3 files changed, 179 insertions, 94 deletions

diff --git a/doc/emacs.texi b/doc/emacs.texi
index 27f5365caa..c4fdfff272 100644
--- a/doc/emacs.texi
+++ b/doc/emacs.texi
@@ -48,13 +48,19 @@ command (@pxref{Emacs Popup Interface}).
 
 @end itemize
 
-When it is done ``guix.el'' may be configured by requiring a special
-@code{guix-init} file---i.e., by adding the following code into your
-init file (@pxref{Init File,,, emacs, The GNU Emacs Manual}):
+When it is done, ``guix.el'' may be configured by requiring
+@code{guix-autoloads} file.  If you install Guix in your user profile,
+this auto-loading is done automatically by our Emacs package
+(@pxref{Application Setup}), so a universal recipe for configuring
+``guix.el'' is: @command{guix package -i guix}.  If you do this, there
+is no need to read further.
+
+For the manual installation, you need to add the following code into
+your init file (@pxref{Init File,,, emacs, The GNU Emacs Manual}):
 
 @example
 (add-to-list 'load-path "/path/to/directory-with-guix.el")
-(require 'guix-init nil t)
+(require 'guix-autoloads nil t)
 @end example
 
 So the only thing you need to figure out is where the directory with
@@ -66,17 +72,19 @@ If it was installed by a package manager of your distribution or by a
 usual @code{./configure && make && make install} command sequence, then
 elisp files are placed in a standard directory with Emacs packages
 (usually it is @file{/usr/share/emacs/site-lisp/}), which is already in
-@code{load-path}, so there is no need to add that directory there.
+@code{load-path}, so there is no need to add that directory there.  Note
+that if you don't update this installation periodically, you may get an
+outdated Emacs code which does not work with the current Guile code of
+Guix.
 
 @item
 If you used a binary installation method (@pxref{Binary Installation}),
 then Guix is installed somewhere in the store, so the elisp files are
 placed in @file{/gnu/store/@dots{}-guix-0.8.2/share/emacs/site-lisp/} or
 alike.  However it is not recommended to refer directly to a store
-directory.  Instead you can install Guix using Guix itself with
-@command{guix package -i guix} command (@pxref{Invoking guix package})
-and add @file{~/.guix-profile/share/emacs/site-lisp/} directory to
-@code{load-path} variable.
+directory, as it may be garbage-collected one day.  So a better choice
+would be to install Guix using Guix itself with @command{guix package -i
+guix}.
 
 @item
 If you did not install Guix at all and prefer a hacking way
@@ -88,26 +96,10 @@ same directory, so your final configuration will look like this:
 (let ((dir "/path/to/your-guix-git-tree/emacs"))
   (add-to-list 'load-path dir)
   (setq guix-load-path dir))
-(require 'guix-init nil t)
+(require 'guix-autoloads nil t)
 @end example
 @end itemize
 
-By default, along with autoloading (@pxref{Autoload,,, elisp, The GNU
-Emacs Lisp Reference Manual}) the main interactive commands for
-``guix.el'' (@pxref{Emacs Commands}), requiring @code{guix-init} will
-also autoload commands for the Emacs packages installed in your user
-profile.
-
-To disable automatic loading of installed Emacs packages, set
-@code{guix-package-enable-at-startup} variable to @code{nil} before
-requiring @code{guix-init}.  This variable has the same meaning for
-Emacs packages installed with Guix, as @code{package-enable-at-startup}
-for the built-in Emacs package system (@pxref{Package Installation,,,
-emacs, The GNU Emacs Manual}).
-
-You can activate Emacs packages installed in your profile whenever you
-want using @kbd{M-x@tie{}guix-emacs-autoload-packages}.
-
 
 @node Emacs Package Management
 @section Package Management
diff --git a/doc/guix.texi b/doc/guix.texi
index 913545f1a7..a34d547f7c 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -249,20 +249,52 @@ Coding Style
 @node Introduction
 @chapter Introduction
 
