lib: fix merging of functions

.editorconfig

@@ -44,10 +44,6 @@ indent_size = 4
 indent_size = 2
 indent_style = space
 
-# Match package.json, which are generally pulled from upstream and accept them as they are
-[package.json]
-indent_style = unset
-
 # Disable file types or individual files
 # some of these files may be auto-generated and/or require significant changes
 

.git-blame-ignore-revs

@@ -154,23 +154,5 @@ bdfde18037f8d9f9b641a4016c8ada4dc4cbf856
 # nixos/ollama: format with nixfmt-rfc-style (#329561)
 246d1ee533810ac1946d863bbd9de9b525818d56
 
-# steam: cleanup (#216972)
-ad815aebfbfe1415ff6436521d545029c803c3fb
-
 # nixos/nvidia: apply nixfmt-rfc-style (#313440)
 fbdcdde04a7caa007e825a8b822c75fab9adb2d6
-
-# step-cli: format package.nix with nixfmt (#331629)
-fc7a83f8b62e90de5679e993d4d49ca014ea013d
-
-# darwin.stdenv: format with nixfmt-rfc-style (#333962)
-93c10ac9e561c6594d3baaeaff2341907390d9b8
-
-# nrr: format with nixfmt-rfc-style (#334578)
-cffc27daf06c77c0d76bc35d24b929cb9d68c3c9
-
-# nixos/kanidm: inherit lib, nixfmt
-8f18393d380079904d072007fb19dc64baef0a3a
-
-# fetchurl: nixfmt-rfc-style
-ce21e97a1f20dee15da85c084f9d1148d84f853b

.github/CODEOWNERS

@@ -14,10 +14,9 @@
 # CI
 /.github/workflows @NixOS/Security @Mic92 @zowoq
 /.github/workflows/check-nix-format.yml @infinisil
-/.github/workflows/nixpkgs-vet.yml @infinisil @philiptaron
-/ci @infinisil @philiptaron @NixOS/Security
+/ci @infinisil @NixOS/Security
 
-# Development support
+# Develompent support
 /.editorconfig @Mic92 @zowoq
 /shell.nix @infinisil @NixOS/Security
 
@@ -44,12 +43,9 @@
 /pkgs/top-level/stage.nix                        @Ericson2314
 /pkgs/top-level/splice.nix                       @Ericson2314
 /pkgs/top-level/release-cross.nix                @Ericson2314
-/pkgs/top-level/by-name-overlay.nix              @infinisil @philiptaron
-/pkgs/stdenv                                     @philiptaron
 /pkgs/stdenv/generic                             @Ericson2314
 /pkgs/stdenv/generic/check-meta.nix              @Ericson2314
 /pkgs/stdenv/cross                               @Ericson2314
-/pkgs/build-support                              @philiptaron
 /pkgs/build-support/cc-wrapper                   @Ericson2314
 /pkgs/build-support/bintools-wrapper             @Ericson2314
 /pkgs/build-support/setup-hooks                  @Ericson2314
@@ -60,6 +56,12 @@
 /pkgs/pkgs-lib/formats/libconfig                 @h7x4
 /pkgs/pkgs-lib/formats/hocon                     @h7x4
 
+# pkgs/by-name
+/pkgs/test/check-by-name @infinisil
+/pkgs/by-name/README.md @infinisil
+/pkgs/top-level/by-name-overlay.nix @infinisil
+/.github/workflows/check-by-name.yml @infinisil
+
 # Nixpkgs build-support
 /pkgs/build-support/writers @lassulus @Profpatsch
 
@@ -71,8 +73,8 @@
 # @raitobezarius is not "code owner", but is listed here to be notified of changes
 # pertaining to the Nix package manager.
 # i.e. no authority over those files.
-pkgs/tools/package-management/nix/                    @NixOS/nix-team @raitobezarius
-nixos/modules/installer/tools/nix-fallback-paths.nix  @NixOS/nix-team @raitobezarius
+pkgs/tools/package-management/nix/                    @raitobezarius
+nixos/modules/installer/tools/nix-fallback-paths.nix  @raitobezarius
 
 # Nixpkgs documentation
 /maintainers/scripts/db-to-md.sh @jtojnar @ryantm
@@ -87,7 +89,6 @@ nixos/modules/installer/tools/nix-fallback-paths.nix  @NixOS/nix-team @raitobeza
 /doc/README.md @infinisil
 /nixos/README.md @infinisil
 /pkgs/README.md @infinisil
-/pkgs/by-name/README.md @infinisil
 /maintainers/README.md @infinisil
 
 # User-facing development documentation
@@ -108,7 +109,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix  @NixOS/nix-team @raitobeza
 /nixos/virtualisation/qemu-vm.nix           @raitobezarius
 
 # ACME
-/nixos/modules/security/acme                @arianvp @flokli @aanderse @emilazy # no merge permission: @m1cr0man
+/nixos/modules/security/acme                @arianvp @flokli @aanderse # no merge permission: @m1cr0man @emilazy
 
 # Systemd
 /nixos/modules/system/boot/systemd.nix      @NixOS/systemd
@@ -120,8 +121,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix  @NixOS/nix-team @raitobeza
 /nixos/modules/system/boot/loader/systemd-boot      @JulienMalka
 
 # Images and installer media
-/nixos/modules/profiles/installation-device.nix @ElvishJerricco
-/nixos/modules/installer/cd-dvd/                @ElvishJerricco
+/nixos/modules/installer/cd-dvd/
 /nixos/modules/installer/sd-card/
 
 # Updaters
@@ -139,13 +139,13 @@ nixos/modules/installer/tools/nix-fallback-paths.nix  @NixOS/nix-team @raitobeza
 /pkgs/top-level/release-python.nix                      @natsukium
 
 # Haskell
-/doc/languages-frameworks/haskell.section.md  @sternenseemann @maralorn
-/maintainers/scripts/haskell                  @sternenseemann @maralorn
-/pkgs/development/compilers/ghc               @sternenseemann @maralorn
-/pkgs/development/haskell-modules             @sternenseemann @maralorn
-/pkgs/test/haskell                            @sternenseemann @maralorn
-/pkgs/top-level/release-haskell.nix           @sternenseemann @maralorn
-/pkgs/top-level/haskell-packages.nix          @sternenseemann @maralorn
+/doc/languages-frameworks/haskell.section.md  @sternenseemann @maralorn @ncfavier
+/maintainers/scripts/haskell                  @sternenseemann @maralorn @ncfavier
+/pkgs/development/compilers/ghc               @sternenseemann @maralorn @ncfavier
+/pkgs/development/haskell-modules             @sternenseemann @maralorn @ncfavier
+/pkgs/test/haskell                            @sternenseemann @maralorn @ncfavier
+/pkgs/top-level/release-haskell.nix           @sternenseemann @maralorn @ncfavier
+/pkgs/top-level/haskell-packages.nix          @sternenseemann @maralorn @ncfavier
 
 # Perl
 /pkgs/development/interpreters/perl @stigtsp @zakame @marcusramberg
@@ -163,7 +163,7 @@ nixos/modules/installer/tools/nix-fallback-paths.nix  @NixOS/nix-team @raitobeza
 
 # C compilers
 /pkgs/development/compilers/gcc
-/pkgs/development/compilers/llvm @alyssais @RossComputerGuy
+/pkgs/development/compilers/llvm @RossComputerGuy
 /pkgs/development/compilers/emscripten @raitobezarius
 /doc/languages-frameworks/emscripten.section.md @raitobezarius
 
@@ -252,7 +252,6 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
 
 # Idris
 /pkgs/development/idris-modules @Infinisil
-/pkgs/development/compilers/idris2 @mattpolzin
 
 # Bazel
 /pkgs/development/tools/build-managers/bazel @Profpatsch
@@ -268,9 +267,6 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
 /pkgs/applications/editors/emacs                @adisbladis
 /pkgs/top-level/emacs-packages.nix              @adisbladis
 
-# Kakoune
-/pkgs/applications/editors/kakoune     @philiptaron
-
 # Neovim
 /pkgs/applications/editors/neovim      @figsoda @teto
 
@@ -324,7 +320,7 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
 
 # Forgejo
 nixos/modules/services/misc/forgejo.nix @adamcstephens @bendlas @emilylange
-pkgs/by-name/fo/forgejo/                @adamcstephens @bendlas @emilylange
+pkgs/by-name/fo/forgejo/package.nix     @adamcstephens @bendlas @emilylange
 
 # Dotnet
 /pkgs/build-support/dotnet                  @corngood
@@ -337,6 +333,9 @@ pkgs/by-name/fo/forgejo/                @adamcstephens @bendlas @emilylange
 /pkgs/build-support/node/fetch-npm-deps         @winterqt
 /doc/languages-frameworks/javascript.section.md @winterqt
 
+# environment.noXlibs option aka NoX
+/nixos/modules/config/no-x-libs.nix  @SuperSandro2000
+
 # OCaml
 /pkgs/build-support/ocaml           @ulrikstrid
 /pkgs/development/compilers/ocaml   @ulrikstrid
@@ -365,13 +364,16 @@ nixos/modules/services/web-apps/pretalx.nix @mweinelt
 nixos/tests/web-apps/pretix.nix @mweinelt
 nixos/tests/web-apps/pretalx.nix @mweinelt
 
-# incus/lxc
-nixos/maintainers/scripts/incus/        @adamcstephens
+# incus/lxc/lxd
+nixos/maintainers/scripts/lxd/          @adamcstephens
 nixos/modules/virtualisation/incus.nix  @adamcstephens
 nixos/modules/virtualisation/lxc*       @adamcstephens
+nixos/modules/virtualisation/lxd*       @adamcstephens
 nixos/tests/incus/                      @adamcstephens
+nixos/tests/lxd/                        @adamcstephens
 pkgs/by-name/in/incus/                  @adamcstephens
 pkgs/by-name/lx/lxc*                    @adamcstephens
+pkgs/by-name/lx/lxd*                    @adamcstephens
 
 # ExpidusOS, Flutter
 /pkgs/development/compilers/flutter @RossComputerGuy
@@ -385,8 +387,3 @@ pkgs/by-name/lx/lxc*                    @adamcstephens
 /pkgs/os-specific/linux/checkpolicy @RossComputerGuy
 /pkgs/os-specific/linux/libselinux  @RossComputerGuy
 /pkgs/os-specific/linux/libsepol    @RossComputerGuy
-
-# installShellFiles
-/pkgs/by-name/in/installShellFiles/*     @Ericson2314
-/pkgs/test/install-shell-files/*         @Ericson2314
-/doc/hooks/installShellFiles.section.md  @Ericson2314

.github/PULL_REQUEST_TEMPLATE.md

@@ -21,7 +21,7 @@ For new packages please briefly describe the package or provide a link to its ho
   - [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
   - and/or [package tests](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#package-tests)
   - or, for functions and "core" functionality, tests in [lib/tests](https://github.com/NixOS/nixpkgs/blob/master/lib/tests) or [pkgs/test](https://github.com/NixOS/nixpkgs/blob/master/pkgs/test)
-  - made sure NixOS tests are [linked](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#linking-nixos-module-tests-to-a-package) to the relevant packages
+  - made sure NixOS tests are [linked](https://nixos.org/manual/nixpkgs/unstable/#ssec-nixos-tests-linking) to the relevant packages
 - [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage)
 - [ ] Tested basic functionality of all binary files (usually in `./result/bin/`)
 - [24.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) (or backporting [23.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2311.section.md) and [24.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2405.section.md) Release notes)

.github/labeler.yml

@@ -270,12 +270,6 @@
     - changed-files:
       - any-glob-to-any-file:
         - .github/**/*
-        - CONTRIBUTING.md
-        - pkgs/README.md
-        - nixos/README.md
-        - maintainers/README.md
-        - lib/README.md
-        - doc/README.md
 
 "6.topic: printing":
   - any:
@@ -380,17 +374,6 @@
       - any-glob-to-any-file:
         - pkgs/applications/editors/vscode/**/*
 
-"6.topic: xen-project":
-  - any:
-    - changed-files:
-      - any-glob-to-any-file:
-        - nixos/modules/virtualisation/xen*
-        - pkgs/applications/virtualization/xen/**
-        - pkgs/by-name/xe/xen-guest-agent/*
-        - pkgs/by-name/xt/xtf/*
-        - pkgs/development/ocaml-modules/xen*/*
-        - pkgs/development/ocaml-modules/vchan/*
-
 "6.topic: xfce":
   - any:
     - changed-files:

.github/workflows/basic-eval.yml

@@ -15,7 +15,6 @@ permissions:
 
 jobs:
   tests:
-    name: basic-eval-checks
     runs-on: ubuntu-latest
     # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
     steps:

.github/workflows/check-by-name.yml

@@ -0,0 +1,123 @@
+# Checks pkgs/by-name (see pkgs/by-name/README.md)
+# using the nixpkgs-check-by-name tool (see https://github.com/NixOS/nixpkgs-check-by-name)
+#
+# When you make changes to this workflow, also update pkgs/test/check-by-name/run-local.sh adequately
+name: Check pkgs/by-name
+
+on:
+  # Using pull_request_target instead of pull_request avoids having to approve first time contributors
+  pull_request_target:
+    # This workflow depends on the base branch of the PR,
+    # but changing the base branch is not included in the default trigger events,
+    # which would be `opened`, `synchronize` or `reopened`.
+    # Instead it causes an `edited` event, so we need to add it explicitly here
+    # While `edited` is also triggered when the PR title/body is changed,
+    # this PR action is fairly quick, and PR's don't get edited that often,
+    # so it shouldn't be a problem
+    # There is a feature request for adding a `base_changed` event:
+    # https://github.com/orgs/community/discussions/35058
+    types: [opened, synchronize, reopened, edited]
+
+permissions: {}
+
+# We don't use a concurrency group here, because the action is triggered quite often (due to the PR edit
+# trigger), and contributers would get notified on any canceled run.
+# There is a feature request for supressing notifications on concurrency-canceled runs:
+# https://github.com/orgs/community/discussions/13015
+
+jobs:
+  check:
+    # This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases
+    runs-on: ubuntu-latest
+    # This should take 1 minute at most, but let's be generous.
+    # The default of 6 hours is definitely too long
+    timeout-minutes: 10
+    steps:
+      # This step has to be in this file,
+      # because it's needed to determine which revision of the repository to fetch,
+      # and we can only use other files from the repository once it's fetched.
+      - name: Resolving the merge commit
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # This checks for mergeability of a pull request as recommended in
+          # https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests
+
+          # Retry the API query this many times
+          retryCount=5
+          # Start with 5 seconds, but double every retry
+          retryInterval=5
+          while true; do
+            echo "Checking whether the pull request can be merged"
+            prInfo=$(gh api \
+              -H "Accept: application/vnd.github+json" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              /repos/"$GITHUB_REPOSITORY"/pulls/${{ github.event.pull_request.number }})
+            mergeable=$(jq -r .mergeable <<< "$prInfo")
+            mergedSha=$(jq -r .merge_commit_sha <<< "$prInfo")
+
+            if [[ "$mergeable" == "null" ]]; then
+              if (( retryCount == 0 )); then
+                echo "Not retrying anymore. It's likely that GitHub is having internal issues: check https://www.githubstatus.com/"
+                exit 1
+              else
+                (( retryCount -= 1 )) || true
+
+                # null indicates that GitHub is still computing whether it's mergeable
+                # Wait a couple seconds before trying again
+                echo "GitHub is still computing whether this PR can be merged, waiting $retryInterval seconds before trying again ($retryCount retries left)"
+                sleep "$retryInterval"
+
+                (( retryInterval *= 2 )) || true
+              fi
+            else
+              break
+            fi
+          done
+
+          if [[ "$mergeable" == "true" ]]; then
+            echo "The PR can be merged, checking the merge commit $mergedSha"
+            echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
+          else
+            echo "The PR cannot be merged, it has a merge conflict, skipping the rest.."
+          fi
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        if: env.mergedSha
+        with:
+          # pull_request_target checks out the base branch by default
+          ref: ${{ env.mergedSha }}
+          # Fetches the merge commit and its parents
+          fetch-depth: 2
+      - name: Checking out base branch
+        if: env.mergedSha
+        run: |
+          base=$(mktemp -d)
+          git worktree add "$base" "$(git rev-parse HEAD^1)"
+          echo "base=$base" >> "$GITHUB_ENV"
+      - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
+        if: env.mergedSha
+      - name: Fetching the pinned tool
+        if: env.mergedSha
+        # Update the pinned version using pkgs/test/check-by-name/update-pinned-tool.sh
+        run: |
+          # The pinned version of the tooling to use
+          toolVersion=$(<pkgs/test/check-by-name/pinned-version.txt)
+          # Fetch the x86_64-linux-specific release artifact containing the Gzipped NAR of the pre-built tool
+          toolPath=$(curl -sSfL https://github.com/NixOS/nixpkgs-check-by-name/releases/download/"$toolVersion"/x86_64-linux.nar.gz \
+            | gzip -cd | nix-store --import | tail -1)
+          # Adds a result symlink as a GC root
+          nix-store --realise "$toolPath" --add-root result
+      - name: Running nixpkgs-check-by-name
+        if: env.mergedSha
+        env:
+          # Force terminal colors to be enabled. The library that
+          # nixpkgs-check-by-name uses respects: https://bixense.com/clicolors/
+          CLICOLOR_FORCE: 1
+        run: |
+          if result/bin/nixpkgs-check-by-name --base "$base" .; then
+            exit 0
+          else
+            exitCode=$?
+            echo "To run locally: ./maintainers/scripts/check-by-name.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git"
+            exit "$exitCode"
+          fi

.github/workflows/check-cherry-picks.yml

@@ -10,7 +10,6 @@ permissions: {}
 
 jobs:
   check:
-    name: cherry-pick-check
     runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     steps:

.github/workflows/check-maintainers-sorted.yaml

@@ -9,7 +9,6 @@ permissions:
 
 jobs:
   nixos:
-    name: maintainer-list-check
     runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     steps:

.github/workflows/check-nix-format.yml

@@ -7,14 +7,13 @@ name: Check that Nix files are formatted
 
 on:
   pull_request_target:
-    # See the comment at the same location in ./nixpkgs-vet.yml
+    # See the comment at the same location in ./check-by-name.yml
     types: [opened, synchronize, reopened, edited]
 permissions:
   contents: read
 
 jobs:
   nixos:
-    name: nixfmt-check
     runs-on: ubuntu-latest
     if: "!contains(github.event.pull_request.title, '[skip treewide]')"
     steps:
@@ -83,8 +82,7 @@ jobs:
 
           if (( "${#unformattedFiles[@]}" > 0 )); then
             echo "Some new/changed Nix files are not properly formatted"
-            echo "Please go to the Nixpkgs root directory, run \`nix-shell\`, then:"
+            echo "Please run the following in \`nix-shell\`:"
             echo "nixfmt ${unformattedFiles[*]@Q}"
-            echo "If you're having trouble, please ping @NixOS/nix-formatting"
             exit 1
           fi

.github/workflows/check-nixf-tidy.yml

@@ -8,7 +8,6 @@ permissions:
 
 jobs:
   nixos:
-    name: exp-nixf-tidy-check
     runs-on: ubuntu-latest
     if: "!contains(github.event.pull_request.title, '[skip treewide]')"
     steps:

.github/workflows/check-shell.yml

@@ -7,7 +7,6 @@ permissions: {}
 
 jobs:
   x86_64-linux:
-    name: shell-check-x86_64-linux
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -19,7 +18,6 @@ jobs:
         run: nix-build shell.nix
 
   aarch64-darwin:
-    name: shell-check-aarch64-darwin
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

.github/workflows/editorconfig.yml

@@ -10,7 +10,6 @@ on:
 
 jobs:
   tests:
-    name: editorconfig-check
     runs-on: ubuntu-latest
     if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
     steps:

.github/workflows/labels.yml

@@ -15,7 +15,6 @@ permissions:
 
 jobs:
   labels:
-    name: label-pr
     runs-on: ubuntu-latest
     if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
     steps:

.github/workflows/manual-nixos.yml

@@ -11,7 +11,6 @@ on:
 
 jobs:
   nixos:
-    name: nixos-manual-build
     runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     steps:

.github/workflows/manual-nixpkgs.yml

@@ -13,7 +13,6 @@ on:
 
 jobs:
   nixpkgs:
-    name: nixpkgs-manual-build
     runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     steps:

.github/workflows/nix-parse.yml

@@ -10,7 +10,6 @@ on:
 
 jobs:
   tests:
-    name: nix-files-parseable-check
     runs-on: ubuntu-latest
     if: "github.repository_owner == 'NixOS' && !contains(github.event.pull_request.title, '[skip treewide]')"
     steps:

.github/workflows/nixpkgs-vet.yml

@@ -1,116 +0,0 @@
-# `nixpkgs-vet` is a tool to vet Nixpkgs: its architecture, package structure, and more.
-# Among other checks, it makes sure that `pkgs/by-name` (see `../../pkgs/by-name/README.md`) follows the validity rules outlined in [RFC 140](https://github.com/NixOS/rfcs/pull/140).
-# When you make changes to this workflow, please also update `ci/nixpkgs-vet.sh` to reflect the impact of your work to the CI.
-# See https://github.com/NixOS/nixpkgs-vet for details on the tool and its checks.
-name: Vet nixpkgs
-
-on:
-  # Using pull_request_target instead of pull_request avoids having to approve first time contributors.
-  pull_request_target:
-    # This workflow depends on the base branch of the PR, but changing the base branch is not included in the default trigger events, which would be `opened`, `synchronize` or `reopened`.
-    # Instead it causes an `edited` event, so we need to add it explicitly here.
-    # While `edited` is also triggered when the PR title/body is changed, this PR action is fairly quick, and PRs don't get edited **that** often, so it shouldn't be a problem.
-    # There is a feature request for adding a `base_changed` event: https://github.com/orgs/community/discussions/35058
-    types: [opened, synchronize, reopened, edited]
-
-permissions: {}
-
-# We don't use a concurrency group here, because the action is triggered quite often (due to the PR edit trigger), and contributors would get notified on any canceled run.
-# There is a feature request for suppressing notifications on concurrency-canceled runs: https://github.com/orgs/community/discussions/13015
-
-jobs:
-  check:
-    name: nixpkgs-vet
-    # This needs to be x86_64-linux, because we depend on the tooling being pre-built in the GitHub releases.
-    runs-on: ubuntu-latest
-    # This should take 1 minute at most, but let's be generous. The default of 6 hours is definitely too long.
-    timeout-minutes: 10
-    steps:
-      # This step has to be in this file, because it's needed to determine which revision of the repository to fetch, and we can only use other files from the repository once it's fetched.
-      - name: Resolving the merge commit
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          # This checks for mergeability of a pull request as recommended in
-          # https://docs.github.com/en/rest/guides/using-the-rest-api-to-interact-with-your-git-database?apiVersion=2022-11-28#checking-mergeability-of-pull-requests
-
-          # Retry the API query this many times
-          retryCount=5
-          # Start with 5 seconds, but double every retry
-          retryInterval=5
-          while true; do
-            echo "Checking whether the pull request can be merged"
-            prInfo=$(gh api \
-              -H "Accept: application/vnd.github+json" \
-              -H "X-GitHub-Api-Version: 2022-11-28" \
-              /repos/"$GITHUB_REPOSITORY"/pulls/${{ github.event.pull_request.number }})
-            mergeable=$(jq -r .mergeable <<< "$prInfo")
-            mergedSha=$(jq -r .merge_commit_sha <<< "$prInfo")
-
-            if [[ "$mergeable" == "null" ]]; then
-              if (( retryCount == 0 )); then
-                echo "Not retrying anymore. It's likely that GitHub is having internal issues: check https://www.githubstatus.com/"
-                exit 1
-              else
-                (( retryCount -= 1 )) || true
-
-                # null indicates that GitHub is still computing whether it's mergeable
-                # Wait a couple seconds before trying again
-                echo "GitHub is still computing whether this PR can be merged, waiting $retryInterval seconds before trying again ($retryCount retries left)"
-                sleep "$retryInterval"
-
-                (( retryInterval *= 2 )) || true
-              fi
-            else
-              break
-            fi
-          done
-
-          if [[ "$mergeable" == "true" ]]; then
-            echo "The PR can be merged, checking the merge commit $mergedSha"
-            echo "mergedSha=$mergedSha" >> "$GITHUB_ENV"
-          else
-            echo "The PR cannot be merged, it has a merge conflict, skipping the rest.."
-          fi
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        if: env.mergedSha
-        with:
-          # pull_request_target checks out the base branch by default
-          ref: ${{ env.mergedSha }}
-          # Fetches the merge commit and its parents
-          fetch-depth: 2
-      - name: Checking out base branch
-        if: env.mergedSha
-        run: |
-          base=$(mktemp -d)
-          git worktree add "$base" "$(git rev-parse HEAD^1)"
-          echo "base=$base" >> "$GITHUB_ENV"
-      - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
-        if: env.mergedSha
-      - name: Fetching the pinned tool
-        if: env.mergedSha
-        # Update the pinned version using ci/nixpkgs-vet/update-pinned-tool.sh
-        run: |
-          # The pinned version of the tooling to use.
-          toolVersion=$(<ci/nixpkgs-vet/pinned-version.txt)
-
-          # Fetch the x86_64-linux-specific release artifact containing the gzipped NAR of the pre-built tool.
-          toolPath=$(curl -sSfL https://github.com/NixOS/nixpkgs-vet/releases/download/"$toolVersion"/x86_64-linux.nar.gz \
-            | gzip -cd | nix-store --import | tail -1)
-
-          # Adds a result symlink as a GC root.
-          nix-store --realise "$toolPath" --add-root result
-      - name: Running nixpkgs-vet
-        if: env.mergedSha
-        env:
-          # Force terminal colors to be enabled. The library that `nixpkgs-vet` uses respects https://bixense.com/clicolors/
-          CLICOLOR_FORCE: 1
-        run: |
-          if result/bin/nixpkgs-vet --base "$base" .; then
-            exit 0
-          else
-            exitCode=$?
-            echo "To run locally: ./ci/nixpkgs-vet.sh $GITHUB_BASE_REF https://github.com/$GITHUB_REPOSITORY.git"
-            echo "If you're having trouble, ping @NixOS/nixpkgs-vet"
-            exit "$exitCode"
-          fi

.github/workflows/ofborg-pending.yml

@@ -16,7 +16,6 @@ permissions:
 
 jobs:
   action:
-    name: set-ofborg-pending
     if: github.repository_owner == 'NixOS'
     permissions:
       statuses: write

.github/workflows/update-terraform-providers.yml

@@ -46,7 +46,7 @@ jobs:
         run: |
           git clean -f
       - name: create PR
-        uses: peter-evans/create-pull-request@6cd32fd93684475c31847837f87bb135d40a2b79 # v7.0.3
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
         with:
           body: |
             Automatic update by [update-terraform-providers](https://github.com/NixOS/nixpkgs/blob/master/.github/workflows/update-terraform-providers.yml) action.

