_cl(int(cl)) for cl in listify(entry.metadata.get('cls', []))]
             if links != []:
                 header += " " + " ".join(links)
             if header:
@@ -129,7 +129,7 @@ def run_on_dir(author_info: AuthorInfoDB, d):
     entries = defaultdict(list)
     for p in paths:
         try:
-            e = frontmatter.load(p)
+            e = frontmatter.load(p) # type: ignore
             if 'synopsis' not in e.metadata:
                 raise Exception('missing synopsis')
             unknownKeys = set(e.metadata.keys()) - set(KNOWN_KEYS)

maintainers/check-syscalls.nix

@@ -0,0 +1,16 @@
+{
+  runCommandNoCC,
+  lib,
+  libseccomp,
+  writeShellScriptBin,
+}:
+let
+  syscalls-csv = runCommandNoCC "syscalls.csv" { } ''
+    echo ${lib.escapeShellArg libseccomp.src}
+    tar -xf ${lib.escapeShellArg libseccomp.src} --strip-components=2 ${libseccomp.name}/src/syscalls.csv
+    mv syscalls.csv "$out"
+  '';
+in
+writeShellScriptBin "check-syscalls" ''
+  ${./check-syscalls.sh} ${syscalls-csv}
+''

maintainers/check-syscalls.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -e
+
+diff -u <(awk < src/libstore/platform/linux.cc '/BEGIN extract-syscalls/ { extracting = 1; next }
+match($0, /allowSyscall\(ctx, SCMP_SYS\(([^)]*)\)\);|\/\/ skip ([^ ]*)/, result) { print result[1] result[2] }
+/END extract-syscalls/ { extracting = 0; next }') <(tail -n+2 "$1" | cut -d, -f 1)

meson.build

@@ -30,6 +30,14 @@
 # FIXME: This hack should be removed when https://git.lix.systems/lix-project/lix/issues/359
 # is fixed.
 #
+# lix-doc is built with Meson in lix-doc/meson.build, and linked into libcmd in
+# src/libcmd/meson.build. When building outside the Nix sandbox, Meson will use the .wrap
+# files in subprojects/ to download and extract the dependency crates into subprojects/.
+# When building inside the Nix sandbox, Lix's derivation in package.nix uses a
+# fixed-output derivation to fetch those crates in advance instead, and then symlinks
+# them into subprojects/ with the same names that Meson uses when downloading them
+# itself -- perfect for --wrap-mode=nodownload, which mesonConfigurePhase uses.
+#
 # Unit tests are setup in tests/unit/meson.build, under the test suite "check".
 #
 # Functional tests are a bit more complicated. Generally they're defined in
@@ -38,12 +46,13 @@
 # be placed in specific directories' meson.build files to create the right directory tree
 # in the build directory.
 
-project('lix', 'cpp',
+project('lix', 'cpp', 'rust',
+  meson_version : '>=1.4.0',
   version : run_command('bash', '-c', 'echo -n $(jq -r .version < ./version.json)$VERSION_SUFFIX', check : true).stdout().strip(),
   default_options : [
-    'cpp_std=c++2a',
-    # TODO(Qyriad): increase the warning level
-    'warning_level=1',
+    'cpp_std=c++23',
+    'rust_std=2021',
+    'warning_level=2',
     'debug=true',
     'optimization=2',
     'errorlogs=true', # Please print logs for tests that fail
@@ -138,6 +147,17 @@ if should_pch
   # Unlike basically everything else that takes a file, Meson requires the arguments to
   # cpp_pch : to be strings and doesn't accept files(). So absolute path it is.
   cpp_pch = [meson.project_source_root() / 'src/pch/precompiled-headers.hh']
+
+  # Saves about 400s (30% at time of writing) from compile time on-cpu, mostly
+  # by removing instantiations of nlohmann from every single damned compilation
+  # unit.
+  # There is no equivalent in gcc.
+  if cxx.get_id() == 'clang'
+    add_project_arguments(
+      '-fpch-instantiate-templates',
+      language : 'cpp',
+    )
+  endif
 else
   cpp_pch = []
 endif
@@ -147,10 +167,18 @@ endif
 # frees one would expect when the objects are unique_ptrs. these problems
 # often show up as memory corruption when nesting generators (since we do
 # treat generators like owned memory) and will cause inexplicable crashs.
+#
+# gcc 13 does not compile capnp coroutine code correctly. a newer version
+# may fix this. (cf. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102051)
+# we allow gcc 13 here anyway because CI uses it for clang-tidy, and when
+# the compiler crashes outright if won't produce any bad binaries either.
 assert(
   cxx.get_id() != 'gcc' or cxx.version().version_compare('>=13'),
-  'GCC 12 and earlier are known to miscompile lix coroutines, use GCC 13 or clang.'
+  'GCC is known to miscompile coroutines, use clang.'
 )
+if cxx.get_id() == 'gcc'
+  warning('GCC is known to crash while building coroutines, use clang.')
+endif
 
 
 # Translate some historical and Mesony CPU names to Lixy CPU names.
@@ -199,23 +227,28 @@ configdata = { }
 # Dependencies
 #
 
-boehm = dependency('bdw-gc', required : get_option('gc'), version : '>=8.2.6')
+gc_opt = get_option('gc').disable_if(
+  'address' in get_option('b_sanitize'),
+  error_message: 'gc does far too many memory crimes for ASan'
+)
+boehm = dependency('bdw-gc', required : gc_opt, version : '>=8.2.6', include_type : 'system')
 configdata += {
   'HAVE_BOEHMGC': boehm.found().to_int(),
 }
 
-boost = dependency('boost', required : true, modules : ['container'])
+boost = dependency('boost', required : true, modules : ['container'], include_type : 'system')
+kj = dependency('kj-async', required : true, include_type : 'system')
 
 # cpuid only makes sense on x86_64
 cpuid_required = is_x64 ? get_option('cpuid') : false
-cpuid = dependency('libcpuid', 'cpuid', required : cpuid_required)
+cpuid = dependency('libcpuid', 'cpuid', required : cpuid_required, include_type : 'system')
 configdata += {
   'HAVE_LIBCPUID': cpuid.found().to_int(),
 }
 
 # seccomp only makes sense on Linux
 seccomp_required = is_linux ? get_option('seccomp-sandboxing') : false
-seccomp = dependency('libseccomp', 'seccomp', required : seccomp_required, version : '>=2.5.5')
+seccomp = dependency('libseccomp', 'seccomp', required : seccomp_required, version : '>=2.5.5', include_type : 'system')
 if is_linux and not seccomp.found()
   warning('Sandbox security is reduced because libseccomp has not been found! Please provide libseccomp if it supports your CPU architecture.')
 endif
@@ -223,19 +256,24 @@ configdata += {
   'HAVE_SECCOMP': seccomp.found().to_int(),
 }
 
-libarchive = dependency('libarchive', required : true)
+libarchive = dependency('libarchive', required : true, include_type : 'system')
 
 brotli = [
-  dependency('libbrotlicommon', required : true),
-  dependency('libbrotlidec', required : true),
-  dependency('libbrotlienc', required : true),
+  dependency('libbrotlicommon', required : true, include_type : 'system'),
+  dependency('libbrotlidec', required : true, include_type : 'system'),
+  dependency('libbrotlienc', required : true, include_type : 'system'),
 ]
 
-openssl = dependency('libcrypto', 'openssl', required : true)
+openssl = dependency('libcrypto', 'openssl', required : true, include_type : 'system')
 
 # FIXME: confirm we actually support such old versions of aws-sdk-cpp
-aws_sdk = dependency('aws-cpp-sdk-core', required : false, version : '>=1.8')
-aws_sdk_transfer = dependency('aws-cpp-sdk-transfer', required : aws_sdk.found(), fallback : ['aws_sdk', 'aws_cpp_sdk_transfer_dep'])
+aws_sdk = dependency('aws-cpp-sdk-core', required : false, version : '>=1.8', include_type : 'system')
+aws_sdk_transfer = dependency(
+  'aws-cpp-sdk-transfer',
+  required : aws_sdk.found(),
+  fallback : ['aws_sdk', 'aws_cpp_sdk_transfer_dep'],
+  include_type : 'system',
+)
 if aws_sdk.found()
   # The AWS pkg-config adds -std=c++11.
   # https://github.com/aws/aws-sdk-cpp/issues/2673
@@ -255,7 +293,12 @@ if aws_sdk.found()
   )
 endif
 
-aws_s3 = dependency('aws-cpp-sdk-s3', required : aws_sdk.found(), fallback : ['aws_sdk', 'aws_cpp_sdk_s3_dep'])
+aws_s3 = dependency(
+  'aws-cpp-sdk-s3',
+  required : aws_sdk.found(),
+  fallback : ['aws_sdk', 'aws_cpp_sdk_s3_dep'],
+  include_type : 'system',
+)
 if aws_s3.found()
   # The AWS pkg-config adds -std=c++11.
   # https://github.com/aws/aws-sdk-cpp/issues/2673
@@ -272,30 +315,30 @@ configdata += {
   'ENABLE_S3': aws_s3.found().to_int(),
 }
 
-sqlite = dependency('sqlite3', 'sqlite', version : '>=3.6.19', required : true)
+sqlite = dependency('sqlite3', 'sqlite', version : '>=3.6.19', required : true, include_type : 'system')
 
-sodium = dependency('libsodium', 'sodium', required : true)
+sodium = dependency('libsodium', 'sodium', required : true, include_type : 'system')
 
-curl = dependency('libcurl', 'curl', required : true)
+curl = dependency('libcurl', 'curl', required : true, include_type : 'system')
 
-editline = dependency('libeditline', 'editline', version : '>=1.14', required : true)
+editline = dependency('libeditline', 'editline', version : '>=1.14', required : true, include_type : 'system')
 
-lowdown = dependency('lowdown', version : '>=0.9.0', required : true)
+lowdown = dependency('lowdown', version : '>=0.9.0', required : true, include_type : 'system')
 
 # HACK(Qyriad): rapidcheck's pkg-config doesn't include the libs lol
 # Note: technically we 'check' for rapidcheck twice, for the internal-api-docs handling above,
 # but Meson will cache the result of the first one, and the required : arguments are different.
-rapidcheck_meson = dependency('rapidcheck', required : enable_tests)
+rapidcheck_meson = dependency('rapidcheck', required : enable_tests, include_type : 'system')
 rapidcheck = declare_dependency(dependencies : rapidcheck_meson, link_args : ['-lrapidcheck'])
 
 gtest = [
-  dependency('gtest', required : enable_tests),
-  dependency('gtest_main', required : enable_tests),
-  dependency('gmock', required : enable_tests),
-  dependency('gmock_main', required : enable_tests),
+  dependency('gtest', required : enable_tests, include_type : 'system'),
+  dependency('gtest_main', required : enable_tests, include_type : 'system'),
+  dependency('gmock', required : enable_tests, include_type : 'system'),
+  dependency('gmock_main', required : enable_tests, include_type : 'system'),
 ]
 
