about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--doc/manual/command-ref/conf-file.xml57
-rw-r--r--doc/manual/command-ref/nix-store.xml4
-rw-r--r--doc/manual/command-ref/opt-common.xml8
-rw-r--r--scripts/install-darwin-multi-user.sh6
-rw-r--r--src/libmain/shared.cc8
-rw-r--r--src/libstore/build.cc6
-rw-r--r--src/libstore/gc.cc10
-rw-r--r--src/libstore/globals.hh84
-rw-r--r--tests/build-remote.sh2
-rw-r--r--tests/init.sh4
-rw-r--r--tests/linux-sandbox.sh2
-rw-r--r--tests/logging.sh2
-rw-r--r--tests/multiple-outputs.sh2
-rw-r--r--tests/setuid.nix16
-rwxr-xr-xtests/shell.shebang.sh2
-rw-r--r--tests/timeout.sh4
16 files changed, 113 insertions, 104 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml
index 47ceff2625ea..6b90083f0873 100644
--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -45,13 +45,12 @@ Comments start with a <literal>#</literal> character.  Here is an
 example configuration file:</para>
 
 <programlisting>
-gc-keep-outputs = true       # Nice for developers
-gc-keep-derivations = true   # Idem
-env-keep-derivations = false
+keep-outputs = true       # Nice for developers
+keep-derivations = true   # Idem
 </programlisting>
 
 <para>You can override settings on the command line using the
-<option>--option</option> flag, e.g. <literal>--option gc-keep-outputs
+<option>--option</option> flag, e.g. <literal>--option keep-outputs
 false</literal>.</para>
 
 <para>The following settings are currently available:
@@ -59,7 +58,7 @@ false</literal>.</para>
 <variablelist>
 
 
-  <varlistentry xml:id="conf-gc-keep-outputs"><term><literal>gc-keep-outputs</literal></term>
+  <varlistentry xml:id="conf-keep-outputs"><term><literal>keep-outputs</literal></term>
 
     <listitem><para>If <literal>true</literal>, the garbage collector
     will keep the outputs of non-garbage derivations.  If
@@ -76,7 +75,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-gc-keep-derivations"><term><literal>gc-keep-derivations</literal></term>
+  <varlistentry xml:id="conf-keep-derivations"><term><literal>keep-derivations</literal></term>
 
     <listitem><para>If <literal>true</literal> (default), the garbage
     collector will keep the derivations from which non-garbage store
@@ -88,12 +87,12 @@ false</literal>.</para>
     traceability (e.g., it allows you to ask with what dependencies or
     options a store path was built), so by default this option is on.
     Turn it off to save a bit of disk space (or a lot if
-    <literal>gc-keep-outputs</literal> is also turned on).</para></listitem>
+    <literal>keep-outputs</literal> is also turned on).</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry><term><literal>env-keep-derivations</literal></term>
+  <varlistentry><term><literal>keep-env-derivations</literal></term>
 
     <listitem><para>If <literal>false</literal> (default), derivations
     are not stored in Nix user environments.  That is, the derivation
@@ -105,19 +104,19 @@ false</literal>.</para>
     garbage-collected until the user environment generation is deleted
     (<command>nix-env --delete-generations</command>).  To prevent
     build-time-only dependencies from being collected, you should also
-    turn on <literal>gc-keep-outputs</literal>.</para>
+    turn on <literal>keep-outputs</literal>.</para>
 
     <para>The difference between this option and
-    <literal>gc-keep-derivations</literal> is that this one is
+    <literal>keep-derivations</literal> is that this one is
     “sticky”: it applies to any user environment created while this
-    option was enabled, while <literal>gc-keep-derivations</literal>
+    option was enabled, while <literal>keep-derivations</literal>
     only applies at the moment the garbage collector is
     run.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-build-max-jobs"><term><literal>build-max-jobs</literal></term>
+  <varlistentry xml:id="conf-max-jobs"><term><literal>max-jobs</literal></term>
 