.mailmap

@@ -1,16 +1,9 @@
 ajs124 <git@ajs124.de> <ajs124@users.noreply.github.com>
 Anderson Torres <torres.anderson.85@protonmail.com>
-Atemu <git@atemu.net> <atemu.main@gmail.com>
-Christina Sørensen <christina@cafkafk.com>
-Christina Sørensen <christina@cafkafk.com> <christinaafk@gmail.com>
-Christina Sørensen <christina@cafkafk.com> <89321978+cafkafk@users.noreply.github.com>
 Daniel Løvbrøtte Olsen <me@dandellion.xyz> <daniel.olsen99@gmail.com>
 Fabian Affolter <mail@fabian-affolter.ch> <fabian@affolter-engineering.ch>
-goatastronaut0212 <goatastronaut0212@outlook.com> <goatastronaut0212@proton.me>
 Janne Heß <janne@hess.ooo> <dasJ@users.noreply.github.com>
 Jörg Thalheim <joerg@thalheim.io> <Mic92@users.noreply.github.com>
-Lin Jian <me@linj.tech> <linj.dev@outlook.com>
-Lin Jian <me@linj.tech> <75130626+jian-lin@users.noreply.github.com>
 Martin Weinelt <hexa@darmstadt.ccc.de> <mweinelt@users.noreply.github.com>
 R. RyanTM <ryantm-bot@ryantm.com>
 Robert Hensing <robert@roberthensing.nl> <roberth@users.noreply.github.com>

CONTRIBUTING.md

@@ -315,22 +315,6 @@ When reviewing a pull request, please always be nice and polite. Controversial c
 
 GitHub provides reactions as a simple and quick way to provide feedback to pull requests or any comments. The thumb-down reaction should be used with care and if possible accompanied with some explanation so the submitter has directions to improve their contribution.
 
-When doing a review:
-- Aim to drive the proposal to a timely conclusion.
-- Focus on the proposed changes to keep the scope of the discussion narrow.
-- Help the contributor prioritise their efforts towards getting their change merged.
-
-If you find anything related that could be improved but is not immediately required for acceptance, consider
-- Implementing the changes yourself in a follow-up pull request (and request review from the person who inspired you)
-- Tracking your idea in an issue
-- Offering the original contributor to review a follow-up pull request
-- Making concrete [suggestions](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request) in the same pull request.
-
-For example, follow-up changes could involve refactoring code in the affected files.
-
-But please remember not to make such additional considerations a blocker, and communicate that to the contributor, for example by following the [conventional comments](https://conventionalcomments.org/) pattern.
-If the related change is essential for the contribution at hand, make clear why you think it is important to address that first.
-
 Pull request reviews should include a list of what has been reviewed in a comment, so other reviewers and mergers can know the state of the review.
 
 All the review template samples provided in this section are generic and meant as examples. Their usage is optional and the reviewer is free to adapt them to their liking.
@@ -370,7 +354,7 @@ The following paragraphs about how to deal with unactive contributors is just a
 Please note that contributors with commit rights unactive for more than three months will have their commit rights revoked.
 -->
 
-Please see the discussion in [GitHub nixpkgs issue #321665](https://github.com/NixOS/nixpkgs/issues/321665) for information on how to proceed to be granted this level of access.
+Please see the discussion in [GitHub nixpkgs issue #50105](https://github.com/NixOS/nixpkgs/issues/50105) for information on how to proceed to be granted this level of access.
 
 In a case a contributor definitively leaves the Nix community, they should create an issue or post on [Discourse](https://discourse.nixos.org) with references of packages and modules they maintain so the maintainership can be taken over by other contributors.
 

ci/README.md

@@ -1,7 +1,7 @@
 # CI support files
 
 This directory contains files to support CI, such as [GitHub Actions](https://github.com/NixOS/nixpkgs/tree/master/.github/workflows) and [Ofborg](https://github.com/nixos/ofborg).
-This is in contrast with [`maintainers/scripts`](../maintainers/scripts) which is for human use instead.
+This is in contrast with [`maintainers/scripts`](`../maintainers/scripts`) which is for human use instead.
 
 ## Pinned Nixpkgs
 
@@ -10,34 +10,3 @@ In order to ensure that the needed packages are generally available without buil
 [`pinned-nixpkgs.json`](./pinned-nixpkgs.json) contains a pinned Nixpkgs version tested by Hydra.
 
 Run [`update-pinned-nixpkgs.sh`](./update-pinned-nixpkgs.sh) to update it.
-
-## `ci/nixpkgs-vet.sh BASE_BRANCH [REPOSITORY]`
-
-Runs the [`nixpkgs-vet` tool](https://github.com/NixOS/nixpkgs-vet) on the HEAD commit, closely matching what CI does. This can't do exactly the same as CI, because CI needs to rely on GitHub's server-side Git history to compute the mergeability of PRs before the check can be started.
-In turn, when contributors are running this tool locally, we don't want to have to push commits to test them, and we can also rely on the local Git history to do the mergeability check.
-
-Arguments:
-
-- `BASE_BRANCH`: The base branch to use, e.g. master or release-24.05
-- `REPOSITORY`: The repository from which to fetch the base branch. Defaults to <https://github.com/NixOS/nixpkgs.git>.
-
-## `ci/nixpkgs-vet`
-
-This directory contains scripts and files used and related to [`nixpkgs-vet`](https://github.com/NixOS/nixpkgs-vet/), which the CI uses to implement `pkgs/by-name` checks, along with many other Nixpkgs architecture rules.
-See also the [CI GitHub Action](../.github/workflows/nixpkgs-vet.yml).
-
-## `ci/nixpkgs-vet/update-pinned-tool.sh`
-
-Updates the pinned [`nixpkgs-vet` tool](https://github.com/NixOS/nixpkgs-vet) in [`ci/nixpkgs-vet/pinned-version.txt`](./nixpkgs-vet/pinned-version.txt) to the latest [release](https://github.com/NixOS/nixpkgs-vet/releases).
-
-Each release contains a pre-built `x86_64-linux` version of the tool which is used by CI.
-
-This script currently needs to be called manually when the CI tooling needs to be updated.
-
-Why not just build the tooling right from the PRs Nixpkgs version?
-
-- Because it allows CI to check all PRs, even if they would break the CI tooling.
-- Because it makes the CI check very fast, since no Nix builds need to be done, even for mass rebuilds.
-- Because it improves security, since we don't have to build potentially untrusted code from PRs.
-  The tool only needs a very minimal Nix evaluation at runtime, which can work with [readonly-mode](https://nixos.org/manual/nix/stable/command-ref/opt-common.html#opt-readonly-mode) and [restrict-eval](https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-restrict-eval).
-

ci/nixpkgs-vet.sh

@@ -1,71 +0,0 @@
-#!/usr/bin/env nix-shell
-#!nix-shell -i bash -p jq
-
-set -o pipefail -o errexit -o nounset
-
-trace() { echo >&2 "$@"; }
-
-tmp=$(mktemp -d)
-cleanup() {
-    # Don't exit early if anything fails to cleanup
-    set +o errexit
-
-    trace -n "Cleaning up.. "
-
-    [[ -e "$tmp/base" ]] && git worktree remove --force "$tmp/base"
-    [[ -e "$tmp/merged" ]] && git worktree remove --force "$tmp/merged"
-
-    rm -rf "$tmp"
-
-    trace "Done"
-}
-trap cleanup exit
-
-
-repo=https://github.com/NixOS/nixpkgs.git
-
-if (( $# != 0 )); then
-    baseBranch=$1
-    shift
-else
-    trace "Usage: $0 BASE_BRANCH [REPOSITORY]"
-    trace "BASE_BRANCH: The base branch to use, e.g. master or release-23.11"
-    trace "REPOSITORY: The repository to fetch the base branch from, defaults to $repo"
-    exit 1
-fi
-
-if (( $# != 0 )); then
-    repo=$1
-    shift
-fi
-
-if [[ -n "$(git status --porcelain)" ]]; then
-    trace -e "\e[33mWarning: Dirty tree, uncommitted changes won't be taken into account\e[0m"
-fi
-headSha=$(git rev-parse HEAD)
-trace -e "Using HEAD commit \e[34m$headSha\e[0m"
-
-trace -n "Creating Git worktree for the HEAD commit in $tmp/merged.. "
-git worktree add --detach -q "$tmp/merged" HEAD
-trace "Done"
-
-trace -n "Fetching base branch $baseBranch to compare against.. "
-git fetch -q "$repo" refs/heads/"$baseBranch"
-baseSha=$(git rev-parse FETCH_HEAD)
-trace -e "\e[34m$baseSha\e[0m"
-
-trace -n "Creating Git worktree for the base branch in $tmp/base.. "
-git worktree add -q "$tmp/base" "$baseSha"
-trace "Done"
-
-trace -n "Merging base branch into the HEAD commit in $tmp/merged.. "
-git -C "$tmp/merged" merge -q --no-edit "$baseSha"
-trace -e "\e[34m$(git -C "$tmp/merged" rev-parse HEAD)\e[0m"
-trace -n "Reading pinned nixpkgs-vet version from pinned-version.txt.. "
-toolVersion=$(<"$tmp/merged/ci/nixpkgs-vet/pinned-version.txt")
-trace -e "\e[34m$toolVersion\e[0m"
-
-trace -n "Building tool.. "
-nix-build https://github.com/NixOS/nixpkgs-vet/tarball/"$toolVersion" -o "$tmp/tool" -A build
-trace "Running nixpkgs-vet.."
-"$tmp/tool/bin/nixpkgs-vet" --base "$tmp/base" "$tmp/merged"

ci/nixpkgs-vet/pinned-version.txt

@@ -1 +0,0 @@
-0.1.4

ci/pinned-nixpkgs.json

@@ -1,4 +1,4 @@
 {
-  "rev": "4de4818c1ffa76d57787af936e8a23648bda6be4",
-  "sha256": "0l3b9jr5ydzqgvd10j12imc9jqb6jv5v2bdi1gyy5cwkwplfay67"
+  "rev": "521d48afa9ae596930a95325529df27fa7135ff5",
+  "sha256": "0a1pa5azw990narsfipdli1wng4nc3vhvrp00hb8v1qfchcq7dc9"
 }

doc/README.md

@@ -2,20 +2,10 @@
 
 This directory houses the sources files for the Nixpkgs reference manual.
 
-> [!IMPORTANT]
-> We are actively restructuring our documentation to follow the [Diátaxis framework](https://diataxis.fr/)
->
-> Going forward, this directory should **only** contain [reference documentation](https://nix.dev/contributing/documentation/diataxis#reference).
-> For tutorials, guides and explanations, contribute to <https://nix.dev/> instead.
->
-> We are actively working to generate **all** reference documentation from the [doc-comments](https://github.com/NixOS/rfcs/blob/master/rfcs/0145-doc-strings.md) present in code.
-> This also provides the benefit of using `:doc` in the `nix repl` to view reference documentation locally on the fly.
+Going forward, it should only contain [reference](https://nix.dev/contributing/documentation/diataxis#reference) documentation.
+For tutorials, guides and explanations, contribute to <https://nix.dev/> instead.
 
-For documentation only relevant for contributors, use Markdown files next to the source and regular code comments.
-
-> [!TIP]
-> Feedback for improving support for parsing and rendering doc-comments is highly appreciated.
-> [Open an issue](https://github.com/NixOS/nixpkgs/issues/new?labels=6.topic%3A+documentation&title=Doc%3A+) to request bugfixes or new features.
+For documentation only relevant for contributors, use Markdown files and code comments in the source code.
 
 Rendered documentation:
 - [Unstable (from master)](https://nixos.org/manual/nixpkgs/unstable/)
@@ -261,42 +251,25 @@ You, as the writer of documentation, are still in charge of its content.
   For example:
 
   ```markdown
-  # pkgs.coolFunction {#pkgs.coolFunction}
+  # pkgs.coolFunction
 
-  `pkgs.coolFunction` *`name`* *`config`*
+  Description of what `coolFunction` does.
 
-  Description of what `callPackage` does.
+  ## Inputs
 
+  `coolFunction` expects a single argument which should be an attribute set, with the following possible attributes:
 
-  ## Inputs {#pkgs-coolFunction-inputs}
-
-  If something's special about `coolFunction`'s general argument handling, you can say so here.
-  Otherwise, just describe the single argument or start the arguments' definition list without introduction.
-
-  *`name`* (String)
+  `name` (String)
 
   : The name of the resulting image.
 
-  *`config`* (Attribute set)
+  `tag` (String; _optional_)
 
-  : Introduce the parameter. Maybe you have a test to make sure `{ }` is a sensible default; then you can say: these attributes are optional; `{ }` is a valid argument.
+  : Tag of the generated image.
 
-    `outputHash` (String; _optional_)
-
-    : A brief explanation including when and when not to pass this attribute.
-
-    : _Default:_ the output path's hash.
+    _Default:_ the output path's hash.
   ```
 
-  Checklist:
-  - Start with a synopsis, to show the order of positional arguments.
-  - Metavariables are in emphasized code spans: ``` *`arg1`* ```. Metavariables are placeholders where users may write arbitrary expressions. This includes positional arguments.
-  - Attribute names are regular code spans: ``` `attr1` ```. These identifiers can _not_ be picked freely by users, so they are _not_ metavariables.
-  - _optional_ attributes have a _`Default:`_ if it's easily described as a value.
-  - _optional_ attributes have a _`Default behavior:`_ if it's not easily described using a value.
-  - Nix types aren't in code spans, because they are not code
-  - Nix types are capitalized, to distinguish them from the camelCase Module System types, which _are_ code and behave like functions.
-
 #### Examples
 
 To define a referenceable figure use the following fencing:

doc/build-helpers/fetchers.chapter.md

@@ -157,12 +157,6 @@ Here are security considerations for this scenario:
 
   In more concrete terms, if you use any other hash, the [`--insecure` flag](https://curl.se/docs/manpage.html#-k) will be passed to the underlying call to `curl` when downloading content.
 
-## Proxy usage {#sec-pkgs-fetchers-proxy}
-
-Nixpkgs fetchers can make use of a http(s) proxy. Each fetcher will automatically inherit proxy-related environment variables (`http_proxy`, `https_proxy`, etc) via [impureEnvVars](https://nixos.org/manual/nix/stable/language/advanced-attributes#adv-attr-impureEnvVars).
-
-The environment variable `NIX_SSL_CERT_FILE` is also inherited in fetchers, and can be used to provide a custom certificate bundle to fetchers. This is usually required for a https proxy to work without certificate validation errors.
-
 []{#fetchurl}
 ## `fetchurl` {#sec-pkgs-fetchers-fetchurl}
 

doc/build-helpers/images/appimagetools.section.md

@@ -64,7 +64,7 @@ let
 
   src = fetchurl {
     url = "https://github.com/irccloud/irccloud-desktop/releases/download/v${version}/IRCCloud-${version}-linux-x86_64.AppImage";
-    hash = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
+    sha256 = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
   };
 in appimageTools.wrapType2 {
   inherit pname version src;
@@ -100,7 +100,7 @@ let
 
   src = fetchurl {
     url = "https://github.com/irccloud/irccloud-desktop/releases/download/v${version}/IRCCloud-${version}-linux-x86_64.AppImage";
-    hash = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
+    sha256 = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
   };
 
   appimageContents = appimageTools.extract {
@@ -141,7 +141,7 @@ let
 
   src = fetchurl {
     url = "https://github.com/irccloud/irccloud-desktop/releases/download/v${version}/IRCCloud-${version}-linux-x86_64.AppImage";
-    hash = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
+    sha256 = "sha256-/hMPvYdnVB1XjKgU2v47HnVvW4+uC3rhRjbucqin4iI=";
   };
 
   appimageContents = appimageTools.extract {

doc/build-helpers/images/dockertools.section.md

@@ -50,10 +50,6 @@ Similarly, if you encounter errors similar to `Error_Protocol ("certificate has
   If specified, the layer created by `buildImage` will be appended to the layers defined in the base image, resulting in an image with at least two layers (one or more layers from the base image, and the layer created by `buildImage`).
   Otherwise, the resulting image with contain the single layer created by `buildImage`.
 
-  :::{.note}
-  Only **Env** configuration is inherited from the base image.
-  :::
-
   _Default value:_ `null`.
 
 `fromImageName` (String or Null; _optional_)
@@ -453,7 +449,7 @@ See [](#ex-dockerTools-streamLayeredImage-exploringlayers) to understand how the
 `streamLayeredImage` allows scripts to be run when creating the additional layer with symlinks, allowing custom behaviour to affect the final results of the image (see the documentation of the `extraCommands` and `fakeRootCommands` attributes).
 
 The resulting repository tarball will list a single image as specified by the `name` and `tag` attributes.
-By default, that image will use a static creation date (see documentation for the `created` and `mtime` attributes).
+By default, that image will use a static creation date (see documentation for the `created` attribute).
 This allows the function to produce reproducible images.
 
 ### Inputs {#ssec-pkgs-dockerTools-streamLayeredImage-inputs}
@@ -516,7 +512,6 @@ This allows the function to produce reproducible images.
 `created` (String; _optional_)
 
 : Specifies the time of creation of the generated image.
-  This date will be used for the image metadata.
   This should be either a date and time formatted according to [ISO-8601](https://en.wikipedia.org/wiki/ISO_8601) or `"now"`, in which case the current date will be used.
 
   :::{.caution}
@@ -525,18 +520,6 @@ This allows the function to produce reproducible images.
 
   _Default value:_ `"1970-01-01T00:00:01Z"`.
 
-`mtime` (String; _optional_)
-
-: Specifies the time used for the modification timestamp of files within the layers of the generated image.
-  This should be either a date and time formatted according to [ISO-8601](https://en.wikipedia.org/wiki/ISO_8601) or `"now"`, in which case the current date will be used.
-
-  :::{.caution}
-  Using a non-constant date will cause built layers to have a different hash each time, preventing deduplication.
-  Using `"now"` also means that the generated image will not be reproducible anymore (because the date will always change whenever it's built).
-  :::
-
-  _Default value:_ `"1970-01-01T00:00:01Z"`.
-
 `uid` (Number; _optional_) []{#dockerTools-buildLayeredImage-arg-uid}
 `gid` (Number; _optional_) []{#dockerTools-buildLayeredImage-arg-gid}
 `uname` (String; _optional_) []{#dockerTools-buildLayeredImage-arg-uname}

doc/build-helpers/testers.chapter.md

@@ -339,41 +339,6 @@ once to get a derivation hash, and again to produce the final fixed output deriv
 
 :::
 
-## `runCommand` {#tester-runCommand}
-
-`runCommand :: { name, script, stdenv ? stdenvNoCC, hash ? "...", ... } -> Derivation`
-
-This is a wrapper around `pkgs.runCommandWith`, which
-- produces a fixed-output derivation, enabling the command(s) to access the network ;
-- salts the derivation's name based on its inputs, ensuring the command is re-run whenever the inputs changes.
-
-It accepts the following attributes:
-- the derivation's `name` ;
-- the `script` to be executed ;
-- `stdenv`, the environment to use, defaulting to `stdenvNoCC` ;
-- the derivation's output `hash`, defaulting to the empty file's.
-  The derivation's `outputHashMode` is set by default to recursive, so the `script` can output a directory as well.
-
-All other attributes are passed through to [`mkDerivation`](#sec-using-stdenv),
-including `nativeBuildInputs` to specify dependencies available to the `script`.
-
-:::{.example #ex-tester-runCommand-nix}
-
-# Run a command with network access
-
-```nix
-testers.runCommand {
-  name = "access-the-internet";
-  command = ''
-    curl -o /dev/null https://example.com
-    touch $out
-  '';
-  nativeBuildInputs = with pkgs; [ cacert curl ];
-}
-```
-
-:::
-
 ## `runNixOSTest` {#tester-runNixOSTest}
 
 A helper function that behaves exactly like the NixOS `runTest`, except it also assigns this Nixpkgs package set as the `pkgs` of the test and makes the `nixpkgs.*` options read-only.

doc/build-helpers/trivial-build-helpers.chapter.md

@@ -3,122 +3,32 @@
 Nixpkgs provides a variety of wrapper functions that help build commonly useful derivations.
 Like [`stdenv.mkDerivation`](#sec-using-stdenv), each of these build helpers creates a derivation, but the arguments passed are different (usually simpler) from those required by `stdenv.mkDerivation`.
 
+## `runCommand` {#trivial-builder-runCommand}
 
-## `runCommandWith` {#trivial-builder-runCommandWith}
+`runCommand :: String -> AttrSet -> String -> Derivation`
 
-The function `runCommandWith` returns a derivation built using the specified command(s), in a specified environment.
+The result of `runCommand name drvAttrs buildCommand` is a derivation that is built by running the specified shell commands.
 
-It is the underlying base function of  all [`runCommand*` variants].
-The general behavior is controlled via a single attribute set passed
-as the first argument, and allows specifying `stdenv` freely.
+By default `runCommand` runs in a stdenv with no compiler environment, whereas [`runCommandCC`](#trivial-builder-runCommandCC) uses the default stdenv, `pkgs.stdenv`.
 
-The following [`runCommand*` variants] exist: `runCommand`, `runCommandCC`, and `runCommandLocal`.
+`name :: String`
+:   The name that Nix will append to the store path in the same way that `stdenv.mkDerivation` uses its `name` attribute.
 
-[`runCommand*` variants]: #trivial-builder-runCommand
+`drvAttr :: AttrSet`
+:   Attributes to pass to the underlying call to [`stdenv.mkDerivation`](#chap-stdenv).
 
-### Type {#trivial-builder-runCommandWith-Type}
-
-```
-runCommandWith :: {
-  name :: name;
-  stdenv? :: Derivation;
-  runLocal? :: Bool;
-  derivationArgs? :: { ... };
-} -> String -> Derivation
-```
-
-### Inputs {#trivial-builder-runCommandWith-Inputs}
-
-`name` (String)
-:   The derivation's name, which Nix will append to the store path; see [`mkDerivation`](#sec-using-stdenv).
-
-`runLocal` (Boolean)
-:   If set to `true` this forces the derivation to be built locally, not using [substitutes] nor remote builds.
-    This is intended for very cheap commands (<1s execution time) which can be sped up by avoiding the network round-trip(s).
-    Its effect is to set [`preferLocalBuild = true`][preferLocalBuild] and [`allowSubstitutes = false`][allowSubstitutes].
-
-   ::: {.note}
-   This prevents the use of [substituters][substituter], so only set `runLocal` (or use `runCommandLocal`) when certain the user will
-   always have a builder for the `system` of the derivation. This should be true for most trivial use cases
-   (e.g., just copying some files to a different location or adding symlinks) because there the `system`
-   is usually the same as `builtins.currentSystem`.
-   :::
-
-`stdenv` (Derivation)
-:   The [standard environment](#chap-stdenv) to use, defaulting to `pkgs.stdenv`
-
-`derivationArgs` (Attribute set)
-:   Additional arguments for [`mkDerivation`](#sec-using-stdenv).
-
-`buildCommand` (String)
+`buildCommand :: String`
 :   Shell commands to run in the derivation builder.
 