+@cindex purpose
 GNU Guix@footnote{``Guix'' is pronounced like ``geeks'', or ``ɡiːks''
-using the international phonetic alphabet (IPA).} is a functional
-package management tool for the GNU system.  Package management consists
-of all activities that relate to building packages from sources,
-honoring their build-time and run-time dependencies,
-installing packages in user environments, upgrading installed packages
-to new versions or rolling back to a previous set, removing unused
-software packages, etc.
+using the international phonetic alphabet (IPA).} is a package
+management tool for the GNU system.  Guix makes it easy for unprivileged
+users to install, upgrade, or remove packages, to roll back to a
+previous package set, to build packages from source, and generally
+assists with the creation and maintenance of software environments.
+
+@cindex user interfaces
+Guix provides a command-line package management interface
+(@pxref{Invoking guix package}), a set of command-line utilities
+(@pxref{Utilities}), a visual user interface in Emacs (@pxref{Emacs
+Interface}), as well as Scheme programming interfaces
+(@pxref{Programming Interface}).
+@cindex build daemon
+Its @dfn{build daemon} is responsible for building packages on behalf of
+users (@pxref{Setting Up the Daemon}) and for downloading pre-built
+binaries from authorized sources (@pxref{Substitutes}).
+
+@cindex extensibility of the distribution
+@cindex customization of packages
+Guix includes package definitions for many GNU and non-GNU packages, all
+of which @uref{https://www.gnu.org/philosophy/free-sw.html, respect the
+user's computing freedom}.  It is @emph{extensible}: users can write
+their own package definitions (@pxref{Defining Packages}) and make them
+available as independent package modules (@pxref{Package Modules}).  It
+is also @emph{customizable}: users can @emph{derive} specialized package
+definitions from existing ones, including from the command line
+(@pxref{Package Transformation Options}).
+
+@cindex Guix System Distribution
+@cindex GuixSD
+You can install GNU@tie{}Guix on top of an existing GNU/Linux system
+where it complements the available tools without interference
+(@pxref{Installation}), or you can use it as part of the standalone
+@dfn{Guix System Distribution} or GuixSD (@pxref{GNU Distribution}).
+With GNU@tie{}GuixSD, you @emph{declare} all aspects of the operating
+system configuration and Guix takes care of instantiating the
+configuration in a transactional, reproducible, and stateless fashion
+(@pxref{System Configuration}).
 
 @cindex functional package management
-The term @dfn{functional} refers to a specific package management
+Under the hood, Guix implements the @dfn{functional package management}
 discipline pioneered by Nix (@pxref{Acknowledgments}).
 In Guix, the package build and installation process is seen
-as a function, in the mathematical sense.  That function takes inputs,
+as a @emph{function}, in the mathematical sense.  That function takes inputs,
 such as build scripts, a compiler, and libraries, and
 returns an installed package.  As a pure function, its result depends
 solely on its inputs---for instance, it cannot refer to software or
@@ -286,18 +318,6 @@ This approach is the foundation for the salient features of Guix: support
 for transactional package upgrade and rollback, per-user installation, and
 garbage collection of packages (@pxref{Features}).
 
-Guix has a command-line interface, which allows users to build, install,
-upgrade, and remove packages, as well as a Scheme programming interface.
-
-@cindex Guix System Distribution
-@cindex GuixSD
-Last but not least, Guix is used to build a distribution of the GNU
-system, with many GNU and non-GNU free software packages.  The Guix
-System Distribution, or GNU@tie{}GuixSD, takes advantage of the core
-properties of Guix at the system level.  With GuixSD, users
-@emph{declare} all aspects of the operating system configuration, and
-Guix takes care of instantiating that configuration in a reproducible,
-stateless fashion.  @xref{GNU Distribution}.
 