-toml11 = dependency('toml11', version : '>=3.7.0', required : true, method : 'cmake')
+toml11 = dependency('toml11', version : '>=3.7.0', required : true, method : 'cmake', include_type : 'system')
 
 pegtl = dependency(
   'pegtl',
@@ -303,16 +346,10 @@ pegtl = dependency(
   required : true,
   method : 'cmake',
   modules : [ 'taocpp::pegtl' ],
+  include_type : 'system',
 )
 
-nlohmann_json = dependency('nlohmann_json', required : true)
-
-# lix-doc is a Rust project provided via buildInputs and unfortunately doesn't have any way to be detected.
-# Just declare it manually to resolve this.
-#
-# FIXME: build this with meson in the future after we drop Make (with which we
-# *absolutely* are not going to make it work)
-lix_doc = declare_dependency(link_args : [ '-llix_doc' ])
+nlohmann_json = dependency('nlohmann_json', required : true, include_type : 'system')
 
 if is_freebsd
   libprocstat = declare_dependency(link_args : [ '-lprocstat' ])
@@ -402,6 +439,11 @@ check_funcs = [
   'strsignal',
   'sysconf',
 ]
+if is_linux or is_freebsd
+  # musl does not have close_range as of 2024-08-10
+  # patch: https://www.openwall.com/lists/musl/2024/08/01/9
+  check_funcs += [ 'close_range' ]
+endif
 foreach funcspec : check_funcs
   define_name = 'HAVE_' + funcspec.underscorify().to_upper()
   define_value = cxx.has_function(funcspec).to_int()
@@ -442,6 +484,7 @@ add_project_arguments(
   # TODO(Qyriad): Yes this is how the autoconf+Make system did it.
   # It would be nice for our headers to be idempotent instead.
   '-include', 'config.h',
+  '-Wno-unused-parameter',
   '-Wno-deprecated-declarations',
   '-Wimplicit-fallthrough',
   '-Werror=switch',
@@ -450,12 +493,6 @@ add_project_arguments(
   '-Wdeprecated-copy',
   '-Wignored-qualifiers',
   '-Werror=suggest-override',
-  # Enable assertions in libstdc++ by default. Harmless on libc++. Benchmarked
-  # at ~1% overhead in `nix search`.
-  #
-  # FIXME: remove when we get meson 1.4.0 which will default this to on for us:
-  # https://mesonbuild.com/Release-notes-for-1-4-0.html#ndebug-setting-now-controls-c-stdlib-assertions
-  '-D_GLIBCXX_ASSERTIONS=1',
   language : 'cpp',
 )
 
@@ -482,7 +519,14 @@ if cxx.get_id() == 'clang' and get_option('b_sanitize') != ''
   add_project_link_arguments('-shared-libsan', language : 'cpp')
 endif
 
+# Clang gets grumpy about missing libasan symbols if -shared-libasan is not
+# passed when building shared libs, at least on Linux
+if cxx.get_id() == 'clang' and 'address' in get_option('b_sanitize')
+  add_project_link_arguments('-shared-libasan', language : 'cpp')
+endif
+
 add_project_link_arguments('-pthread', language : 'cpp')
+
 if cxx.get_linker_id() in ['ld.bfd', 'ld.gold']
   add_project_link_arguments('-Wl,--no-copy-dt-needed-entries', language : 'cpp')
 endif
@@ -497,7 +541,7 @@ endif
 # maintainers/buildtime_report.sh BUILD-DIR to simply work in clang builds.
 #
 # They can also be manually viewed at https://ui.perfetto.dev
-if get_option('profile-build').require(meson.get_compiler('cpp').get_id() == 'clang').enabled()
+if get_option('profile-build').require(cxx.get_id() == 'clang').enabled()
   add_project_arguments('-ftime-trace', language: 'cpp')
 endif
 
@@ -516,11 +560,38 @@ if cxx.get_id() in ['clang', 'gcc']
   )
 endif
 
+# Until Meson 1.5¹, we can't just give Meson a Cargo.lock file and be done with it.
+# Meson will *detect* what dependencies are needed from Cargo files; it just won't
+# fetch them. The Meson 1.5 feature essentially internally translates Cargo.lock entries
+# to .wrap files, and that translation is incredibly straightforward, so let's just
+# use a simple Python script to generate the .wrap files ourselves while we wait for
+# Meson 1.5. Weirdly, it seems Meson will only detect dependencies from other
+# dependency() calls, so we have to specify lix-doc's two top-level dependencies,
+# rnix and rowan, manually, and then their dependencies will be recursively translated
+# into more dependency() calls.
+#
+# When Meson translates a Cargo dependency, the string passed to `dependency()` follows
+# a fixed format, which is important as the .wrap files' basenames must match the string
+# passed to `dependency()` exactly.
+# In Meson 1.4, this format is `$packageName-rs`. Meson 1.5 changes this to
+# `$packageName-$shortenedVersionString-rs`, because of course it does, but we'll cross
+# that bridge when we get there...
+#
+# [1]: https://github.com/mesonbuild/meson/commit/9b8378985dbdc0112d11893dd42b33b7bc8d1e62
+# FIXME: remove (along with its generated wrap files) when we get rid of meson 1.4
+run_command(
+  python,
+  meson.project_source_root() / 'meson/cargo-lock-to-wraps.py',
+  meson.project_source_root() / 'Cargo.lock',
+  meson.project_source_root() / 'subprojects',
+  check : true,
+)
+
 if is_darwin
-  configure_file(
-    input : 'misc/launchd/org.nixos.nix-daemon.plist.in',
-    output : 'org.nixos.nix-daemon.plist',
-    copy : true,
+  fs.copyfile(
+    'misc/launchd/org.nixos.nix-daemon.plist.in',
+    'org.nixos.nix-daemon.plist',
+    install : true,
     install_dir : prefix / 'Library/LaunchDaemons',
   )
 endif
@@ -536,4 +607,7 @@ endif
 if enable_tests
   subdir('tests/unit')
   subdir('tests/functional')
+  subdir('tests/functional2')
 endif
+
+subdir('meson/clang-tidy')

meson.options

@@ -1,7 +1,7 @@
 # vim: filetype=meson
 
 option('enable-build', type : 'boolean', value : true,
-  description : 'Set to false to not actually build. Only really makes sense with -Dinternal-api-docs=true',
+  description : 'set to false to not actually build. Only really makes sense with -Dinternal-api-docs=true',
 )
 
 option('gc', type : 'feature',
@@ -37,7 +37,7 @@ option('tests-brief', type : 'boolean', value : false,
 )
 
 option('profile-build', type : 'feature', value: 'disabled',
-  description : 'whether to enable -ftime-trace in clang builds, allowing for speeding up the build.'
+  description : 'whether to enable -ftime-trace in clang builds, allowing for diagnosing the cause of build time.'
 )
 
 option('store-dir', type : 'string', value : '/nix/store',
@@ -68,3 +68,7 @@ option('profile-dir', type : 'string', value : 'etc/profile.d',
 option('enable-pch-std', type : 'boolean', value : true,
   description : 'whether to use precompiled headers for C++\'s standard library (breaks clangd if you\'re using GCC)',
 )
+
+option('lix-clang-tidy-checks-path', type : 'string', value : '',
+  description: 'path to lix-clang-tidy-checks library file, if providing it externally. Uses an internal one if this is not set',
+)

meson/cargo-lock-to-wraps.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+
+import argparse
+import tomllib
+import sys
+
+DOWNLOAD_URI_FORMAT = 'https://crates.io/api/v1/crates/{crate}/{version}/download'
+
+WRAP_TEMPLATE = """
+[wrap-file]
+method = cargo
+directory = {crate}-{version}
+source_url = {url}
+source_filename = {crate}-{version}.tar.gz
+source_hash = {hash}
+""".lstrip()
+
+parser = argparse.ArgumentParser()
+parser.add_argument('lockfile', help='path to the Cargo lockfile to generate wraps from')
+parser.add_argument('outdir', help="the 'subprojects' directory to write .wrap files to")
+
+args = parser.parse_args()
+
+with open(args.lockfile, 'rb') as f:
+    lock_toml = tomllib.load(f)
+
+for dependency in lock_toml['package']:
+    try:
+        hash = dependency['checksum']
+    except KeyError:
+        # The base package, e.g. lix-doc, won't have a checksum, and conveniently
+        # the base package is also not something we want a wrap file for.
+        # Doesn't that work out nicely?
+        continue
+
+    crate = dependency['name']
+    version = dependency['version']
+
+    url = DOWNLOAD_URI_FORMAT.format(crate=crate, version=version)
+
+    wrap_text = WRAP_TEMPLATE.format(crate=crate, version=version, url=url, hash=hash)
+    with open(f'{args.outdir}/{crate}-rs.wrap', 'w') as f:
+        f.write(wrap_text)

meson/clang-tidy/build_required_targets.py

@@ -0,0 +1,21 @@
+#!/usr/bin/env python3
+import subprocess
+
+def get_targets_of_rule(build_root: str, rule_name: str) -> list[str]:
+    return subprocess.check_output(['ninja', '-C', build_root, '-t', 'targets', 'rule', rule_name]).decode().strip().splitlines()
+
+def ninja_build(build_root: str, targets: list[str]):
+    subprocess.check_call(['ninja', '-C', build_root, '--', *targets])
+
+def main():
+    import argparse
+    ap = argparse.ArgumentParser(description='Builds required targets for clang-tidy')
+    ap.add_argument('build_root', help='Ninja build root', type=str)
+
+    args = ap.parse_args()
+
+    targets = [t for t in get_targets_of_rule(args.build_root, 'CUSTOM_COMMAND') if t.endswith('gen.hh')]
+    ninja_build(args.build_root, targets)
+
+if __name__ == '__main__':
+    main()