     ::: {.note}
     You have to create a file or directory `$out` for Nix to be able to run the builder successfully.
     :::
 
-[allowSubstitutes]: https://nixos.org/nix/manual/#adv-attr-allowSubstitutes
-[preferLocalBuild]: https://nixos.org/nix/manual/#adv-attr-preferLocalBuild
-[substituter]: https://nix.dev/manual/nix/latest/glossary#gloss-substituter
-[substitutes]: https://nix.dev/manual/nix/2.23/glossary#gloss-substitute
-
-::: {.example #ex-runcommandwith}
-# Invocation of `runCommandWith`
-
-```nix
-runCommandWith {
-  name = "example";
-  derivationArgs.nativeBuildInputs = [ cowsay ];
-} ''
-  cowsay > $out <<EOMOO
-  'runCommandWith' is a bit cumbersome,
-  so we have more ergonomic wrappers.
-  EOMOO
-''
-```
-
-:::
-
-
-## `runCommand` and `runCommandCC` {#trivial-builder-runCommand}
-
-The function `runCommand` returns a derivation built using the specified command(s), in the `stdenvNoCC` environment.
-
-`runCommandCC` is similar but uses the default compiler environment. To minimize dependencies, `runCommandCC`
-should only be used when the build command needs a C compiler.
-
-`runCommandLocal` is also similar to `runCommand`, but forces the derivation to be built locally.
-See the note on [`runCommandWith`] about `runLocal`.
-
-[`runCommandWith`]: #trivial-builder-runCommandWith
-
-### Type {#trivial-builder-runCommand-Type}
-
-```
-runCommand      :: String -> AttrSet -> String -> Derivation
-runCommandCC    :: String -> AttrSet -> String -> Derivation
-runCommandLocal :: String -> AttrSet -> String -> Derivation
-```
-
-### Input {#trivial-builder-runCommand-Input}
-
-While the type signature(s) differ from [`runCommandWith`], individual arguments with the same name will have the same type and meaning:
-
-`name` (String)
-:   The derivation's name
-
-`derivationArgs` (Attribute set)
-:   Additional parameters passed to [`mkDerivation`]
-
-`buildCommand` (String)
-:   The command(s) run to build the derivation.
-
-
 ::: {.example #ex-runcommand-simple}
 # Invocation of `runCommand`
 
 ```nix
-runCommand "my-example" {} ''
+(import <nixpkgs> {}).runCommand "my-example" {} ''
   echo My example command is running
 
   mkdir $out
@@ -139,24 +49,18 @@ runCommand "my-example" {} ''
 ```
 :::
 
+## `runCommandCC` {#trivial-builder-runCommandCC}
+
+This works just like `runCommand`. The only difference is that it also provides a C compiler in `buildCommand`'s environment. To minimize your dependencies, you should only use this if you are sure you will need a C compiler as part of running your command.
+
+## `runCommandLocal` {#trivial-builder-runCommandLocal}
+
+Variant of `runCommand` that forces the derivation to be built locally, it is not substituted. This is intended for very cheap commands (<1s execution time). It saves on the network round-trip and can speed up a build.
+
 ::: {.note}
-`runCommand name derivationArgs buildCommand` is equivalent to
-```nix
-runCommandWith {
-  inherit name derivationArgs;
-  stdenv = stdenvNoCC;
-} buildCommand
-```
-
-Likewise, `runCommandCC name derivationArgs buildCommand` is equivalent to
-```nix
-runCommandWith {
-  inherit name derivationArgs;
-} buildCommand
-```
+This sets [`allowSubstitutes` to `false`](https://nixos.org/nix/manual/#adv-attr-allowSubstitutes), so only use `runCommandLocal` if you are certain the user will always have a builder for the `system` of the derivation. This should be true for most trivial use cases (e.g., just copying some files to a different location or adding symlinks) because there the `system` is usually the same as `builtins.currentSystem`.
 :::
 
-
 ## Writing text files {#trivial-builder-text-writing}
 
 Nixpkgs provides the following functions for producing derivations which write text files or executable scripts into the Nix store.
@@ -501,7 +405,7 @@ writeTextFile {
   text = ''
     Contents of File
   '';
-  destination = "/share/my-file";
+  destination = "share/my-file";
 }
 ```
 
@@ -533,6 +437,7 @@ writeScript "my-file"
   Contents of File
   ''
 ```
+:::
 
 This is equivalent to:
 
@@ -545,7 +450,6 @@ writeTextFile {
   executable = true;
 }
 ```
-:::
 
 ### `writeScriptBin` {#trivial-builder-writeScriptBin}
 
@@ -586,7 +490,7 @@ writeTextFile {
     echo "hi"
   '';
   executable = true;
-  destination = "/bin/my-script";
+  destination = "bin/my-script";
 }
 ```
 
@@ -674,7 +578,7 @@ writeTextFile {
     echo "hi"
   '';
   executable = true;
-  destination = "/bin/my-script";
+  destination = "bin/my-script";
 }
 ```
 

doc/doc-support/lib-function-docs.nix

@@ -106,7 +106,6 @@ stdenvNoCC.mkDerivation {
       --arg nixpkgsPath "./." \
       --argstr revision ${nixpkgs.rev or "master"} \
       --argstr libsetsJSON ${lib.escapeShellArg (builtins.toJSON libsets)} \
-      --store $(mktemp -d) \
       > locations.json
 
     function docgen {

doc/doc-support/package.nix

@@ -60,7 +60,7 @@ stdenvNoCC.mkDerivation (
 
       nixos-render-docs manual html \
         --manpage-urls ./manpage-urls.json \
-        --revision ${nixpkgs.rev or "master"} \
+        --revision ${lib.trivial.revisionWithDefault (nixpkgs.rev or "master")} \
         --stylesheet style.css \
         --stylesheet highlightjs/mono-blue.css \
         --script ./highlightjs/highlight.pack.js \

doc/hooks/cernlib.section.md

@@ -1,3 +0,0 @@
-# CERNLIB {#cernlib-hook}
-
-This hook sets the `CERN`, `CERN_LEVEL`, and `CERN_ROOT` environment variables. They are part of [CERNLIB's build system](https://cernlib.web.cern.ch/install/install.html), and are are needed for some programs to compile correctly.

doc/hooks/haredo.section.md

@@ -1,29 +0,0 @@
-# `haredo` {#haredo-hook}
-
-This hook uses [the `haredo` command runner](https://sr.ht/~autumnull/haredo/) to build, check, and install the package. It overrides `buildPhase`, `checkPhase`, and `installPhase` by default.
-
-The hook builds its targets in parallel if [`config.enableParallelBuilding`](#var-stdenv-enableParallelBuilding) is set to `true`.
-
-## `buildPhase` {#haredo-hook-buildPhase}
-
-This phase attempts to build the default target.
-
-[]{#haredo-hook-haredoBuildTargets} Targets can be explicitly set by adding a string to the `haredoBuildTargets` list.
-
-[]{#haredo-hook-dontUseHaredoBuild} This behavior can be disabled by setting `dontUseHaredoBuild` to `true`.
-
-## `checkPhase` {#haredo-hook-checkPhase}
-
-This phase searches for the `check.do` or `test.do` targets, running them if they exist.
-
-[]{#haredo-hook-haredoCheckTargets} Targets can be explicitly set by adding a string to the `haredoCheckTargets` list.
-
-[]{#haredo-hook-dontUseHaredoCheck} This behavior can be disabled by setting `dontUseHaredoCheck` to `true`.
-
-## `installPhase` {#haredo-hook-installPhase}
-
-This phase attempts to build the `install.do` target, if it exists.
-
-[]{#haredo-hook-haredoInstallTargets} Targets can be explicitly set by adding a string to the `haredoInstallTargets` list.
-
-[]{#haredo-hook-dontUseHaredoInstall} This behavior can be disabled by setting `dontUseHaredoInstall` to `true`.

doc/hooks/index.md

@@ -10,14 +10,11 @@ automake.section.md
 autopatchelf.section.md
 bmake.section.md
 breakpoint.section.md
-cernlib.section.md
 cmake.section.md
 gdk-pixbuf.section.md
 ghc.section.md
 gnome.section.md
-haredo.section.md
 installShellFiles.section.md
-just.section.md
 libiconv.section.md
 libxml2.section.md
 meson.section.md
@@ -27,7 +24,6 @@ patch-rc-path-hooks.section.md
 perl.section.md
 pkg-config.section.md
 postgresql-test-hook.section.md
-premake.section.md
 python.section.md
 scons.section.md
 tetex-tex-live.section.md

doc/hooks/installShellFiles.section.md

@@ -1,79 +1,16 @@
 # `installShellFiles` {#installshellfiles}
 
-This hook adds helpers that install artifacts like executable files, manpages
-and shell completions.
+This hook helps with installing manpages and shell completion files. It exposes 2 shell functions `installManPage` and `installShellCompletion` that can be used from your `postInstall` hook.
 
-It exposes the following functions that can be used from your `postInstall`
-hook:
+The `installManPage` function takes one or more paths to manpages to install. The manpages must have a section suffix, and may optionally be compressed (with `.gz` suffix). This function will place them into the correct `share/man/man<section>/` directory, in [`outputMan`](#outputman).
 
-## `installBin` {#installshellfiles-installbin}
-
-The `installBin` function takes one or more paths to files to install as
-executable files.
-
-This function will place them into [`outputBin`](#outputbin).
-
-### Example Usage {#installshellfiles-installbin-exampleusage}
-
-```nix
-{
-  nativeBuildInputs = [ installShellFiles ];
-
-  # Sometimes the file has an undersirable name. It should be renamed before
-  # being installed via installBin
-  postInstall = ''
-    mv a.out delmar
-    installBin foobar delmar
-  '';
-}
-```
-
-## `installManPage` {#installshellfiles-installmanpage}
-
-The `installManPage` function takes one or more paths to manpages to install.
-
-The manpages must have a section suffix, and may optionally be compressed (with
-`.gz` suffix). This function will place them into the correct
-`share/man/man<section>/` directory in [`outputMan`](#outputman).
-
-### Example Usage {#installshellfiles-installmanpage-exampleusage}
-
-```nix
-{
-  nativeBuildInputs = [ installShellFiles ];
-
-  # Sometimes the manpage file has an undersirable name; e.g. it conflicts with
-  # another software with an equal name. It should be renamed before being
-  # installed via installManPage
-  postInstall = ''
-    mv fromsea.3 delmar.3
-    installManPage foobar.1 delmar.3
-  '';
-}
-```
-
-## `installShellCompletion` {#installshellfiles-installshellcompletion}
-
-The `installShellCompletion` function takes one or more paths to shell
-completion files.
-
-By default it will autodetect the shell type from the completion file extension,
-but you may also specify it by passing one of `--bash`, `--fish`, or
-`--zsh`. These flags apply to all paths listed after them (up until another
-shell flag is given). Each path may also have a custom installation name
-provided by providing a flag `--name NAME` before the path. If this flag is not
-provided, zsh completions will be renamed automatically such that `foobar.zsh`
-becomes `_foobar`. A root name may be provided for all paths using the flag
-`--cmd NAME`; this synthesizes the appropriate name depending on the shell
-(e.g. `--cmd foo` will synthesize the name `foo.bash` for bash and `_foo` for
-zsh).
-
-### Example Usage {#installshellfiles-installshellcompletion-exampleusage}
+The `installShellCompletion` function takes one or more paths to shell completion files. By default it will autodetect the shell type from the completion file extension, but you may also specify it by passing one of `--bash`, `--fish`, or `--zsh`. These flags apply to all paths listed after them (up until another shell flag is given). Each path may also have a custom installation name provided by providing a flag `--name NAME` before the path. If this flag is not provided, zsh completions will be renamed automatically such that `foobar.zsh` becomes `_foobar`. A root name may be provided for all paths using the flag `--cmd NAME`; this synthesizes the appropriate name depending on the shell (e.g. `--cmd foo` will synthesize the name `foo.bash` for bash and `_foo` for zsh).
 
 ```nix
 {
   nativeBuildInputs = [ installShellFiles ];
   postInstall = ''
+    installManPage doc/foobar.1 doc/barfoo.3
     # explicit behavior
     installShellCompletion --bash --name foobar.bash share/completions.bash
     installShellCompletion --fish --name foobar.fish share/completions.fish
@@ -84,17 +21,9 @@ zsh).
 }
 ```
 
-The path may also be a fifo or named fd (such as produced by `<(cmd)`), in which
-case the shell and name must be provided (see below).
+The path may also be a fifo or named fd (such as produced by `<(cmd)`), in which case the shell and name must be provided (see below).
 
-If the destination shell completion file is not actually present or consists of
-zero bytes after calling `installShellCompletion` this is treated as a build
-failure. In particular, if completion files are not vendored but are generated
-by running an executable, this is likely to fail in cross compilation
-scenarios. The result will be a zero byte completion file and hence a build
-failure. To prevent this, guard the completion generation commands.
-
-### Example Usage {#installshellfiles-installshellcompletion-exampleusage-guarded}
+If the destination shell completion file is not actually present or consists of zero bytes after calling `installShellCompletion` this is treated as a build failure. In particular, if completion files are not vendored but are generated by running an executable, this is likely to fail in cross compilation scenarios. The result will be a zero byte completion file and hence a build failure. To prevent this, guard the completion commands against this, e.g.
 
 ```nix
 {

doc/hooks/just.section.md

@@ -1,23 +0,0 @@
-# `just` {#just-hook}
-
-This setup hook attempts to use [the `just` command runner](https://just.systems/man/en/) to build, check, and install the package. The hook overrides `buildPhase`, `checkPhase`, and `installPhase` by default.
-
-[]{#just-hook-justFlags} The `justFlags` variable can be set to a list of strings to add additional flags passed to all invocations of `just`.
-
-## `buildPhase` {#just-hook-buildPhase}
-
-This phase attempts to invoke `just` with [the default recipe](https://just.systems/man/en/chapter_23.html).
-
-[]{#just-hook-dontUseJustBuild} This behavior can be disabled by setting `dontUseJustBuild` to `true`.
-
-## `checkPhase` {#just-hook-checkPhase}
-
-This phase attempts to invoke the `just test` recipe, if it is available. This can be overrided by setting `checkTarget` to a string.
-
-[]{#just-hook-dontUseJustCheck} This behavior can be disabled by setting `dontUseJustCheck` to `true`.
-
-## `installPhase` {#just-hook-installPhase}
-
-This phase attempts to invoke the `just install` recipe.
-
-[]{#just-hook-dontUseJustInstall} This behavior can be disabled by setting `dontUseJustInstall` to `true`.

doc/hooks/premake.section.md

@@ -1,7 +0,0 @@
-# Premake {#premake-hook}
-
-This setup hook attempts to configure the package using [the Premake build configuration system](https://premake.github.io/). It overrides the `configurePhase` by default, if none exists.
-
-[]{#premake-hook-premakefile} The Premakefile to use can be specified by setting `premakefile` in the derivation.
-
-[]{#premake-hook-premakeFlagsArray} The flags passed to Premake can be configured by adding strings to the `premakeFlags` list.

doc/languages-frameworks/coq.section.md

@@ -23,13 +23,12 @@ The recommended way of defining a derivation for a Coq library, is to use the `c
   * if it is a string of the form `owner:branch` then it tries to download the `branch` of owner `owner` for a project of the same name using the same vcs, and the `version` attribute of the resulting derivation is set to `"dev"`, additionally if the owner is not provided (i.e. if the `owner:` prefix is missing), it defaults to the original owner of the package (see below),
   * if it is a string of the form `"#N"`, and the domain is github, then it tries to download the current head of the pull request `#N` from github,
 * `defaultVersion` (optional). Coq libraries may be compatible with some specific versions of Coq only. The `defaultVersion` attribute is used when no `version` is provided (or if `version = null`) to select the version of the library to use by default, depending on the context. This selection will mainly depend on a `coq` version number but also possibly on other packages versions (e.g. `mathcomp`). If its value ends up to be `null`, the package is marked for removal in end-user `coqPackages` attribute set.
-* `release` (optional, defaults to `{}`), lists all the known releases of the library and for each of them provides an attribute set with at least a `hash` attribute (you may put the empty string `""` in order to automatically insert a fake hash, this will trigger an error which will allow you to find the correct hash), each attribute set of the list of releases also takes optional overloading arguments for the fetcher as below (i.e.`domain`, `owner`, `repo`, `rev`, `artifact` assuming the default fetcher is used) and optional overrides for the result of the fetcher (i.e. `version` and `src`).
+* `release` (optional, defaults to `{}`), lists all the known releases of the library and for each of them provides an attribute set with at least a `sha256` attribute (you may put the empty string `""` in order to automatically insert a fake sha256, this will trigger an error which will allow you to find the correct sha256), each attribute set of the list of releases also takes optional overloading arguments for the fetcher as below (i.e.`domain`, `owner`, `repo`, `rev` assuming the default fetcher is used) and optional overrides for the result of the fetcher (i.e. `version` and `src`).
 * `fetcher` (optional, defaults to a generic fetching mechanism supporting github or gitlab based infrastructures), is a function that takes at least an `owner`, a `repo`, a `rev`, and a `hash` and returns an attribute set with a `version` and `src`.
 * `repo` (optional, defaults to the value of `pname`),
 * `owner` (optional, defaults to `"coq-community"`).
 * `domain` (optional, defaults to `"github.com"`), domains including the strings `"github"` or `"gitlab"` in their names are automatically supported, otherwise, one must change the `fetcher` argument to support them (cf `pkgs/development/coq-modules/heq/default.nix` for an example),
 * `releaseRev` (optional, defaults to `(v: v)`), provides a default mapping from release names to revision hashes/branch names/tags,
-* `releaseArtifact` (optional, defaults to `(v: null)`), provides a default mapping from release names to artifact names (only works for github artifact for now),
 * `displayVersion` (optional), provides a way to alter the computation of `name` from `pname`, by explaining how to display version numbers,
 * `namePrefix` (optional, defaults to `[ "coq" ]`), provides a way to alter the computation of `name` from `pname`, by explaining which dependencies must occur in `name`,
 * `nativeBuildInputs` (optional), is a list of executables that are required to build the current derivation, in addition to the default ones (namely `which`, `dune` and `ocaml` depending on whether `useDune`, `useDuneifVersion` and `mlPlugin` are set).
@@ -70,15 +69,15 @@ mkCoqDerivation {
       { cases = [ (isEq "8.6")         (range "1.6" "1.7") ];  out = "1.1"; }
     ] null;
   release = {
-    "1.5.2".hash = "sha256-mjCx9XKa38Nz9E6wNK7YSqHdJ7YTua5fD3d6J4e7WpU=";
-    "1.5.1".hash = "sha256-Q8tm0y2FQAt2V1kZYkDlHWRia/lTvXAMVjdmzEV11I4=";
-    "1.5.0".hash = "sha256-HIK0f21G69oEW8JG46gSBde/Q2LR3GiBCv680gHbmRg=";
-    "1.5.0".rev  = "1.5";
-    "1.4".hash   = "sha256-F9g3MSIr3B6UZ3p8QWjz3/Jpw9sudJ+KRlvjiHSO024=";
-    "1.3".hash   = "sha256-BPJTlAL0ETHvLMBslE0KFVt3DNoaGuMrHt2SBGyJe1A=";
-    "1.2".hash   = "sha256-mHXBXSLYO4BN+jfN50y/+XCx0Qq5g4Ac2Y/qlsbgAdY=";
-    "1.1".hash   = "sha256-ejAsMQbB/LtU9j+g160VdGXULrCe9s0gBWzyhKqmCuE=";
-    "1.0".hash   = "sha256-tZTOltEBBKWciDxDMs/Ye4Jnq/33CANrHJ4FBMPtq+I=";
+    "1.5.2".sha256 = "15aspf3jfykp1xgsxf8knqkxv8aav2p39c2fyirw7pwsfbsv2c4s";
+    "1.5.1".sha256 = "13nlfm2wqripaq671gakz5mn4r0xwm0646araxv0nh455p9ndjs3";
+    "1.5.0".sha256 = "064rvc0x5g7y1a0nip6ic91vzmq52alf6in2bc2dmss6dmzv90hw";
+    "1.5.0".rev    = "1.5";
+    "1.4".sha256   = "0vnkirs8iqsv8s59yx1fvg1nkwnzydl42z3scya1xp1b48qkgn0p";
+    "1.3".sha256   = "0l3vi5n094nx3qmy66hsv867fnqm196r8v605kpk24gl0aa57wh4";
+    "1.2".sha256   = "1mh1w339dslgv4f810xr1b8v2w7rpx6fgk9pz96q0fyq49fw2xcq";
+    "1.1".sha256   = "1q8alsm89wkc0lhcvxlyn0pd8rbl2nnxg81zyrabpz610qqjqc3s";
+    "1.0".sha256   = "1qmbxp1h81cy3imh627pznmng0kvv37k4hrwi2faa101s6bcx55m";
   };
 
   propagatedBuildInputs =
@@ -127,7 +126,7 @@ For example, here is how you could locally add a new release of the `multinomial
 coqPackages.lib.overrideCoqDerivation
   {
     defaultVersion = "2.0";
-    release."2.0".hash = "sha256-czoP11rtrIM7+OLdMisv2EF7n/IbGuwFxHiPtg3qCNM=";
+    release."2.0".sha256 = "1lq8x86vd3vqqh2yq6hvyagpnhfq5wmk5pg2z0xq7b7dbbbhyfkk";
   }
   coqPackages.multinomials
 ```

doc/languages-frameworks/dotnet.section.md

@@ -93,18 +93,18 @@ The `dotnetCorePackages.sdk` contains both a runtime and the full sdk of a given
 To package Dotnet applications, you can use `buildDotnetModule`. This has similar arguments to `stdenv.mkDerivation`, with the following additions:
 
 * `projectFile` is used for specifying the dotnet project file, relative to the source root. These have `.sln` (entire solution) or `.csproj` (single project) file extensions. This can be a list of multiple projects as well. When omitted, will attempt to find and build the solution (`.sln`). If running into problems, make sure to set it to a file (or a list of files) with the `.csproj` extension - building applications as entire solutions is not fully supported by the .NET CLI.
-* `nugetDeps` takes either a path to a `deps.nix` file, or a derivation. The `deps.nix` file can be generated using the script attached to `passthru.fetch-deps`. For compatibility, if the argument is a list of derivations, they will be added to `buildInputs`.
+* `nugetDeps` takes either a path to a `deps.nix` file, or a derivation. The `deps.nix` file can be generated using the script attached to `passthru.fetch-deps`. If the argument is a derivation, it will be used directly and assume it has the same output as `mkNugetDeps`.
 ::: {.note}
 For more detail about managing the `deps.nix` file, see [Generating and updating NuGet dependencies](#generating-and-updating-nuget-dependencies)
 :::
 
-* `packNupkg` is used to pack project as a `nupkg`, and installs it to `$out/share`. If set to `true`, the derivation can be used as a dependency for another dotnet project by adding it to `buildInputs`.
-* `buildInputs` can be used to resolve `ProjectReference` project items. Referenced projects can be packed with `buildDotnetModule` by setting the `packNupkg = true` attribute and passing a list of derivations to `buildInputs`. Since we are sharing referenced projects as NuGets they must be added to csproj/fsproj files as `PackageReference` as well.
+* `packNupkg` is used to pack project as a `nupkg`, and installs it to `$out/share`. If set to `true`, the derivation can be used as a dependency for another dotnet project by adding it to `projectReferences`.
+* `projectReferences` can be used to resolve `ProjectReference` project items. Referenced projects can be packed with `buildDotnetModule` by setting the `packNupkg = true` attribute and passing a list of derivations to `projectReferences`. Since we are sharing referenced projects as NuGets they must be added to csproj/fsproj files as `PackageReference` as well.
  For example, your project has a local dependency:
  ```xml
      <ProjectReference Include="../foo/bar.fsproj" />
  ```
- To enable discovery through `buildInputs` you would need to add:
+ To enable discovery through `projectReferences` you would need to add:
  ```xml
      <ProjectReference Include="../foo/bar.fsproj" />
      <PackageReference Include="bar" Version="*" Condition=" '$(ContinuousIntegrationBuild)'=='true' "/>
@@ -118,7 +118,6 @@ For more detail about managing the `deps.nix` file, see [Generating and updating
 * `dotnet-sdk` is useful in cases where you need to change what dotnet SDK is being used. You can also set this to the result of `dotnetSdkPackages.combinePackages`, if the project uses multiple SDKs to build.
 * `dotnet-runtime` is useful in cases where you need to change what dotnet runtime is being used. This can be either a regular dotnet runtime, or an aspnetcore.
 * `testProjectFile` is useful in cases where the regular project file does not contain the unit tests. It gets restored and build, but not installed. You may need to regenerate your nuget lockfile after setting this. Note that if set, only tests from this project are executed.
-* `testFilters` is used to disable running unit tests based on various [filters](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-test#filter-option-details). This gets passed as: `dotnet test --filter "{}"`, with each filter being concatenated using `"&"`.
 * `disabledTests` is used to disable running specific unit tests. This gets passed as: `dotnet test --filter "FullyQualifiedName!={}"`, to ensure compatibility with all unit test frameworks.
 * `dotnetRestoreFlags` can be used to pass flags to `dotnet restore`.
 * `dotnetBuildFlags` can be used to pass flags to `dotnet build`.
@@ -144,7 +143,7 @@ in buildDotnetModule rec {
   projectFile = "src/project.sln";
   nugetDeps = ./deps.nix; # see "Generating and updating NuGet dependencies" section for details
 
-  buildInputs = [ referencedProject ]; # `referencedProject` must contain `nupkg` in the folder structure.
+  projectReferences = [ referencedProject ]; # `referencedProject` must contain `nupkg` in the folder structure.
 
   dotnet-sdk = dotnetCorePackages.sdk_6_0;
   dotnet-runtime = dotnetCorePackages.runtime_6_0;
@@ -219,7 +218,7 @@ buildDotnetGlobalTool {
 ## Generating and updating NuGet dependencies {#generating-and-updating-nuget-dependencies}
 
 When writing a new expression, you can use the generated `fetch-deps` script to initialise the lockfile.
-After setting `nugetDeps` to the desired location of the lockfile (e.g. `./deps.nix`),
+After creating a blank `deps.nix` and pointing `nugetDeps` to it,
 build the script with `nix-build -A package.fetch-deps` and then run the result.
 (When the root attr is your package, it's simply `nix-build -A fetch-deps`.)
 

doc/languages-frameworks/go.section.md

@@ -62,65 +62,6 @@ The following is an example expression using `buildGoModule`:
 }
 ```
 
-### Obtaining and overriding `vendorHash` for `buildGoModule` {#buildGoModule-vendorHash}
-
-We can use `nix-prefetch` to obtain the actual hash. The following command gets the value of `vendorHash` for package `pet`:
-
-```sh
-cd path/to/nixpkgs
-nix-prefetch -E "{ sha256 }: ((import ./. { }).my-package.overrideAttrs { vendorHash = sha256; }).goModules"
-```
-
-To obtain the hash without external tools, set `vendorHash = lib.fakeHash;` and run the build. ([more details here](#sec-source-hashes)).
-
-`vendorHash` can be overridden with `overrideAttrs`. Override the above example like this:
-
-```nix
-{
-  pet_0_4_0 = pet.overrideAttrs (
-    finalAttrs: previousAttrs: {
-      version = "0.4.0";
-      src = fetchFromGitHub {
-        inherit (previousAttrs.src) owner repo;
-        rev = "v${finalAttrs.version}";
-        hash = "sha256-gVTpzmXekQxGMucDKskGi+e+34nJwwsXwvQTjRO6Gdg=";
-      };
-      vendorHash = "sha256-dUvp7FEW09V0xMuhewPGw3TuAic/sD7xyXEYviZ2Ivs=";
-    }
-  );
-}
-```
-
-### Overriding `goModules` {#buildGoModule-goModules-override}
-
-Overriding `<pkg>.goModules` by calling `goModules.overrideAttrs` is unsupported. Still, it is possible to override the `vendorHash` (`goModules`'s `outputHash`) and the `pre`/`post` hooks for both the build and patch phases of the primary and `goModules` derivation. Alternatively, the primary derivation provides an overridable `passthru.overrideModAttrs` function to store the attribute overlay implicitly taken by `goModules.overrideAttrs`. Here's an example usage of `overrideModAttrs`:
-
-```nix
-{
-  pet-overridden = pet.overrideAttrs (
-    finalAttrs: previousAttrs: {
-      passthru = previousAttrs.passthru // {
-        # If the original package has an `overrideModAttrs` attribute set, you'd
-        # want to extend it, and not replace it. Hence we use
-        # `lib.composeExtensions`. If you are sure the `overrideModAttrs` of the
-        # original package trivially does nothing, you can safely replace it
-        # with your own by not using `lib.composeExtensions`.
-        overrideModAttrs = lib.composeExtensions previousAttrs.passthru.overrideModAttrs (
-          finalModAttrs: previousModAttrs: {
-            # goModules-specific overriding goes here
-            postBuild = ''
-              # Here you have access to the `vendor` directory.
-              substituteInPlace vendor/github.com/example/repo/file.go \
-                --replace-fail "panic(err)" ""
-            '';
-          }
-        );
-      };
-    }
-  );
-}
-```
-
 ## `buildGoPackage` (legacy) {#ssec-go-legacy}
 
 The function `buildGoPackage` builds legacy Go programs, not supporting Go modules.

doc/languages-frameworks/index.md

@@ -67,7 +67,6 @@ dotnet.section.md
 emscripten.section.md
 gnome.section.md
 go.section.md
-gradle.section.md
 hare.section.md
 haskell.section.md
 hy.section.md

doc/languages-frameworks/javascript.section.md

@@ -258,39 +258,26 @@ It returns a derivation with all `package-lock.json` dependencies downloaded int
 
 #### importNpmLock {#javascript-buildNpmPackage-importNpmLock}
 
-This function replaces the npm dependency references in `package.json` and `package-lock.json` with paths to the Nix store.
-How each dependency is fetched can be customized with the `fetcherOpts` argument.
+`importNpmLock` is a Nix function that requires the following optional arguments:
 
-This is a simpler and more convenient alternative to [`fetchNpmDeps`](#javascript-buildNpmPackage-fetchNpmDeps) for managing npm dependencies in Nixpkgs.
-There is no need to specify a `hash`, since it relies entirely on the integrity hashes already present in the `package-lock.json` file.
-
-##### Inputs {#javascript-buildNpmPackage-inputs}
-
-- `npmRoot`: Path to package directory containing the source tree.
-  If this is omitted, the `package` and `packageLock` arguments must be specified instead.
+- `npmRoot`: Path to package directory containing the source tree
 - `package`: Parsed contents of `package.json`
 - `packageLock`: Parsed contents of `package-lock.json`
 - `pname`: Package name
 - `version`: Package version
-- `fetcherOpts`: An attribute set of arguments forwarded to the underlying fetcher.
 
 It returns a derivation with a patched `package.json` & `package-lock.json` with all dependencies resolved to Nix store paths.
 
-:::{.note}
-`npmHooks.npmConfigHook` cannot be used with `importNpmLock`.
-Use `importNpmLock.npmConfigHook` instead.
-:::
+This function is analogous to using `fetchNpmDeps`, but instead of specifying `hash` it uses metadata from `package.json` & `package-lock.json`.
 
-:::{.example}
+Note that `npmHooks.npmConfigHook` cannot be used with `importNpmLock`. You will instead need to use `importNpmLock.npmConfigHook`:
 
-##### `pkgs.importNpmLock` usage example {#javascript-buildNpmPackage-example}
 ```nix
 { buildNpmPackage, importNpmLock }:
 