     <listitem><para>This option defines the maximum number of jobs
     that Nix will try to build in parallel.  The default is
@@ -130,7 +129,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-build-cores"><term><literal>build-cores</literal></term>
+  <varlistentry xml:id="conf-cores"><term><literal>cores</literal></term>
 
     <listitem><para>Sets the value of the
     <envar>NIX_BUILD_CORES</envar> environment variable in the
@@ -149,7 +148,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-build-max-silent-time"><term><literal>build-max-silent-time</literal></term>
+  <varlistentry xml:id="conf-max-silent-time"><term><literal>max-silent-time</literal></term>
 
     <listitem>
 
@@ -170,7 +169,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-build-timeout"><term><literal>build-timeout</literal></term>
+  <varlistentry xml:id="conf-timeout"><term><literal>timeout</literal></term>
 
     <listitem>
 
@@ -190,7 +189,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-build-max-log-size"><term><literal>build-max-log-size</literal></term>
+  <varlistentry xml:id="conf-max-build-log-size"><term><literal>max-build-log-size</literal></term>
 
     <listitem>
 
@@ -245,7 +244,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>build-use-sandbox</literal></term>
+  <varlistentry><term><literal>sandbox</literal></term>
 
     <listitem><para>If set to <literal>true</literal>, builds will be
     performed in a <emphasis>sandboxed environment</emphasis>, i.e.,
@@ -254,7 +253,7 @@ false</literal>.</para>
     directory, private versions of <filename>/proc</filename>,
     <filename>/dev</filename>, <filename>/dev/shm</filename> and
     <filename>/dev/pts</filename> (on Linux), and the paths configured with the
-    <link linkend='conf-build-sandbox-paths'><literal>build-sandbox-paths</literal>
+    <link linkend='conf-sandbox-paths'><literal>sandbox-paths</literal>
     option</link>. This is useful to prevent undeclared dependencies
     on files in directories such as <filename>/usr/bin</filename>. In
     addition, on Linux, builds run in private PID, mount, network, IPC
@@ -280,8 +279,8 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-build-sandbox-paths">
-    <term><literal>build-sandbox-paths</literal></term>
+  <varlistentry xml:id="conf-sandbox-paths">
+    <term><literal>sandbox-paths</literal></term>
 
     <listitem><para>A list of paths bind-mounted into Nix sandbox
     environments. You can use the syntax
@@ -303,17 +302,17 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-build-extra-sandbox-paths">
+  <varlistentry xml:id="conf-extra-sandbox-paths">
     <term><literal>build-extra-sandbox-paths</literal></term>
 
     <listitem><para>A list of additional paths appended to
-    <option>build-sandbox-paths</option>. Useful if you want to extend
+    <option>sandbox-paths</option>. Useful if you want to extend
     its default value.</para></listitem>
 
   </varlistentry>
 
 
-  <varlistentry><term><literal>build-use-substitutes</literal></term>
+  <varlistentry><term><literal>use-substitutes</literal></term>
 
     <listitem><para>If set to <literal>true</literal> (default), Nix
     will use binary substitutes if available.  This option can be
@@ -322,7 +321,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>build-fallback</literal></term>
+  <varlistentry><term><literal>fallback</literal></term>
 
     <listitem><para>If set to <literal>true</literal>, Nix will fall
     back to building from source if a binary substitute fails.  This
@@ -332,7 +331,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>build-keep-log</literal></term>
+  <varlistentry><term><literal>keep-build-log</literal></term>
 
     <listitem><para>If set to <literal>true</literal> (the default),
     Nix will write the build log of a derivation (i.e. the standard
@@ -344,7 +343,7 @@ false</literal>.</para>
   </varlistentry>
 
 
-  <varlistentry><term><literal>build-compress-log</literal></term>
+  <varlistentry><term><literal>compress-build-log</literal></term>
 
     <listitem><para>If set to <literal>true</literal> (the default),
     build logs written to <filename>/nix/var/log/nix/drvs</filename>
@@ -597,7 +596,7 @@ password <replaceable>my-password</replaceable>
             <para>Pass a list of files and directories to be included in the
             sandbox for this build. One entry per line, terminated by an empty
             line. Entries have the same format as
-            <literal>build-sandbox-paths</literal>.</para>
+            <literal>sandbox-paths</literal>.</para>
 