 @c *********************************************************************
 @node Installation
@@ -576,12 +596,18 @@ It is also possible to run a subset of the tests by defining the
 make check TESTS="tests/store.scm tests/cpio.scm"
 @end example
 
+By default, tests results are displayed at a file level.  In order to
+see the details of every individual test cases, it is possible to define
+the @code{SCM_LOG_DRIVER_FLAGS} makefile variable as in this example:
+
+@example
+make check TESTS="tests/base64.scm" SCM_LOG_DRIVER_FLAGS="--brief=no"
+@end example
+
 Upon failure, please email @email{bug-guix@@gnu.org} and attach the
-@file{test-suite.log} file.  When @file{tests/@var{something}.scm}
-fails, please also attach the @file{@var{something}.log} file available
-in the top-level build directory.  Please specify the Guix version being
-used as well as version numbers of the dependencies
-(@pxref{Requirements}) in your message.
+@file{test-suite.log} file.  Please specify the Guix version being used
+as well as version numbers of the dependencies (@pxref{Requirements}) in
+your message.
 
 @node Setting Up the Daemon
 @section Setting Up the Daemon
@@ -1214,7 +1240,8 @@ In addition, any package transaction may be @emph{rolled back}.  So, if,
 for example, an upgrade installs a new version of a package that turns
 out to have a serious bug, users may roll back to the previous instance
 of their profile, which was known to work well.  Similarly, the global
-system configuration is subject to transactional upgrades and roll-back
+system configuration on GuixSD is subject to
+transactional upgrades and roll-back
 (@pxref{Using the Configuration System}).
 
 All packages in the package store may be @emph{garbage-collected}.
@@ -1243,7 +1270,10 @@ deployment}.  When a pre-built binary for a @file{/gnu/store} item is
 available from an external source---a @dfn{substitute}, Guix just
 downloads it and unpacks it;
 otherwise, it builds the package from source, locally
-(@pxref{Substitutes}).
+(@pxref{Substitutes}).  Because build results are usually bit-for-bit
+reproducible, users do not have to trust servers that provide
+substitutes: they can force a local build and @emph{challenge} providers
+(@pxref{Invoking guix challenge}).
 
 Control over the build environment is a feature that is also useful for
 developers.  The @command{guix environment} command allows developers of
@@ -2830,8 +2860,11 @@ For packages that install stand-alone Python programs under @code{bin/},
 it takes care of wrapping these programs so that their @code{PYTHONPATH}
 environment variable points to all the Python libraries they depend on.
 
-Which Python package is used can be specified with the @code{#:python}
-parameter.
+Which Python package is used to perform the build can be specified with
+the @code{#:python} parameter.  This is a useful way to force a package
+to be built for a specific version of the Python interpreter, which
+might be necessary if the package is only compatible with a single
+interpreter version.
 @end defvr
 
 @defvr {Scheme Variable} perl-build-system
@@ -3221,7 +3254,7 @@ provides a framework for working with @dfn{monads}, and a particularly
 useful monad for our uses, the @dfn{store monad}.  Monads are a
 construct that allows two things: associating ``context'' with values
 (in our case, the context is the store), and building sequences of
-computations (here computations include accesses to the store.)  Values
+computations (here computations include accesses to the store).  Values
 in a monad---values that carry this additional context---are called
 @dfn{monadic values}; procedures that return such values are called
 @dfn{monadic procedures}.
@@ -3250,7 +3283,7 @@ as a monadic function:
                                  #$output))))
 @end example
 
-There several things to note in the second version: the @code{store}
+There are several things to note in the second version: the @code{store}
 parameter is now implicit and is ``threaded'' in the calls to the
 @code{package->derivation} and @code{gexp->derivation} monadic
 procedures, and the monadic value returned by @code{package->derivation}
@@ -3268,7 +3301,7 @@ omitted since it will take place implicitly, as we will see later
 @end example
 