 buildNpmPackage {
   pname = "hello";
   version = "0.1.0";
-  src = ./.;
 
   npmDeps = importNpmLock {
     npmRoot = ./.;
@@ -299,75 +286,6 @@ buildNpmPackage {
   npmConfigHook = importNpmLock.npmConfigHook;
 }
 ```
-:::
-
-:::{.example}
-##### `pkgs.importNpmLock` usage example with `fetcherOpts` {#javascript-buildNpmPackage-example-fetcherOpts}
-
-`importNpmLock` uses the following fetchers:
-
-- `pkgs.fetchurl` for `http(s)` dependencies
-- `builtins.fetchGit` for `git` dependencies
-
-It is possible to provide additional arguments to individual fetchers as needed:
-
-```nix
-{ buildNpmPackage, importNpmLock }:
-
-buildNpmPackage {
-  pname = "hello";
-  version = "0.1.0";
-  src = ./.;
-
-  npmDeps = importNpmLock {
-    npmRoot = ./.;
-    fetcherOpts = {
-      # Pass 'curlOptsList' to 'pkgs.fetchurl' while fetching 'axios'
-      { "node_modules/axios" = { curlOptsList = [ "--verbose" ]; }; }
-    };
-  };
-
-  npmConfigHook = importNpmLock.npmConfigHook;
-}
-```
-:::
-
-#### importNpmLock.buildNodeModules {#javascript-buildNpmPackage-importNpmLock.buildNodeModules}
-
-`importNpmLock.buildNodeModules` returns a derivation with a pre-built `node_modules` directory, as imported by `importNpmLock`.
-
-This is to be used together with `importNpmLock.hooks.linkNodeModulesHook` to facilitate `nix-shell`/`nix develop` based development workflows.
-
-It accepts an argument with the following attributes:
-
-`npmRoot` (Path; optional)
-: Path to package directory containing the source tree. If not specified, the `package` and `packageLock` arguments must both be specified.
-
-`package` (Attrset; optional)
-: Parsed contents of `package.json`, as returned by `lib.importJSON ./my-package.json`. If not specified, the `package.json` in `npmRoot` is used.
-
-`packageLock` (Attrset; optional)
-: Parsed contents of `package-lock.json`, as returned `lib.importJSON ./my-package-lock.json`. If not specified, the `package-lock.json` in `npmRoot` is used.
-
-`derivationArgs` (`mkDerivation` attrset; optional)
-: Arguments passed to `stdenv.mkDerivation`
-
-For example:
-
-```nix
-pkgs.mkShell {
-  packages = [
-    importNpmLock.hooks.linkNodeModulesHook
-    nodejs
-  ];
-
-  npmDeps = importNpmLock.buildNodeModules {
-    npmRoot = ./.;
-    inherit nodejs;
-  };
-}
-```
-will create a development shell where a `node_modules` directory is created & packages symlinked to the Nix store when activated.
 
 ### corepack {#javascript-corepack}
 
@@ -428,11 +346,11 @@ NOTE: It is highly recommended to use a pinned version of pnpm (i.e. `pnpm_8` or
 
 In case you are patching `package.json` or `pnpm-lock.yaml`, make sure to pass `finalAttrs.patches` to the function as well (i.e. `inherit (finalAttrs) patches`.
 
-`pnpm.configHook` supports adding additional `pnpm install` flags via `pnpmInstallFlags` which can be set to a Nix string array.
-
 #### Dealing with `sourceRoot` {#javascript-pnpm-sourceRoot}
 
-If the pnpm project is in a subdirectory, you can just define `sourceRoot` or `setSourceRoot` for `fetchDeps`.
+NOTE: Nixpkgs pnpm tooling doesn't support building projects with a `pnpm-workspace.yaml`, or building monorepos. It maybe possible to use `pnpm.fetchDeps` for these projects, but it may be hard or impossible to produce a binary from such projects ([an example attempt](https://github.com/NixOS/nixpkgs/pull/290715#issuecomment-2144543728)).
+
+If the pnpm project is in a subdirectory, you can just define `sourceRoot` or `setSourceRoot` for `fetchDeps`. Note, that projects using `pnpm-workspace.yaml` are currently not supported, and will probably not work using this approach.
 If `sourceRoot` is different between the parent derivation and `fetchDeps`, you will have to set `pnpmRoot` to effectively be the same location as it is in `fetchDeps`.
 
 Assuming the following directory structure, we can define `sourceRoot` and `pnpmRoot` as follows:
@@ -457,62 +375,12 @@ Assuming the following directory structure, we can define `sourceRoot` and `pnpm
   pnpmRoot = "frontend";
 ```
 
-#### PNPM Workspaces {#javascript-pnpm-workspaces}
-
-If you need to use a PNPM workspace for your project, then set `pnpmWorkspace = "<workspace project name>"` in your `pnpm.fetchDeps` call,
-which will make PNPM only install dependencies for that workspace package.
-
-For example:
-
-```nix
-...
-pnpmWorkspace = "@astrojs/language-server";
-pnpmDeps = pnpm.fetchDeps {
-  inherit (finalAttrs) pnpmWorkspace;
-  ...
-}
-```
-
-The above would make `pnpm.fetchDeps` call only install dependencies for the `@astrojs/language-server` workspace package.
-Note that you do not need to set `sourceRoot` to make this work.
-
-Usually in such cases, you'd want to use `pnpm --filter=$pnpmWorkspace build` to build your project, as `npmHooks.npmBuildHook` probably won't work. A `buildPhase` based on the following example will probably fit most workspace projects:
-
-```nix
-buildPhase = ''
-  runHook preBuild
-
-  pnpm --filter=@astrojs/language-server build
-
-  runHook postBuild
-'';
-```
-
-#### Additional PNPM Commands and settings {#javascript-pnpm-extraCommands}
-
-If you require setting an additional PNPM configuration setting (such as `dedupe-peer-dependents` or similar),
-set `prePnpmInstall` to the right commands to run. For example:
-
-```nix
-prePnpmInstall = ''
-  pnpm config set dedupe-peer-dependants false
-'';
-pnpmDeps = pnpm.fetchDeps {
-  inherit (finalAttrs) prePnpmInstall;
-  ...
-};
-```
-
-In this example, `prePnpmInstall` will be run by both `pnpm.configHook` and by the `pnpm.fetchDeps` builder.
-
-
 ### Yarn {#javascript-yarn}
 
 Yarn based projects use a `yarn.lock` file instead of a `package-lock.json` to pin dependencies. Nixpkgs provides the Nix function `fetchYarnDeps` which fetches an offline cache suitable for running `yarn install` before building the project. In addition, Nixpkgs provides the hooks:
 
 - `yarnConfigHook`: Fetches the dependencies from the offline cache and installs them into `node_modules`.
 - `yarnBuildHook`: Runs `yarn build` or a specified `yarn` command that builds the project.
-- `yarnInstallHook`: Runs `yarn install --production` to prune dependencies and installs the project into `$out`.
 
 An example usage of the above attributes is:
 
@@ -524,8 +392,8 @@ An example usage of the above attributes is:
   fetchYarnDeps,
   yarnConfigHook,
   yarnBuildHook,
-  yarnInstallHook,
   nodejs,
+  npmHooks,
 }:
 
 stdenv.mkDerivation (finalAttrs: {
@@ -541,15 +409,15 @@ stdenv.mkDerivation (finalAttrs: {
 
   yarnOfflineCache = fetchYarnDeps {
     yarnLock = finalAttrs.src + "/yarn.lock";
-    hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+    hash = "sha256-mo8urQaWIHu33+r0Y7mL9mJ/aSe/5CihuIetTeDHEUQ=";
   };
 
   nativeBuildInputs = [
     yarnConfigHook
     yarnBuildHook
-    yarnInstallHook
     # Needed for executing package.json scripts
     nodejs
+    npmHooks.npmInstallHook
   ];
 
   meta = {
@@ -558,6 +426,8 @@ stdenv.mkDerivation (finalAttrs: {
 })
 ```
 
+Note that there is no setup hook for installing yarn based packages - `npmHooks.npmInstallHook` should fit most cases, but sometimes you may need to override the `installPhase` completely.
+
 #### `yarnConfigHook` arguments {#javascript-yarnconfighook}
 
 By default, `yarnConfigHook` relies upon the attribute `${yarnOfflineCache}` (or `${offlineCache}` if the former is not set) to find the location of the offline cache produced by `fetchYarnDeps`. To disable this phase, you can set `dontYarnInstallDeps = true` or override the `configurePhase`.
@@ -569,15 +439,9 @@ This script by default runs `yarn --offline build`, and it relies upon the proje
 - `yarnBuildScript`: Sets a different `yarn --offline` subcommand (defaults to `build`).
 - `yarnBuildFlags`: Single string list of additional flags to pass the above command, or a Nix list of such additional flags.
 
-#### `yarnInstallHook` arguments {#javascript-yarninstallhook}
-
-To install the package `yarnInstallHook` uses both `npm` and `yarn` to cleanup project files and dependencies. To disable this phase, you can set `dontYarnInstall = true` or override the `installPhase`. Below is a list of additional `mkDerivation` arguments read by this hook:
-
-- `yarnKeepDevDeps`: Disables the removal of devDependencies from `node_modules` before installation.
-
 ### yarn2nix {#javascript-yarn2nix}
 
-WARNING: The `yarn2nix` functions have been deprecated in favor of the new `yarnConfigHook`, `yarnBuildHook` and `yarnInstallHook`. Documentation for them still appears here for the sake of the packages that still use them. See also a tracking issue [#324246](https://github.com/NixOS/nixpkgs/issues/324246).
+WARNING: The `yarn2nix` functions have been deprecated in favor of the new `yarnConfigHook` and `yarnBuildHook`. Documentation for them still appears here for the sake of the packages that still use them. See also a tracking issue [#324246](https://github.com/NixOS/nixpkgs/issues/324246).
 
 #### Preparation {#javascript-yarn2nix-preparation}
 

doc/languages-frameworks/maven.section.md

@@ -219,10 +219,10 @@ stdenv.mkDerivation {
 
   # don't do any fixup
   dontFixup = true;
-  outputHashAlgo = null;
+  outputHashAlgo = "sha256";
   outputHashMode = "recursive";
   # replace this with the correct SHA256
-  outputHash = lib.fakeHash;
+  outputHash = lib.fakeSha256;
 }
 ```
 

doc/languages-frameworks/python.section.md

@@ -55,19 +55,13 @@ sets are
 * `pkgs.python311Packages`
 * `pkgs.python312Packages`
 * `pkgs.python313Packages`
-* `pkgs.pypy27Packages`
-* `pkgs.pypy39Packages`
-* `pkgs.pypy310Packages`
+* `pkgs.pypyPackages`
 
 and the aliases
 
 * `pkgs.python2Packages` pointing to `pkgs.python27Packages`
-* `pkgs.python3Packages` pointing to `pkgs.python312Packages`
+* `pkgs.python3Packages` pointing to `pkgs.python311Packages`
 * `pkgs.pythonPackages` pointing to `pkgs.python2Packages`
-* `pkgs.pypy2Packages` pointing to `pkgs.pypy27Packages`
-* `pkgs.pypy3Packages` pointing to `pkgs.pypy39Packages`
-* `pkgs.pypyPackages` pointing to `pkgs.pypy2Packages`
-
 
 #### `buildPythonPackage` function {#buildpythonpackage-function}
 
@@ -168,8 +162,7 @@ following are specific to `buildPythonPackage`:
 * `dontWrapPythonPrograms ? false`: Skip wrapping of Python programs.
 * `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment
   variable in wrapped programs.
-* `pyproject`: Whether the pyproject format should be used. As all other formats
-  are deprecated, you are recommended to set this to `true`. When you do so,
+* `pyproject`: Whether the pyproject format should be used. When set to `true`,
   `pypaBuildHook` will be used, and you can add the required build dependencies
   from `build-system.requires` to `build-system`. Note that the pyproject
   format falls back to using `setuptools`, so you can use `pyproject = true`
@@ -214,6 +207,9 @@ because their behaviour is different:
   paths included in this list. Items listed in `install_requires` go here.
 * `optional-dependencies ? { }`: Optional feature flagged dependencies.  Items listed in `extras_requires` go here.
 
+Aside from propagating dependencies,
+  `buildPythonPackage` also injects code into and wraps executables with the
+  paths included in this list. Items listed in `extras_requires` go here.
 
 ##### Overriding Python packages {#overriding-python-packages}
 
@@ -313,7 +309,13 @@ python3Packages.buildPythonApplication rec {
 }
 ```
 
-This is then added to `pkgs/by-name` just as any other application would be.
+This is then added to `all-packages.nix` just as any other application would be.
+
+```nix
+{
+  luigi = callPackage ../applications/networking/cluster/luigi { };
+}
+```
 
 Since the package is an application, a consumer doesn't need to care about
 Python versions or modules, which is why they don't go in `python3Packages`.
@@ -322,27 +324,25 @@ Python versions or modules, which is why they don't go in `python3Packages`.
 
 A distinction is made between applications and libraries, however, sometimes a
 package is used as both. In this case the package is added as a library to
-`python-packages.nix` and as an application to `pkgs/by-name`. To reduce
+`python-packages.nix` and as an application to `all-packages.nix`. To reduce
 duplication the `toPythonApplication` can be used to convert a library to an
 application.
 
 The Nix expression shall use [`buildPythonPackage`](#buildpythonpackage-function) and be called from
-`python-packages.nix`. A reference shall be created from `pkgs/by-name` to
+`python-packages.nix`. A reference shall be created from `all-packages.nix` to
 the attribute in `python-packages.nix`, and the `toPythonApplication` shall be
 applied to the reference:
 
 ```nix
 {
-  python3Packages,
-}:
-
-python3Packages.toPythonApplication python3Packages.youtube-dl
+  youtube-dl = with python3Packages; toPythonApplication youtube-dl;
+}
 ```
 
 #### `toPythonModule` function {#topythonmodule-function}
 
 In some cases, such as bindings, a package is created using
-[`stdenv.mkDerivation`](#sec-using-stdenv) and added as attribute in `pkgs/by-name` or in `all-packages.nix`. The Python
+[`stdenv.mkDerivation`](#sec-using-stdenv) and added as attribute in `all-packages.nix`. The Python
 bindings should be made available from `python-packages.nix`. The
 `toPythonModule` function takes a derivation and makes certain Python-specific
 modifications.
@@ -358,66 +358,6 @@ modifications.
 
 Do pay attention to passing in the right Python version!
 
-#### `mkPythonMetaPackage` function {#mkpythonmetapackage-function}
-
-This will create a meta package containing [metadata files](https://packaging.python.org/en/latest/specifications/recording-installed-packages/) to satisfy a dependency on a package, without it actually having been installed into the environment.
-In nixpkgs this is used to package Python packages with split binary/source distributions such as [psycopg2](https://pypi.org/project/psycopg2/)/[psycopg2-binary](https://pypi.org/project/psycopg2-binary/).
-
-```nix
-mkPythonMetaPackage {
-  pname = "psycopg2-binary";
-  inherit (psycopg2) optional-dependencies version;
-  dependencies = [ psycopg2 ];
-  meta = {
-    inherit (psycopg2.meta) description homepage;
-  };
-}
-```
-
-#### `mkPythonEditablePackage` function {#mkpythoneditablepackage-function}
-
-When developing Python packages it's common to install packages in [editable mode](https://setuptools.pypa.io/en/latest/userguide/development_mode.html).
-Like `mkPythonMetaPackage` this function exists to create an otherwise empty package, but also containing a pointer to an impure location outside the Nix store that can be changed without rebuilding.
-
-The editable root is passed as a string. Normally `.pth` files contains absolute paths to the mutable location. This isn't always ergonomic with Nix, so environment variables are expanded at runtime.
-This means that a shell hook setting up something like a `$REPO_ROOT` variable can be used as the relative package root.
-
-As an implementation detail, the [PEP-518](https://peps.python.org/pep-0518/) `build-system` specified won't be used, but instead the editable package will be built using [hatchling](https://pypi.org/project/hatchling/).
-The `build-system`'s provided will instead become runtime dependencies of the editable package.
-
-Note that overriding packages deeper in the dependency graph _can_ work, but it's not the primary use case and overriding existing packages can make others break in unexpected ways.
-
-``` nix
-{ pkgs ? import <nixpkgs> { } }:
-
-let
-  pyproject = pkgs.lib.importTOML ./pyproject.toml;
-
-  myPython = pkgs.python.override {
-    self = myPython;
-    packageOverrides = pyfinal: pyprev: {
-      # An editable package with a script that loads our mutable location
-      my-editable = pyfinal.mkPythonEditablePackage {
-        # Inherit project metadata from pyproject.toml
-        pname = pyproject.project.name;
-        inherit (pyproject.project) version;
-
-        # The editable root passed as a string
-        root = "$REPO_ROOT/src"; # Use environment variable expansion at runtime
-
-        # Inject a script (other PEP-621 entrypoints are also accepted)
-        inherit (pyproject.project) scripts;
-      };
-    };
-  };
-
-  pythonEnv =  testPython.withPackages (ps: [ ps.my-editable ]);
-
-in pkgs.mkShell {
-  packages = [ pythonEnv ];
-}
-```
-
 #### `python.buildEnv` function {#python.buildenv-function}
 
 Python environments can be created using the low-level `pkgs.buildEnv` function.
@@ -534,6 +474,7 @@ are used in [`buildPythonPackage`](#buildpythonpackage-function).
   See [example usage](#using-pythonrelaxdepshook).
 - `pythonRemoveBinBytecode` to remove bytecode from the `/bin` folder.
 - `setuptoolsBuildHook` to build a wheel using `setuptools`.
+- `setuptoolsCheckHook` to run tests with `python setup.py test`.
 - `sphinxHook` to build documentation and manpages using Sphinx.
 - `venvShellHook` to source a Python 3 `venv` at the `venvDir` location. A
   `venv` is created if it does not yet exist. `postVenvCreation` can be used to
@@ -1423,10 +1364,6 @@ those specified in `build-system`. If a package requires incompatible build
 time dependencies, they should be removed in `postPatch` through
 `substituteInPlace` or similar.
 
-For ease of use, both `buildPythonPackage` and `buildPythonApplication` will
-automatically add `pythonRelaxDepsHook` if either `pythonRelaxDeps` or
-`pythonRemoveDeps` is specified.
-
 #### Using unittestCheckHook {#using-unittestcheckhook}
 
 `unittestCheckHook` is a hook which will set up (or configure) a [`checkPhase`](#ssec-check-phase) to run `python -m unittest discover`:
@@ -2090,8 +2027,8 @@ no maintainer, so maintenance falls back to the package set maintainers.
 
 ### Updating packages in bulk {#python-package-bulk-updates}
 
-A tool to bulk-update numerous Python libraries is available in the
-repository at `maintainers/scripts/update-python-libraries`.
+There is a tool to update alot of python libraries in bulk, it exists at
+`maintainers/scripts/update-python-libraries` with this repository.
 
 It can quickly update minor or major versions for all packages selected
 and create update commits, and supports the `fetchPypi`, `fetchurl` and

doc/languages-frameworks/r.section.md

@@ -104,27 +104,24 @@ directory and executed as follows:
 ```bash
 nix-shell generate-shell.nix
 
-Rscript generate-r-packages.R cran  > cran-packages.json.new
-mv cran-packages.json.new cran-packages.json
+Rscript generate-r-packages.R cran  > cran-packages.nix.new
+mv cran-packages.nix.new cran-packages.nix
 
-Rscript generate-r-packages.R bioc  > bioc-packages.json.new
-mv bioc-packages.json.new bioc-packages.json
+Rscript generate-r-packages.R bioc  > bioc-packages.nix.new
+mv bioc-packages.nix.new bioc-packages.nix
 
-Rscript generate-r-packages.R bioc-annotation > bioc-annotation-packages.json.new
-mv bioc-annotation-packages.json.new bioc-annotation-packages.json
+Rscript generate-r-packages.R bioc-annotation > bioc-annotation-packages.nix.new
+mv bioc-annotation-packages.nix.new bioc-annotation-packages.nix
 
-Rscript generate-r-packages.R bioc-experiment > bioc-experiment-packages.json.new
-mv bioc-experiment-packages.json.new bioc-experiment-packages.json
+Rscript generate-r-packages.R bioc-experiment > bioc-experiment-packages.nix.new
+mv bioc-experiment-packages.nix.new bioc-experiment-packages.nix
 ```
 
-`generate-r-packages.R <repo>` reads  `<repo>-packages.json`, therefore
+`generate-r-packages.R <repo>` reads  `<repo>-packages.nix`, therefore
 the renaming.
 
-The contents of a generated `*-packages.json` file will be used to
-create a package derivation for each R package listed in the file.
-
 Some packages require overrides to specify external dependencies or other
 patches and special requirements. These overrides are specified in the
-`pkgs/development/r-modules/default.nix` file. As the `*-packages.json`
+`pkgs/development/r-modules/default.nix` file. As the `*-packages.nix`
 contents are automatically generated it should not be edited and broken
 builds should be addressed using overrides.

doc/languages-frameworks/ruby.section.md

@@ -2,7 +2,7 @@
 
 ## Using Ruby {#using-ruby}
 
-Several versions of Ruby interpreters are available on Nix, as well as over 250 gems and many applications written in Ruby. The attribute `ruby` refers to the default Ruby interpreter, which is currently MRI 3.3. It's also possible to refer to specific versions, e.g. `ruby_3_y`, `jruby`, or `mruby`.
+Several versions of Ruby interpreters are available on Nix, as well as over 250 gems and many applications written in Ruby. The attribute `ruby` refers to the default Ruby interpreter, which is currently MRI 3.1. It's also possible to refer to specific versions, e.g. `ruby_3_y`, `jruby`, or `mruby`.
 
 In the Nixpkgs tree, Ruby packages can be found throughout, depending on what they do, and are called from the main package set. Ruby gems, however are separate sets, and there's one default set for each interpreter (currently MRI only).
 
@@ -154,7 +154,7 @@ let
     defaultGemConfig = pkgs.defaultGemConfig // {
       pg = attrs: {
         buildFlags =
-        [ "--with-pg-config=${lib.getDev pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
+        [ "--with-pg-config=${pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
       };
     };
   };
@@ -172,7 +172,7 @@ let
     gemConfig = pkgs.defaultGemConfig // {
       pg = attrs: {
         buildFlags =
-        [ "--with-pg-config=${lib.getDev pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
+        [ "--with-pg-config=${pkgs."postgresql_${pg_version}"}/bin/pg_config" ];
       };
     };
   };
@@ -190,7 +190,9 @@ let
         defaultGemConfig = super.defaultGemConfig // {
           pg = attrs: {
             buildFlags = [
-              "--with-pg-config=${lib.getDev pkgs."postgresql_${pg_version}"}/bin/pg_config"
+              "--with-pg-config=${
+                pkgs."postgresql_${pg_version}"
+              }/bin/pg_config"
             ];
           };
         };

doc/languages-frameworks/rust.section.md

@@ -41,7 +41,7 @@ rustPlatform.buildRustPackage rec {
     description = "Fast line-oriented regex search tool, similar to ag and ack";
     homepage = "https://github.com/BurntSushi/ripgrep";
     license = lib.licenses.unlicense;
-    maintainers = [ ];
+    maintainers = [];
   };
 }
 ```
@@ -567,7 +567,8 @@ buildPythonPackage rec {
   };
 
   cargoDeps = rustPlatform.fetchCargoTarball {
-    inherit pname version src sourceRoot;
+    inherit src sourceRoot;
+    name = "${pname}-${version}";
     hash = "sha256-miW//pnOmww2i6SOGbkrAIdc/JMDT4FJLqdMFojZeoY=";
   };
 
@@ -610,8 +611,9 @@ buildPythonPackage rec {
   };
 
   cargoDeps = rustPlatform.fetchCargoTarball {
-    inherit pname version src;
+    inherit src;
     sourceRoot = "${pname}-${version}/${cargoRoot}";
+    name = "${pname}-${version}";
     hash = "sha256-PS562W4L1NimqDV2H0jl5vYhL08H9est/pbIxSdYVfo=";
   };
 
@@ -640,7 +642,6 @@ builds the `retworkx` Python package. `fetchCargoTarball` and
 buildPythonPackage rec {
   pname = "retworkx";
   version = "0.6.0";
-  pyproject = true;
 
   src = fetchFromGitHub {
     owner = "Qiskit";
@@ -650,10 +651,13 @@ buildPythonPackage rec {
   };
 
   cargoDeps = rustPlatform.fetchCargoTarball {
-    inherit pname version src;
+    inherit src;
+    name = "${pname}-${version}";
     hash = "sha256-heOBK8qi2nuc/Ib+I/vLzZ1fUUD/G/KTw9d7M4Hz5O0=";
   };
 
+  format = "pyproject";
+
   nativeBuildInputs = with rustPlatform; [ cargoSetupHook maturinBuildHook ];
 
   # ...
@@ -694,7 +698,8 @@ stdenv.mkDerivation rec {
   };
 
   cargoDeps = rustPlatform.fetchCargoTarball {
-    inherit pname version src;
+    inherit src;
+    name = "${pname}-${version}";
     hash = "sha256-8fa3fa+sFi5H+49B5sr2vYPkp9C9s6CcE0zv4xB8gww=";
   };
 

doc/languages-frameworks/vim.section.md

@@ -232,14 +232,6 @@ To add a new plugin, run `nix-shell -p vimPluginsUpdater --run 'vim-plugins-upda
 
 Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `vimPluginsUpdater` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of the Language Server Protocol integration with Vim/Neovim.
 