           </listitem>
 
@@ -608,7 +607,7 @@ password <replaceable>my-password</replaceable>
   </varlistentry>
 
 
-  <varlistentry xml:id="conf-build-repeat"><term><literal>build-repeat</literal></term>
+  <varlistentry xml:id="conf-repeat"><term><literal>repeat</literal></term>
 
     <listitem><para>How many times to repeat builds to check whether
     they are deterministic. The default value is 0. If the value is
@@ -651,7 +650,7 @@ password <replaceable>my-password</replaceable>
     as <command>sudo</command> or <command>ping</command> will
     fail. (Note that in sandbox builds, no such programs are available
     unless you bind-mount them into the sandbox via the
-    <option>build-sandbox-paths</option> option.) You can allow the
+    <option>sandbox-paths</option> option.) You can allow the
     use of such programs by enabling this option. This is impure and
     usually undesirable, but may be useful in certain scenarios
     (e.g. to spin up containers or set up userspace network interfaces
diff --git a/doc/manual/command-ref/nix-store.xml b/doc/manual/command-ref/nix-store.xml
index 19c99841a0ac..a5f615b0c268 100644
--- a/doc/manual/command-ref/nix-store.xml
+++ b/doc/manual/command-ref/nix-store.xml
@@ -397,9 +397,9 @@ options control what gets deleted and in what order:
 </para>
 
 <para>The behaviour of the collector is also influenced by the <link
-linkend="conf-gc-keep-outputs"><literal>gc-keep-outputs</literal></link>
+linkend="conf-keep-outputs"><literal>keep-outputs</literal></link>
 and <link
-linkend="conf-gc-keep-derivations"><literal>gc-keep-derivations</literal></link>
+linkend="conf-keep-derivations"><literal>keep-derivations</literal></link>
 variables in the Nix configuration file.</para>
 
 <para>With <option>--delete</option>, the collector prints the total
diff --git a/doc/manual/command-ref/opt-common.xml b/doc/manual/command-ref/opt-common.xml
index a930b4a0d781..32d53c753a22 100644
--- a/doc/manual/command-ref/opt-common.xml
+++ b/doc/manual/command-ref/opt-common.xml
@@ -94,7 +94,7 @@
   perform in parallel to the specified number.  Specify
   <literal>auto</literal> to use the number of CPUs in the system.
   The default is specified by the <link
-  linkend='conf-build-max-jobs'><literal>build-max-jobs</literal></link>
+  linkend='conf-max-jobs'><literal>max-jobs</literal></link>
   configuration setting, which itself defaults to
   <literal>1</literal>.  A higher value is useful on SMP systems or to
   exploit I/O latency.</para></listitem>
@@ -112,7 +112,7 @@
   <literal>true</literal>, the builder passes the
   <option>-j<replaceable>N</replaceable></option> flag to GNU Make.
   It defaults to the value of the <link
-  linkend='conf-build-cores'><literal>build-cores</literal></link>
+  linkend='conf-cores'><literal>cores</literal></link>
   configuration setting, if set, or <literal>1</literal> otherwise.
   The value <literal>0</literal> means that the builder should use all
   available CPU cores in the system.</para></listitem>
@@ -125,7 +125,7 @@
   <listitem><para>Sets the maximum number of seconds that a builder
   can go without producing any data on standard output or standard
   error.  The default is specified by the <link
-  linkend='conf-build-max-silent-time'><literal>build-max-silent-time</literal></link>
+  linkend='conf-max-silent-time'><literal>max-silent-time</literal></link>
   configuration setting.  <literal>0</literal> means no
   time-out.</para></listitem>
 