 @c See
-@c <https://syntaxexclamation.wordpress.com/2014/06/26/escaping-continuations/> 
+@c <https://syntaxexclamation.wordpress.com/2014/06/26/escaping-continuations/>
 @c for the funny quote.
 Calling the monadic @code{sh-symlink} has no effect.  As someone once
 said, ``you exit a monad like you exit a building on fire: by running''.
@@ -3517,7 +3550,7 @@ S-expressions adapted to build expressions.  G-expressions, or
 @code{ungexp}, and @code{ungexp-splicing} (or simply: @code{#~},
 @code{#$}, and @code{#$@@}), which are comparable to
 @code{quasiquote}, @code{unquote}, and @code{unquote-splicing},
-respectivel (@pxref{Expression Syntax, @code{quasiquote},, guile,
+respectively (@pxref{Expression Syntax, @code{quasiquote},, guile,
 GNU Guile Reference Manual}).  However, there are major differences:
 
 @itemize
@@ -3878,9 +3911,10 @@ has an associated gexp compiler, such as a @code{<package>}.
 @node Utilities
 @chapter Utilities
 
-This section describes tools primarily targeted at developers and users
-who write new package definitions.  They complement the Scheme
-programming interface of Guix in a convenient way.
+This section describes Guix command-line utilities.  Some of them are
+primarily targeted at developers and users who write new package
+definitions, while others are more generally useful.  They complement
+the Scheme programming interface of Guix in a convenient way.
 
 @menu
 * Invoking guix build::         Building packages from the command line.
@@ -4314,7 +4348,7 @@ So for instance, imagine you want to see the build log of GDB on MIPS,
 but you are actually on an @code{x86_64} machine:
 
 @example
-$ guix build --log-file gdb -s mips64el-linux 
+$ guix build --log-file gdb -s mips64el-linux
 https://hydra.gnu.org/log/@dots{}-gdb-7.10
 @end example
 
@@ -4764,6 +4798,8 @@ the updater for @uref{https://pypi.python.org, PyPI} packages.
 the updater for @uref{https://rubygems.org, RubyGems} packages.
 @item github
 the updater for @uref{https://github.com, GitHub} packages.
+@item hackage
+the updater for @uref{https://hackage.haskell.org, Hackage} packages.
 @end table
 
 For instance, the following command only checks for updates of Emacs
@@ -4888,11 +4924,26 @@ just a version number or ``git-checkout'', without a declared
 @code{file-name} (@pxref{origin Reference}).
 
 @item cve
+@cindex security vulnerabilities
+@cindex CVE, Common Vulnerabilities and Exposures
 Report known vulnerabilities found in the Common Vulnerabilities and
-Exposures (CVE) database
+Exposures (CVE) databases of the current and past year
 @uref{https://nvd.nist.gov/download.cfm#CVE_FEED, published by the US
 NIST}.
 
+To view information about a particular vulnerability, visit pages such as:
+
+@itemize
+@item
+@indicateurl{https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-YYYY-ABCD}
+@item
+@indicateurl{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-ABCD}
+@end itemize
+
+@noindent
+where @code{CVE-YYYY-ABCD} is the CVE identifier---e.g.,
+@code{CVE-2015-7554}.
+
 @item formatting
 Warn about obvious source code formatting issues: trailing white space,
 use of tabulations, etc.
@@ -5313,10 +5364,11 @@ Attempt to build for @var{system}---e.g., @code{i686-linux}.
 @itemx -C
 @cindex container
 Run @var{command} within an isolated container.  The current working
-directory outside the container is mapped inside the
-container.  Additionally, the spawned process runs as the current user
-outside the container, but has root privileges in the context of the
-container.
+directory outside the container is mapped inside the container.
+Additionally, a dummy home directory is created that matches the current
+user's home directory, and @file{/etc/passwd} is configured accordingly.
+The spawned process runs as the current user outside the container, but
+has root privileges in the context of the container.
 
 @item --network
 @itemx -N
@@ -5685,12 +5737,17 @@ also be installed on top of a running GNU/Linux system,
 @pxref{Installation}.
 