-### Plugin optional configuration {#vim-plugin-required-snippet}
-
-Some plugins require specific configuration to work. We choose not to
-patch those plugins but expose the necessary configuration under
-`PLUGIN.passthru.initLua` for neovim plugins. For instance, the `unicode-vim` plugin
-needs the path towards a unicode database so we expose the following snippet `vim.g.Unicode_data_directory="${self.unicode-vim}/autoload/unicode"` under `vimPlugins.unicode-vim.passthru.initLua`.
-
-
 ## Updating plugins in nixpkgs {#updating-plugins-in-nixpkgs}
 
 Run the update script with a GitHub API token that has at least `public_repo` access. Running the script without the token is likely to result in rate-limiting (429 errors). For steps on creating an API token, please refer to [GitHub's token documentation](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token).

doc/packages/build-support.md

@@ -1,102 +0,0 @@
-# Build Support {#sec-build-support}
-
-## `pkgs.substitute` {#pkgs-substitute}
-
-`pkgs.substitute` is a wrapper around [the `substitute` Bash function](#fun-substitute) in the standard environment.
-It replaces strings in `src` as specified by the `substitutions` argument.
-
-
-:::{.example #ex-pkgs-substitute}
-# Usage of `pkgs.substitute`
-
-In a build script, the line:
-
-```bash
-substitute $infile $outfile --replace-fail @foo@ ${foopkg}/bin/foo
-```
-
-is equivalent to:
-
-```nix
-{ substitute, foopkg }:
-substitute {
-  src = ./sourcefile.txt;
-  substitutions = [
-    "--replace"
-    "@foo@"
-    "${foopkg}/bin/foo"
-  ];
-}
-```
-:::
-
-## `pkgs.substituteAll` {#pkgs-substituteall}
-
-`pkgs.substituteAll` substitutes all instances of `@varName@` (`@`s included) in file `src` with the value of the corresponding environment variable.
-As this uses the [`substituteAll`] (#fun-substitute) function, its limitations regarding variable names that will or will not be replaced also apply here.
-
-:::{.example #ex-pkgs-substituteAll}
-# Usage of `pkgs.substituteAll`
-
-If `say-goodbye.sh` contains the following:
-
-```bash
-#! @bash@/bin/bash
-
-echo @unchanged@
-@hello@/bin/hello --greeting @greeting@
-```
-
-the following derivation will make substitutions to `@bash@`, `@hello@`, and `@greeting@`:
-
-```nix
-{
-  substituteAll,
-  bash,
-  hello,
-}:
-substituteAll {
-  src = ./say-goodbye.sh;
-  env = {
-    inherit bash hello;
-    greeting = "goodbye";
-  };
-}
-```
-
-such that `$out` will result in something like the following:
-
-```
-#! /nix/store/s30jrpgav677fpc9yvkqsib70xfmx7xi-bash-5.2p26/bin/bash
-
-echo @unchanged@
-/nix/store/566f5isbvw014h7knmzmxa5l6hshx43k-hello-2.12.1/bin/hello --greeting goodbye
-```
-:::
-
-## `pkgs.substituteAllFiles` {#pkgs-substituteallfiles}
-
-`pkgs.substituteAllFiles` replaces `@varName@` with the value of the environment variable `varName`.
-It expects `src` to be a directory and requires a `files` argument that specifies which files will be subject to replacements; only these files will be placed in `$out`.
-
-As it also uses the `substituteAll` function, it is subject to the same limitations on environment variables as discussed in [pkgs.substituteAll](#pkgs-substituteall).
-
-:::{.example #ex-pkgs-substitute-all-files}
-# Usage of `pkgs.substituteAllFiles`
-
-If the current directory contains `{foo,bar,baz}.txt` and the following `default.nix`
-
-```nix
-{ substituteAllFiles }:
-substituteAllFiles {
-  src = ./.;
-  files = [
-    "foo.txt"
-    "bar.txt"
-  ];
-  hello = "there";
-}
-```
-
-in the resulting derivation, every instance of `@hello@` will be replaced with `there` in `$out/foo.txt` and` `$out/bar.txt`; `baz.txt` will not be processed nor will it appear in `$out`.
-:::

doc/packages/geant4.section.md

@@ -1,15 +0,0 @@
-# Geant4 {#geant4}
-
-[Geant4](https://www.geant4.org/) is a toolkit for simulating how particles pass through matter. It is available through the `geant4` package.
-
-## Setup hook {#geant4-hook}
-
-The setup hook included in the package applies the environment variables set by the [`geant4.sh` script](https://github.com/Geant4/geant4/blob/master/cmake/Modules/G4ConfigureGNUMakeHelpers.cmake#L4-L55), which is typically necessary for compiling `make`-based programs that depend on Geant4.
-
-## Datasets {#geant4-datasets}
-
-All of [the Geant4 datasets provided by CERN](https://geant4.web.cern.ch/support/download) are available through the `geant4.data` attrset.
-
-### Setup hook {#geant4-datasets-hook}
-
-The hook provided by the packages in `geant4.data` will set an appropriate environment variable in the form of `G4[...]DATA`. For example, for the `G4RadioactiveDecay` dataset, the `G4RADIOACTIVEDATA` environment variable is set to the value expected by Geant4.

doc/packages/index.md

@@ -12,12 +12,10 @@ emacs.section.md
 firefox.section.md
 fish.section.md
 fuse.section.md
-geant4.section.md
 ibus.section.md
 kakoune.section.md
 krita.section.md
 linux.section.md
-lhapdf.section.md
 locales.section.md
 etc-files.section.md
 nginx.section.md
@@ -29,5 +27,4 @@ urxvt.section.md
 vcpkg.section.md
 weechat.section.md
 xorg.section.md
-build-support.md
 ```

doc/packages/lhapdf.section.md

@@ -1,11 +0,0 @@
-# LHAPDF {#lhapdf}
-
-[LHAPDF](https://lhapdf.hepforge.org/) is a tool for evaluating parton distribution functions (PDFs) in high-energy physics. LHAPDF is available in the `lhapdf` package.
-
-## PDF sets {#lhapdf-sets}
-
-All of [the PDF sets made available by the LHAPDF project](https://lhapdf.hepforge.org/pdfsets.html) are available through the `lhapdf.pdf_sets` attrset.
-
-### Setup hook {#lhapdf-sets-hook}
-
-Each package provided in the `lhapdf.pdf_sets` attrset contains a setup hook which adds itself to [the `LHAPDF_DATA_PATH` environment variable](https://lhapdf.hepforge.org/#sets).

doc/packages/linux.section.md

@@ -52,7 +52,7 @@ pkgs.linuxPackages_custom {
   version = "6.1.55";
   src = pkgs.fetchurl {
     url = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${version}.tar.xz";
-    hash = "sha256-qH4kHsFdU0UsTv4hlxOjdp2IzENrW5jPbvsmLEr/FcA=";
+    hash = "sha256:1h0mzx52q9pvdv7rhnvb8g68i7bnlc9rf8gy9qn4alsxq4g28zm8";
   };
   configfile = ./path_to_config_file;
 }
@@ -67,7 +67,7 @@ pkgs.linuxPackages_custom {
   modDirVersion = "6.1.55";
   src = pkgs.fetchurl {
     url = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${modDirVersion}.tar.xz";
-    hash = "sha256-qH4kHsFdU0UsTv4hlxOjdp2IzENrW5jPbvsmLEr/FcA=";
+    hash = "sha256:1h0mzx52q9pvdv7rhnvb8g68i7bnlc9rf8gy9qn4alsxq4g28zm8";
   };
   configfile = ./path_to_config_file;
 }

doc/stdenv/stdenv.chapter.md

@@ -580,7 +580,7 @@ After unpacking all of `src` and `srcs`, if neither of `sourceRoot` and `setSour
 If `unpackPhase` produces multiple source directories, you should set `sourceRoot` to the name of the intended directory.
 You can also set `sourceRoot = ".";` if you want to control it yourself in a later phase.
 
-For example, if you want your build to start in a sub-directory inside your sources, and you are using `fetchzip`-derived `src` (like `fetchFromGitHub` or similar), you need to set `sourceRoot = "${src.name}/my-sub-directory"`.
+For example, if your want your build to start in a sub-directory inside your sources, and you are using `fetchzip`-derived `src` (like `fetchFromGitHub` or similar), you need to set `sourceRoot = "${src.name}/my-sub-directory"`.
 
 ##### `setSourceRoot` {#var-stdenv-setSourceRoot}
 
@@ -1136,12 +1136,6 @@ Example removing all references to the compiler in the output:
 }
 ```
 
-### `runHook` \<hook\> {#fun-runHook}
-
-Execute \<hook\> and the values in the array associated with it. The array's name is determined by removing `Hook` from the end of \<hook\> and appending `Hooks`.
-
-For example, `runHook postHook` would run the hook `postHook` and all of the values contained in the `postHooks` array, if it exists.
-
 ### `substitute` \<infile\> \<outfile\> \<subs\> {#fun-substitute}
 
 Performs string substitution on the contents of \<infile\>, writing the result to \<outfile\>. The substitutions in \<subs\> are of the following form:
@@ -1544,16 +1538,6 @@ Adds the `-fPIE` compiler and `-pie` linker options. Position Independent Execut
 Static libraries need to be compiled with `-fPIE` so that executables can link them in with the `-pie` linker option.
 If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`.
 
-#### `shadowstack` {#shadowstack}
-
-Adds the `-fcf-protection=return` compiler option. This enables the Shadow Stack feature supported by some newer processors, which maintains a user-inaccessible copy of the program's stack containing only return-addresses. When returning from a function, the processor compares the return-address value on the two stacks and throws an error if they do not match, considering it a sign of corruption and possible tampering. This should significantly increase the difficulty of ROP attacks.
-
-For the Shadow Stack to be enabled at runtime, all code linked into a process must be built with Shadow Stack enabled, so this is probably only useful to enable on a wide scale, so that all of a packages dependencies also have the feature enabled.
-
-This is currently only supported on some newer Intel and AMD processors as part of the Intel CET set of features. However, the generated code should continue to work on older processors which will simply omit any of this checking.
-
-This breaks some code that does advanced stack management or exception handling. If enabling this hardening flag it is important to test the result on a system that has known working and enabled CET support, so that any such breakage can be discovered.
-
 #### `trivialautovarinit` {#trivialautovarinit}
 
 Adds the `-ftrivial-auto-var-init=pattern` compiler option. This causes "trivially-initializable" uninitialized stack variables to be forcibly initialized with a nonzero value that is likely to cause a crash (and therefore be noticed). Uninitialized variables generally take on their values based on fragments of previous program state, and attackers can carefully manipulate that state to craft malicious initial values for these variables.
@@ -1570,14 +1554,6 @@ sorry, unimplemented: __builtin_clear_padding not supported for variable length
 
 This flag adds the `-fstack-clash-protection` compiler option, which causes growth of a program's stack to access each successive page in order. This should force the guard page to be accessed and cause an attempt to "jump over" this guard page to crash.
 
-#### `pacret` {#pacret}
-
-This flag adds the `-mbranch-protection=pac-ret` compiler option on aarch64-linux targets. This uses ARM v8.3's Pointer Authentication feature to sign function return pointers before adding them to the stack. The pointer's authenticity is then validated before returning to its destination. This dramatically increases the difficulty of ROP exploitation techniques.
-
-This may cause problems with code that does advanced stack manipulation, and debugging/stack-unwinding tools need to be pac-ret aware to work correctly when these features are in operation.
-
-Pre-ARM v8.3 processors will ignore Pointer Authentication instructions, so code built with this flag will continue to work on older processors, though without any of the intended protections. If enabling this flag, it is recommended to ensure the resultant packages are tested against an ARM v8.3+ linux system with known-working Pointer Authentication support so that any breakage caused by this feature is actually detected.
-
 [^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation.
 [^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`.
 [^footnote-stdenv-propagated-dependencies]: Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like [setup hooks](#ssec-setup-hooks) also are run as if it were a propagated dependency.

doc/using-nixpkgs.md

@@ -2,7 +2,6 @@
 
 ```{=include=} chapters
 using/platform-support.chapter.md
-using/as-a-function.chapter.md
 using/configuration.chapter.md
 using/overlays.chapter.md
 using/overrides.chapter.md

doc/using/as-a-function.chapter.md

@@ -1,156 +0,0 @@
-# Nixpkgs as a Function {#sec-nixpkgs-function}
-
-Depending on how you use Nixpkgs, you may interact with it as a [Nix function].
-The Nixpkgs function returns an attribute set containing mostly packages, but also other things, such as more package sets, and functions.
-This return value is often referred to with the identifier `pkgs`, and it has a marker attribute, `_type = "pkgs";`.
-
-The Nixpkgs function can be retrieved in multiple ways.
-
-In a setup with [Nix channels], you may look up the Nixpkgs files with [`<nixpkgs>`][Nix lookup path]; for example
-
-```console
-$ nix repl -f '<nixpkgs>'
-Added 21938 variables.
-nix-repl>
-```
-
-<!-- -f: abbreviated form because it is very frequently used -->
-[`nix repl`] [`-f`][`nix repl -f`] automatically imports the Nixpkgs function and invokes it for you.
-
-Most Nix commands accept [`--arg`] and [`--argstr`] options to pass arguments to the Nixpkgs function.
-
-In an expression, you can use the `import <nixpkgs> { }` syntax to import the Nixpkgs function, and immmediately [apply] it.
-
-```nix
-let
-  pkgs = import <nixpkgs> {
-    config = { allowUnfree = true; };
-  };
-in
-```
-
-Note that these examples so far have relied on the implicit, [impure] [`builtins.currentSystem`] variable to configure the package set to be able to run on your system.
-
-If you wish not to accidentally rely on the implicit [`builtins.currentSystem`] variable, and you'd like to avoid configuration in `~/.config/nixpkgs`, you may invoke `<nixpkgs/pkgs/top-level>` instead.
-
-To make sure you can reproduce your evaluations, you may use [pinning] or locking, such as provided by [`npins`] or [Flakes].
-
-## Arguments {#sec-nixpkgs-arguments}
-
-For historical reasons, the platform and cross compilation parameters can be specified in multiple ways.
-
-If you run Nix in pure mode, or if you work with expressions for multiple host platforms, you are recommended to use `hostPlatform` for native compilation (locally or on a remote machine), and both `hostPlatform` and `buildPlatform` for cross compilation.
-
-### `hostPlatform` and `buildPlatform` {#sec-nixpkgs-arguments-platforms}
-
-- `hostPlatform` is the platform for which the package set is built. This means that the binaries in the outputs are compatible with `hostPlatform`.
-
-  You may specify this as a cpu-os string, such as `"x86_64-linux"`, or `aarch64-darwin`, or you can pass a more details platform object produced with `lib.systems`.
-
-- `buildPlatform` (default: `hostPlatform`) is the platform on which the derivations will run. The derivations produced by Nixpkgs will have a [`system` attribute] that matches `buildPlatform`, so that builds are sent to a machine that is capable of running the `builder` command, which is also configured to be compatible with `buildPlatform`.
-
-  Values are specified in the same formats as `hostPlatform`.
-
-::: {.example #ex-nixpkgs-pure-native}
-
-# Natively compiled packages
-
-This shows how to explicitly request packages that are built for a specific platform, not relying on [`builtins.currentSystem`].
-The packages will be built natively.
-
-If you request to build this on a host that is not compatible, you need a remote builder.
-
-```nix
-let
-  pkgs = imports <nixpkgs> {
-    hostPlatform = "x86_64-linux";
-  };
-in pkgs.hello
-```
-
-:::
-
-::: {.example #ex-nixpkgs-pure-cross}
-
-# Cross compiled packages
-
-This expression will produce packages that are built on `x86_64-linux` machines, but whose outputs can run on `riscv64-linux`.
-
-The expression is pure, so it will produce the same outcome even if run on e.g. an `aarch64-darwin` machine. For that to work, the macOS machine needs the packages to be available in a cache or it needs a remote builder that can build `x86_64-linux` derivations.
-
-If you were to use [`builtins.currentSystem`] for `buildPlatform`, you would be able to build the packages directly on any machine, but the resulting store paths will be different, depending on the current system.
-Especially if you are in a team that doesn't run a single CPU architecture and operating system or you use Nix on machines of more than one platform, you might notice that equivalent deployments would have different store paths, resulting in unnecessary rebuilds, more store path copying, and unnecessary updates to equivalent configurations with different `buildPlatform`s.
-For these reason, it is recommended to use pure configurations where the platform parameters are set to fixed values for each deployment target.
-
-```nix
-let
-  pkgs = imports <nixpkgs> {
-    hostPlatform = "riscv64-linux";
-    buildPlatform = "x86_64-linux";
-  };
-in pkgs.hello
-```
-
-:::
-
-### Legacy arguments `system`, `localSystem` and `crossSystem` {#sec-nixpkgs-arguments-systems-legacy}
-
-`crossSystem` and `system` (or `localSystem`) are ok to use on the command line, but are not recommended for pure Nix code (such as Nix flakes), or Nix code that manages the invocation of the Nixpkgs function.
-
-These parameters existed before [`hostPlatform` and `buildPlatform`](#sec-nixpkgs-arguments-platforms) were introduced.
-They are still supported, but are not recommended for new code.
-
-The main difference is that these parameters default to [`builtins.currentSystem`], which does not work for pure code.
-
-Furthermore, their design is optimized for impure command line use.
-
-The term "local" is misleading, because it need not match the platform where the Nix command is run.
-
-The term "cross" is also misleading because its value may equal `localSystem`.
-
-Finally `crossSystem` may have to be unset as an input, complicating some code that calls the Nixpkgs function.
-<!-- This example transgresses the guidelines a bit, but we have an audience here that needs answers, because who likes change. Without explanation, this comes across as a superficial, unnecessary and annoying change. Remove this example in 2026 when it is irrelevant. -->
-For example, [`nixos-generate-config`] wasn't initially able to set the platform in `hardware-configuration.nix` without making assumptions about cross versus native compilation, resulting in a need for you to manually specify `system` when Flakes were introduced.
-
-### `config` {#sec-nixpkgs-arguments-config}
-
-Example:
-
-```nix
-import <nixpkgs> { config = { allowUnfree = true; }; }
-```
-
-See [Configuration](#sec-config-options-reference) for details.
-
-### `overlays` {#sec-nixpkgs-arguments-overlays}
-
-Overlays are expressions that modify the package set.
-
-See [Overlays](#chap-overlays) for more information.
-
-### `crossOverlays` {#sec-nixpkgs-arguments-crossOverlays}
-
-<!-- Source: https://matthewbauer.us/slides/always-be-cross-compiling.pdf -->
-Cross overlays apply only to the final package set in cross compilation.
-This means that [`buildPackages`] and [`nativeBuildInputs`] are unaffected by these overlays and this increases the number of build dependencies that can be retrieved from the cache, or can be reused from a previous build.
-
-[Nix function]: https://nix.dev/manual/nix/latest/language/constructs.html#functions
-[Nix channels]: https://nix.dev/manual/nix/latest/command-ref/nix-channel.html
-[Nix lookup path]: https://nix.dev/manual/nix/latest/language/constructs/lookup-path.html
-[`builtins.currentSystem`]: https://nix.dev/manual/nix/latest/language/builtin-constants.html#builtins-currentSystem
-[`system` attribute]: https://nix.dev/manual/nix/latest/language/derivations#attr-system
-[`--arg`]: https://nix.dev/manual/nix/latest/command-ref/opt-common.html?highlight=--arg#opt-arg
-[`--argstr`]: https://nix.dev/manual/nix/latest/command-ref/opt-common.html?highlight=--argstr#opt-argstr
-[apply]: https://nix.dev/manual/nix/latest/language/operators
-[impure]: https://nix.dev/manual/nix/latest/command-ref/conf-file.html?highlight=pure-eval#conf-pure-eval
-[`npins`]: https://nix.dev/guides/recipes/dependency-management.html
-[Flakes]: https://nix.dev/concepts/flakes.html#flakes
-[pinning]: https://nix.dev/reference/pinning-nixpkgs.html
-<!-- TODO: publish NixOS man pages -->
-[`nixos-generate-config`]: https://nixos.org/manual/nixos/stable/#sec-installation
-<!-- TODO: make more specific -->
-[`buildPackages`]: #ssec-cross-dependency-implementation
-<!-- TODO: make more specific -->
-[`nativeBuildInputs`]: #ssec-stdenv-dependencies-propagated
-[`nix repl`]: https://nix.dev/manual/nix/latest/command-ref/new-cli/nix3-repl.html
-[`nix repl -f`]: https://nix.dev/manual/nix/latest/command-ref/new-cli/nix3-repl?highlight=--file#opt-file

doc/using/overrides.chapter.md

@@ -40,13 +40,6 @@ import pkgs.path { overlays = [ (self: super: {
 
 In the first example, `pkgs.foo` is the result of a function call with some default arguments, usually a derivation. Using `pkgs.foo.override` will call the same function with the given new arguments.
 
-Many packages, like the `foo` example above, provide package options with default values in their arguments, to facilitate overriding.
-Because it's not usually feasible to test that packages build with all combinations of options, you might find that a package doesn't build if you override options to non-default values.
-
-Package maintainers are not expected to fix arbitrary combinations of options.
-If you find that something doesn't work, please submit a fix, ideally with a regression test.
-If you want to ensure that things keep working, consider [becoming a maintainer](https://github.com/NixOS/nixpkgs/tree/master/maintainers) for the package.
-
 ## <pkg>.overrideAttrs {#sec-pkg-overrideAttrs}
 
 The function `overrideAttrs` allows overriding the attribute set passed to a `stdenv.mkDerivation` call, producing a new derivation based on the original one. This function is available on all derivations produced by the `stdenv.mkDerivation` function, which is most packages in the nixpkgs expression `pkgs`.

flake.nix

@@ -16,44 +16,10 @@
       });
     in
     {
-      /**
-        `nixpkgs.lib` is a combination of the [Nixpkgs library](https://nixos.org/manual/nixpkgs/unstable/#id-1.4), and other attributes
-        that are _not_ part of the Nixpkgs library, but part of the Nixpkgs flake:
-
-        - `lib.nixosSystem` for creating a NixOS system configuration
-
-        - `lib.nixos` for other NixOS-provided functionality, such as [`runTest`](https://nixos.org/manual/nixos/unstable/#sec-call-nixos-test-outside-nixos)
-      */
       lib = lib.extend (final: prev: {
 
-        /**
-          Other NixOS-provided functionality, such as [`runTest`](https://nixos.org/manual/nixos/unstable/#sec-call-nixos-test-outside-nixos).
-          See also `lib.nixosSystem`.
-        */
         nixos = import ./nixos/lib { lib = final; };
 
-        /**
-          Create a NixOS system configuration.
-
-          Example:
-
-              lib.nixosSystem {
-                modules = [ ./configuration.nix ];
-              }
-
-          Inputs:
-
-          - `modules` (list of paths or inline modules): The NixOS modules to include in the system configuration.
-
-          - `specialArgs` (attribute set): Extra arguments to pass to all modules, that are available in `imports` but can not be extended or overridden by the `modules`.
-
-          - `modulesLocation` (path): A default location for modules that aren't passed by path, used for error messages.
-
-          Legacy inputs:
-
-          - `system`: Legacy alias for `nixpkgs.hostPlatform`, but this is already set in the generated `hardware-configuration.nix`, included by `configuration.nix`.
-          - `pkgs`: Legacy alias for `nixpkgs.pkgs`; use `nixpkgs.pkgs` and `nixosModules.readOnlyPkgs` instead.
-        */
         nixosSystem = args:
           import ./nixos/lib/eval-config.nix (
             {
@@ -81,7 +47,7 @@
       checks = forAllSystems (system: {
         tarball = jobs.${system}.tarball;
         # Exclude power64 due to "libressl is not available on the requested hostPlatform" with hostPlatform being power64
-      } // lib.optionalAttrs (self.legacyPackages.${system}.stdenv.hostPlatform.isLinux && !self.legacyPackages.${system}.targetPlatform.isPower64) {
+      } // lib.optionalAttrs (self.legacyPackages.${system}.stdenv.isLinux && !self.legacyPackages.${system}.targetPlatform.isPower64) {
         # Test that ensures that the nixosSystem function can accept a lib argument
         # Note: prefer not to extend or modify `lib`, especially if you want to share reusable modules
         #       alternatives include: `import` a file, or put a custom library in an option or in `_module.args.<libname>`
@@ -98,7 +64,7 @@
               boot.loader.grub.enable = false;
               fileSystems."/".device = "nodev";
               # See https://search.nixos.org/options?show=system.stateVersion&query=stateversion
-              system.stateVersion = lib.trivial.release; # DON'T do this in real configs!
+              system.stateVersion = lib.versions.majorMinor lib.version; # DON'T do this in real configs!
             })
           ];
         }).config.system.build.toplevel;
@@ -111,57 +77,25 @@
         }).nixos.manual;
       };
 
-      devShells = forAllSystems (system: {
-        /** A shell to get tooling for Nixpkgs development. See nixpkgs/shell.nix. */
-        default = import ./shell.nix { inherit system; };
-      });
-
-      /**
-        A nested structure of [packages](https://nix.dev/manual/nix/latest/glossary#package-attribute-set) and other values.
-
-        The "legacy" in `legacyPackages` doesn't imply that the packages exposed
-        through this attribute are "legacy" packages. Instead, `legacyPackages`
-        is used here as a substitute attribute name for `packages`. The problem
-        with `packages` is that it makes operations like `nix flake show
-        nixpkgs` unusably slow due to the sheer number of packages the Nix CLI
-        needs to evaluate. But when the Nix CLI sees a `legacyPackages`
-        attribute it displays `omitted` instead of evaluating all packages,
-        which keeps `nix flake show` on Nixpkgs reasonably fast, though less
-        information rich.
-
-        The reason why finding the tree structure of `legacyPackages` is slow,
-        is that for each attribute in the tree, it is necessary to check whether
-        the attribute value is a package or a package set that needs further
-        evaluation. Evaluating the attribute value tends to require a significant
-        amount of computation, even considering lazy evaluation.
-      */
+      # The "legacy" in `legacyPackages` doesn't imply that the packages exposed
+      # through this attribute are "legacy" packages. Instead, `legacyPackages`
+      # is used here as a substitute attribute name for `packages`. The problem
+      # with `packages` is that it makes operations like `nix flake show
+      # nixpkgs` unusably slow due to the sheer number of packages the Nix CLI
+      # needs to evaluate. But when the Nix CLI sees a `legacyPackages`
+      # attribute it displays `omitted` instead of evaluating all packages,
+      # which keeps `nix flake show` on Nixpkgs reasonably fast, though less
+      # information rich.
       legacyPackages = forAllSystems (system:
         (import ./. { inherit system; }).extend (final: prev: {
           lib = prev.lib.extend libVersionInfoOverlay;
         })
       );
 
-      /**
-        Optional modules that can be imported into a NixOS configuration.
-
-        Example:
-
-            # flake.nix
-            outputs = { nixpkgs, ... }: {
-              nixosConfigurations = {
-                foo = nixpkgs.lib.nixosSystem {
-                  modules = [
-                    ./foo/configuration.nix
-                    nixpkgs.nixosModules.notDetected
-                  ];
-                };
-              };
-            };
-        */
       nixosModules = {
         notDetected = ./nixos/modules/installer/scan/not-detected.nix;
 
-        /**
+        /*
           Make the `nixpkgs.*` configuration read-only. Guarantees that `pkgs`
           is the way you initialize it.
 

lib/customisation.nix

@@ -455,7 +455,7 @@ rec {
 
       1. Takes a function `p`, or a path to a Nix file that contains a function `p`, which takes an attribute set and returns value of arbitrary type `a`,
       2. Takes an attribute set `args` with explicit attributes to pass to `p`,
-      3. Calls `f` with attributes from the original attribute set `attrs` passed to `newScope` updated with `args`, i.e. `attrs // args`, if they match the attributes in the argument of `p`.
+      3. Calls `f` with attributes from the original attribute set `attrs` passed to `newScope` updated with `args, i.e. `attrs // args`, if they match the attributes in the argument of `p`.
 
       All such functions `p` will be called with the same value for `attrs`.
 

lib/default.nix

@@ -79,8 +79,7 @@ let
       fromHexString toHexString toBaseDigits inPureEvalMode isBool isInt pathExists
       genericClosure readFile;
     inherit (self.fixedPoints) fix fix' converge extends composeExtensions
-      composeManyExtensions makeExtensible makeExtensibleWithCustomName
-      toExtension;
+      composeManyExtensions makeExtensible makeExtensibleWithCustomName;
     inherit (self.attrsets) attrByPath hasAttrByPath setAttrByPath
       getAttrFromPath attrVals attrNames attrValues getAttrs catAttrs filterAttrs
       filterAttrsRecursive foldlAttrs foldAttrs collect nameValuePair mapAttrs
@@ -124,8 +123,7 @@ let
     inherit (self.derivations) lazyDerivation optionalDrvAttr;
     inherit (self.meta) addMetaAttrs dontDistribute setName updateName
       appendToName mapDerivationAttrset setPrio lowPrio lowPrioSet hiPrio
-      hiPrioSet licensesSpdx getLicenseFromSpdxId getLicenseFromSpdxIdOr
-      getExe getExe';
+      hiPrioSet getLicenseFromSpdxId getLicenseFromSpdxIdOr getExe getExe';
     inherit (self.filesystem) pathType pathIsDirectory pathIsRegularFile
       packagesFromDirectoryRecursive;
     inherit (self.sources) cleanSourceFilter

lib/fetchers.nix

@@ -1,17 +1,6 @@
 # snippets that can be shared by multiple fetchers (pkgs/build-support)
 { lib }:
-let
-  commonH = hashTypes: rec {
-      hashNames = [ "hash" ] ++ hashTypes;
-      hashSet = lib.genAttrs hashNames (lib.const {});
-  };
-
-  fakeH = {
-    hash = lib.fakeHash;
-    sha256 = lib.fakeSha256;
-    sha512 = lib.fakeSha512;
-  };
-in rec {
+{
 
   proxyImpureEnvVars = [
     # We borrow these environment variables from the caller to allow
@@ -20,170 +9,6 @@ in rec {
     # by definition pure.
     "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
     "HTTP_PROXY" "HTTPS_PROXY" "FTP_PROXY" "ALL_PROXY" "NO_PROXY"
-
-    # https proxies typically need to inject custom root CAs too
-    "NIX_SSL_CERT_FILE"
   ];
 
-  /**
-    Converts an attrset containing one of `hash`, `sha256` or `sha512`,
-    into one containing `outputHash{,Algo}` as accepted by `mkDerivation`.
-
-    An appropriate “fake hash” is substituted when the hash value is `""`,
-    as is the [convention for fetchers](#sec-pkgs-fetchers-updating-source-hashes-fakehash-method).
-
-    All other attributes in the set remain as-is.
-
-    # Example
-
-    ```nix
-    normalizeHash { } { hash = ""; foo = "bar"; }
-    =>
-    {
-      outputHash = lib.fakeHash;
-      outputHashAlgo = null;
-      foo = "bar";
-    }
-    ```
-
-    ```nix
-    normalizeHash { } { sha256 = lib.fakeSha256; }
-    =>
-    {
-      outputHash = lib.fakeSha256;
-      outputHashAlgo = "sha256";
-    }
-    ```
-
-    ```nix
-    normalizeHash { } { sha512 = lib.fakeSha512; }
-    =>
-    {
-      outputHash = lib.fakeSha512;
-      outputHashAlgo = "sha512";
-    }
-    ```
-
-    # Type
-    ```
-    normalizeHash :: { hashTypes :: List String, required :: Bool } -> AttrSet -> AttrSet
-    ```
-
-    # Arguments
-
-    hashTypes
-    : the set of attribute names accepted as hash inputs, in addition to `hash`
-
-    required
-    : whether to throw if no hash was present in the input; otherwise returns the original input, unmodified
-  */
-  normalizeHash = {
-    hashTypes ? [ "sha256" ],
-    required ? true,
-  }:
-    let
-      inherit (lib) concatMapStringsSep head tail throwIf;
-      inherit (lib.attrsets) attrsToList intersectAttrs removeAttrs optionalAttrs;
-
-      inherit (commonH hashTypes) hashNames hashSet;
-    in
-      args:
-        if args ? "outputHash" then
-          args
-        else
-          let
-            # The argument hash, as a {name, value} pair
-            h =
-              # All hashes passed in arguments (possibly 0 or >1) as a list of {name, value} pairs
-              let hashesAsNVPairs = attrsToList (intersectAttrs hashSet args); in
-              if hashesAsNVPairs == [] then
-                throwIf required "fetcher called without `hash`" null
-              else if tail hashesAsNVPairs != [] then
-                throw "fetcher called with mutually-incompatible arguments: ${concatMapStringsSep ", " (a: a.name) hashesAsNVPairs}"
-              else
-                head hashesAsNVPairs
-            ;
-          in
-            removeAttrs args hashNames // (optionalAttrs (h != null) {
-              outputHashAlgo = if h.name == "hash" then null else h.name;
-              outputHash =
-                if h.value == "" then
-                  fakeH.${h.name} or (throw "no “fake hash” defined for ${h.name}")
-                else
-                  h.value;
-            })
-  ;
-
-  /**
-    Wraps a function which accepts `outputHash{,Algo}` into one which accepts `hash` or `sha{256,512}`
-
-    # Example
-    ```nix
-    withNormalizedHash { hashTypes = [ "sha256" "sha512" ]; } (
-      { outputHash, outputHashAlgo, ... }:
-      ...
-    )
-    ```
-    is a function which accepts one of `hash`, `sha256`, or `sha512` (or the original's `outputHash` and `outputHashAlgo`).
-
-    Its `functionArgs` metadata only lists `hash` as a parameter, optional iff. `outputHash` was an optional parameter of
-    the original function.  `sha256`, `sha512`, `outputHash`, or `outputHashAlgo` are not mentioned in the `functionArgs`
-    metadata.
-
-    # Type
-    ```
-    withNormalizedHash :: { hashTypes :: List String } -> (AttrSet -> T) -> (AttrSet -> T)
-    ```
-
-    # Arguments
-
-    hashTypes
-    : the set of attribute names accepted as hash inputs, in addition to `hash`
-    : they must correspond to a valid value for `outputHashAlgo`, currently one of: `md5`, `sha1`, `sha256`, or `sha512`.
-
-    f
-    : the function to be wrapped
-
-    ::: {.note}
-    In nixpkgs, `mkDerivation` rejects MD5 `outputHash`es, and SHA-1 is being deprecated.
-
-    As such, there is no reason to add `md5` to `hashTypes`, and
-    `sha1` should only ever be included for backwards compatibility.
-    :::
-
-    # Output
-
-    `withNormalizedHash { inherit hashTypes; } f` is functionally equivalent to
-    ```nix
-    args: f (normalizeHash {
-      inherit hashTypes;
-      required = !(lib.functionArgs f).outputHash;
-    } args)
-    ```
-
-    However, `withNormalizedHash` preserves `functionArgs` metadata insofar as possible,
-    and is implemented somewhat more efficiently.
-  */
-  withNormalizedHash = {
-    hashTypes ? [ "sha256" ]
-  }: fetcher:
-    let
-      inherit (lib.attrsets) genAttrs intersectAttrs removeAttrs;
-      inherit (lib.trivial) const functionArgs setFunctionArgs;
-
-      inherit (commonH hashTypes) hashSet;
-      fArgs = functionArgs fetcher;
-
-      normalize = normalizeHash {
-        inherit hashTypes;
-        required = !fArgs.outputHash;
-      };
-    in
-    # The o.g. fetcher must *only* accept outputHash and outputHashAlgo
-    assert fArgs ? outputHash && fArgs ? outputHashAlgo;
-    assert intersectAttrs fArgs hashSet == {};
-
-    setFunctionArgs
-      (args: fetcher (normalize args))
-      (removeAttrs fArgs [ "outputHash" "outputHashAlgo" ] // { hash = fArgs.outputHash; });
 }

lib/fixed-points.nix

@@ -63,6 +63,7 @@ rec {
     See [`extends`](#function-library-lib.fixedPoints.extends) for an example use case.
     There `self` is also often called `final`.
 
+
     # Inputs
 
     `f`
@@ -89,12 +90,7 @@ rec {
 
     :::
   */
-  fix =
-    f:
-    let
-      x = f x;
-    in
-    x;
+  fix = f: let x = f x; in x;
 
   /**
     A variant of `fix` that records the original recursive attribute set in the
@@ -103,20 +99,14 @@ rec {
     This is useful in combination with the `extends` function to
     implement deep overriding.
 
+
     # Inputs
 
     `f`
 
     : 1\. Function argument
   */
-  fix' =
-    f:
-    let
-      x = f x // {
-        __unfix__ = f;
-      };
-    in
-    x;
+  fix' = f: let x = f x // { __unfix__ = f; }; in x;
 
   /**
     Return the fixpoint that `f` converges to when called iteratively, starting
@@ -127,6 +117,7 @@ rec {
     0
     ```
 
+
     # Inputs
 
     `f`
@@ -143,12 +134,13 @@ rec {
     (a -> a) -> a -> a
     ```
   */
-  converge =
-    f: x:
+  converge = f: x:
     let
       x' = f x;
     in
-    if x' == x then x else converge f x';
+      if x' == x
+      then x
+      else converge f x';
 
   /**
     Extend a function using an overlay.
@@ -157,6 +149,7 @@ rec {
     A fixed-point function is a function which is intended to be evaluated by passing the result of itself as the argument.
     This is possible due to Nix's lazy evaluation.
 
+
     A fixed-point function returning an attribute set has the form
 
     ```nix
@@ -264,6 +257,7 @@ rec {
     ```
     :::
 
+
     # Inputs
 
     `overlay`
@@ -305,7 +299,8 @@ rec {
     :::
   */
   extends =
-    overlay: f:
+    overlay:
+    f:
     # The result should be thought of as a function, the argument of that function is not an argument to `extends` itself
     (
       final:
@@ -316,98 +311,63 @@ rec {
     );
 
   /**
-    Compose two overlay functions and return a single overlay function that combines them.
-    For more details see: [composeManyExtensions](#function-library-lib.fixedPoints.composeManyExtensions).
-  */
-  composeExtensions =
-    f: g: final: prev:
-    let
-      fApplied = f final prev;
-      prev' = prev // fApplied;
-    in
-    fApplied // g final prev';
+    Compose two extending functions of the type expected by 'extends'
+    into one where changes made in the first are available in the
+    'super' of the second
 
-  /**
-    Composes a list of [`overlays`](#chap-overlays) and returns a single overlay function that combines them.
-
-    :::{.note}
-    The result is produced by using the update operator `//`.
-    This means nested values of previous overlays are not merged recursively.
-    In other words, previously defined attributes are replaced, ignoring the previous value, unless referenced by the overlay; for example `final: prev: { foo = final.foo + 1; }`.
-    :::
 
     # Inputs
 
-    `extensions`
+    `f`
 
-    : A list of overlay functions
-      :::{.note}
-      The order of the overlays in the list is important.
-      :::
+    : 1\. Function argument
 
-    : Each overlay function takes two arguments, by convention `final` and `prev`, and returns an attribute set.
-      - `final` is the result of the fixed-point function, with all overlays applied.
-      - `prev` is the result of the previous overlay function(s).
+    `g`
 
-    # Type
+    : 2\. Function argument
 