@@ -135,7 +135,7 @@
 
   <listitem><para>Sets the maximum number of seconds that a builder
   can run.  The default is specified by the <link
-  linkend='conf-build-timeout'><literal>build-timeout</literal></link>
+  linkend='conf-timeout'><literal>timeout</literal></link>
   configuration setting.  <literal>0</literal> means no
   timeout.</para></listitem>
 
diff --git a/scripts/install-darwin-multi-user.sh b/scripts/install-darwin-multi-user.sh
index a2e120bf8625..5b466ac3c882 100644
--- a/scripts/install-darwin-multi-user.sh
+++ b/scripts/install-darwin-multi-user.sh
@@ -744,9 +744,9 @@ place_nix_configuration() {
     cat <<EOF > "$SCRATCH/nix.conf"
 build-users-group = $NIX_BUILD_GROUP_NAME
 
-build-max-jobs = $NIX_USER_COUNT
-build-cores = 1
-build-use-sandbox = false
+max-jobs = $NIX_USER_COUNT
+cores = 1
+sandbox = false
 
 binary-caches = https://cache.nixos.org/
 trusted-binary-caches =
diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc
index 67178b4a8915..aa28ff2e53a4 100644
--- a/src/libmain/shared.cc
+++ b/src/libmain/shared.cc
@@ -171,7 +171,7 @@ struct LegacyArgs : public MixCommonArgs
         });
 
         mkFlag1('j', "max-jobs", "jobs", "maximum number of parallel builds", [=](std::string s) {
-            settings.set("build-max-jobs", s);
+            settings.set("max-jobs", s);
         });
 
         auto intSettingAlias = [&](char shortName, const std::string & longName,
@@ -181,9 +181,9 @@ struct LegacyArgs : public MixCommonArgs
             });
         };
 
-        intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "build-cores");
-        intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "build-max-silent-time");
-        intSettingAlias(0, "timeout", "number of seconds before a build is killed", "build-timeout");
+        intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "cores");
+        intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "max-silent-time");
+        intSettingAlias(0, "timeout", "number of seconds before a build is killed", "timeout");
 
         mkFlag(0, "readonly-mode", "do not write to the Nix store",
             &settings.readOnlyMode);
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 02dcd4536a5c..39f6128aafd6 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -1740,11 +1740,11 @@ void DerivationGoal::startBuilder()
         if (settings.sandboxMode == smEnabled) {
             if (get(drv->env, "__noChroot") == "1")
                 throw Error(format("derivation '%1%' has '__noChroot' set, "
-                    "but that's not allowed when 'build-use-sandbox' is 'true'") % drvPath);
+                    "but that's not allowed when 'sandbox' is 'true'") % drvPath);
 #if __APPLE__
             if (additionalSandboxProfile != "")
                 throw Error(format("derivation '%1%' specifies a sandbox profile, "
-                    "but this is only allowed when 'build-use-sandbox' is 'relaxed'") % drvPath);
+                    "but this is only allowed when 'sandbox' is 'relaxed'") % drvPath);
 #endif
             useChroot = true;
         }
@@ -1832,7 +1832,7 @@ void DerivationGoal::startBuilder()
                     worker.store.computeFSClosure(worker.store.toStorePath(i.second.source), closure);
             } catch (InvalidPath & e) {
             } catch (Error & e) {
-                throw Error(format("while processing 'build-sandbox-paths': %s") % e.what());
+                throw Error(format("while processing 'sandbox-paths': %s") % e.what());
             }
         for (auto & i : closure)
             dirsInChroot[i] = i;
diff --git a/src/libstore/gc.cc b/src/libstore/gc.cc
index bd335fbb49e3..5e3958ea52a3 100644
--- a/src/libstore/gc.cc
+++ b/src/libstore/gc.cc
@@ -580,7 +580,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p
     /* Don't delete this path if any of its referrers are alive. */
     queryReferrers(path, incoming);
 
-    /* If gc-keep-derivations is set and this is a derivation, then
+    /* If keep-derivations is set and this is a derivation, then
        don't delete the derivation if any of the outputs are alive. */
     if (state.gcKeepDerivations && isDerivation(path)) {
         PathSet outputs = queryDerivationOutputs(path);
@@ -589,7 +589,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p
                 incoming.insert(i);
     }
 