meson/clang-tidy/clang-tidy-runner.py

@@ -0,0 +1,89 @@
+#!/usr/bin/env python3
+"""
+Runs run-clang-tidy. A bit meta. Maybe it will replace run-clang-tidy one day
+because the run-clang-tidy UX is so questionable.
+"""
+
+# I hereby dedicate this script to fuck you meson.
+# I cannot simply write my code to invoke a subprocess in a meson file because
+# Meson corrupts backslashes in command line args to subprocesses.
+# This is allegedly for "Windows support", but last time I checked Windows
+# neither needs nor wants you to corrupt its command lines.
+# https://github.com/mesonbuild/meson/issues/1564
+
+import multiprocessing
+import subprocess
+import os
+import sys
+from pathlib import Path
+
+
+def default_concurrency():
+    return min(multiprocessing.cpu_count(),
+               int(os.environ.get("NIX_BUILD_CORES", "16")))
+
+
+def go(exe: str, plugin_path: Path, compile_commands_json_dir: Path, jobs: int,
+       paths: list[Path], werror: bool, fix: bool):
+    args = [
+        # XXX: This explicitly invokes it with python because of a nixpkgs bug
+        # where clang-unwrapped does not patch interpreters in run-clang-tidy.
+        # However, making clang-unwrapped depend on python is also silly, so idk.
+        sys.executable,
+        exe,
+        '-quiet',
+        '-load',
+        plugin_path,
+        '-p',
+        compile_commands_json_dir,
+        '-j',
+        str(jobs),
+        '-header-filter',
+        r'src/[^/]+/.*\.hh'
+    ]
+    if werror:
+        args += ['-warnings-as-errors', '*']
+    if fix:
+        args += ['-fix']
+    args += ['--']
+    args += paths
+    os.execvp(sys.executable, args)
+
+
+def main():
+    import argparse
+
+    ap = argparse.ArgumentParser(description='Runs run-clang-tidy for you')
+    ap.add_argument('--jobs',
+                    '-j',
+                    type=int,
+                    default=default_concurrency(),
+                    help='Parallel linting jobs to run')
+    ap.add_argument('--plugin-path',
+                    type=Path,
+                    help='Path to the Lix clang-tidy plugin')
+    # FIXME: maybe we should integrate this so it just fixes the compdb for you and throws it in a tempdir?
+    ap.add_argument(
+        '--compdb-path',
+        type=Path,
+        help=
+        'Path to the directory containing the fixed-up compilation database from clean_compdb'
+    )
+    ap.add_argument('--werror',
+                    action='store_true',
+                    help='Warnings get turned into errors')
+    ap.add_argument('--fix',
+                    action='store_true',
+                    help='Apply fixes for warnings')
+    ap.add_argument('--run-clang-tidy-path',
+                    default='run-clang-tidy',
+                    help='Path to run-clang-tidy')
+    ap.add_argument('paths', nargs='*', help='Source paths to check')
+    args = ap.parse_args()
+
+    go(args.run_clang_tidy_path, args.plugin_path, args.compdb_path, args.jobs,
+       args.paths, args.werror, args.fix)
+
+
+if __name__ == '__main__':
+    main()

meson/clang-tidy/clean_compdb.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+# Deletes the PCH arguments from a compilation database, to workaround nixpkgs
+# stdenv having a cc-wrapper that is impossible to use for anything except cc
+# itself, for example, clang-tidy.
+
+import json
+import shlex
+
+
+def process_compdb(compdb: list[dict]) -> list[dict]:
+
+    def munch_command(args: list[str]) -> list[str]:
+        out = []
+        eat_next = False
+        for i, arg in enumerate(args):
+            if arg in ['-fpch-preprocess', '-fpch-instantiate-templates']:
+                # -fpch-preprocess as used with gcc, -fpch-instantiate-templates as used by clang
+                continue
+            elif arg == '-include-pch' or (arg == '-include' and args[i + 1] == 'precompiled-headers.hh'):
+                # -include-pch some-pch (clang), or -include some-pch (gcc)
+                eat_next = True
+                continue
+            if not eat_next:
+                out.append(arg)
+            eat_next = False
+        return out
+
+    def chomp(item: dict) -> dict:
+        item = item.copy()
+        item['command'] = shlex.join(munch_command(shlex.split(item['command'])))
+        return item
+
+    def cmdfilter(item: dict) -> bool:
+        file = item['file']
+        return (
+            not file.endswith('precompiled-headers.hh')
+            and not file.endswith('.rs')
+        )
+
+    return [chomp(x) for x in compdb if cmdfilter(x)]
+
+
+def main():
+    import argparse
+    ap = argparse.ArgumentParser(
+        description='Delete pch arguments from compilation database')
+    ap.add_argument('input',
+                    type=argparse.FileType('r'),
+                    help='Input json file')
+    ap.add_argument('output',
+                    type=argparse.FileType('w'),
+                    help='Output json file')
+    args = ap.parse_args()
+
+    input_json = json.load(args.input)
+    json.dump(process_compdb(input_json), args.output, indent=2)
+
+
+if __name__ == '__main__':
+    main()

meson/clang-tidy/meson.build

@@ -0,0 +1,88 @@
+# The clang-tidy target for Lix
+
+run_clang_tidy = find_program('run-clang-tidy', required : false)
+# Although this looks like it wants to be pkg-config, pkg-config does not
+# really work for *plugins*, which are executable-like .so files that also
+# cannot be found via find_program. Fun!
+if get_option('lix-clang-tidy-checks-path') != ''
+  lix_clang_tidy_so = get_option('lix-clang-tidy-checks-path')
+  lix_clang_tidy_so_found = true
+else
+  lix_clang_tidy_subproj = subproject(
+    'lix-clang-tidy',
+    required : false,
+    default_options : {'build-by-default': false}
+  )
+  if lix_clang_tidy_subproj.found()
+    lix_clang_tidy_so = lix_clang_tidy_subproj.get_variable('lix_clang_tidy')
+    lix_clang_tidy_so_found = true
+  else
+    lix_clang_tidy_so_found = false
+  endif
+endif
+
+# Due to numerous problems, such as:
+# - Meson does not expose pch targets, but *fine*, I can just ask Ninja for
+#   them with `ninja -t targets rule cpp_PCH` and build them manually:
+#   https://github.com/mesonbuild/meson/issues/13499
+# - Nixpkgs stdenv buries the cc-wrapper under a giant pile of assumptions
+#   about the cc-wrapper actually being used on the cc of a stdenv, rather than
+#   independently for clang-tidy, and we need to use cc-wrapper to get the
+#   correct hardening flags so that clang-tidy can actually parse the PCH file
+#
+# I give up. I am going to delete the damn PCH args and then it will work.
+meson.add_postconf_script(
+  python,
+  meson.current_source_dir() / 'clean_compdb.py',
+  meson.global_build_root() / 'compile_commands.json',
+  meson.current_build_dir() / 'compile_commands.json',
+)
+
+# Horrible hack to get around not being able to depend on another target's
+# generated headers in any way in the meson DSL
+# https://github.com/mesonbuild/meson/issues/12817 which was incorrectly
+# closed, if you *actually* need to generate the files once.
+# Also related: https://github.com/mesonbuild/meson/issues/3667
+#
+# Or we could ban meson generators because their design is broken.
+build_all_generated_headers = custom_target(
+  command : [
+    python,
+    meson.current_source_dir() / 'build_required_targets.py',
+    meson.global_build_root(),
+  ],
+  output : 'generated_headers.stamp',
+  build_by_default : false,
+  build_always_stale : true,
+)
+
+if lix_clang_tidy_so_found
+  run_clang_tidy_args = [
+    meson.current_source_dir() / 'clang-tidy-runner.py',
+    '--run-clang-tidy-path', run_clang_tidy,
+    '--compdb-path', meson.current_build_dir(),
+    '--plugin-path', lix_clang_tidy_so,
+  ]
+  run_target(
+    'clang-tidy',
+    command : [
+      python,
+      run_clang_tidy_args,
+      '--werror',
+    ],
+    depends : [
+      build_all_generated_headers,
+    ],
+  )
+  run_target(
+    'clang-tidy-fix',
+    command : [
+      python,
+      run_clang_tidy_args,
+      '--fix',
+    ],
+    depends : [
+      build_all_generated_headers,
+    ],
+  )
+endif

misc/bash/meson.build

@@ -1,8 +1,7 @@
-configure_file(
-  input : 'completion.sh',
-  output : 'nix',
+fs.copyfile(
+  'completion.sh',
+  'nix',
   install : true,
   install_dir : datadir / 'bash-completion/completions',
   install_mode : 'rw-r--r--',
-  copy : true,
 )

misc/capnproto.nix

@@ -0,0 +1,60 @@
+# FIXME: upstream to nixpkgs (do NOT build with gcc due to gcc coroutine bugs)
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  cmake,
+  openssl,
+  zlib,
+}:
+assert stdenv.cc.isClang;
+stdenv.mkDerivation rec {
+  pname = "capnproto";
+  version = "1.0.2";
+
+  # release tarballs are missing some ekam rules
+  src = fetchFromGitHub {
+    owner = "capnproto";
+    repo = "capnproto";
+    rev = "v${version}";
+    sha256 = "sha256-LVdkqVBTeh8JZ1McdVNtRcnFVwEJRNjt0JV2l7RkuO8=";
+  };
+
+  nativeBuildInputs = [ cmake ];
+  propagatedBuildInputs = [
+    openssl
+    zlib
+  ];
+
+  # FIXME: separate the binaries from the stuff that user systems actually use
+  # This runs into a terrible UX issue in Lix and I just don't want to debug it
+  # right now for the couple MB of closure size:
+  # https://git.lix.systems/lix-project/lix/issues/551
+  # outputs = [ "bin" "dev" "out" ];
+
+  cmakeFlags = [
+    (lib.cmakeBool "BUILD_SHARED_LIBS" true)
+    # Take optimization flags from CXXFLAGS rather than cmake injecting them
+    (lib.cmakeFeature "CMAKE_BUILD_TYPE" "None")
+  ];
+
+  env = {
+    # Required to build the coroutine library
+    CXXFLAGS = "-std=c++20";
+  };
+
+  separateDebugInfo = true;
+
+  meta = with lib; {
+    homepage = "https://capnproto.org/";
+    description = "Cap'n Proto cerealization protocol";
+    longDescription = ''
+      Cap’n Proto is an insanely fast data interchange format and
+      capability-based RPC system. Think JSON, except binary. Or think Protocol
+      Buffers, except faster.
+    '';
+    license = licenses.mit;
+    platforms = platforms.all;
+    maintainers = lib.teams.lix.members;
+  };
+}

misc/fish/completion.fish

@@ -14,7 +14,7 @@ function _nix_complete
   # But the variable also misses the current token so it cancels out.
   set -l nix_arg_to_complete (count $nix_args)
 