-    ```
-    # Pseudo code
-    let
-      #               final      prev
-      #                 ↓          ↓
-      OverlayFn = { ... } -> { ... } -> { ... };
-    in
-      composeManyExtensions :: ListOf OverlayFn -> OverlayFn
-    ```
+    `final`
 
-    # Examples
-    :::{.example}
-    ## `lib.fixedPoints.composeManyExtensions` usage example
+    : 3\. Function argument
 
-    ```nix
-    let
-      # The "original function" that is extended by the overlays.
-      # Note that it doesn't have prev: as argument since no overlay function precedes it.
-      original = final: { a = 1; };
+    `prev`
 
-      # Each overlay function has 'final' and 'prev' as arguments.
-      overlayA = final: prev: { b = final.c; c = 3; };
-      overlayB = final: prev: { c = 10; x = prev.c or 5; };
-
-      extensions = composeManyExtensions [ overlayA overlayB ];
-
-      # Caluculate the fixed point of all composed overlays.
-      fixedpoint = lib.fix (lib.extends extensions original );
-
-    in fixedpoint
-    =>
-    {
-      a = 1;
-      b = 10;
-      c = 10;
-      x = 3;
-    }
-    ```
-    :::
+    : 4\. Function argument
   */
-  composeManyExtensions = lib.foldr (x: y: composeExtensions x y) (final: prev: { });
+  composeExtensions =
+    f: g: final: prev:
+      let fApplied = f final prev;
+          prev' = prev // fApplied;
+      in fApplied // g final prev';
+
+  /**
+    Compose several extending functions of the type expected by 'extends' into
+    one where changes made in preceding functions are made available to
+    subsequent ones.
+
+    ```
+    composeManyExtensions : [packageSet -> packageSet -> packageSet] -> packageSet -> packageSet -> packageSet
+                              ^final        ^prev         ^overrides     ^final        ^prev         ^overrides
+    ```
+  */
+  composeManyExtensions =
+    lib.foldr (x: y: composeExtensions x y) (final: prev: {});
 
   /**
     Create an overridable, recursive attribute set. For example:
 
     ```
-    nix-repl> obj = makeExtensible (final: { })
+    nix-repl> obj = makeExtensible (self: { })
 
     nix-repl> obj
     { __unfix__ = «lambda»; extend = «lambda»; }
 
-    nix-repl> obj = obj.extend (final: prev: { foo = "foo"; })
+    nix-repl> obj = obj.extend (self: super: { foo = "foo"; })
 
     nix-repl> obj
     { __unfix__ = «lambda»; extend = «lambda»; foo = "foo"; }
 
-    nix-repl> obj = obj.extend (final: prev: { foo = prev.foo + " + "; bar = "bar"; foobar = final.foo + final.bar; })
+    nix-repl> obj = obj.extend (self: super: { foo = super.foo + " + "; bar = "bar"; foobar = self.foo + self.bar; })
 
     nix-repl> obj
     { __unfix__ = «lambda»; bar = "bar"; extend = «lambda»; foo = "foo + "; foobar = "foo + bar"; }
@@ -419,6 +379,7 @@ rec {
     Same as `makeExtensible` but the name of the extending attribute is
     customized.
 
+
     # Inputs
 
     `extenderName`
@@ -429,85 +390,8 @@ rec {
 
     : 2\. Function argument
   */
-  makeExtensibleWithCustomName =
-    extenderName: rattrs:
-    fix' (
-      self:
-      (rattrs self)
-      // {
-        ${extenderName} = f: makeExtensibleWithCustomName extenderName (extends f rattrs);
-      }
-    );
-
-  /**
-    Convert to an extending function (overlay).
-
-    `toExtension` is the `toFunction` for extending functions (a.k.a. extensions or overlays).
-    It converts a non-function or a single-argument function to an extending function,
-    while returning a two-argument function as-is.
-
-    That is, it takes a value of the shape `x`, `prev: x`, or `final: prev: x`,
-    and returns `final: prev: x`, assuming `x` is not a function.
-
-    This function takes care of the input to `stdenv.mkDerivation`'s
-    `overrideAttrs` function.
-    It bridges the gap between `<pkg>.overrideAttrs`
-    before and after the overlay-style support.
-
-    # Inputs
-
-    `f`
-    : The function or value to convert to an extending function.
-
-    # Type
-
-    ```
-    toExtension ::
-      b' -> Any -> Any -> b'
-    or
-    toExtension ::
-      (a -> b') -> Any -> a -> b'
-    or
-    toExtension ::
-      (a -> a -> b) -> a -> a -> b
-    where b' = ! Callable
-
-    Set a = b = b' = AttrSet & ! Callable to make toExtension return an extending function.
-    ```
-
-    # Examples
-    :::{.example}
-    ## `lib.fixedPoints.toExtension` usage example
-
-    ```nix
-    fix (final: { a = 0; c = final.a; })
-    => { a = 0; c = 0; };
-
-    fix (extends (toExtension { a = 1; b = 2; }) (final: { a = 0; c = final.a; }))
-    => { a = 1; b = 2; c = 1; };
-
-    fix (extends (toExtension (prev: { a = 1; b = prev.a; })) (final: { a = 0; c = final.a; }))
-    => { a = 1; b = 0; c = 1; };
-
-    fix (extends (toExtension (final: prev: { a = 1; b = prev.a; c = final.a + 1 })) (final: { a = 0; c = final.a; }))
-    => { a = 1; b = 0; c = 2; };
-    ```
-    :::
-  */
-  toExtension =
-    f:
-    if lib.isFunction f then
-      final: prev:
-      let
-        fPrev = f prev;
-      in
-      if lib.isFunction fPrev then
-        # f is (final: prev: { ... })
-        f final prev
-      else
-        # f is (prev: { ... })
-        fPrev
-    else
-      # f is not a function; probably { ... }
-      final: prev: f;
+  makeExtensibleWithCustomName = extenderName: rattrs:
+    fix' (self: (rattrs self) // {
+      ${extenderName} = f: makeExtensibleWithCustomName extenderName (extends f rattrs);
+    });
 }

lib/licenses.nix

@@ -92,11 +92,6 @@ lib.mapAttrs mkLicense ({
     free = false;
   };
 
-  ampas = {
-    spdxId = "AMPAS";
-    fullName = "Academy of Motion Picture Arts and Sciences BSD";
-  };
-
   aom = {
     fullName = "Alliance for Open Media Patent License 1.0";
     url = "https://aomedia.org/license/patent-license/";
@@ -234,7 +229,6 @@ lib.mapAttrs mkLicense ({
   };
 
   bsl11 = {
-    spdxId = "BUSL-1.1";
     fullName = "Business Source License 1.1";
     url = "https://mariadb.com/bsl11";
     free = false;
@@ -409,12 +403,6 @@ lib.mapAttrs mkLicense ({
     fullName  = "CeCILL-C Free Software License Agreement";
   };
 
-  cockroachdb-community-license = {
-    fullName = "CockroachDB Community License Agreement";
-    url = "https://www.cockroachlabs.com/cockroachdb-community-license/";
-    free = false;
-  };
-
   cpal10 = {
     spdxId = "CPAL-1.0";
     fullName = "Common Public Attribution License 1.0";
@@ -559,13 +547,6 @@ lib.mapAttrs mkLicense ({
     redistributable = true;
   };
 
-  fsl11Asl20 = {
-    fullName = "Functional Source License, Version 1.1, Apache 2.0 Future License";
-    url = "https://fsl.software/FSL-1.1-Apache-2.0.template.md";
-    free = false;
-    redistributable = true;
-  };
-
   ftl = {
     spdxId = "FTL";
     fullName = "Freetype Project License";
@@ -733,9 +714,10 @@ lib.mapAttrs mkLicense ({
     fullName = "ISC License";
   };
 
+  # Proprietary binaries; free to redistribute without modification.
   databricks = {
-    fullName = "Databricks License";
-    url = "https://www.databricks.com/legal/db-license";
+    fullName = "Databricks Proprietary License";
+    url = "https://pypi.org/project/databricks-connect";
     free = false;
   };
 
@@ -746,12 +728,6 @@ lib.mapAttrs mkLicense ({
     redistributable = false;
   };
 
-  databricks-license = {
-    fullName = "Databricks License";
-    url = "https://www.databricks.com/legal/db-license";
-    free = false;
-  };
-
   fair = {
     fullName = "Fair License";
     spdxId = "Fair";
@@ -844,6 +820,11 @@ lib.mapAttrs mkLicense ({
     fullName = "PNG Reference Library version 2";
   };
 
+  libssh2 = {
+    fullName = "libssh2 License";
+    url = "https://www.libssh2.org/license.html";
+  };
+
   libtiff = {
     spdxId = "libtiff";
     fullName = "libtiff License";
@@ -885,6 +866,8 @@ lib.mapAttrs mkLicense ({
     url = "https://opensource.org/licenses/MirOS";
   };
 
+  # spdx.org does not (yet) differentiate between the X11 and Expat versions
+  # for details see https://en.wikipedia.org/wiki/MIT_License#Various_versions
   mit = {
     spdxId = "MIT";
     fullName = "MIT License";
@@ -895,12 +878,6 @@ lib.mapAttrs mkLicense ({
     fullName = "feh License";
   };
 
-  mit-modern = {
-    # Also known as Zsh license
-    spdxId = "MIT-Modern-Variant";
-    fullName = "MIT License Modern Variant";
-  };
-
   mitAdvertising = {
     spdxId = "MIT-advertising";
     fullName = "Enlightenment License (e16)";
@@ -1122,11 +1099,6 @@ lib.mapAttrs mkLicense ({
     url = "https://qwt.sourceforge.io/qwtlicense.html";
   };
 
-  radiance = {
-    fullName = "The Radiance Software License, Version 2.0";
-    url = "https://github.com/LBNL-ETA/Radiance/blob/master/License.txt";
-  };
-
   ruby = {
     spdxId = "Ruby";
     fullName = "Ruby License";
@@ -1333,6 +1305,11 @@ lib.mapAttrs mkLicense ({
     fullName = "zlib License";
   };
 
+  zsh = {
+    url = "https://github.com/zsh-users/zsh/blob/master/LICENCE";
+    fullName = "Zsh License";
+  };
+
   zpl20 = {
     spdxId = "ZPL-2.0";
     fullName = "Zope Public License 2.0";

lib/meta.nix

@@ -7,7 +7,6 @@
 
 let
   inherit (lib) matchAttrs any all isDerivation getBin assertMsg;
-  inherit (lib.attrsets) mapAttrs' filterAttrs;
   inherit (builtins) isString match typeOf;
 
 in
@@ -133,17 +132,12 @@ rec {
   mapDerivationAttrset = f: set: lib.mapAttrs (name: pkg: if lib.isDerivation pkg then (f pkg) else pkg) set;
 
   /**
-    The default priority of packages in Nix. See `defaultPriority` in [`src/nix/profile.cc`](https://github.com/NixOS/nix/blob/master/src/nix/profile.cc#L47).
-   */
-  defaultPriority = 5;
-
-  /**
-    Set the nix-env priority of the package. Note that higher values are lower priority, and vice versa.
+    Set the nix-env priority of the package.
 
     # Inputs
 
     `priority`
-    : 1\. The priority to set.
+    : 1\. Function argument
 
     `drv`
     : 2\. Function argument
@@ -164,7 +158,8 @@ rec {
   lowPrio = setPrio 10;
 
   /**
-    Apply lowPrio to an attrset with derivations.
+    Apply lowPrio to an attrset with derivations
+
 
     # Inputs
 
@@ -188,7 +183,8 @@ rec {
   hiPrio = setPrio (-10);
 
   /**
-    Apply hiPrio to an attrset with derivations.
+    Apply hiPrio to an attrset with derivations
+
 
     # Inputs
 
@@ -290,39 +286,11 @@ rec {
     ((!pkg?meta.platforms) || any (platformMatch platform) pkg.meta.platforms) &&
     all (elem: !platformMatch platform elem) (pkg.meta.badPlatforms or []);
 
-  /**
-    Mapping of SPDX ID to the attributes in lib.licenses.
-
-    For SPDX IDs, see https://spdx.org/licenses.
-    Note that some SPDX licenses might be missing.
-
-    # Examples
-    :::{.example}
-    ## `lib.meta.licensesSpdx` usage example
-
-    ```nix
-    lib.licensesSpdx.MIT == lib.licenses.mit
-    => true
-    lib.licensesSpdx."MY LICENSE"
-    => error: attribute 'MY LICENSE' missing
-    ```
-
-    :::
-  */
-  licensesSpdx =
-    mapAttrs'
-    (_key: license: {
-      name = license.spdxId;
-      value = license;
-    })
-    (filterAttrs (_key: license: license ? spdxId) lib.licenses);
-
   /**
     Get the corresponding attribute in lib.licenses from the SPDX ID
     or warn and fallback to `{ shortName = <license string>; }`.
 
-    For SPDX IDs, see https://spdx.org/licenses.
-    Note that some SPDX licenses might be missing.
+    For SPDX IDs, see https://spdx.org/licenses
 
     # Type
 
@@ -357,8 +325,7 @@ rec {
     Get the corresponding attribute in lib.licenses from the SPDX ID
     or fallback to the given default value.
 
-    For SPDX IDs, see https://spdx.org/licenses.
-    Note that some SPDX licenses might be missing.
+    For SPDX IDs, see https://spdx.org/licenses
 
     # Inputs
 
@@ -394,12 +361,10 @@ rec {
   */
   getLicenseFromSpdxIdOr =
     let
-      lowercaseLicenses = lib.mapAttrs' (name: value: {
-        name = lib.toLower name;
-        inherit value;
-      }) licensesSpdx;
+      spdxLicenses = lib.mapAttrs (id: ls: assert lib.length ls == 1; builtins.head ls)
+        (lib.groupBy (l: lib.toLower l.spdxId) (lib.filter (l: l ? spdxId) (lib.attrValues lib.licenses)));
     in licstr: default:
-      lowercaseLicenses.${ lib.toLower licstr } or default;
+      spdxLicenses.${ lib.toLower licstr } or default;
 
   /**
     Get the path to the main program of a package based on meta.mainProgram

lib/modules.nix

@@ -861,7 +861,7 @@ let
       else
         # (nixos-option detects this specific error message and gives it special
         # handling.  If changed here, please change it there too.)
-        throw "The option `${showOption loc}' was accessed but has no value defined. Try setting the option.";
+        throw "The option `${showOption loc}' is used but not defined.";
 
     isDefined = defsFinal != [];
 
@@ -1366,58 +1366,6 @@ let
       ]);
     };
 
-  /**
-    `importApply file arg :: Path -> a -> Module`,  where `import file :: a -> Module`
-
-    `importApply` imports a Nix expression file much like the module system would,
-    after passing an extra positional argument to the function in the file.
-
-    This function should be used when declaring a module in a file that refers to
-    values from a different scope, such as that in a flake.
-
-    It solves the problems of alternative solutions:
-
-    - While `importApply file arg` is _mostly_ equivalent to
-      `import file arg`, the latter returns a module without a location,
-      as `import` only returns the contained expression. This leads to worse
-      error messages.
-
-    - Using `specialArgs` to provide arguments to all modules. This effectively
-      creates an incomplete module, and requires the user of the module to
-      manually pass the `specialArgs` to the configuration, which is error-prone,
-      verbose, and unnecessary.
-
-    The nix file must contain a function that returns a module.
-    A module may itself be a function, so the file is often a function with two
-    positional arguments instead of one. See the example below.
-
-    This function does not add support for deduplication and `disabledModules`,
-    although that could be achieved by wrapping the returned module and setting
-    the `_key` module attribute.
-    The reason for this omission is that the file path is not guaranteed to be
-    a unique identifier for the module, as two instances of the module may
-    reference different `arg`s in their closures.
-
-    Example
-
-        # lib.nix
-        imports = [
-          (lib.modules.importApply ./module.nix { bar = bar; })
-        ];
-
-        # module.nix
-        { bar }:
-        { lib, config, ... }:
-        {
-          options = ...;
-          config = ... bar ...;
-        }
-
-  */
-  importApply =
-    modulePath: staticArg:
-      lib.setDefaultModuleLocation modulePath (import modulePath staticArg);
-
   /* Use this function to import a JSON file as NixOS configuration.
 
      modules.importJSON :: path -> attrs
@@ -1467,7 +1415,6 @@ private //
     filterOverrides'
     fixMergeModules
     fixupOptionType  # should be private?
-    importApply
     importJSON
     importTOML
     mergeDefinitions

lib/options.nix

@@ -246,7 +246,7 @@ rec {
   mergeDefaultOption = loc: defs:
     let list = getValues defs; in
     if length list == 1 then head list
-    else if all isFunction list then x: mergeDefaultOption loc (map (f: f x) list)
+    else if all isFunction list then x: mergeDefaultOption loc (map (def: def // { value = def.value x; }) defs)
     else if all isList list then concatLists list
     else if all isAttrs list then foldl' lib.mergeAttrs {} list
     else if all isBool list then foldl' lib.or false list

lib/strings.nix

@@ -408,6 +408,7 @@ rec {
       start ? false,
       end ? false,
     }:
+    s:
     let
       # Define our own whitespace character class instead of using
       # `[:space:]`, which is not well-defined.
@@ -424,14 +425,12 @@ rec {
           "(.*[^${chars}])[${chars}]*"
         else
           "(.*)";
-    in
-    s:
-    let
+
       # If the string was empty or entirely whitespace,
       # then the regex may not match and `res` will be `null`.
       res = match regex s;
     in
-    optionalString (res != null) (head res);
+      optionalString (res != null) (head res);
 
   /**
     Construct a Unix-style, colon-separated search path consisting of
@@ -1027,8 +1026,7 @@ rec {
     replaceStrings (builtins.attrNames toEscape) (lib.mapAttrsToList (_: c: "%${fixedWidthString 2 "0" (lib.toHexString c)}") toEscape);
 
   /**
-    Quote `string` to be used safely within the Bourne shell if it has any
-    special characters.
+    Quote `string` to be used safely within the Bourne shell.
 
 
     # Inputs
@@ -1053,17 +1051,10 @@ rec {
 
     :::
   */
-  escapeShellArg = arg:
-    let
-      string = toString arg;
-    in
-      if match "[[:alnum:],._+:@%/-]+" string == null
-      then "'${replaceStrings ["'"] ["'\\''"] string}'"
-      else string;
+  escapeShellArg = arg: "'${replaceStrings ["'"] ["'\\''"] (toString arg)}'";
 
   /**
-    Quote all arguments that have special characters to be safely passed to the
-    Bourne shell.
+    Quote all arguments to be safely passed to the Bourne shell.
 
     # Inputs
 
@@ -1082,7 +1073,7 @@ rec {
 
     ```nix
     escapeShellArgs ["one" "two three" "four'five"]
-    => "one 'two three' 'four'\\''five'"
+    => "'one' 'two three' 'four'\\''five'"
     ```
 
     :::

lib/systems/default.nix

@@ -179,7 +179,7 @@ let
       hasSharedLibraries = with final;
         (isAndroid || isGnu || isMusl                                  # Linux (allows multiple libcs)
          || isDarwin || isSunOS || isOpenBSD || isFreeBSD || isNetBSD  # BSDs
-         || isCygwin || isMinGW || isWindows                           # Windows
+         || isCygwin || isMinGW                                        # Windows
          || isWasm                                                     # WASM
         ) && !isStatic;
 
@@ -257,22 +257,6 @@ let
         if final.isMacOS then "MACOSX_DEPLOYMENT_TARGET"
         else if final.isiOS then "IPHONEOS_DEPLOYMENT_TARGET"
         else null;
-
-      # Remove before 25.05
-      androidSdkVersion =
-        if (args ? sdkVer && !args ? androidSdkVersion) then
-          throw "For android `sdkVer` has been renamed to `androidSdkVersion`"
-        else if (args ? androidSdkVersion) then
-          args.androidSdkVersion
-        else
-          null;
-      androidNdkVersion =
-        if (args ? ndkVer && !args ? androidNdkVersion) then
-          throw "For android `ndkVer` has been renamed to `androidNdkVersion`"
-        else if (args ? androidSdkVersion) then
-          args.androidNdkVersion
-        else
-          null;
     } // (
       let
         selectEmulator = pkgs:
@@ -298,11 +282,8 @@ let
             };
             wine = (pkgs.winePackagesFor "wine${toString final.parsed.cpu.bits}").minimal;
           in
-          # Note: we guarantee that the return value is either `null` or a path
-          # to an emulator program. That is, if an emulator requires additional
-          # arguments, a wrapper should be used.
           if pkgs.stdenv.hostPlatform.canExecute final
-          then "${pkgs.execline}/bin/exec"
+          then "${pkgs.runtimeShell} -c '\"$@\"' --"
           else if final.isWindows
           then "${wine}/bin/wine${optionalString (final.parsed.cpu.bits == 64) "64"}"
           else if final.isLinux && pkgs.stdenv.hostPlatform.isLinux && final.qemuArch != null
@@ -379,7 +360,6 @@ let
               "armv7l" = "armv7";
               "armv6l" = "arm";
               "armv5tel" = "armv5te";
-              "riscv32" = "riscv32gc";
               "riscv64" = "riscv64gc";
             }.${cpu.name} or cpu.name;
             vendor_ = final.rust.platform.vendor;

lib/systems/doubles.nix

@@ -69,7 +69,6 @@ in {
 
   arm           = filterDoubles predicates.isAarch32;
   armv7         = filterDoubles predicates.isArmv7;
-  aarch         = filterDoubles predicates.isAarch;
   aarch64       = filterDoubles predicates.isAarch64;
   x86           = filterDoubles predicates.isx86;
   i686          = filterDoubles predicates.isi686;
@@ -115,4 +114,6 @@ in {
   genode        = filterDoubles predicates.isGenode;
 
   embedded      = filterDoubles predicates.isNone;
+
+  mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "armv7a-linux" "aarch64-linux" "powerpc64-linux" "powerpc64le-linux" "aarch64-darwin" "riscv64-linux"];
 }

lib/systems/examples.nix

@@ -60,23 +60,23 @@ rec {
   armv7a-android-prebuilt = {
     config = "armv7a-unknown-linux-androideabi";
     rust.rustcTarget = "armv7-linux-androideabi";
-    androidSdkVersion = "33";
-    androidNdkVersion = "26";
+    sdkVer = "33";
+    ndkVer = "26";
     useAndroidPrebuilt = true;
   } // platforms.armv7a-android;
 
   aarch64-android-prebuilt = {
     config = "aarch64-unknown-linux-android";