-    /* If gc-keep-outputs is set, then don't delete this path if there
+    /* If keep-outputs is set, then don't delete this path if there
        are derivers of this path that are not garbage. */
     if (state.gcKeepOutputs) {
         PathSet derivers = queryValidDerivers(path);
@@ -704,9 +704,9 @@ void LocalStore::collectGarbage(const GCOptions & options, GCResults & results)
     state.gcKeepDerivations = settings.gcKeepDerivations;
 
     /* Using `--ignore-liveness' with `--delete' can have unintended
-       consequences if `gc-keep-outputs' or `gc-keep-derivations' are
-       true (the garbage collector will recurse into deleting the
-       outputs or derivers, respectively).  So disable them. */
+       consequences if `keep-outputs' or `keep-derivations' are true
+       (the garbage collector will recurse into deleting the outputs
+       or derivers, respectively).  So disable them. */
     if (options.action == GCOptions::gcDeleteSpecific && options.ignoreLiveness) {
         state.gcKeepOutputs = false;
         state.gcKeepDerivations = false;
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 9ebbf7b477bb..c20d147f5d34 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -89,8 +89,9 @@ public:
     Setting<bool> keepGoing{this, false, "keep-going",
         "Whether to keep building derivations when another build fails."};
 
-    Setting<bool> tryFallback{this, false, "build-fallback",
-        "Whether to fall back to building when substitution fails."};
+    Setting<bool> tryFallback{this, false, "fallback",
+        "Whether to fall back to building when substitution fails.",
+        {"build-fallback"}};
 
     /* Whether to show build log output in real time. */
     bool verboseBuild = true;
@@ -99,14 +100,15 @@ public:
        the log to show if a build fails. */
     size_t logLines = 10;
 
-    MaxBuildJobsSetting maxBuildJobs{this, 1, "build-max-jobs",
-        "Maximum number of parallel build jobs. \"auto\" means use number of cores."};
+    MaxBuildJobsSetting maxBuildJobs{this, 1, "max-jobs",
+        "Maximum number of parallel build jobs. \"auto\" means use number of cores.",
+        {"build-max-jobs"}};
 
-    Setting<unsigned int> buildCores{this, getDefaultCores(), "build-cores",
+    Setting<unsigned int> buildCores{this, getDefaultCores(), "cores",
         "Number of CPU cores to utilize in parallel within a build, "
         "i.e. by passing this number to Make via '-j'. 0 means that the "
         "number of actual CPU cores on the local host ought to be "
-        "auto-detected."};
+        "auto-detected.", {"build-cores"}};
 
     /* Read-only mode.  Don't copy stuff to the store, don't change
        the database. */
@@ -115,14 +117,15 @@ public:
     Setting<std::string> thisSystem{this, SYSTEM, "system",
         "The canonical Nix system name."};
 
-    Setting<time_t> maxSilentTime{this, 0, "build-max-silent-time",
+    Setting<time_t> maxSilentTime{this, 0, "max-silent-time",
         "The maximum time in seconds that a builer can go without "
         "producing any output on stdout/stderr before it is killed. "
-        "0 means infinity."};
+        "0 means infinity.",
+        {"build-max-silent-time"}};
 
-    Setting<time_t> buildTimeout{this, 0, "build-timeout",
+    Setting<time_t> buildTimeout{this, 0, "timeout",
         "The maximum duration in seconds that a builder can run. "
-        "0 means infinity."};
+        "0 means infinity.", {"build-timeout"}};
 
     Setting<bool> useBuildHook{this, true, "remote-builds",
         "Whether to use build hooks (for distributed builds)."};
@@ -149,27 +152,32 @@ public:
     Setting<bool> syncBeforeRegistering{this, false, "sync-before-registering",
         "Whether to call sync() before registering a path as valid."};
 
-    Setting<bool> useSubstitutes{this, true, "build-use-substitutes",
-        "Whether to use substitutes."};
+    Setting<bool> useSubstitutes{this, true, "use-substitutes",
+        "Whether to use substitutes.",
+        {"build-use-substitutes"}};
 