 @ifinfo
+@quotation Note
 @c This paragraph is for people reading this from tty2 of the
 @c installation image.
 You are reading this documentation with an Info reader.  For details on
 how to use it, hit the @key{RET} key (``return'' or ``enter'') on the
-link that follows: @pxref{Help,,, info, Info: An Introduction}.  Hit
-@kbd{l} afterwards to come back here.
+link that follows: @pxref{Top, Info reader,, info-stnd, Stand-alone GNU
+Info}.  Hit @kbd{l} afterwards to come back here.
+
+Alternately, run @command{info info} in another tty to keep the manual
+available.
+@end quotation
 @end ifinfo
 
 @menu
@@ -5732,7 +5789,7 @@ Few system services are currently supported out-of-the-box
 (@pxref{Services}).
 
 @item
-More than 3,000 packages are available, but you may
+More than 3,200 packages are available, but you may
 occasionally find that a useful package is missing.
 
 @item
@@ -5830,10 +5887,16 @@ menu, where you can choose to boot from the USB stick.
 Once you have successfully booted the image on the USB stick, you should
 end up with a root prompt.  Several console TTYs are configured and can
 be used to run commands as root.  TTY2 shows this documentation,
-browsable using the Info reader commands (@pxref{Help,,, info, Info: An
-Introduction}).  The installation system runs the GPM mouse daemon,
-which allows you to select text with the left mouse button and to paste
-it with the middle button.
+browsable using the Info reader commands (@pxref{Top,,, info-stnd,
+Stand-alone GNU Info}).  The installation system runs the GPM mouse
+daemon, which allows you to select text with the left mouse button and
+to paste it with the middle button.
+
+@quotation Note
+Installation requires access to the Internet so that any missing
+dependencies of your system configuration can be downloaded.  See the
+``Networking'' section below.
+@end quotation
 
 @subsubsection Keyboard Layout
 
@@ -5903,14 +5966,14 @@ network interface you want to use):
 wpa_supplicant -c wpa_supplicant.conf -i @var{interface} -B
 @end example
 
-Run @command{man wpa_supplication} for more information.
+Run @command{man wpa_supplicant} for more information.
 @end table
 
 At this point, you need to acquire an IP address.  On a network where IP
 addresses are automatically assigned @i{via} DHCP, you can run:
 
 @example
-dhclient @var{interface}
+dhclient -v @var{interface}
 @end example
 
 Try to ping a server to see if networking is up and running:
@@ -5986,16 +6049,19 @@ With the target partitions ready and the target root mounted on
 herd start cow-store /mnt
 @end example
 
-This makes @file{/gnu/store} copy-on-write, such that packages added to
-it during the installation phase are written to the target disk rather
-than kept in memory.
+This makes @file{/gnu/store} copy-on-write, such that packages added to it
+during the installation phase are written to the target disk on @file{/mnt}
+rather than kept in memory.  This is necessary because the first phase of
+the @command{guix system init} command (see below) entails downloads or
+builds to @file{/gnu/store} which, initially, is an in-memory file system.
 
 Next, you have to edit a file and
 provide the declaration of the operating system to be installed.  To
 that end, the installation system comes with two text editors: GNU nano
 (@pxref{Top,,, nano, GNU nano Manual}), and GNU Zile, an Emacs clone.
-It is better to store that file on the target root file system, say, as
-@file{/mnt/etc/config.scm}.
+We strongly recommend storing that file on the target root file system, say,
+as @file{/mnt/etc/config.scm}.  Failing to do that, you will have lost your
+configuration file once you have rebooted into the newly-installed system.
 
 @xref{Using the Configuration System}, for an overview of the
 configuration file.  The example configurations discussed in that
@@ -6056,8 +6122,9 @@ good.
 The installation image described above was built using the @command{guix
 system} command, specifically:
 
+@c FIXME: 1G is too much; see <http://bugs.gnu.org/23077>.
 @example
-guix system disk-image --image-size=850MiB gnu/system/install.scm
+guix system disk-image --image-size=1G gnu/system/install.scm
 @end example
 
 Have a look at @file{gnu/system/install.scm} in the source tree,
@@ -6218,13 +6285,21 @@ to create a new configuration which has the same values as the old
 configuration, but with a few modifications.
 
 The configuration for a typical ``desktop'' usage, with the X11 display
-server, a desktop environment, network management, power management, and
-more, would look like this:
+server, GNOME and Xfce (users can choose which of these desktop
+environments to use at the log-in screen by pressing @kbd{F1}), network
+management, power management, and more, would look like this:
 
 @lisp
 @include os-config-desktop.texi
 @end lisp
 
+A graphical environment with a choice of lightweight window managers
+instead of full-blown desktop environments would look like this:
+
+@lisp
+@include os-config-lightweight-desktop.texi
+@end lisp
+
 @xref{Desktop Services}, for the exact list of services provided by
 @var{%desktop-services}.  @xref{X.509 Certificates}, for background
 information about the @code{nss-certs} package that is used here.
@@ -8714,7 +8789,7 @@ isn't enough disk space, just skip it.
 @item fcntl
 Use this if possible.  Works with NFS too if lockd is used.
 @item flock
-May not exist in all systems.  Doesn't work with NFS. 
+May not exist in all systems.  Doesn't work with NFS.
 @item lockf
 May not exist in all systems.  Doesn't work with NFS.
 @end table
@@ -10415,14 +10490,32 @@ the load.  To check whether a package has a @code{debug} output, use
 @node Security Updates
 @section Security Updates
 
+@cindex security updates
+@cindex security vulnerabilities
+Occasionally, important security vulnerabilities are discovered in software
+packages and must be patched.  Guix developers try hard to keep track of
+known vulnerabilities and to apply fixes as soon as possible in the
+@code{master} branch of Guix (we do not yet provide a ``stable'' branch
+containing only security updates.)  The @command{guix lint} tool helps
+developers find out about vulnerable versions of software packages in the
+distribution:
+
+@smallexample
+$ guix lint -c cve
+gnu/packages/base.scm:652:2: glibc-2.21: probably vulnerable to CVE-2015-1781, CVE-2015-7547
+gnu/packages/gcc.scm:334:2: gcc-4.9.3: probably vulnerable to CVE-2015-5276
+gnu/packages/image.scm:312:2: openjpeg-2.1.0: probably vulnerable to CVE-2016-1923, CVE-2016-1924
+@dots{}
+@end smallexample
+
+@xref{Invoking guix lint}, for more information.
+
 @quotation Note
-As of version @value{VERSION}, the feature described in this section is
-experimental.
+As of version @value{VERSION}, the feature described below is considered
+``beta''.
 @end quotation
 
-@cindex security updates
-Occasionally, important security vulnerabilities are discovered in core
-software packages and must be patched.  Guix follows a functional
+Guix follows a functional
 package management discipline (@pxref{Introduction}), which implies
 that, when a package is changed, @emph{every package that depends on it}
 must be rebuilt.  This can significantly slow down the deployment of
diff --git a/doc/htmlxref.cnf b/doc/htmlxref.cnf
index fee1b4c9d8..559cdce5aa 100644
--- a/doc/htmlxref.cnf
+++ b/doc/htmlxref.cnf
@@ -1,7 +1,7 @@
 # htmlxref.cnf - reference file for free Texinfo manuals on the web.
 # Modified by Ludovic Courtès <ludo@gnu.org> for the GNU Guix manual.
 
-htmlxrefversion=2016-02-21.21; # UTC
+htmlxrefversion=2016-03-30.07; # UTC
 
 # Copyright 2010, 2011, 2012, 2013, 2014, 2015 Free Software Foundation, Inc.
 # 
@@ -324,7 +324,7 @@ gnutls		mono	http://gnutls.org/manual/gnutls.html
 gnutls		node	http://gnutls.org/manual/html_node/
 
 gnutls-guile	mono	http://gnutls.org/manual/gnutls-guile.html
-gnutls-guile	node	http://gnutls.org/manual/gnutls-guile/index.html
+gnutls-guile	node	http://gnutls.org/manual/gnutls-guile/
 
 gperf		mono	${GS}/gperf/manual/gperf.html
 gperf		node	${GS}/gperf/manual/html_node/