     rust.rustcTarget = "aarch64-linux-android";
-    androidSdkVersion = "33";
-    androidNdkVersion = "26";
+    sdkVer = "33";
+    ndkVer = "26";
     useAndroidPrebuilt = true;
   };
 
   aarch64-android = {
     config = "aarch64-unknown-linux-android";
-    androidSdkVersion = "33";
-    androidNdkVersion = "26";
+    sdkVer = "33";
+    ndkVer = "26";
     libc = "bionic";
     useAndroidPrebuilt = false;
     useLLVM = true;

lib/systems/platforms.nix

@@ -201,9 +201,8 @@ rec {
       target = "zImage";
     };
     gcc = {
-      # https://en.wikipedia.org/wiki/Raspberry_Pi#Specifications
-      arch = "armv6kz";
-      fpu = "vfpv2";
+      arch = "armv6";
+      fpu = "vfp";
     };
   };
 

lib/tests/fetchers.nix

@@ -1,165 +0,0 @@
-let
-  lib = import ./..;
-
-  inherit (lib)
-    fakeHash
-    fakeSha256
-    fakeSha512
-    flip
-    functionArgs
-    runTests
-    ;
-  inherit (lib.fetchers) normalizeHash withNormalizedHash;
-
-  testingThrow = expr: {
-    expr = with builtins; tryEval (seq expr "didn't throw");
-    expected = {
-      success = false;
-      value = false;
-    };
-  };
-
-  # hashes of empty
-  sri256 = "sha256-d6xi4mKdjkX2JFicDIv5niSzpyI0m/Hnm8GGAIU04kY=";
-  sri512 = "sha512-AXFyVo7jiZ5we10fxZ5E9qfPjSfqkizY2apCzORKFVYZaNhCIVbooY+J4cYST00ztLf0EjivIBPPdtIYFUMfzQ==";
-
-  unionOfDisjoints = lib.foldl lib.attrsets.unionOfDisjoint { };
-
-  genTests = n: f: {
-    "test${n}AlreadyNormalized" = {
-      expr = f { } {
-        outputHash = "";
-        outputHashAlgo = "md42";
-      };
-      expected = {
-        outputHash = "";
-        outputHashAlgo = "md42";
-      };
-    };
-
-    "test${n}EmptySha256" = {
-      expr = f { } { sha256 = ""; };
-      expected = {
-        outputHash = fakeSha256;
-        outputHashAlgo = "sha256";
-      };
-    };
-
-    "test${n}EmptySha512" = {
-      expr = f { hashTypes = [ "sha512" ]; } { sha512 = ""; };
-      expected = {
-        outputHash = fakeSha512;
-        outputHashAlgo = "sha512";
-      };
-    };
-
-    "test${n}EmptyHash" = {
-      expr = f { } { hash = ""; };
-      expected = {
-        outputHash = fakeHash;
-        outputHashAlgo = null;
-      };
-    };
-
-    "test${n}Sri256" = {
-      expr = f { } { hash = sri256; };
-      expected = {
-        outputHash = sri256;
-        outputHashAlgo = null;
-      };
-    };
-
-    "test${n}Sri512" = {
-      expr = f { } { hash = sri512; };
-      expected = {
-        outputHash = sri512;
-        outputHashAlgo = null;
-      };
-    };
-
-    "test${n}PreservesAttrs" = {
-      expr = f { } {
-        hash = "aaaa";
-        destination = "Earth";
-      };
-      expected = {
-        outputHash = "aaaa";
-        outputHashAlgo = null;
-        destination = "Earth";
-      };
-    };
-
-    "test${n}RejectsSha1ByDefault" = testingThrow (f { } { sha1 = ""; });
-    "test${n}RejectsSha512ByDefault" = testingThrow (f { } { sha512 = ""; });
-
-    "test${n}ThrowsOnMissing" = testingThrow (f { } { gibi = false; });
-  };
-in
-runTests (unionOfDisjoints [
-  (genTests "NormalizeHash" normalizeHash)
-  (genTests "WithNormalized" (
-    flip withNormalizedHash ({ outputHash, outputHashAlgo, ... }@args: args)
-  ))
-  {
-    testNormalizeNotRequiredEquivalent = {
-      expr = normalizeHash { required = false; } {
-        hash = "";
-        prof = "shadoko";
-      };
-      expected = normalizeHash { } {
-        hash = "";
-        prof = "shadoko";
-      };
-    };
-
-    testNormalizeNotRequiredPassthru = {
-      expr = normalizeHash { required = false; } { "ga bu" = "zo meu"; };
-      expected."ga bu" = "zo meu";
-    };
-
-    testOptionalArg = {
-      expr = withNormalizedHash { } (
-        {
-          outputHash ? "",
-          outputHashAlgo ? null,
-          ...
-        }@args:
-        args
-      ) { author = "Jacques Rouxel"; };
-      expected.author = "Jacques Rouxel";
-    };
-
-    testOptionalArgMetadata = {
-      expr = functionArgs (
-        withNormalizedHash { } (
-          {
-            outputHash ? "",
-            outputHashAlgo ? null,
-          }:
-          { }
-        )
-      );
-      expected.hash = true;
-    };
-
-    testPreservesArgsMetadata = {
-      expr = functionArgs (
-        withNormalizedHash { } (
-          {
-            outputHash,
-            outputHashAlgo,
-            pumping ? true,
-          }:
-          { }
-        )
-      );
-      expected = {
-        hash = false;
-        pumping = true;
-      };
-    };
-
-    testRejectsMissingHashArg = testingThrow (withNormalizedHash { } ({ outputHashAlgo }: { }));
-    testRejectsMissingAlgoArg = testingThrow (withNormalizedHash { } ({ outputHash }: { }));
-  }
-])

lib/tests/misc.nix

@@ -45,7 +45,6 @@ let
     const
     escapeXML
     evalModules
-    extends
     filter
     fix
     fold
@@ -103,7 +102,6 @@ let
     take
     testAllTrue
     toBaseDigits
-    toExtension
     toHexString
     fromHexString
     toInt
@@ -235,6 +233,11 @@ runTests {
     ];
   };
 
+  testFix = {
+    expr = fix (x: {a = if x ? a then "a" else "b";});
+    expected = {a = "a";};
+  };
+
   testComposeExtensions = {
     expr = let obj = makeExtensible (self: { foo = self.bar; });
                f = self: super: { bar = false; baz = true; };
@@ -467,26 +470,6 @@ runTests {
     expected = [ "A" "B" ];
   };
 
-  testEscapeShellArg = {
-    expr = strings.escapeShellArg "esc'ape\nme";
-    expected = "'esc'\\''ape\nme'";
-  };
-
-  testEscapeShellArgEmpty = {
-    expr = strings.escapeShellArg "";
-    expected = "''";
-  };
-
-  testEscapeShellArgs = {
-    expr = strings.escapeShellArgs ["one" "two three" "four'five"];
-    expected = "one 'two three' 'four'\\''five'";
-  };
-
-  testEscapeShellArgsUnicode = {
-    expr = strings.escapeShellArg "á";
-    expected = "'á'";
-  };
-
   testSplitStringsDerivation = {
     expr = take 3  (strings.splitString "/" (derivation {
       name = "name";
@@ -586,12 +569,12 @@ runTests {
     '';
     expected = ''
       STRing01='just a '\'''string'\''''
-      declare -a _array_=(with 'more strings')
+      declare -a _array_=('with' 'more strings')
       declare -A assoc=(['with some']='strings
       possibly newlines
       ')
-      drv=/drv
-      path=/path
+      drv='/drv'
+      path='/path'
       stringable='hello toString'
     '';
   };
@@ -1234,28 +1217,6 @@ runTests {
     attrsToList { someFunc= a: a + 1;}
   );
 
-# FIXED-POINTS
-
-  testFix = {
-    expr = fix (x: {a = if x ? a then "a" else "b";});
-    expected = {a = "a";};
-  };
-
-  testToExtension = {
-    expr = [
-      (fix (final: { a = 0; c = final.a; }))
-      (fix (extends (toExtension { a = 1; b = 2; }) (final: { a = 0; c = final.a; })))
-      (fix (extends (toExtension (prev: { a = 1; b = prev.a; })) (final: { a = 0; c = final.a; })))
-      (fix (extends (toExtension (final: prev: { a = 1; b = prev.a; c = final.a + 1; })) (final: { a = 0; c = final.a; })))
-    ];
-    expected = [
-      { a = 0; c = 0; }
-      { a = 1; b = 2; c = 1; }
-      { a = 1; b = 0; c = 1; }
-      { a = 1; b = 0; c = 2; }
-    ];
-  };
-
 # GENERATORS
 # these tests assume attributes are converted to lists
 # in alphabetical order
@@ -1793,7 +1754,7 @@ runTests {
       verbose = true;
     };
 
-    expected = "-X PUT --data '{\"id\":0}' --retry 3 --url https://example.com/foo --url https://example.com/bar --verbose";
+    expected = "'-X' 'PUT' '--data' '{\"id\":0}' '--retry' '3' '--url' 'https://example.com/foo' '--url' 'https://example.com/bar' '--verbose'";
   };
 
   testSanitizeDerivationNameLeadingDots = testSanitizeDerivationName {

lib/tests/modules.sh

@@ -13,44 +13,13 @@ set -o errexit -o noclobber -o nounset -o pipefail
 shopt -s failglob inherit_errexit
 
 # https://stackoverflow.com/a/246128/6605742
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 
 cd "$DIR"/modules
 
 pass=0
 fail=0
 
-# loc
-#   prints the location of the call of to the function that calls it
-# loc n
-#   prints the location n levels up the call stack
-loc() {
-    local caller depth
-    depth=1
-    if [[ $# -gt 0 ]]; then
-        depth=$1
-    fi
-    # ( lineno fnname file ) of the caller
-    caller=( $(caller $depth) )
-    echo "${caller[2]}:${caller[0]}"
-}
-
-line() {
-    echo "----------------------------------------"
-}
-logStartFailure() {
-    line
-}
-logEndFailure() {
-    line
-    echo
-}
-
-logFailure() {
-    # bold red
-    printf '\033[1;31mTEST FAILED\033[0m at %s\n' "$(loc 2)"
-}
-
 evalConfig() {
     local attr=$1
     shift
@@ -62,7 +31,7 @@ reportFailure() {
     local attr=$1
     shift
     local script="import ./default.nix { modules = [ $* ];}"
-    echo "$ nix-instantiate -E '$script' -A '$attr' --eval-only --json"
+    echo 2>&1 "$ nix-instantiate -E '$script' -A '$attr' --eval-only --json"
     evalConfig "$attr" "$@" || true
     ((++fail))
 }
@@ -73,12 +42,8 @@ checkConfigOutput() {
     if evalConfig "$@" 2>/dev/null | grep -E --silent "$outputContains" ; then
         ((++pass))
     else
-        logStartFailure
-        echo "ACTUAL:"
+        echo 2>&1 "error: Expected result matching '$outputContains', while evaluating"
         reportFailure "$@"
-        echo "EXPECTED: result matching '$outputContains'"
-        logFailure
-        logEndFailure
     fi
 }
 
@@ -87,22 +52,14 @@ checkConfigError() {
     local err=""
     shift
     if err="$(evalConfig "$@" 2>&1 >/dev/null)"; then
-        logStartFailure
-        echo "ACTUAL: exit code 0, output:"
+        echo 2>&1 "error: Expected error code, got exit code 0, while evaluating"
         reportFailure "$@"
-        echo "EXPECTED: non-zero exit code"
-        logFailure
-        logEndFailure
     else
         if echo "$err" | grep -zP --silent "$errorContains" ; then
             ((++pass))
         else
-            logStartFailure
-            echo "ACTUAL:"
+            echo 2>&1 "error: Expected error matching '$errorContains', while evaluating"
             reportFailure "$@"
-            echo "EXPECTED: error matching '$errorContains'"
-            logFailure
-            logEndFailure
         fi
     fi
 }
@@ -247,14 +204,6 @@ checkConfigOutput '^true$' "$@" ./define-enable.nix ./define-attrsOfSub-if-foo-e
 checkConfigOutput '^true$' "$@" ./define-enable.nix ./define-attrsOfSub-foo-if-enable.nix
 checkConfigOutput '^true$' "$@" ./define-enable.nix ./define-attrsOfSub-foo-enable-if.nix
 
-# Check importApply
-checkConfigOutput '"abc"' config.value ./importApply.nix
-# importApply does not set a key.
-# Disabling the function file is not sufficient, because importApply can't reasonably assume that the key is unique.
-# e.g. user may call it multiple times with different arguments and expect each of the module to apply.
-# While this is excusable for the disabledModules aspect, it is not for the deduplication of modules.
-checkConfigOutput '"abc"' config.value ./importApply-disabling.nix
-
 # Check disabledModules with config definitions and option declarations.
 set -- config.enable ./define-enable.nix ./declare-enable.nix
 checkConfigOutput '^true$' "$@"
@@ -294,9 +243,6 @@ checkConfigOutput '^"42"$' config.value ./declare-coerced-value.nix
 checkConfigOutput '^"24"$' config.value ./declare-coerced-value.nix ./define-value-string.nix
 checkConfigError 'A definition for option .* is not.*string or signed integer convertible to it.*. Definition values:\n\s*- In .*: \[ \]' config.value ./declare-coerced-value.nix ./define-value-list.nix
 
-# Check coerced option merging.
-checkConfigError 'The option .value. in .*/declare-coerced-value.nix. is already declared in .*/declare-coerced-value-no-default.nix.' config.value ./declare-coerced-value.nix ./declare-coerced-value-no-default.nix
-
 # Check coerced value with unsound coercion
 checkConfigOutput '^12$' config.value ./declare-coerced-value-unsound.nix
 checkConfigError 'A definition for option .* is not of type .*. Definition values:\n\s*- In .*: "1000"' config.value ./declare-coerced-value-unsound.nix ./define-value-string-bigint.nix
@@ -315,7 +261,7 @@ checkConfigOutput '^".*Hello.*"$' options.namedPackage.description ./declare-mkP
 checkConfigOutput '^"hello"$' config.pathPackage.pname ./declare-mkPackageOption.nix
 checkConfigOutput '^"pkgs\.hello\.override \{ stdenv = pkgs\.clangStdenv; \}"$' options.packageWithExample.example.text ./declare-mkPackageOption.nix
 checkConfigOutput '^".*Example extra description\..*"$' options.packageWithExtraDescription.description ./declare-mkPackageOption.nix
-checkConfigError 'The option .undefinedPackage. was accessed but has no value defined. Try setting the option.' config.undefinedPackage ./declare-mkPackageOption.nix
+checkConfigError 'The option .undefinedPackage. is used but not defined' config.undefinedPackage ./declare-mkPackageOption.nix
 checkConfigOutput '^null$' config.nullablePackage ./declare-mkPackageOption.nix
 checkConfigOutput '^"null or package"$' options.nullablePackageWithDefault.type.description ./declare-mkPackageOption.nix
 checkConfigOutput '^"myPkgs\.hello"$' options.packageWithPkgsText.defaultText.text ./declare-mkPackageOption.nix
@@ -413,7 +359,7 @@ checkConfigOutput '^null$' config.foo ./freeform-attrsOf.nix ./freeform-str-dep-
 checkConfigOutput '^"24"$' config.foo ./freeform-attrsOf.nix ./freeform-str-dep-unstr.nix ./define-value-string.nix
 # Check whether an freeform-typed value can depend on a declared option, this can only work with lazyAttrsOf
 checkConfigError 'infinite recursion encountered' config.foo ./freeform-attrsOf.nix ./freeform-unstr-dep-str.nix
-checkConfigError 'The option .* was accessed but has no value defined. Try setting the option.' config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix
+checkConfigError 'The option .* is used but not defined' config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix
 checkConfigOutput '^"24"$' config.foo ./freeform-lazyAttrsOf.nix ./freeform-unstr-dep-str.nix ./define-value-string.nix
 # submodules in freeformTypes should have their locations annotated
 checkConfigOutput '/freeform-submodules.nix"$' config.fooDeclarations.0 ./freeform-submodules.nix
@@ -429,8 +375,8 @@ checkConfigOutput '^null$' config.value.l1.l2.foo ./types-anything/nested-attrs.
 checkConfigOutput '^null$' config.value.l1.l2.l3.foo ./types-anything/nested-attrs.nix
 # Attribute sets that are coercible to strings shouldn't be recursed into
 checkConfigOutput '^"foo"$' config.value.outPath ./types-anything/attrs-coercible.nix
-# Multiple lists aren't concatenated together if their definitions are not equal
-checkConfigError 'The option .* has conflicting definition values' config.value ./types-anything/lists.nix
+# Multiple lists aren't concatenated together
+checkConfigError 'The option .* has conflicting definitions' config.value ./types-anything/lists.nix
 # Check that all equalizable atoms can be used as long as all definitions are equal
 checkConfigOutput '^0$' config.value.int ./types-anything/equal-atoms.nix
 checkConfigOutput '^false$' config.value.bool ./types-anything/equal-atoms.nix
@@ -438,7 +384,6 @@ checkConfigOutput '^""$' config.value.string ./types-anything/equal-atoms.nix
 checkConfigOutput '^"/[^"]+"$' config.value.path ./types-anything/equal-atoms.nix
 checkConfigOutput '^null$' config.value.null ./types-anything/equal-atoms.nix
 checkConfigOutput '^0.1$' config.value.float ./types-anything/equal-atoms.nix
-checkConfigOutput '^\[1,"a",{"x":null}\]$' config.value.list ./types-anything/equal-atoms.nix
 # Functions can't be merged together
 checkConfigError "The option .value.multiple-lambdas.<function body>. has conflicting option types" config.applied.multiple-lambdas ./types-anything/functions.nix
 checkConfigOutput '^true$' config.valueIsFunction.single-lambda ./types-anything/functions.nix
@@ -473,8 +418,8 @@ checkConfigOutput "{}" config.attrs.a ./emptyValues.nix
 checkConfigOutput "null" config.null.a ./emptyValues.nix
 checkConfigOutput "{}" config.submodule.a ./emptyValues.nix
 # These types don't have empty values
-checkConfigError 'The option .int.a. was accessed but has no value defined. Try setting the option.' config.int.a ./emptyValues.nix
-checkConfigError 'The option .nonEmptyList.a. was accessed but has no value defined. Try setting the option.' config.nonEmptyList.a ./emptyValues.nix
+checkConfigError 'The option .int.a. is used but not defined' config.int.a ./emptyValues.nix
+checkConfigError 'The option .nonEmptyList.a. is used but not defined' config.nonEmptyList.a ./emptyValues.nix
 
 # types.unique
 #   requires a single definition
@@ -554,21 +499,21 @@ checkConfigOutput '^"pear\\npear"$' config.twice.raw ./merge-module-with-key.nix
 
 # Declaration positions
 # Line should be present for direct options
-checkConfigOutput '^14$' options.imported.line14.declarationPositions.0.line ./declaration-positions.nix
-checkConfigOutput '/declaration-positions.nix"$' options.imported.line14.declarationPositions.0.file ./declaration-positions.nix
+checkConfigOutput '^10$' options.imported.line10.declarationPositions.0.line ./declaration-positions.nix
+checkConfigOutput '/declaration-positions.nix"$' options.imported.line10.declarationPositions.0.file ./declaration-positions.nix
 # Generated options may not have line numbers but they will at least get the
 # right file
-checkConfigOutput '/declaration-positions.nix"$' options.generated.line22.declarationPositions.0.file ./declaration-positions.nix
-checkConfigOutput '^null$' options.generated.line22.declarationPositions.0.line ./declaration-positions.nix
+checkConfigOutput '/declaration-positions.nix"$' options.generated.line18.declarationPositions.0.file ./declaration-positions.nix
+checkConfigOutput '^null$' options.generated.line18.declarationPositions.0.line ./declaration-positions.nix
 # Submodules don't break it
-checkConfigOutput '^45$' config.submoduleLine38.submodDeclLine45.0.line ./declaration-positions.nix
-checkConfigOutput '/declaration-positions.nix"$' config.submoduleLine38.submodDeclLine45.0.file ./declaration-positions.nix
+checkConfigOutput '^39$' config.submoduleLine34.submodDeclLine39.0.line ./declaration-positions.nix
+checkConfigOutput '/declaration-positions.nix"$' config.submoduleLine34.submodDeclLine39.0.file ./declaration-positions.nix
 # New options under freeform submodules get collected into the parent submodule
 # (consistent with .declarations behaviour, but weird; notably appears in system.build)
-checkConfigOutput '^38|27$' options.submoduleLine38.declarationPositions.0.line ./declaration-positions.nix
-checkConfigOutput '^38|27$' options.submoduleLine38.declarationPositions.1.line ./declaration-positions.nix
+checkConfigOutput '^34|23$' options.submoduleLine34.declarationPositions.0.line ./declaration-positions.nix
+checkConfigOutput '^34|23$' options.submoduleLine34.declarationPositions.1.line ./declaration-positions.nix
 # nested options work
-checkConfigOutput '^34$' options.nested.nestedLine34.declarationPositions.0.line ./declaration-positions.nix
+checkConfigOutput '^30$' options.nested.nestedLine30.declarationPositions.0.line ./declaration-positions.nix
 
 cat <<EOF
 ====== module tests ======

lib/tests/modules/declaration-positions.nix

@@ -1,17 +1,13 @@
 { lib, options, ... }:
-let
-  discardPositions = lib.mapAttrs (k: v: v);
+let discardPositions = lib.mapAttrs (k: v: v);
 in
 # unsafeGetAttrPos is unspecified best-effort behavior, so we only want to consider this test on an evaluator that satisfies some basic assumptions about this function.
 assert builtins.unsafeGetAttrPos "a" { a = true; } != null;
-assert
-  builtins.unsafeGetAttrPos "a" (discardPositions {
-    a = true;
-  }) == null;
+assert builtins.unsafeGetAttrPos "a" (discardPositions { a = true; }) == null;
 {
   imports = [
     {
-      options.imported.line14 = lib.mkOption {
+      options.imported.line10 = lib.mkOption {
         type = lib.types.int;
       };
 
@@ -19,39 +15,35 @@ assert
       # programs.firefox.nativeMessagingHosts.ff2mpv. We don't expect to get
       # line numbers for these, but we can fall back on knowing the file.
       options.generated = discardPositions {
-        line22 = lib.mkOption {
+        line18 = lib.mkOption {
           type = lib.types.int;
         };
       };
 
-      options.submoduleLine38.extraOptLine27 = lib.mkOption {
+      options.submoduleLine34.extraOptLine23 = lib.mkOption {
         default = 1;
         type = lib.types.int;
       };
     }
   ];
 
-  options.nested.nestedLine34 = lib.mkOption {
+  options.nested.nestedLine30 = lib.mkOption {
     type = lib.types.int;
   };
 
-  options.submoduleLine38 = lib.mkOption {
+  options.submoduleLine34 = lib.mkOption {
     default = { };
     type = lib.types.submoduleWith {
       modules = [
-        (
-          { options, ... }:
-          {
-            options.submodDeclLine45 = lib.mkOption { };