     Setting<std::string> buildUsersGroup{this, "", "build-users-group",
         "The Unix group that contains the build users."};
 
-    Setting<bool> impersonateLinux26{this, false, "build-impersonate-linux-26",
-        "Whether to impersonate a Linux 2.6 machine on newer kernels."};
+    Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26",
+        "Whether to impersonate a Linux 2.6 machine on newer kernels.",
+        {"build-impersonate-linux-26"}};
 
-    Setting<bool> keepLog{this, true, "build-keep-log",
-        "Whether to store build logs."};
+    Setting<bool> keepLog{this, true, "keep-build-log",
+        "Whether to store build logs.",
+        {"build-keep-log"}};
 
-    Setting<bool> compressLog{this, true, "build-compress-log",
-        "Whether to compress logs."};
+    Setting<bool> compressLog{this, true, "compress-build-log",
+        "Whether to compress logs.",
+        {"build-compress-log"}};
 
-    Setting<unsigned long> maxLogSize{this, 0, "build-max-log-size",
+    Setting<unsigned long> maxLogSize{this, 0, "max-build-log-size",
         "Maximum number of bytes a builder can write to stdout/stderr "
-        "before being killed (0 means no limit)."};
+        "before being killed (0 means no limit).",
+        {"build-max-log-size"}};
 
-    /* When build-repeat > 0 and verboseBuild == true, whether to
-       print repeated builds (i.e. builds other than the first one) to
+    /* When buildRepeat > 0 and verboseBuild == true, whether to print
+       repeated builds (i.e. builds other than the first one) to
        stderr. Hack to prevent Hydra logs from being polluted. */
     bool printRepeatedBuilds = true;
 
@@ -180,18 +188,21 @@ public:
         "Whether to check if new GC roots can in fact be found by the "
         "garbage collector."};
 
-    Setting<bool> gcKeepOutputs{this, false, "gc-keep-outputs",
-        "Whether the garbage collector should keep outputs of live derivations."};
+    Setting<bool> gcKeepOutputs{this, false, "keep-outputs",
+        "Whether the garbage collector should keep outputs of live derivations.",
+        {"gc-keep-outputs"}};
 
-    Setting<bool> gcKeepDerivations{this, true, "gc-keep-derivations",
-        "Whether the garbage collector should keep derivers of live paths."};
+    Setting<bool> gcKeepDerivations{this, true, "keep-derivations",
+        "Whether the garbage collector should keep derivers of live paths.",
+        {"gc-keep-derivations"}};
 
     Setting<bool> autoOptimiseStore{this, false, "auto-optimise-store",
         "Whether to automatically replace files with identical contents with hard links."};
 
-    Setting<bool> envKeepDerivations{this, false, "env-keep-derivations",
+    Setting<bool> envKeepDerivations{this, false, "keep-env-derivations",
         "Whether to add derivations as a dependency of user environments "
-        "(to prevent them from being GCed)."};
+        "(to prevent them from being GCed).",
+        {"env-keep-derivations"}};
 
     /* Whether to lock the Nix client and worker to the same CPU. */
     bool lockCPU;
@@ -202,24 +213,25 @@ public:
     Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
         "Whether builtin functions that allow executing native code should be enabled."};
 
-    Setting<SandboxMode> sandboxMode{this, smDisabled, "build-use-sandbox",
+    Setting<SandboxMode> sandboxMode{this, smDisabled, "sandbox",
         "Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
-        {"build-use-chroot"}};
+        {"build-use-chroot", "build-use-sandbox"}};
 
-    Setting<PathSet> sandboxPaths{this, {}, "build-sandbox-paths",
+    Setting<PathSet> sandboxPaths{this, {}, "sandbox-paths",
         "The paths to make available inside the build sandbox.",
-        {"build-chroot-dirs"}};
+        {"build-chroot-dirs", "build-sandbox-paths"}};
 
-    Setting<PathSet> extraSandboxPaths{this, {}, "build-extra-sandbox-paths",
+    Setting<PathSet> extraSandboxPaths{this, {}, "extra-sandbox-paths",
         "Additional paths to make available inside the build sandbox.",
-        {"build-extra-chroot-dirs"}};
+        {"build-extra-chroot-dirs", "build-extra-sandbox-paths"}};
 
     Setting<bool> restrictEval{this, false, "restrict-eval",
         "Whether to restrict file system access to paths in $NIX_PATH, "
         "and to disallow fetching files from the network."};
 
-    Setting<size_t> buildRepeat{this, 0, "build-repeat",
-        "The number of times to repeat a build in order to verify determinism."};
+    Setting<size_t> buildRepeat{this, 0, "repeat",
+        "The number of times to repeat a build in order to verify determinism.",
+        {"build-repeat"}};
 
 #if __linux__
     Setting<std::string> sandboxShmSize{this, "50%", "sandbox-dev-shm-size",
diff --git a/tests/build-remote.sh b/tests/build-remote.sh
index 927a217f3761..e27ce7e25a8e 100644
--- a/tests/build-remote.sh
+++ b/tests/build-remote.sh
@@ -13,7 +13,7 @@ rm -rf $TEST_ROOT/store0 $TEST_ROOT/store1
 export NIX_CONF_DIR=$TEST_ROOT/etc2
 mkdir -p $NIX_CONF_DIR
 echo "
-build-sandbox-paths = /nix/store
+sandbox-paths = /nix/store
 sandbox-build-dir = /build-tmp
 " > $NIX_CONF_DIR/nix.conf
 
diff --git a/tests/init.sh b/tests/init.sh
index 4571b75b859e..41cca047d8fb 100644
--- a/tests/init.sh
+++ b/tests/init.sh
@@ -15,9 +15,7 @@ mkdir "$NIX_CONF_DIR"
 
 cat > "$NIX_CONF_DIR"/nix.conf <<EOF
 build-users-group =
-gc-keep-outputs = false
-gc-keep-derivations = false
-env-keep-derivations = false
+keep-derivations = false
 fsync-metadata = false
 EOF
 
diff --git a/tests/linux-sandbox.sh b/tests/linux-sandbox.sh
index 54cdef8178ea..7f4e83b560be 100644
--- a/tests/linux-sandbox.sh
+++ b/tests/linux-sandbox.sh
@@ -16,7 +16,7 @@ rm -rf $TEST_ROOT/store0
 export NIX_STORE_DIR=/my/store
 export NIX_REMOTE="local?root=$TEST_ROOT/store0"
 
-outPath=$(nix-build dependencies.nix --no-out-link --option build-sandbox-paths /nix/store)
+outPath=$(nix-build dependencies.nix --no-out-link --option sandbox-paths /nix/store)
 
 [[ $outPath =~ /my/store/.*-dependencies ]]
 
diff --git a/tests/logging.sh b/tests/logging.sh
index 86f32bade941..d38136531ba0 100644
--- a/tests/logging.sh
+++ b/tests/logging.sh
@@ -11,5 +11,5 @@ path=$(nix-build dependencies.nix --no-out-link)
 clearStore
 rm -rf $NIX_LOG_DIR
 (! nix-store -l $path)
-nix-build dependencies.nix --no-out-link --option build-compress-log true
+nix-build dependencies.nix --no-out-link --option compress-build-log true
 [ "$(nix-store -l $path)" = FOO ]
diff --git a/tests/multiple-outputs.sh b/tests/multiple-outputs.sh
index 7ac77908151c..47698b10381d 100644
--- a/tests/multiple-outputs.sh
+++ b/tests/multiple-outputs.sh
@@ -59,5 +59,5 @@ fi
 
 echo "collecting garbage..."
 rm $TEST_ROOT/result*
-nix-store --gc --option gc-keep-derivations true --option gc-keep-outputs true
+nix-store --gc --option keep-derivations true --option keep-outputs true
 nix-store --gc --print-roots
diff --git a/tests/setuid.nix b/tests/setuid.nix
index 2508549c5464..7a12b4fb316e 100644
--- a/tests/setuid.nix
+++ b/tests/setuid.nix
@@ -20,7 +20,7 @@ makeTest {
       startAll;
 