-  env NIX_GET_COMPLETIONS=$nix_arg_to_complete $nix_args $current_token
+  env NIX_GET_COMPLETIONS=$nix_arg_to_complete $nix_args $current_token 2>/dev/null
 end
 
 function _nix_accepts_files

misc/fish/meson.build

@@ -1,8 +1,7 @@
-configure_file(
-  input : 'completion.fish',
-  output : 'nix.fish',
+fs.copyfile(
+  'completion.fish',
+  'nix.fish',
   install : true,
   install_dir : datadir / 'fish/vendor_completions.d',
   install_mode : 'rw-r--r--',
-  copy : true,
 )

misc/meson.build

@@ -4,3 +4,5 @@ subdir('zsh')
 
 subdir('systemd')
 subdir('flake-registry')
+
+runinpty = fs.copyfile('runinpty.py')

misc/pegtl.nix

@@ -1,23 +0,0 @@
-{
-  stdenv,
-  cmake,
-  ninja,
-  fetchFromGitHub,
-}:
-
-stdenv.mkDerivation {
-  pname = "pegtl";
-  version = "3.2.7";
-
-  src = fetchFromGitHub {
-    repo = "PEGTL";
-    owner = "taocpp";
-    rev = "refs/tags/3.2.7";
-    hash = "sha256-IV5YNGE4EWVrmg2Sia/rcU8jCuiBynQGJM6n3DCWTQU=";
-  };
-
-  nativeBuildInputs = [
-    cmake
-    ninja
-  ];
-}

misc/runinpty.py

@@ -0,0 +1,77 @@
+#!/usr/bin/env python3
+# SPDX-FileCopyrightText: 2001, 2002, 2003, 2004, 2005, 2006 Python Software Foundation; All Rights Reserved
+# SPDX-FileCopyrightText: 2024 Jade Lovelace
+# SPDX-License-Identifier: LGPL-2.1-or-later
+"""
+This script exists to lose Lix a dependency on expect(1) for the ability to run
+something in a pty.
+
+Yes, it could be replaced by script(1) but macOS and Linux script(1) have
+diverged sufficiently badly that even specifying a subcommand to run is not the
+same.
+"""
+import pty
+import sys
+import os
+from termios import ONLCR, ONLRET, ONOCR, OPOST, TCSAFLUSH, tcgetattr, tcsetattr
+from tty import setraw
+import termios
+
+def setup_terminal():
+    # does not matter which fd we use because we are in a fresh pty
+    modi = tcgetattr(pty.STDOUT_FILENO)
+    [iflag, oflag, cflag, lflag, ispeed, ospeed, cc] = modi
+
+    # Turning \n into \r\n is not cool, Linux!
+    oflag &= ~ONLCR
+    # I don't know what "implementation dependent postprocessing means" but it
+    # sounds bad
+    oflag &= ~OPOST
+    # Assume that NL performs the role of CR; do not insert CRs at column 0
+    oflag |= ONLRET | ONOCR
+
+    modi = [iflag, oflag, cflag, lflag, ispeed, ospeed, cc]
+
+    tcsetattr(pty.STDOUT_FILENO, TCSAFLUSH, modi)
+
+
+def spawn(argv: list[str]):
+    """
+    As opposed to pty.spawn, this one more seriously controls the pty settings.
+    Necessary to turn off such fun functionality as onlcr (LF to CRLF).
+
+    This is essentially copy pasted from pty.spawn, since there is no way to
+    hook the child pre-execve
+    """
+    pid, master_fd = pty.fork()
+    if pid == pty.CHILD:
+        setup_terminal()
+        os.execlp(argv[0], *argv)
+
+    try:
+        mode = tcgetattr(pty.STDIN_FILENO)
+        setraw(pty.STDIN_FILENO)
+        restore = True
+    except termios.error:
+        restore = False
+
+    try:
+        pty._copy(master_fd, pty._read, pty._read) # type: ignore
+    finally:
+        if restore:
+            tcsetattr(pty.STDIN_FILENO, TCSAFLUSH, mode) # type: ignore
+
+    os.close(master_fd)
+    return os.waitpid(pid, 0)[1]
+
+
+def main():
+    if len(sys.argv) == 1:
+        print(f'Usage: {sys.argv[0]} [command args]', file=sys.stderr)
+        sys.exit(1)
+
+    sys.exit(os.waitstatus_to_exitcode(spawn(sys.argv[1:])))
+
+
+if __name__ == '__main__':
+    main()

misc/zsh/meson.build

@@ -1,10 +1,9 @@
 foreach script : [ [ 'completion.zsh', '_nix' ], [ 'run-help-nix' ] ]
-  configure_file(
-    input : script[0],
-    output : script.get(1, script[0]),
+  fs.copyfile(
+    script[0],
+    script.get(1, script[0]),
     install : true,
     install_dir : datadir / 'zsh/site-functions',
     install_mode : 'rw-r--r--',
-    copy : true,
   )
 endforeach

nix-support/editline.patch

@@ -0,0 +1,106 @@
+From d0f2a5bc2300b96b2434c7838184c1dfd6a639f5 Mon Sep 17 00:00:00 2001
+From: Rebecca Turner <rbt@sent.as>
+Date: Sun, 8 Sep 2024 15:42:42 -0700
+Subject: [PATCH 1/2] Recognize Meta+Left and Meta+Right
+
+Recognize `Alt-Left` and `Alt-Right` for navigating by words in more
+terminals/shells/platforms.
+
+I'm not sure exactly where to find canonical documentation for these
+codes, but this seems to match what my terminal produces (macOS + iTerm2
++ Fish + Tmux).
+
+It might also be nice to have some more support for editing the bindings
+for these characters; sequences of more than one character are not
+supported by `el_bind_key` and similar.
+
+Originally from: https://github.com/troglobit/editline/pull/70
+This patch is applied upstream: https://gerrit.lix.systems/c/lix/+/1883
+
+---
+ src/editline.c | 29 +++++++++++++++++++++++++++--
+ 1 file changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/src/editline.c b/src/editline.c
+index 5ec9afb..d1cfbbc 100644
+--- a/src/editline.c
++++ b/src/editline.c
+@@ -1034,6 +1034,30 @@ static el_status_t meta(void)
+         return CSeof;
+
+ #ifdef CONFIG_ANSI_ARROWS
++    /* See: https://en.wikipedia.org/wiki/ANSI_escape_code */
++    /* Recognize ANSI escapes for `Meta+Left` and `Meta+Right`. */
++    if (c == '\e') {
++        switch (tty_get()) {
++        case '[':
++        {
++            switch (tty_get()) {
++            /* \e\e[C = Meta+Left */
++            case 'C': return fd_word();
++            /* \e\e[D = Meta+Right */
++            case 'D': return bk_word();
++            default:
++                break;
++            }
++
++            return el_ring_bell();
++        }
++        default:
++            break;
++        }
++
++        return el_ring_bell();
++    }
++
+     /* Also include VT-100 arrows. */
+     if (c == '[' || c == 'O') {
+         switch (tty_get()) {
+@@ -1043,6 +1067,7 @@ static el_status_t meta(void)
+             char seq[4] = { 0 };
+             seq[0] = tty_get();
+
++            /* \e[1~ */
+             if (seq[0] == '~')
+                 return beg_line(); /* Home */
+
+@@ -1050,9 +1075,9 @@ static el_status_t meta(void)
+                 seq[c] = tty_get();
+
+             if (!strncmp(seq, ";5C", 3))
+-                return fd_word(); /* Ctrl+Right */
++                return fd_word(); /* \e[1;5C = Ctrl+Right */
+             if (!strncmp(seq, ";5D", 3))
+-                return bk_word(); /* Ctrl+Left */
++                return bk_word(); /* \e[1;5D = Ctrl+Left */
+
+             break;
+         }
+
+From 4c4455353a0a88bee09d5f27c28f81f747682fed Mon Sep 17 00:00:00 2001
+From: Rebecca Turner <rbt@sent.as>
+Date: Mon, 9 Sep 2024 09:44:44 -0700
+Subject: [PATCH 2/2] Add support for \e[1;3C and \e[1;3D
+
+---
+ src/editline.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/editline.c b/src/editline.c
+index d1cfbbc..350b5cb 100644
+--- a/src/editline.c
++++ b/src/editline.c
+@@ -1074,9 +1074,11 @@ static el_status_t meta(void)
+             for (c = 1; c < 3; c++)
+                 seq[c] = tty_get();
+
+-            if (!strncmp(seq, ";5C", 3))
++            if (!strncmp(seq, ";5C", 3)
++                || !strncmp(seq, ";3C", 3))
+                 return fd_word(); /* \e[1;5C = Ctrl+Right */
+-            if (!strncmp(seq, ";5D", 3))
++            if (!strncmp(seq, ";5D", 3)
++                || !strncmp(seq, ";3D", 3))
+                 return bk_word(); /* \e[1;5D = Ctrl+Left */
+
+             break;

package.nix

@@ -15,6 +15,7 @@
   brotli,
   bzip2,
   callPackage,
+  capnproto-lix ? __forDefaults.capnproto-lix,
   cmake,
   curl,
   doxygen,
@@ -27,18 +28,25 @@
   libcpuid,
   libseccomp,
   libsodium,
+  lix-clang-tidy ? null,
+  llvmPackages,
   lsof,
+  # FIXME: remove default after dropping NixOS 24.05
+  lowdown-unsandboxed ? lowdown,
   lowdown,
   mdbook,
   mdbook-linkcheck,
   mercurial,
   meson,
   ninja,
+  ncurses,
   openssl,
-  pegtl ? __forDefaults.pegtl,
+  pegtl,
   pkg-config,
   python3,
   rapidcheck,
+  rustPlatform,
+  rustc,
   sqlite,
   toml11,
   util-linuxMinimal ? utillinuxMinimal,
@@ -47,48 +55,83 @@
 
   busybox-sandbox-shell,
 
-  # internal fork of nix-doc providing :doc in the repl
-  lix-doc ? __forDefaults.lix-doc,
-
   pname ? "lix",
   versionSuffix ? "",
-  officialRelease ? false,
+  officialRelease ? __forDefaults.versionJson.official_release,
   # Set to true to build the release notes for the next release.
   buildUnreleasedNotes ? true,
   internalApiDocs ? false,
 