-          }
-        )
+        ({ options, ... }: {
+          options.submodDeclLine39 = lib.mkOption { };
+        })
         { freeformType = with lib.types; lazyAttrsOf (uniq unspecified); }
       ];
     };
   };
 
   config = {
-    submoduleLine38.submodDeclLine45 =
-      (options.submoduleLine38.type.getSubOptions [ ]).submodDeclLine45.declarationPositions;
+    submoduleLine34.submodDeclLine39 = (options.submoduleLine34.type.getSubOptions [ ]).submodDeclLine39.declarationPositions;
   };
 }

lib/tests/modules/declare-coerced-value-no-default.nix

@@ -1,9 +0,0 @@
-{ lib, ... }:
-
-{
-  options = {
-    value = lib.mkOption {
-      type = lib.types.coercedTo lib.types.int builtins.toString lib.types.str;
-    };
-  };
-}

lib/tests/modules/importApply-disabling.nix

@@ -1,4 +0,0 @@
-{
-  imports = [ ./importApply.nix ];
-  disabledModules = [ ./importApply-function.nix ];
-}

lib/tests/modules/importApply-function.nix

@@ -1,5 +0,0 @@
-{ foo }:
-{ lib, config, ... }:
-{
-  value = foo;
-}

lib/tests/modules/importApply.nix

@@ -1,5 +0,0 @@
-{ lib, ... }:
-{
-  options.value = lib.mkOption { default = 1; };
-  imports = [ (lib.modules.importApply ./importApply-function.nix { foo = "abc"; }) ];
-}

lib/tests/modules/types-anything/equal-atoms.nix

@@ -12,7 +12,6 @@
       value.path = ./.;
       value.null = null;
       value.float = 0.1;
-      value.list = [1 "a" {x=null;}];
     }
     {
       value.int = 0;
@@ -21,7 +20,6 @@
       value.path = ./.;
       value.null = null;
       value.float = 0.1;
-      value.list = [1 "a" {x=null;}];
     }
   ];
 

lib/tests/modules/types-anything/lists.nix

@@ -6,10 +6,10 @@
 
   config = lib.mkMerge [
     {
-      value = [ "a value" ];
+      value = [ null ];
     }
     {
-      value = [ "another value" ];
+      value = [ null ];
     }
   ];
 

lib/tests/test-with-nix.nix

@@ -17,7 +17,6 @@
 pkgs.runCommand "nixpkgs-lib-tests-nix-${nix.version}" {
   buildInputs = [
     (import ./check-eval.nix)
-    (import ./fetchers.nix)
     (import ./maintainers.nix {
       inherit pkgs;
       lib = import ../.;
@@ -33,7 +32,7 @@ pkgs.runCommand "nixpkgs-lib-tests-nix-${nix.version}" {
   nativeBuildInputs = [
     nix
     pkgs.gitMinimal
-  ] ++ lib.optional pkgs.stdenv.hostPlatform.isLinux pkgs.inotify-tools;
+  ] ++ lib.optional pkgs.stdenv.isLinux pkgs.inotify-tools;
   strictDeps = true;
 } ''
   datadir="${nix}/share"

lib/types.nix

@@ -219,7 +219,7 @@ rec {
     else "(${t.description})";
 
   # When adding new types don't forget to document them in
-  # nixos/doc/manual/development/option-types.section.md!
+  # nixos/doc/manual/development/option-types.xml!
   types = rec {
 
     raw = mkOptionType {
@@ -253,6 +253,12 @@ rec {
           mergeFunction = {
             # Recursively merge attribute sets
             set = (attrsOf anything).merge;
+            # Safe and deterministic behavior for lists is to only accept one definition
+            # listOf only used to apply mkIf and co.
+            list =
+              if length defs > 1
+              then throw "The option `${showOption loc}' has conflicting definitions, in ${showFiles (getFiles defs)}."
+              else (listOf anything).merge;
             # This is the type of packages, only accept a single definition
             stringCoercibleSet = mergeOneOption;
             lambda = loc: defs: arg: anything.merge
@@ -1029,7 +1035,7 @@ rec {
         getSubOptions = finalType.getSubOptions;
         getSubModules = finalType.getSubModules;
         substSubModules = m: coercedTo coercedType coerceFunc (finalType.substSubModules m);
-        typeMerge = t: null;
+        typeMerge = t1: t2: null;
         functor = (defaultFunctor name) // { wrapped = finalType; };
         nestedTypes.coercedType = coercedType;
         nestedTypes.finalType = finalType;

maintainers/scripts/README.md

@@ -9,6 +9,10 @@ What follows is a (very incomplete) overview of available scripts.
 
 ## Metadata
 
+### `check-by-name.sh`
+
+An alias for `pkgs/test/check-by-name/run-local.sh`, see [documentation](../../pkgs/test/check-by-name/README.md).
+
 ### `get-maintainer.sh`
 
 `get-maintainer.sh [selector] value` returns a JSON object describing
@@ -56,16 +60,3 @@ The maintainer is designated by a `selector` which must be one of:
   see [`maintainer-list.nix`] for the fields' definition.
 
 [`maintainer-list.nix`]: ../maintainer-list.nix
-
-
-## Conventions
-
-### `sha-to-sri.py`
-
-`sha-to-sri.py path ...` (atomically) rewrites hash attributes (named `hash` or `sha(1|256|512)`)
-into the SRI format: `hash = "{hash name}-{base64 encoded value}"`.
-
-`path` must point to either a nix file, or a directory which will be automatically traversed.
-
-`sha-to-sri.py` automatically skips files whose first non-empty line contains `generated by` or `do not edit`.
-Moreover, when walking a directory tree, the script will skip files whose name is `yarn.nix` or contains `generated`.

maintainers/scripts/bootstrap-files/refresh-tarballs.bash

@@ -95,7 +95,6 @@ CROSS_TARGETS=(
     powerpc64-unknown-linux-gnuabielfv2
     powerpc64le-unknown-linux-gnu
     riscv64-unknown-linux-gnu
-    s390x-unknown-linux-gnu
     x86_64-unknown-freebsd
 )
 

maintainers/scripts/build.nix

@@ -12,27 +12,7 @@
 # nix-build build.nix --argstr maintainer <yourname> --argstr system aarch64-linux
 
 let
-  # This avoids a common situation for maintainers, where due to Git's behavior of not tracking
-  # directories, they have an empty directory somewhere in `pkgs/by-name`. Because that directory
-  # exists, `pkgs/top-level/by-name-overlay.nix` picks it up and attempts to read `package.nix` out
-  # of it... which doesn't exist, since it's empty.
-  #
-  # We don't want to run the code below on every instantiation of `nixpkgs`, as the `pkgs/by-name`
-  # eval machinery is quite performance sensitive. So we use the internals of the `by-name` overlay
-  # to implement our own way to avoid an evaluation failure for this script.
-  #
-  # See <https://github.com/NixOS/nixpkgs/issues/338227> for more motivation for this code block.
-  overlay = self: super: {
-    _internalCallByNamePackageFile =
-      file: if builtins.pathExists file then super._internalCallByNamePackageFile file else null;
-  };
-
-  nixpkgsArgs = removeAttrs args [ "maintainer" "overlays" ] // {
-    overlays = args.overlays or [] ++ [ overlay ];
-  };
-
-  pkgs = import ./../../default.nix nixpkgsArgs;
-
+  pkgs = import ./../../default.nix (removeAttrs args [ "maintainer" ]);
   maintainer_ = pkgs.lib.maintainers.${maintainer};
   packagesWith = cond: return: set:
     (pkgs.lib.flatten

maintainers/scripts/check-by-name.sh

@@ -1 +1 @@
-../../ci/nixpkgs-vet.sh
+../../pkgs/test/check-by-name/run-local.sh

maintainers/scripts/convert-to-import-cargo-lock/shell.nix

@@ -1,17 +1,5 @@
-{
-  pkgs ? import ../../.. { },
-}:
-let
-  inherit (pkgs) lib stdenv mkShell;
-in
+with import ../../../. { };
+
 mkShell {
-  packages =
-    with pkgs;
-    [
-      rustc
-      cargo
-      clippy
-      rustfmt
-    ]
-    ++ lib.optional stdenv.hostPlatform.isDarwin pkgs.libiconv;
+  packages = [ rustc cargo clippy rustfmt ] ++ lib.optional stdenv.isDarwin libiconv;
 }

maintainers/scripts/haskell/hydra-report.hs

@@ -1,6 +1,6 @@
 #! /usr/bin/env nix-shell
 #! nix-shell -p "haskellPackages.ghcWithPackages (p: [p.aeson p.req])"
-#! nix-shell -p hydra
+#! nix-shell -p hydra-unstable
 #! nix-shell -i runhaskell
 
 {-

maintainers/scripts/haskell/update-stackage.sh

@@ -63,7 +63,6 @@ sed -r \
     -e '/ language-nix /d' \
     -e '/ hackage-db /d' \
     -e '/ cabal-install /d' \
-    -e '/ cabal-install-solver /d' \
     -e '/ lsp /d' \
     -e '/ lsp-types /d' \
     -e '/ lsp-test /d' \

maintainers/scripts/kde/collect-missing-deps.py

@@ -73,9 +73,6 @@ OK_MISSING_BY_PACKAGE = {
     "kwin": {
         "display-info",  # newer versions identify as libdisplay-info
     },
-    "libksysguard": {
-        "Libcap",  # used to call setcap at build time and nothing else
-    },
     "mlt": {
         "Qt5",  # intentionally disabled
         "SWIG",
@@ -91,9 +88,6 @@ OK_MISSING_BY_PACKAGE = {
     "powerdevil": {
         "DDCUtil",  # cursed, intentionally disabled
     },
-    "print-manager": {
-        "PackageKitQt6",  # used for auto-installing drivers which does not work for obvious reasons
-    },
     "pulseaudio-qt": {
         "Qt6Qml",  # tests only
         "Qt6Quick",

maintainers/scripts/kde/generate-sources.py

@@ -16,7 +16,7 @@ import utils
 
 
 LEAF_TEMPLATE = jinja2.Template('''
-{ mkKdeDerivation }:
+{mkKdeDerivation}:
 mkKdeDerivation {
   pname = "{{ pname }}";
 }
@@ -25,7 +25,7 @@ mkKdeDerivation {
 ROOT_TEMPLATE = jinja2.Template('''
 {callPackage}: {
   {%- for p in packages %}
-  {{ p }} = callPackage ./{{ p }} { };
+  {{ p }} = callPackage ./{{ p }} {};
   {%- endfor %}
 }
 '''.strip());
@@ -75,7 +75,7 @@ def main(set: str, version: str, nixpkgs: pathlib.Path, sources_url: Optional[st
             "gear": "releases",
             "plasma": "plasma",
         }[set]
-        sources_url = f"https://kde.org/info/sources/source-{set_url}-{version}/"
+        sources_url = f"https://kde.org/info/sources/source-{set_url}-{version}.html"
 
     sources = httpx.get(sources_url)
     sources.raise_for_status()

maintainers/scripts/luarocks-packages.csv

@@ -45,7 +45,6 @@ lpeglabel,,,,1.6.0,,
 lrexlib-gnu,,,,,,
 lrexlib-pcre,,,,,,vyp
 lrexlib-posix,,,,,,
-lsp-progress.nvim,,,,,,gepbird
 lua-cjson,,,,,,
 lua-cmsgpack,,,,,,
 lua-curl,,,,,,
@@ -85,7 +84,6 @@ luarepl,,,,,,
 luarocks,,,,,,mrcjkb teto
 luarocks-build-rust-mlua,,,,,,mrcjkb
 luarocks-build-treesitter-parser,,,,,,mrcjkb
-luarocks-build-treesitter-parser-cpp,,,,,,mrcjkb
 luasec,,,,,,flosse
 luasnip,,,,,,
 luasocket,,,,,,
@@ -105,8 +103,6 @@ luv,,,,1.48.0-2,,
 lush.nvim,,,https://luarocks.org/dev,,,teto
 lyaml,,,,,,lblasc
 lz.n,,,,,,mrcjkb
-lze,,,,,,birdee
-lzn-auto-require,,,,,,mrcjkb
 magick,,,,,5.1,donovanglover
 markdown,,,,,,
 mediator_lua,,,,,,
@@ -114,7 +110,6 @@ middleclass,,,,,,
 mimetypes,,,,,,
 mpack,,,,,,
 moonscript,https://raw.githubusercontent.com/leafo/moonscript/master/moonscript-dev-1.rockspec,,,,,arobyn
-neorg,,,,,,GaetanLepage
 neotest,,,,,,mrcjkb
 nlua,,,,,,teto
 nui.nvim,,,,,,mrcjkb

maintainers/scripts/pluginupdate.py

@@ -791,11 +791,6 @@ def update_plugins(editor: Editor, args):
     All input arguments are grouped in the `Editor`."""
 
     log.info("Start updating plugins")
-    if args.proc > 1 and args.github_token == None:
-        log.warning("You have enabled parallel updates but haven't set a github token.\n"
-        "You may be hit with `HTTP Error 429: too many requests` as a consequence."
-        "Either set --proc=1 or --github-token=YOUR_TOKEN. ")
-
     fetch_config = FetchConfig(args.proc, args.github_token)
     update = editor.get_update(args.input_file, args.outfile, fetch_config)
 

maintainers/scripts/sha-to-sri.py

@@ -1,13 +1,13 @@
 #!/usr/bin/env nix-shell
 #! nix-shell -i "python3 -I" -p "python3.withPackages(p: with p; [ rich structlog ])"
 
-from abc import ABC, abstractmethod
+from abc import ABC, abstractclassmethod, abstractmethod
 from contextlib import contextmanager
 from pathlib import Path
 from structlog.contextvars import bound_contextvars as log_context
 from typing import ClassVar, List, Tuple
 
-import hashlib, logging, re, structlog
+import hashlib, re, structlog
 
 
 logger = structlog.getLogger("sha-to-SRI")
@@ -26,12 +26,11 @@ class Encoding(ABC):
         assert len(digest) == self.n
 
         from base64 import b64encode
-
         return f"{self.hashName}-{b64encode(digest).decode()}"
 
     @classmethod
-    def all(cls, h) -> "List[Encoding]":
-        return [c(h) for c in cls.__subclasses__()]
+    def all(cls, h) -> 'List[Encoding]':
+        return [ c(h) for c in cls.__subclasses__() ]
 
     def __init__(self, h):
         self.n = h.digest_size
@@ -39,56 +38,54 @@ class Encoding(ABC):
 
     @property
     @abstractmethod
-    def length(self) -> int: ...
+    def length(self) -> int:
+        ...
 
     @property
     def regex(self) -> str:
         return f"[{self.alphabet}]{{{self.length}}}"
 
     @abstractmethod
-    def decode(self, s: str) -> bytes: ...
+    def decode(self, s: str) -> bytes:
+        ...
 
 
 class Nix32(Encoding):
     alphabet = "0123456789abcdfghijklmnpqrsvwxyz"
-    inverted = {c: i for i, c in enumerate(alphabet)}
+    inverted  = { c: i for i, c in enumerate(alphabet) }
 
     @property
     def length(self):
         return 1 + (8 * self.n) // 5
-
     def decode(self, s: str):
         assert len(s) == self.length
-        out = bytearray(self.n)
+        out = [ 0 for _ in range(self.n) ]
+        # TODO: Do better than a list of byte-sized ints
 
         for n, c in enumerate(reversed(s)):
             digit = self.inverted[c]
             i, j = divmod(5 * n, 8)
-            out[i] = out[i] | (digit << j) & 0xFF
+            out[i] = out[i] | (digit << j) & 0xff
             rem = digit >> (8 - j)
             if rem == 0:
                 continue
             elif i < self.n:
-                out[i + 1] = rem
+                out[i+1] = rem
             else:
                 raise ValueError(f"Invalid nix32 hash: '{s}'")
 
         return bytes(out)
 
-
 class Hex(Encoding):
     alphabet = "0-9A-Fa-f"
 
     @property
     def length(self):
         return 2 * self.n
-
     def decode(self, s: str):
         from binascii import unhexlify
-
         return unhexlify(s)
 
-
 class Base64(Encoding):
     alphabet = "A-Za-z0-9+/"
 
@@ -97,39 +94,36 @@ class Base64(Encoding):
         """Number of characters in data and padding."""
         i, k = divmod(self.n, 3)
         return 4 * i + (0 if k == 0 else k + 1), (3 - k) % 3
-
     @property
     def length(self):
         return sum(self.format)
-
     @property
     def regex(self):
         data, padding = self.format
         return f"[{self.alphabet}]{{{data}}}={{{padding}}}"
-
     def decode(self, s):
         from base64 import b64decode
-
         return b64decode(s, validate = True)
 
 
-_HASHES = (hashlib.new(n) for n in ("SHA-256", "SHA-512"))
-ENCODINGS = {h.name: Encoding.all(h) for h in _HASHES}
+_HASHES = (hashlib.new(n) for n in ('SHA-256', 'SHA-512'))
+ENCODINGS = {
+    h.name: Encoding.all(h)
+    for h in _HASHES
+}
 
 RE = {
     h: "|".join(
-        (f"({h}-)?" if e.name == "base64" else "") + f"(?P<{h}_{e.name}>{e.regex})"
+        (f"({h}-)?" if e.name == 'base64' else '') +
+        f"(?P<{h}_{e.name}>{e.regex})"
         for e in encodings
-    )
-    for h, encodings in ENCODINGS.items()
+    ) for h, encodings in ENCODINGS.items()
 }
 
-_DEF_RE = re.compile(
-    "|".join(
-        f"(?P<{h}>{h} = (?P<{h}_quote>['\"])({re})(?P={h}_quote);)"
-        for h, re in RE.items()
-    )
-)
+_DEF_RE = re.compile("|".join(
+    f"(?P<{h}>{h} = (?P<{h}_quote>['\"])({re})(?P={h}_quote);)"
+    for h, re in RE.items()
+))
 
 
 def defToSRI(s: str) -> str:
@@ -159,7 +153,7 @@ def defToSRI(s: str) -> str:
 
 @contextmanager
 def atomicFileUpdate(target: Path):
-    """Atomically replace the contents of a file.
+    '''Atomically replace the contents of a file.
 
     Guarantees that no temporary files are left behind, and `target` is either
     left untouched, or overwritten with new content if no exception was raised.
@@ -170,20 +164,18 @@ def atomicFileUpdate(target: Path):
 
     Upon exiting the context, the files are closed; if no exception was
     raised, `new` (atomically) replaces the `target`, otherwise it is deleted.
-    """
+    '''
     # That's mostly copied from noto-emoji.py, should DRY it out
-    from tempfile import NamedTemporaryFile
+    from tempfile import mkstemp
+    fd, _p = mkstemp(
+        dir = target.parent,
+        prefix = target.name,
+    )
+    tmpPath = Path(_p)
 
     try:
         with target.open() as original:
-            with NamedTemporaryFile(
-                dir = target.parent,
-                prefix = target.stem,
-                suffix = target.suffix,
-                delete = False,
-                mode="w",  # otherwise the file would be opened in binary mode by default
-            ) as new:
-                tmpPath = Path(new.name)
+            with tmpPath.open('w') as new:
                 yield (original, new)
 
         tmpPath.replace(target)
@@ -196,35 +188,37 @@ def atomicFileUpdate(target: Path):
 def fileToSRI(p: Path):
     with atomicFileUpdate(p) as (og, new):
         for i, line in enumerate(og):
-            with log_context(line = i):
+            with log_context(line=i):
                 new.write(defToSRI(line))
 
 
-_SKIP_RE = re.compile("(generated by)|(do not edit)", re.IGNORECASE)
-_IGNORE = frozenset({
-    "gemset.nix",
-    "yarn.nix",
-})
+_SKIP_RE = re.compile(
+    "(generated by)|(do not edit)",
+    re.IGNORECASE
+)
 
 if __name__ == "__main__":
-    from sys import argv
-
+    from sys import argv, stderr
     logger.info("Starting!")
 
-    def handleFile(p: Path, skipLevel = logging.INFO):
-        with log_context(file = str(p)):
+    for arg in argv[1:]:
+        p = Path(arg)
+        with log_context(path=str(p)):
             try:
+                if p.name == "yarn.nix" or p.name.find("generated") != -1:
+                    logger.warning("File looks autogenerated, skipping!")
+                    continue
+
                 with p.open() as f:
                     for line in f:
                         if line.strip():
                             break
 
                     if _SKIP_RE.search(line):
-                        logger.log(skipLevel, "File looks autogenerated, skipping!")
-                        return
+                        logger.warning("File looks autogenerated, skipping!")
+                        continue
 
                 fileToSRI(p)
-
             except Exception as exn:
                 logger.error(
                     "Unhandled exception, skipping file!",
@@ -232,19 +226,3 @@ if __name__ == "__main__":
                 )
             else:
                 logger.info("Finished processing file")
-
-    for arg in argv[1:]:
-        p = Path(arg)
-        with log_context(arg = arg):
-            if p.is_file():
-                handleFile(p, skipLevel = logging.WARNING)
-
-            elif p.is_dir():
-                logger.info("Recursing into directory")
-                for q in p.glob("**/*.nix"):
-                    if q.is_file():
-                        if q.name in _IGNORE or q.name.find("generated") != -1:
-                            logger.info("File looks autogenerated, skipping!")
-                            continue
-
-                        handleFile(q)

maintainers/scripts/update-dotnet-lockfiles.nix

@@ -9,40 +9,36 @@
   infrastructure. Regular updates should be done through the individual packages
   update scripts.
  */
-{ startWith ? null }:
 let
-  pkgs = import ../.. { config.allowAliases = false; };
+  pkgs = import ../.. {};
 
   inherit (pkgs) lib;
 
   packagesWith = cond: pkgs:
     let
       packagesWithInner = attrs:
-        lib.concatLists (
-          lib.mapAttrsToList (name: elem:
-            let
-              result = builtins.tryEval elem;
-            in
-              if result.success then
-                let
-                  value = result.value;
-                in
-                  if lib.isDerivation value then
-                    lib.optional (cond value) value
-                  else
-                    if lib.isAttrs value && (value.recurseForDerivations or false || value.recurseForRelease or false) then
-                      packagesWithInner value
-                    else []
-              else []) attrs);
+        lib.unique (
+          lib.concatLists (
+            lib.mapAttrsToList (name: elem:
+              let
+                result = builtins.tryEval elem;
+              in
+                if result.success then
+                  let
+                    value = result.value;
+                  in
+                    if lib.isDerivation value then
+                      lib.optional (cond value) value
+                    else
+                      if lib.isAttrs value && (value.recurseForDerivations or false || value.recurseForRelease or false) then
+                        packagesWithInner value
+                      else []
+                else []) attrs));
     in
       packagesWithInner pkgs;
 
-  packages = lib.unique
-    (lib.filter (p:
-      (builtins.tryEval p.outPath).success ||
-      builtins.trace "warning: skipping ${p.name} because it failed to evaluate" false)
-    ((pkgs: (lib.drop (lib.lists.findFirstIndex (p: p.name == startWith) 0 pkgs) pkgs))
-    (packagesWith (p: p ? fetch-deps) pkgs)));
+  packages =
+    packagesWith (pkgs: pkgs ? fetch-deps) pkgs;
 
   helpText = ''
     Please run: