Merge remote-tracking branch 'origin/staging-next' into staging

7 files changed, 136 insertions, 5 deletions

diff --git a/doc/build-helpers/dev-shell-tools.chapter.md b/doc/build-helpers/dev-shell-tools.chapter.md
index 21636df8017b..0168ea39f7aa 100644
--- a/doc/build-helpers/dev-shell-tools.chapter.md
+++ b/doc/build-helpers/dev-shell-tools.chapter.md
@@ -27,3 +27,49 @@ devShellTools.valueToString (builtins.toFile "foo" "bar")
 devShellTools.valueToString false
 => ""
 ```
+
+:::
+
+## `devShellTools.unstructuredDerivationInputEnv` {#sec-devShellTools-unstructuredDerivationInputEnv}
+
+Convert a set of derivation attributes (as would be passed to [`derivation`]) to a set of environment variables that can be used in a shell script.
+This function does not support `__structuredAttrs`, but does support `passAsFile`.
+
+:::{.example}
+## `unstructuredDerivationInputEnv` usage example
+
+```nix
+devShellTools.unstructuredDerivationInputEnv {
+  drvAttrs = {
+    name = "foo";
+    buildInputs = [ hello figlet ];
+    builder = bash;
+    args = [ "-c" "${./builder.sh}" ];
+  };
+}
+=> {
+  name = "foo";
+  buildInputs = "/nix/store/...-hello /nix/store/...-figlet";
+  builder = "/nix/store/...-bash";
+}
+```
+
+Note that `args` is not included, because Nix does not added it to the builder process environment.
+
+:::
+
+## `devShellTools.derivationOutputEnv` {#sec-devShellTools-derivationOutputEnv}
+
+Takes the relevant parts of a derivation and returns a set of environment variables, that would be present in the derivation.
+
+:::{.example}
+## `derivationOutputEnv` usage example
+
+```nix
+let
+  pkg = hello;
+in
+devShellTools.derivationOutputEnv { outputList = pkg.outputs; outputMap = pkg; }
+```
+
+:::
diff --git a/doc/doc-support/package.nix b/doc/doc-support/package.nix
index 602cef59677e..ca4694f3d11c 100644
--- a/doc/doc-support/package.nix
+++ b/doc/doc-support/package.nix
@@ -60,7 +60,7 @@ stdenvNoCC.mkDerivation (
 
       nixos-render-docs manual html \
         --manpage-urls ./manpage-urls.json \
-        --revision ${lib.trivial.revisionWithDefault (nixpkgs.rev or "master")} \
+        --revision ${nixpkgs.rev or "master"} \
         --stylesheet style.css \
         --stylesheet highlightjs/mono-blue.css \
         --script ./highlightjs/highlight.pack.js \
diff --git a/doc/interoperability.md b/doc/interoperability.md
new file mode 100644
index 000000000000..21a88116d307
--- /dev/null
+++ b/doc/interoperability.md
@@ -0,0 +1,5 @@
+# Interoperability Standards {#part-interoperability}
+
+```{=include=} chapters
+interoperability/cyclonedx.md
+```
diff --git a/doc/interoperability/cyclonedx.md b/doc/interoperability/cyclonedx.md
new file mode 100644
index 000000000000..7a3dea3dbc2f
--- /dev/null
+++ b/doc/interoperability/cyclonedx.md
@@ -0,0 +1,79 @@
+# CycloneDX {#chap-interop-cyclonedx}
+
+[OWASP](https://owasp.org/) [CycloneDX](https://cyclonedx.org/) is a Software [Bill of Materials](https://en.wikipedia.org/wiki/Bill_of_materials) (SBOM) standard.
+The standards described here are for including Nix specific information within SBOMs in a way that is interoperable with external SBOM tooling.
+
+## `nix` Namespace Property Taxonomy  {#sec-interop.cylonedx-nix}
+
+The following tables describe namespaces for [properties](https://cyclonedx.org/docs/1.6/json/#components_items_properties) that may be attached to components within SBOMs.
+Component properties are lists of name-value-pairs where values must be strings.
+Properties with the same name may appear more than once.
+Names and values are case-sensitive.
+
+| Property         | Description |
+|------------------|-------------|
+| `nix:store_path` | A Nix store path for the given component. This property should be contextualized by additional properties that describe the production of the store path, such as those from the `nix:narinfo:` and `nix:fod` namespaces. |
+
+
+| Namespace     | Description |
+|---------------|-------------|
+| [`nix:narinfo`](#sec-interop.cylonedx-narinfo) | Namespace for properties that are specific to how a component is stored as a [Nix archive](https://nixos.org/manual/nix/stable/glossary#gloss-nar) (NAR) in a [binary cache](https://nixos.org/manual/nix/stable/glossary#gloss-binary-cache). |
+| [`nix:fod`](#sec-interop.cylonedx-fod) | Namespace for properties that describe a [fixed-output derivation](https://nixos.org/manual/nix/stable/glossary#gloss-fixed-output-derivation). |
+
+
+### `nix:narinfo` {#sec-interop.cylonedx-narinfo}
+
+Narinfo properties describe component archives that may be available from binary caches.
+The `nix:narinfo` properties should be accompanied by a `nix:store_path` property within the same property list.
+
+| Property                  | Description |
+|---------------------------|-------------|
+| `nix:narinfo:store_path`  | Store path for the given store component. |
+| `nix:narinfo:url`         | URL path component. |
+| `nix:narinfo:nar_hash`    | Hash of the file system object part of the component when serialized as a Nix Archive. |
+| `nix:narinfo:nar_size`    | Size of the component when serialized as a Nix Archive. |
+| `nix:narinfo:compression` | The compression format that component archive is in. |
+| `nix:narinfo:file_hash`   | A digest for the compressed component archive itself, as opposed to the data contained within. |
+| `nix:narinfo:file_size`   | The size of the compressed component archive itself. |
+| `nix:narinfo:deriver`     | The path to the derivation from which this component is produced. |
+| `nix:narinfo:system`      | The hardware and software platform on which this component is produced. |
+| `nix:narinfo:sig`         | Signatures claiming that this component is what it claims to be. |
+| `nix:narinfo:ca`          | Content address of this store object's file system object, used to compute its store path. |
+| `nix:narinfo:references`  | A whitespace separated array of store paths that this component references. |
+
+### `nix:fod` {#sec-interop.cylonedx-fod}
+
+FOD properties describe a [fixed-output derivation](https://nixos.org/manual/nix/stable/glossary#gloss-fixed-output-derivation).
+The `nix:fod:method` property is required and must be accompanied by a `nix:store_path` property within the same property list.
+All other properties in this namespace are method-specific.
+To reproduce the build of a component the `nix:fod:method` value is resolved to an [appropriate function](#chap-pkgs-fetchers) within Nixpkgs whose arguments intersect with the given properties.
+When generating `nix:fod` properties the method selected should be a stable function with a minimal number arguments.
+For example, the `fetchFromGitHub` is commonly used within Nixpkgs but should be reduced to a call to the function by which it is implemented, `fetchzip`.
+
+| Property         | Description |
+|------------------|-------------|
+| `nix:fod:method` | Nixpkg function that produces this FOD. Required. Examples: `"fetchzip"`, `"fetchgit"` |
+| `nix:fod:name`   | Derivation name, present when method is `"fetchzip"` |
+| `nix:fod:ref`    | [Git ref](https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddefrefaref), present when method is `"fetchgit"` |
+| `nix:fod:rev`    | [Git rev](https://git-scm.com/docs/gitglossary#Documentation/gitglossary.txt-aiddefrevisionarevision), present when method is `"fetchgit"` |
+| `nix:fod:sha256` | FOD hash |
+| `nix:fod:url`    | URL to fetch |
+
+
+`nix:fod` properties may be extracted and evaluated to a derivation using code similar to the following, assuming a fictitious function `filterPropertiesToAttrs`:
+
+```nix
+{ pkgs, filterPropertiesToAttrs, properties }:
+let
+  fodProps = filterPropertiesToAttrs "nix:fod:" properties;
+
+  methods = {
+    fetchzip =
+      { name, url, sha256, ... }:
+      pkgs.fetchzip {
+        inherit name url sha256;
+      };
+  };
+
+in methods.${fodProps.method} fodProps
+```
diff --git a/doc/languages-frameworks/python.section.md b/doc/languages-frameworks/python.section.md
index 519fd6fbf960..5a2e2de2edef 100644
--- a/doc/languages-frameworks/python.section.md
+++ b/doc/languages-frameworks/python.section.md
@@ -162,7 +162,8 @@ following are specific to `buildPythonPackage`:
 * `dontWrapPythonPrograms ? false`: Skip wrapping of Python programs.
 * `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment
   variable in wrapped programs.
-* `pyproject`: Whether the pyproject format should be used. When set to `true`,
+* `pyproject`: Whether the pyproject format should be used. As all other formats
+  are deprecated, you are recommended to set this to `true`. When you do so,
   `pypaBuildHook` will be used, and you can add the required build dependencies
   from `build-system.requires` to `build-system`. Note that the pyproject
   format falls back to using `setuptools`, so you can use `pyproject = true`
diff --git a/doc/languages-frameworks/rust.section.md b/doc/languages-frameworks/rust.section.md
index 38771ca81b13..15f16879a5b4 100644
--- a/doc/languages-frameworks/rust.section.md
+++ b/doc/languages-frameworks/rust.section.md
@@ -41,7 +41,7 @@ rustPlatform.buildRustPackage rec {
     description = "Fast line-oriented regex search tool, similar to ag and ack";
     homepage = "https://github.com/BurntSushi/ripgrep";
     license = lib.licenses.unlicense;
-    maintainers = [];
+    maintainers = [ ];
   };
 }
 ```
@@ -642,6 +642,7 @@ builds the `retworkx` Python package. `fetchCargoTarball` and
 buildPythonPackage rec {
   pname = "retworkx";
   version = "0.6.0";
+  pyproject = true;
 
   src = fetchFromGitHub {
     owner = "Qiskit";
@@ -656,8 +657,6 @@ buildPythonPackage rec {
     hash = "sha256-heOBK8qi2nuc/Ib+I/vLzZ1fUUD/G/KTw9d7M4Hz5O0=";
   };
 
-  format = "pyproject";
-
   nativeBuildInputs = with rustPlatform; [ cargoSetupHook maturinBuildHook ];
 
   # ...
diff --git a/doc/manual.md.in b/doc/manual.md.in
index 642247e16612..e5f58a23a399 100644
--- a/doc/manual.md.in
+++ b/doc/manual.md.in
@@ -12,4 +12,5 @@ stdenv.md
 build-helpers.md
 development.md
 contributing.md
+interoperability.md
 ```