       # Copying to /tmp should succeed.
-      $machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
+      $machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
         mkdir -p $out
         cp ${pkgs.coreutils}/bin/id /tmp/id
       ")\' ');
@@ -30,7 +30,7 @@ makeTest {
       $machine->succeed("rm /tmp/id");
 
       # Creating a setuid binary should fail.
-      $machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
+      $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
         mkdir -p $out
         cp ${pkgs.coreutils}/bin/id /tmp/id
         chmod 4755 /tmp/id
@@ -41,7 +41,7 @@ makeTest {
       $machine->succeed("rm /tmp/id");
 
       # Creating a setgid binary should fail.
-      $machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
+      $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
         mkdir -p $out
         cp ${pkgs.coreutils}/bin/id /tmp/id
         chmod 2755 /tmp/id
@@ -52,7 +52,7 @@ makeTest {
       $machine->succeed("rm /tmp/id");
 
       # The checks should also work on 32-bit binaries.
-      $machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
+      $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
         mkdir -p $out
         cp ${pkgs.coreutils}/bin/id /tmp/id
         chmod 2755 /tmp/id
@@ -63,7 +63,7 @@ makeTest {
       $machine->succeed("rm /tmp/id");
 
       # The tests above use fchmodat(). Test chmod() as well.
-      $machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
+      $machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
         mkdir -p $out
         cp ${pkgs.coreutils}/bin/id /tmp/id
         perl -e \"chmod 0666, qw(/tmp/id) or die\"
@@ -73,7 +73,7 @@ makeTest {
 
       $machine->succeed("rm /tmp/id");
 
-      $machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
+      $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
         mkdir -p $out
         cp ${pkgs.coreutils}/bin/id /tmp/id
         perl -e \"chmod 04755, qw(/tmp/id) or die\"
@@ -84,7 +84,7 @@ makeTest {
       $machine->succeed("rm /tmp/id");
 
       # And test fchmod().
-      $machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
+      $machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
         mkdir -p $out
         cp ${pkgs.coreutils}/bin/id /tmp/id
         perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\"
@@ -94,7 +94,7 @@ makeTest {
 
       $machine->succeed("rm /tmp/id");
 
-      $machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
+      $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
         mkdir -p $out
         cp ${pkgs.coreutils}/bin/id /tmp/id
         perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\"
diff --git a/tests/shell.shebang.sh b/tests/shell.shebang.sh
index c9a83aaf83dc..a6c4bc945921 100755
--- a/tests/shell.shebang.sh
+++ b/tests/shell.shebang.sh
@@ -1,4 +1,4 @@
 #! @ENV_PROG@ nix-shell
-#! nix-shell -I nixpkgs=shell.nix --option build-use-substitutes false
+#! nix-shell -I nixpkgs=shell.nix --option use-substitutes false
 #! nix-shell --pure -i bash -p foo bar
 echo "$(foo) $(bar) $@"
diff --git a/tests/timeout.sh b/tests/timeout.sh
index 2b864b86dca4..d3d85200fa51 100644
--- a/tests/timeout.sh
+++ b/tests/timeout.sh
@@ -15,7 +15,7 @@ if ! echo "$messages" | grep -q "timed out"; then
     exit 1
 fi
 
-if nix-build -Q timeout.nix -A infiniteLoop --option build-max-log-size 100; then
+if nix-build -Q timeout.nix -A infiniteLoop --option max-build-log-size 100; then
     echo "build should have failed"
     exit 1
 fi
@@ -30,7 +30,7 @@ if nix-build timeout.nix -A closeLog; then
     exit 1
 fi
 
-if nix build -f timeout.nix silent --option build-max-silent-time 2; then
+if nix build -f timeout.nix silent --max-silent-time 2; then
     echo "build should have failed"
     exit 1
 fi