+  # Support garbage collection in the evaluator.
+  enableGC ? sanitize == null || !builtins.elem "address" sanitize,
+  # List of Meson sanitize options. Accepts values of b_sanitize, e.g.
+  # "address", "undefined", "thread".
+  # Enabling the "address" sanitizer will disable garbage collection in the evaluator.
+  sanitize ? null,
+  # Turn compiler warnings into errors.
+  werror ? false,
+
+  lintInsteadOfBuild ? false,
+
   # Not a real argument, just the only way to approximate let-binding some
   # stuff for argument defaults.
   __forDefaults ? {
     canRunInstalled = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
 
+    versionJson = builtins.fromJSON (builtins.readFile ./version.json);
+
     boehmgc-nix = boehmgc.override { enableLargeConfig = true; };
 
     editline-lix = editline.overrideAttrs (prev: {
-      configureFlags = prev.configureFlags or [ ] ++ [ (lib.enableFeature true "sigstop") ];
+      patches = (prev.patches or [ ]) ++ [
+        # Recognize `Alt-Left` and `Alt-Right` for navigating by words in more
+        # terminals/shells/platforms.
+        #
+        # See: https://github.com/troglobit/editline/pull/70
+        ./nix-support/editline.patch
+      ];
+
+      configureFlags = (prev.configureFlags or [ ]) ++ [
+        # Enable SIGSTOP (Ctrl-Z) behavior.
+        (lib.enableFeature true "sigstop")
+        # Enable ANSI arrow keys.
+        (lib.enableFeature true "arrow-keys")
+        # Use termcap library to query terminal size.
+        (lib.enableFeature (ncurses != null) "termcap")
+      ];
+
+      buildInputs = (prev.buildInputs or [ ]) ++ [ ncurses ];
     });
 
-    lix-doc = callPackage ./lix-doc/package.nix { };
     build-release-notes = callPackage ./maintainers/build-release-notes.nix { };
 
-    pegtl = callPackage ./misc/pegtl.nix { };
+    # needs derivation patching to add debuginfo and coroutine library support
+    # !! must build this with clang as it is affected by the gcc coroutine bugs
+    capnproto-lix = callPackage ./misc/capnproto.nix { inherit stdenv; };
   },
 }:
+
+# gcc miscompiles coroutines at least until 13.2, possibly longer
+assert stdenv.cc.isClang;
+
 let
   inherit (__forDefaults) canRunInstalled;
   inherit (lib) fileset;
   inherit (stdenv) hostPlatform buildPlatform;
 
-  versionJson = builtins.fromJSON (builtins.readFile ./version.json);
-  version = versionJson.version + versionSuffix;
+  version = __forDefaults.versionJson.version + versionSuffix;
 
-  aws-sdk-cpp-nix = aws-sdk-cpp.override {
-    apis = [
-      "s3"
-      "transfer"
-    ];
-    customMemoryManagement = false;
-  };
+  aws-sdk-cpp-nix =
+    if aws-sdk-cpp == null then
+      null
+    else
+      aws-sdk-cpp.override {
+        apis = [
+          "s3"
+          "transfer"
+        ];
+        customMemoryManagement = false;
+      };
 
   # Reimplementation of Nixpkgs' Meson cross file, with some additions to make
   # it actually work.
@@ -108,10 +151,7 @@ let
 
   # The internal API docs need these for the build, but if we're not building
   # Nix itself, then these don't need to be propagated.
-  maybePropagatedInputs = [
-    boehmgc-nix
-    nlohmann_json
-  ];
+  maybePropagatedInputs = lib.optional enableGC boehmgc-nix ++ [ nlohmann_json ];
 
   # .gitignore has already been processed, so any changes in it are irrelevant
   # at this point. It is not represented verbatim for test purposes because
@@ -126,14 +166,18 @@ let
     ./meson
     ./scripts/meson.build
     ./subprojects
+    # Required for meson to generate Cargo wraps
+    ./Cargo.lock
   ]);
 
   functionalTestFiles = fileset.unions [
     ./tests/functional
+    ./tests/functional2
     ./tests/unit
     (fileset.fileFilter (f: lib.strings.hasPrefix "nix-profile" f.name) ./scripts)
   ];
 in
+assert (lintInsteadOfBuild -> lix-clang-tidy != null);
 stdenv.mkDerivation (finalAttrs: {
   inherit pname version;
 
@@ -146,12 +190,13 @@ stdenv.mkDerivation (finalAttrs: {
           topLevelBuildFiles
           functionalTestFiles
         ]
-        ++ lib.optionals (!finalAttrs.dontBuild || internalApiDocs) [
+        ++ lib.optionals (!finalAttrs.dontBuild || internalApiDocs || lintInsteadOfBuild) [
           ./doc
           ./misc
           ./src
           ./COPYING
         ]
+        ++ lib.optionals lintInsteadOfBuild [ ./.clang-tidy ]
       )
     );
   };
@@ -165,9 +210,14 @@ stdenv.mkDerivation (finalAttrs: {
       "doc"
     ];
 
-  dontBuild = false;
+  dontBuild = lintInsteadOfBuild;
 
   mesonFlags =
+    let
+      sanitizeOpts = lib.optional (
+        sanitize != null
+      ) "-Db_sanitize=${builtins.concatStringsSep "," sanitize}";
+    in
     lib.optionals hostPlatform.isLinux [
       # You'd think meson could just find this in PATH, but busybox is in buildInputs,
       # which don't actually get added to PATH. And buildInputs is correct over
@@ -175,16 +225,20 @@ stdenv.mkDerivation (finalAttrs: {
       "-Dsandbox-shell=${lib.getExe' busybox-sandbox-shell "busybox"}"
     ]
     ++ lib.optional hostPlatform.isStatic "-Denable-embedded-sandbox-shell=true"
-    ++ lib.optional (finalAttrs.dontBuild) "-Denable-build=false"
+    ++ lib.optional (finalAttrs.dontBuild && !lintInsteadOfBuild) "-Denable-build=false"
+    ++ lib.optional lintInsteadOfBuild "-Dlix-clang-tidy-checks-path=${lix-clang-tidy}/lib/liblix-clang-tidy.so"
     ++ [
       # mesonConfigurePhase automatically passes -Dauto_features=enabled,
       # so we must explicitly enable or disable features that we are not passing
       # dependencies for.
+      (lib.mesonEnable "gc" enableGC)
       (lib.mesonEnable "internal-api-docs" internalApiDocs)
-      (lib.mesonBool "enable-tests" finalAttrs.finalPackage.doCheck)
+      (lib.mesonBool "enable-tests" (finalAttrs.finalPackage.doCheck || lintInsteadOfBuild))
       (lib.mesonBool "enable-docs" canRunInstalled)
+      (lib.mesonBool "werror" werror)
     ]
-    ++ lib.optional (hostPlatform != buildPlatform) "--cross-file=${mesonCrossFile}";
+    ++ lib.optional (hostPlatform != buildPlatform) "--cross-file=${mesonCrossFile}"
+    ++ sanitizeOpts;
 
   # We only include CMake so that Meson can locate toml11, which only ships CMake dependency metadata.
   dontUseCmakeConfigure = true;
@@ -192,12 +246,16 @@ stdenv.mkDerivation (finalAttrs: {
   nativeBuildInputs =
     [
       python3
+      python3.pkgs.pytest
+      python3.pkgs.pytest-xdist
       meson
       ninja
       cmake
+      rustc
+      capnproto-lix
     ]
     ++ [
-      (lib.getBin lowdown)
+      (lib.getBin lowdown-unsandboxed)
       mdbook
       mdbook-linkcheck
     ]
@@ -212,7 +270,17 @@ stdenv.mkDerivation (finalAttrs: {
     ]
     ++ lib.optional hostPlatform.isLinux util-linuxMinimal
     ++ lib.optional (!officialRelease && buildUnreleasedNotes) build-release-notes
-    ++ lib.optional internalApiDocs doxygen;
+    ++ lib.optional internalApiDocs doxygen
+    ++ lib.optionals lintInsteadOfBuild [
+      # required for a wrapped clang-tidy
+      llvmPackages.clang-tools
+      # load-bearing order (just as below); the actual stdenv wrapped clang
+      # needs to precede the unwrapped clang in PATH such that calling `clang`
+      # can compile things.
+      stdenv.cc
+      # required for run-clang-tidy
+      llvmPackages.clang-unwrapped
+    ];
 
   buildInputs =
     [
@@ -228,8 +296,8 @@ stdenv.mkDerivation (finalAttrs: {
       lowdown
       libsodium
       toml11
-      lix-doc
       pegtl
+      capnproto-lix
     ]
     ++ lib.optionals hostPlatform.isLinux [
       libseccomp
@@ -239,7 +307,10 @@ stdenv.mkDerivation (finalAttrs: {
     ++ lib.optional hostPlatform.isx86_64 libcpuid
     # There have been issues building these dependencies
     ++ lib.optional (hostPlatform.canExecute buildPlatform) aws-sdk-cpp-nix
-    ++ lib.optionals (finalAttrs.dontBuild) maybePropagatedInputs;
+    ++ lib.optionals (finalAttrs.dontBuild) maybePropagatedInputs
+    # I am so sorry. This is because checkInputs are required to pass
+    # configure, but we don't actually want to *run* the checks here.
+    ++ lib.optionals lintInsteadOfBuild finalAttrs.checkInputs;
 
   checkInputs = [
     gtest
@@ -255,8 +326,15 @@ stdenv.mkDerivation (finalAttrs: {
   env = {
     BOOST_INCLUDEDIR = "${lib.getDev boost}/include";
     BOOST_LIBRARYDIR = "${lib.getLib boost}/lib";
+
+    # Meson allows referencing a /usr/share/cargo/registry shaped thing for subproject sources.
+    # Turns out the Nix-generated Cargo dependencies are named the same as they
+    # would be in a Cargo registry cache.
+    MESON_PACKAGE_CACHE_DIR = finalAttrs.cargoDeps;
   };
 
+  cargoDeps = rustPlatform.importCargoLock { lockFile = ./Cargo.lock; };
+
   preConfigure =
     lib.optionalString (!finalAttrs.dontBuild && !hostPlatform.isStatic) ''
       # Copy libboost_context so we don't get all of Boost in our closure.
@@ -278,13 +356,6 @@ stdenv.mkDerivation (finalAttrs: {
       install_name_tool -change ${boost}/lib/libboost_system.dylib $out/lib/libboost_system.dylib $out/lib/libboost_thread.dylib
     ''
     + ''
-      # Workaround https://github.com/NixOS/nixpkgs/issues/294890.
-      if [[ -n "''${doCheck:-}" ]]; then
-        appendToVar configureFlags "--enable-tests"
-      else
-        appendToVar configureFlags "--disable-tests"
-      fi
-
       # Fix up /usr/bin/env shebangs relied on by the build
       patchShebangs --build tests/ doc/manual/
     '';
@@ -295,7 +366,7 @@ stdenv.mkDerivation (finalAttrs: {
 
   enableParallelBuilding = true;
 
-  doCheck = canRunInstalled;
+  doCheck = canRunInstalled && !lintInsteadOfBuild;
 
   mesonCheckFlags = [
     "--suite=check"
@@ -307,8 +378,19 @@ stdenv.mkDerivation (finalAttrs: {
   # Make sure the internal API docs are already built, because mesonInstallPhase
   # won't let us build them there. They would normally be built in buildPhase,
   # but the internal API docs are conventionally built with doBuild = false.
-  preInstall = lib.optional internalApiDocs ''
-    meson ''${mesonBuildFlags:-} compile "$installTargets"
+  preInstall =
+    (lib.optionalString internalApiDocs ''
+      meson ''${mesonBuildFlags:-} compile "$installTargets"
+    '')
+    # evil, but like above, we do not want to run an actual build phase
+    + lib.optionalString lintInsteadOfBuild ''
+      ninja clang-tidy
+    '';
+
+  installPhase = lib.optionalString lintInsteadOfBuild ''
+    runHook preInstall
+    touch $out
+    runHook postInstall
   '';
 
   postInstall =
@@ -367,10 +449,9 @@ stdenv.mkDerivation (finalAttrs: {
       editline-lix
       build-release-notes
       pegtl
+      capnproto-lix
       ;
 
-    inherit officialRelease;
-
     # The collection of dependency logic for this derivation is complicated enough that
     # it's easier to parameterize the devShell off an already called package.nix.
     mkDevShell =
@@ -378,12 +459,10 @@ stdenv.mkDerivation (finalAttrs: {
         mkShell,
 
         bashInteractive,
-        clang-tools,
         clangbuildanalyzer,
         doxygen,
         glibcLocales,
         just,
-        llvmPackages,
         nixfmt-rfc-style,
         skopeo,
         xonsh,
@@ -391,6 +470,11 @@ stdenv.mkDerivation (finalAttrs: {
         # Lix specific packages
         pre-commit-checks,
         contribNotice,
+        check-syscalls,
+
+        # debuggers
+        gdb,
+        rr,
       }:
       let
         glibcFix = lib.optionalAttrs (buildPlatform.isLinux && glibcLocales != null) {
@@ -400,10 +484,16 @@ stdenv.mkDerivation (finalAttrs: {
 
         pythonPackages = (
           p: [
+            # FIXME: these have to be added twice due to the nix shell using a
+            # wrapped python instead of build inputs for its python inputs
+            p.pytest
+            p.pytest-xdist
+
             p.yapf
             p.python-frontmatter
             p.requests
             p.xdg-base-dirs
+            p.packaging
             (p.toPythonModule xonsh.passthru.unwrapped)
           ]
         );
@@ -435,12 +525,13 @@ stdenv.mkDerivation (finalAttrs: {
             ++ [ (lib.mesonBool "enable-pch-std" stdenv.cc.isClang) ];
 
           packages =
-            lib.optional (stdenv.cc.isClang && hostPlatform == buildPlatform) clang-tools
+            lib.optional (stdenv.cc.isClang && hostPlatform == buildPlatform) llvmPackages.clang-tools
             ++ [
               # Why are we providing a bashInteractive? Well, when you run
               # `bash` from inside `nix develop`, say, because you are using it
               # via direnv, you will by default get bash (unusable edition).
               bashInteractive
+              check-syscalls
               pythonEnv
               # docker image tool
               skopeo
@@ -468,6 +559,8 @@ stdenv.mkDerivation (finalAttrs: {
             ]
             ++ lib.optional (pre-commit-checks ? enabledPackages) pre-commit-checks.enabledPackages
             ++ lib.optional (lib.meta.availableOn buildPlatform clangbuildanalyzer) clangbuildanalyzer
+            ++ lib.optional (!stdenv.isDarwin) gdb
+            ++ lib.optional (lib.meta.availableOn buildPlatform rr) rr
             ++ finalAttrs.checkInputs;
 
           shellHook = ''
@@ -482,7 +575,7 @@ stdenv.mkDerivation (finalAttrs: {
 
               PATH=$prefix/bin''${PATH:+:''${PATH}}
               unset PYTHONPATH
-              export MANPATH=$out/share/man''${MANPATH:+:''${MANPATH}}
+              export MANPATH=$out/share/man:''${MANPATH:-}
 
               # Make bash completion work.
               XDG_DATA_DIRS+=:$out/share

perl/configure.ac

@@ -1,84 +0,0 @@
-AC_INIT(nix-perl, m4_esyscmd([bash -c "echo -n $(cat ../.version)$VERSION_SUFFIX"]))
-AC_CONFIG_SRCDIR(MANIFEST)
-AC_CONFIG_AUX_DIR(../config)
-
-CFLAGS=
-CXXFLAGS=
-AC_PROG_CC
-AC_PROG_CXX
-
-AC_CANONICAL_HOST
-
-# Use 64-bit file system calls so that we can support files > 2 GiB.
-AC_SYS_LARGEFILE
-
-AC_DEFUN([NEED_PROG],
-[
-AC_PATH_PROG($1, $2)
-if test -z "$$1"; then
-    AC_MSG_ERROR([$2 is required])
-fi
-])
-
-NEED_PROG(perl, perl)
-NEED_PROG(curl, curl)
-NEED_PROG(bzip2, bzip2)
-NEED_PROG(xz, xz)
-
-# Test that Perl has the open/fork feature (Perl 5.8.0 and beyond).
-AC_MSG_CHECKING([whether Perl is recent enough])
-if ! $perl -e 'open(FOO, "-|", "true"); while (<FOO>) { print; }; close FOO or die;'; then
-    AC_MSG_RESULT(no)
-    AC_MSG_ERROR([Your Perl version is too old.  Lix requires Perl 5.8.0 or newer.])
-fi
-AC_MSG_RESULT(yes)
-
-
-# Figure out where to install Perl modules.
-AC_MSG_CHECKING([for the Perl installation prefix])
-perlversion=$($perl -e 'use Config; print $Config{version};')
-perlarchname=$($perl -e 'use Config; print $Config{archname};')
-AC_SUBST(perllibdir, [${libdir}/perl5/site_perl/$perlversion/$perlarchname])
-AC_MSG_RESULT($perllibdir)
-
-# Look for libsodium.
-PKG_CHECK_MODULES([SODIUM], [libsodium], [CXXFLAGS="$SODIUM_CFLAGS $CXXFLAGS"])
-
-# Check for the required Perl dependencies (DBI and DBD::SQLite).
-perlFlags="-I$perllibdir"
-
-AC_ARG_WITH(dbi, AC_HELP_STRING([--with-dbi=PATH],
-  [prefix of the Perl DBI library]),
-  perlFlags="$perlFlags -I$withval")
-
-AC_ARG_WITH(dbd-sqlite, AC_HELP_STRING([--with-dbd-sqlite=PATH],
-  [prefix of the Perl DBD::SQLite library]),
-  perlFlags="$perlFlags -I$withval")
-
-AC_MSG_CHECKING([whether DBD::SQLite works])
-if ! $perl $perlFlags -e 'use DBI; use DBD::SQLite;' 2>&5; then
-    AC_MSG_RESULT(no)
-    AC_MSG_FAILURE([The Perl modules DBI and/or DBD::SQLite are missing.])
-fi
-AC_MSG_RESULT(yes)
-
-AC_SUBST(perlFlags)
-
-PKG_CHECK_MODULES([NIX], [nix-store])
-
-NEED_PROG([NIX], [nix])
-
-# Expand all variables in config.status.
-test "$prefix" = NONE && prefix=$ac_default_prefix
-test "$exec_prefix" = NONE && exec_prefix='${prefix}'
-for name in $ac_subst_vars; do
-    declare $name="$(eval echo "${!name}")"
-    declare $name="$(eval echo "${!name}")"
-    declare $name="$(eval echo "${!name}")"
-done
-
-rm -f Makefile.config
-ln -sfn ../mk mk
-
-AC_CONFIG_FILES([])
-AC_OUTPUT

perl/lib/Nix/Store.xs

@@ -77,7 +77,7 @@ SV * queryReferences(char * path)
 SV * queryPathHash(char * path)
     PPCODE:
         try {
-            auto s = store()->queryPathInfo(store()->parseStorePath(path))->narHash.to_string(Base32, true);
+            auto s = store()->queryPathInfo(store()->parseStorePath(path))->narHash.to_string(Base::Base32, true);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());
@@ -103,7 +103,7 @@ SV * queryPathInfo(char * path, int base32)
                 XPUSHs(&PL_sv_undef);
             else
                 XPUSHs(sv_2mortal(newSVpv(store()->printStorePath(*info->deriver).c_str(), 0)));
-            auto s = info->narHash.to_string(base32 ? Base32 : Base16, true);
+            auto s = info->narHash.to_string(base32 ? Base::Base32 : Base::Base16, true);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
             mXPUSHi(info->registrationTime);
             mXPUSHi(info->narSize);
@@ -205,7 +205,7 @@ SV * hashPath(char * algo, int base32, char * path)
     PPCODE:
         try {
             Hash h = hashPath(parseHashType(algo), path).first;
-            auto s = h.to_string(base32 ? Base32 : Base16, false);
+            auto s = h.to_string(base32 ? Base::Base32 : Base::Base16, false);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());
@@ -216,7 +216,7 @@ SV * hashFile(char * algo, int base32, char * path)
     PPCODE:
         try {
             Hash h = hashFile(parseHashType(algo), path);
-            auto s = h.to_string(base32 ? Base32 : Base16, false);
+            auto s = h.to_string(base32 ? Base::Base32 : Base::Base16, false);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());
@@ -227,7 +227,7 @@ SV * hashString(char * algo, int base32, char * s)
     PPCODE:
         try {
             Hash h = hashString(parseHashType(algo), s);
-            auto s = h.to_string(base32 ? Base32 : Base16, false);
+            auto s = h.to_string(base32 ? Base::Base32 : Base::Base16, false);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());
@@ -238,7 +238,7 @@ SV * convertHash(char * algo, char * s, int toBase32)
     PPCODE:
         try {
             auto h = Hash::parseAny(s, parseHashType(algo));
-            auto s = h.to_string(toBase32 ? Base32 : Base16, false);
+            auto s = h.to_string(toBase32 ? Base::Base32 : Base::Base16, false);
             XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
         } catch (Error & e) {
             croak("%s", e.what());

releng/README.md

@@ -30,7 +30,7 @@ First, we prepare the release. `python -m releng prepare` is used for this.
 Then we tag the release with `python -m releng tag`:
 
 * Git HEAD is detached.
-* `officialRelease = true` is set in `flake.nix`, this is committed, and a
+* `"official_release": true` is set in `version.json`, this is committed, and a
   release is tagged.
 * The tag is merged back into the last branch (either `main` for new releases
   or `release-MAJOR` for maintenance releases) with `git merge -s ours VERSION`
@@ -57,12 +57,10 @@ Next, we do the publication with `python -m releng upload`:
     `nix upgrade-nix`.
   * s3://releases/lix/lix-VERSION/ gets the following contents
     * Binary tarballs
-    * Docs: `manual/` (FIXME: should we actually do this? what about putting it
-      on docs.lix.systems? I think doing both is correct, since the Web site
-      should not be an archive of random old manuals)
+    * Docs: `manual/`, primarily as an archive of old manuals
     * Docs as tarball in addition to web.
     * Source tarball
-    * Docker image (FIXME: upload to forgejo registry and github registry [in the future][upload-docker])
+    * Docker image
   * s3://docs/manual/lix/MAJOR
   * s3://docs/manual/lix/stable
 
@@ -80,6 +78,7 @@ Next, we do the publication with `python -m releng upload`:
   FIXME: automate branch-off to `release-*` branch.
 * **Manually** (FIXME?) switch back to the release branch, which now has the
   correct revision.
+* Deal with the external systems (see sections below).
 * Post!!
   * Merge release blog post to [lix-website].
   * Toot about it! https://chaos.social/@lix_project
@@ -87,22 +86,33 @@ Next, we do the publication with `python -m releng upload`:
 
 [lix-website]: https://git.lix.systems/lix-project/lix-website
 
-[upload-docker]: https://git.lix.systems/lix-project/lix/issues/252
-
 ### Installer
 
-The installer is cross-built to several systems from a Mac using
-`build-all.xsh` and `upload-to-lix.xsh` in the installer repo (FIXME: currently
-at least; maybe this should be moved here?) .
+The installer is cross-built to several systems from a Mac using `build-all.xsh` and `upload-to-lix.xsh` in the installer repo (FIXME: currently at least; maybe this should be moved here?).
 
-It installs a binary tarball (FIXME: [it should be taught to substitute from
-cache instead][installer-substitute])
-from some URL; this is the `hydraJobs.binaryTarball`. The default URLs differ
-by architecture and are [configured here][tarball-urls].
+It installs a binary tarball (FIXME: [it should be taught to substitute from cache instead][installer-substitute]) from some URL; this is the `hydraJobs.binaryTarball`.
+The default URLs differ by architecture and are [configured here][tarball-urls].
+
+To automatically do the file changes for a new version, run `python3 set_version.py NEW_VERSION`, and submit the result for review.
 
 [installer-substitute]: https://git.lix.systems/lix-project/lix-installer/issues/13
 [tarball-urls]: https://git.lix.systems/lix-project/lix-installer/src/commit/693592ed10d421a885bec0a9dd45e87ab87eb90a/src/settings.rs#L14-L28
 
+### Web site
+
+The website has various release-version dependent pieces.
+You can update them with `python3 update_version.py NEW_VERSION`, which will regenerate the affected page sources.
+
+These need the release to have been done first as they need hashes for tarballs and such.
+
+### NixOS module
+
+The NixOS module has underdeveloped releng in it.
+Currently you have to do the whole branch-off dance manually to a `release-VERSION` branch and update the tarball URLs to point to the release versions manually.
+
+FIXME: this should be unified with the `set_version.py` work in `lix-installer` and probably all the releng kept in here, or kept elsewhere.
+Related: https://git.lix.systems/lix-project/lix/issues/439
+
 ## Infrastructure summary
 
 * releases.lix.systems (`s3://releases`):

releng/cli.py

@@ -1,10 +1,13 @@
+import logging
+import argparse
+import sys
+
 from . import create_release
 from . import docker
 from .environment import RelengEnvironment
 from . import environment
-import argparse
-import sys
 
+log = logging.getLogger(__name__)
 
 def do_build(args):
     if args.target == 'all':
@@ -21,6 +24,9 @@ def do_tag(args):
     create_release.do_tag_merge(force_tag=args.force_tag,
                                 no_check_git=args.no_check_git)
 
+    log.info('Merged the release commit into your last branch, and switched to a detached HEAD of the artifact to be released.')
+    log.info('After you are done with releasing, switch to your previous branch and push that branch for review.')
+
 
 def do_upload(env: RelengEnvironment, args):
     create_release.setup_creds(env)

releng/create_release.xsh

@@ -2,6 +2,7 @@ import json
 import subprocess
 import itertools
 import textwrap
+import logging
 from pathlib import Path
 import tempfile
 import hashlib
@@ -11,10 +12,12 @@ from . import environment
 from .environment import RelengEnvironment
 from . import keys
 from . import docker
-from .version import VERSION, RELEASE_NAME, MAJOR
+from .version import VERSION, RELEASE_NAME, MAJOR, OFFICIAL_RELEASE
 from .gitutils import verify_are_on_tag, git_preconditions
 from . import release_notes
 
+log = logging.getLogger(__name__)
+
 $RAISE_SUBPROC_ERROR = True
 $XONSH_SHOW_TRACEBACK = True
 
@@ -39,16 +42,25 @@ def setup_creds(env: RelengEnvironment):
 
 
 def official_release_commit_tag(force_tag=False):
-    print('[+] Setting officialRelease in flake.nix and tagging')
+    print('[+] Setting officialRelease in version.json and tagging')
     prev_branch = $(git symbolic-ref --short HEAD).strip()
 
     git switch --detach
-    sed -i 's/officialRelease = false/officialRelease = true/' flake.nix
-    git add flake.nix
+
+    # Must be done in two parts due to buffering (opening the file immediately
+    # would truncate it).
+    new_version_json = $(jq --indent 4 '.official_release = true' version.json)
+    with open('version.json', 'w') as fh:
+        fh.write(new_version_json)
+    git add version.json
+
     message = f'release: {VERSION} "{RELEASE_NAME}"\n\nRelease produced with releng/create_release.xsh'
     git commit -m @(message)
     git tag @(['-f'] if force_tag else []) -a -m @(message) @(VERSION)
 
+    with open('releng/prev-git-branch.txt', 'w') as fh:
+        fh.write(prev_branch)
+
     return prev_branch
 
 
@@ -229,8 +241,24 @@ def upload_artifacts(env: RelengEnvironment, noconfirm=False, no_check_git=False
     print('[+] Upload manual')
     upload_manual(env)
 
-    print('[+] git push tag')
-    git push @(['-f'] if force_push_tag else []) @(env.git_repo) f'{VERSION}:refs/tags/{VERSION}'
+    prev_branch = None
+    try:
+        with open('releng/prev-git-branch.txt', 'r') as fh:
+            prev_branch = fh.read().strip()
+    except FileNotFoundError:
+        log.warn('Cannot find previous git branch file, skipping pushing git objects')
+
+    if prev_branch:
+        print('[+] git push to the repo')
+        # We have to push the ref to gerrit for review at least such that the
+        # commit is known, before we can push it as a tag.
+        if env.git_repo_is_gerrit:
+            git push @(env.git_repo) f'{prev_branch}:refs/for/{prev_branch}'
+        else:
+            git push @(env.git_repo) f'{prev_branch}:{prev_branch}'
+
+        print('[+] git push tag')
+        git push @(['-f'] if force_push_tag else []) @(env.git_repo) f'{VERSION}:refs/tags/{VERSION}'
 
 
 def do_tag_merge(force_tag=False, no_check_git=False):
@@ -250,15 +278,14 @@ def build_manual(eval_result):
 
 
 def upload_manual(env: RelengEnvironment):
-    stable = json.loads($(nix eval --json '.#nix.officialRelease'))
-    if stable:
+    if OFFICIAL_RELEASE:
         version = MAJOR
     else:
         version = 'nightly'
 
     print('[+] aws s3 sync manual')
     aws s3 sync @(MANUAL)/ @(env.docs_bucket)/manual/lix/@(version)/
-    if stable:
+    if OFFICIAL_RELEASE:
         aws s3 sync @(MANUAL)/ @(env.docs_bucket)/manual/lix/stable/
 
 

releng/docker.xsh

@@ -44,23 +44,8 @@ def upload_docker_images(target: DockerTarget, paths: list[Path]):
 
         for path in paths:
             digest_file = tmp / (path.name + '.digest')
-            tmp_image = tmp / 'tmp-image.tar.gz'
 
-            # insecure-policy: we don't have any signature policy, we are just uploading an image
-            #
-            # Absurd: we copy it into an OCI image first so we can get the hash
-            # we need to upload it untagged, because skopeo has no "don't tag
-            # this" option.
-            # The reason for this is that forgejo's container registry throws
-            # away old versions of tags immediately, so we cannot use a temp
-            # tag, and it *does* reduce confusion to not upload tags that
-            # should not be used.
-            #
-            # Workaround for: https://github.com/containers/skopeo/issues/2354
-            log.info('skopeo copy to temp oci-archive %s', tmp_image)
-            skopeo --insecure-policy copy --format oci --all --digestfile @(digest_file) docker-archive:@(path) oci-archive:@(tmp_image)
-
-            inspection = json.loads($(skopeo inspect oci-archive:@(tmp_image)))
+            inspection = json.loads($(skopeo inspect docker-archive:@(path)))
 
             docker_arch = inspection['Architecture']
             docker_os = inspection['Os']
@@ -68,8 +53,9 @@ def upload_docker_images(target: DockerTarget, paths: list[Path]):
 
             log.info('Pushing image %s for %s to %s', path, docker_arch, target.registry_path)
 
+            # insecure-policy: we don't have any signature policy, we are just uploading an image
+            skopeo --insecure-policy copy --digestfile @(digest_file) --all docker-archive:@(path) f'docker://{target.registry_path}@@unknown-digest@@'
             digest = digest_file.read_text().strip()
-            skopeo --insecure-policy copy --preserve-digests --all oci-archive:@(tmp_image) f'docker://{target.registry_path}@{digest}'
 
             # skopeo doesn't give us the manifest size directly, so we just ask the registry
             metadata = reg.image_info(target.registry_path, digest)

releng/environment.py

@@ -52,6 +52,7 @@ class RelengEnvironment:
     releases_bucket: str
     docs_bucket: str
     git_repo: str
+    git_repo_is_gerrit: bool
 
     docker_targets: list[DockerTarget]
 
@@ -79,6 +80,7 @@ STAGING = RelengEnvironment(
     cache_store_overlay={'secret-key': 'staging.key'},
     releases_bucket='s3://staging-releases',
     git_repo='ssh://git@git.lix.systems/lix-project/lix-releng-staging',
+    git_repo_is_gerrit=False,
     docker_targets=[
         # latest will be auto tagged if appropriate
         DockerTarget('git.lix.systems/lix-project/lix-releng-staging',
@@ -113,6 +115,7 @@ PROD = RelengEnvironment(
     cache_store_overlay={'secret-key': 'prod.key'},
     releases_bucket='s3://releases',
     git_repo=guess_gerrit_remote(),
+    git_repo_is_gerrit=True,
     docker_targets=[
         # latest will be auto tagged if appropriate
         DockerTarget('git.lix.systems/lix-project/lix',

releng/gitutils.xsh

@@ -1,11 +1,24 @@
 import subprocess
-import json
+from packaging.version import Version
 
 from .version import VERSION
 
 
+def remote_is_plausible(url: str) -> bool:
+    return ('git.lix.systems' in url and 'lix-project/lix' in url) or ('gerrit.lix.systems' in url and url.endswith('lix'))
+
+
 def version_compare(v1: str, v2: str):
-    return json.loads($(nix-instantiate --eval --json --argstr v1 @(v1) --argstr v2 @(v2) --expr '{v1, v2}: builtins.compareVersions v1 v2'))
+    v1 = Version(v1)
+    v2 = Version(v2)
+    if v1 < v2:
+        return -1
+    elif v1 > v2:
+        return 1
+    elif v1 == v2:
+        return 0
+    else:
+        raise ValueError('these versions are beyond each others celestial plane')
 
 
 def latest_tag_on_branch(branch: str) -> str:
@@ -13,16 +26,18 @@ def latest_tag_on_branch(branch: str) -> str:
 
 
 def is_maintenance_branch(branch: str) -> bool:
-    try:
-        main_tag = latest_tag_on_branch('main')
-        current_tag = latest_tag_on_branch(branch)
+    """
+    Returns whether the given branch is probably a maintenance branch.
 
-        return version_compare(current_tag, main_tag) < 0
-    except subprocess.CalledProcessError:
-        # This is the case before Lix releases 2.90, since main *has* no
-        # release tag on it.
-        # FIXME: delete this case after 2.91
-        return False
+    This uses a heuristic: `main` should have a newer tag than a given
+    maintenance branch if there has been a major release since that maintenance
+    branch.
+    """
+    assert remote_is_plausible($(git remote get-url origin).strip())
+    main_tag = latest_tag_on_branch('origin/main')
+    current_tag = latest_tag_on_branch(branch)
+
+    return version_compare(current_tag, main_tag) < 0
 
 
 def verify_are_on_tag():

releng/version.py

@@ -4,3 +4,4 @@ version_json = json.load(open('version.json'))
 VERSION = version_json['version']
 MAJOR = '.'.join(VERSION.split('.')[:2])
 RELEASE_NAME = version_json['release_name']
+OFFICIAL_RELEASE = version_json['official_release']

scripts/meson.build

@@ -8,12 +8,7 @@ configure_file(
   }
 )
 
-# https://github.com/mesonbuild/meson/issues/860
-configure_file(
-  input : 'nix-profile.sh.in',
-  output : 'nix-profile.sh.in',
-  copy : true,
-)
+fs.copyfile('nix-profile.sh.in')
 
 foreach rc : [ '.sh', '.fish', '-daemon.sh', '-daemon.fish' ]
   configure_file(

src/asan-options/asan-options.cc

@@ -0,0 +1,17 @@
+/// @file This is very bothersome code that has to be included in every
+/// executable to get the correct default ASan options. I am so sorry.
+
+extern "C" [[gnu::retain]] const char *__asan_default_options()
+{
+    // We leak a bunch of memory knowingly on purpose. It's not worthwhile to
+    // diagnose that memory being leaked for now.
+    //
+    // Instruction bytes are useful for finding the actual code that
+    // corresponds to an ASan report.
+    //
+    // TODO: setting log_path=asan.log or not: neither works, since you can't
+    // write to the fs in certain places in the testsuite, but you also cannot
+    // write arbitrarily to stderr in other places so the reports get eaten.
+    // pain 🥖
+    return "halt_on_error=1:abort_on_error=1:detect_leaks=0:print_summary=1:dump_instruction_bytes=1";
+}

src/legacy/build-remote.cc

@@ -1,11 +1,7 @@
-#include <cstdlib>
-#include <cstring>
 #include <algorithm>
 #include <set>
 #include <memory>
-#include <string_view>
 #include <tuple>
-#include <iomanip>
 #if __APPLE__
 #include <sys/time.h>
 #endif
@@ -18,12 +14,14 @@
 #include "build-result.hh"
 #include "store-api.hh"
 #include "derivations.hh"
+#include "strings.hh"
 #include "local-store.hh"
 #include "legacy.hh"
 #include "experimental-features.hh"
 #include "hash.hh"
+#include "build-remote.hh"
 
-using namespace nix;
+namespace nix {
 
 static void handleAlarm(int sig) {
 }
@@ -42,7 +40,7 @@ static std::string makeLockFilename(const std::string & storeUri) {
     // This avoids issues with the escaped URI being very long and causing
     // path too long errors, while also avoiding any possibility of collision
     // caused by simple truncation.
-    auto hash = hashString(HashType::htSHA256, storeUri).to_string(Base::Base32, false);
+    auto hash = hashString(HashType::SHA256, storeUri).to_string(Base::Base32, false);
     return escapeUri(storeUri).substr(0, 48) + "-" + hash.substr(0, 16);
 }
 
@@ -391,4 +389,8 @@ connected:
     }
 }
 
-static RegisterLegacyCommand r_build_remote("build-remote", main_build_remote);
+void registerBuildRemote() {
+    LegacyCommands::add("build-remote", main_build_remote);
+}
+
+}

src/legacy/build-remote.hh

@@ -0,0 +1,8 @@
+#pragma once
+/// @file
+
+namespace nix {
+
+void registerBuildRemote();
+
+}

src/legacy/meson.build

@@ -0,0 +1,35 @@
+legacy_include_directories = include_directories('.')
+
+legacy_sources = files(
+  # `build-remote` is not really legacy (it powers all remote builds), but it's
+  # not a `nix3` command.
+  'build-remote.cc',
+  'dotgraph.cc',
+  'graphml.cc',
+  'nix-build.cc',
+  'nix-channel.cc',
+  'nix-collect-garbage.cc',
+  'nix-copy-closure.cc',
+  'nix-env.cc',
+  'nix-env.hh',
+  'nix-instantiate.cc',
+  'nix-store.cc',
+  'user-env.cc',
+)
+
+legacy_headers = files(
+  'build-remote.hh',
+  'nix-build.hh',
+  'nix-channel.hh',
+  'nix-collect-garbage.hh',
+  'nix-copy-closure.hh',
+  'nix-instantiate.hh',
+  'nix-store.hh',
+)
+
+legacy_generated_headers = [
+  gen_header.process('buildenv.nix', preserve_path_from: meson.current_source_dir()),
+  gen_header.process('unpack-channel.nix', preserve_path_from: meson.current_source_dir()),
+]
+
+fs.copyfile('unpack-channel.nix')

src/legacy/nix-build.cc

@@ -24,12 +24,14 @@
 #include "attr-path.hh"
 #include "legacy.hh"
 #include "shlex.hh"
+#include "nix-build.hh"
+
+extern char * * environ __attribute__((weak)); // Man what even is this
+
+namespace nix {
 
-using namespace nix;
 using namespace std::string_literals;
 
-extern char * * environ __attribute__((weak));
-
 static void main_nix_build(int argc, char * * argv)
 {
     auto dryRun = false;
@@ -613,5 +615,9 @@ static void main_nix_build(int argc, char * * argv)
     }
 }
 
-static RegisterLegacyCommand r_nix_build("nix-build", main_nix_build);
-static RegisterLegacyCommand r_nix_shell("nix-shell", main_nix_build);
+void registerNixBuildAndNixShell() {
+    LegacyCommands::add("nix-build", main_nix_build);
+    LegacyCommands::add("nix-shell", main_nix_build);
+}
+
+}

src/legacy/nix-build.hh

@@ -0,0 +1,8 @@
+#pragma once
+/// @file
+
+namespace nix {
+
+void registerNixBuildAndNixShell();
+
+}

src/legacy/nix-channel.cc

@@ -7,12 +7,13 @@
 #include "fetchers.hh"
 #include "eval-settings.hh" // for defexpr
 #include "users.hh"
+#include "nix-channel.hh"
 
 #include <fcntl.h>
 #include <regex>
 #include <pwd.h>
 
-using namespace nix;
+namespace nix {
 
 typedef std::map<std::string, std::string> Channels;
 
@@ -264,4 +265,8 @@ static int main_nix_channel(int argc, char ** argv)
     }
 }
 
-static RegisterLegacyCommand r_nix_channel("nix-channel", main_nix_channel);
+void registerNixChannel() {
+    LegacyCommands::add("nix-channel", main_nix_channel);
+}
+
+}

src/legacy/nix-channel.hh

@@ -0,0 +1,8 @@
+#pragma once
+/// @file
+
+namespace nix {
+
+void registerNixChannel();
+
+}

src/legacy/nix-collect-garbage.cc

@@ -7,11 +7,12 @@
 #include "globals.hh"
 #include "legacy.hh"
 #include "signals.hh"
+#include "nix-collect-garbage.hh"
 
 #include <iostream>
 #include <cerrno>
 
-using namespace nix;
+namespace nix {
 
 std::string deleteOlderThan;
 bool dryRun = false;
@@ -110,4 +111,8 @@ static int main_nix_collect_garbage(int argc, char * * argv)
     }
 }
 
-static RegisterLegacyCommand r_nix_collect_garbage("nix-collect-garbage", main_nix_collect_garbage);
+void registerNixCollectGarbage() {
+    LegacyCommands::add("nix-collect-garbage", main_nix_collect_garbage);
+}
+
+}