From ca8caaec5e7581c37b46f79622c81adf52f06314 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Wed, 27 Nov 2019 00:05:30 +0100
Subject: [PATCH] nix: Add --expr flag

This replaces the '(...)' installable syntax, which is not very
discoverable. The downside is that you can't have multiple expressions
or mix expressions and other installables.
---
 src/nix/command.hh      |  3 ++-
 src/nix/eval.cc         |  2 +-
 src/nix/installables.cc | 33 +++++++++++++++++----------
 tests/fetchGit.sh       | 50 ++++++++++++++++++++---------------------
 tests/fetchMercurial.sh | 34 ++++++++++++++--------------
 tests/gc-auto.sh        |  4 ++--
 tests/plugins.sh        |  2 +-
 tests/pure-eval.sh      | 16 ++++++-------
 tests/restricted.sh     | 18 +++++++--------
 9 files changed, 86 insertions(+), 76 deletions(-)

diff --git a/src/nix/command.hh b/src/nix/command.hh
index 82dbb55d0..42c14927f 100644
--- a/src/nix/command.hh
+++ b/src/nix/command.hh
@@ -56,6 +56,7 @@ struct MixFlakeOptions : virtual Args
 struct SourceExprCommand : virtual Args, EvalCommand, MixFlakeOptions
 {
     std::optional<Path> file;
+    std::optional<std::string> expr;
 
     SourceExprCommand();
 
@@ -106,7 +107,7 @@ struct InstallableCommand : virtual Args, SourceExprCommand
 
 private:
 
-    std::string _installable{"."};
+    std::string _installable{""};
 };
 
 /* A command that operates on zero or more store paths. */
diff --git a/src/nix/eval.cc b/src/nix/eval.cc
index 276fdf003..a991ee608 100644
--- a/src/nix/eval.cc
+++ b/src/nix/eval.cc
@@ -28,7 +28,7 @@ struct CmdEval : MixJSON, InstallableCommand
         return {
             Example{
                 "To evaluate a Nix expression given on the command line:",
-                "nix eval '(1 + 2)'"
+                "nix eval --expr '1 + 2'"
             },
             Example{
                 "To evaluate a Nix expression from a file or URI:",
diff --git a/src/nix/installables.cc b/src/nix/installables.cc
index 671cf513a..3e0fe2606 100644
--- a/src/nix/installables.cc
+++ b/src/nix/installables.cc
@@ -51,8 +51,14 @@ SourceExprCommand::SourceExprCommand()
         .shortName('f')
         .longName("file")
         .label("file")
-        .description("evaluate a set of attributes from FILE (deprecated)")
+        .description("evaluate attributes from FILE")
         .dest(&file);
+
+    mkFlag()
+        .longName("expr")
+        .label("expr")
+        .description("evaluate attributes from EXPR")
+        .dest(&expr);
 }
 
 Strings SourceExprCommand::getDefaultFlakeAttrPaths()
@@ -378,19 +384,25 @@ std::vector<std::shared_ptr<Installable>> SourceExprCommand::parseInstallables(
 {
     std::vector<std::shared_ptr<Installable>> result;
 
-    if (file) {
+    if (file || expr) {
+        if (file && expr)
+            throw UsageError("'--file' and '--expr' are exclusive");
+
         // FIXME: backward compatibility hack
-        evalSettings.pureEval = false;
+        if (file) evalSettings.pureEval = false;
 
         auto state = getEvalState();
         auto vFile = state->allocValue();
-        state->evalFile(lookupFileArg(*state, *file), *vFile);
 
-        if (ss.empty())
-            ss = {""};
+        if (file)
+            state->evalFile(lookupFileArg(*state, *file), *vFile);
+        else {
+            auto e = state->parseExprFromString(*expr, absPath("."));
+            state->eval(e, *vFile);
+        }
 
         for (auto & s : ss)
-            result.push_back(std::make_shared<InstallableAttrPath>(*this, vFile, s));
+            result.push_back(std::make_shared<InstallableAttrPath>(*this, vFile, s == "." ? "" : s));
 
     } else {
 
@@ -407,10 +419,7 @@ std::vector<std::shared_ptr<Installable>> SourceExprCommand::parseInstallables(
             size_t hash;
             std::optional<Path> storePath;
 
-            if (s.compare(0, 1, "(") == 0)
-                result.push_back(std::make_shared<InstallableExpr>(*this, s));
-
-            else if (hasPrefix(s, "nixpkgs.")) {
+            if (hasPrefix(s, "nixpkgs.")) {
                 bool static warned;
                 warnOnce(warned, "the syntax 'nixpkgs.<attr>' is deprecated; use 'nixpkgs:<attr>' instead");
                 result.push_back(std::make_shared<InstallableFlake>(*this, FlakeRef("nixpkgs"),
@@ -532,7 +541,7 @@ PathSet toDerivations(ref<Store> store,
 
 void InstallablesCommand::prepare()
 {
-    if (_installables.empty() && !file && useDefaultInstallables())
+    if (_installables.empty() && useDefaultInstallables())
         // FIXME: commands like "nix install" should not have a
         // default, probably.
         _installables.push_back(".");
diff --git a/tests/fetchGit.sh b/tests/fetchGit.sh
index 885dd9e77..25333e477 100644
--- a/tests/fetchGit.sh
+++ b/tests/fetchGit.sh
@@ -28,39 +28,39 @@ git -C $repo commit -m 'Bla2' -a
 rev2=$(git -C $repo rev-parse HEAD)
 
 # Fetch the default branch.
-path=$(nix eval --impure --raw "(builtins.fetchGit file://$repo).outPath")
+path=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
 [[ $(cat $path/hello) = world ]]
 
 # In pure eval mode, fetchGit without a revision should fail.
-[[ $(nix eval --impure --raw "(builtins.readFile (fetchGit file://$repo + \"/hello\"))") = world ]]
-(! nix eval --raw "(builtins.readFile (fetchGit file://$repo + \"/hello\"))")
+[[ $(nix eval --impure --raw --expr "builtins.readFile (fetchGit file://$repo + \"/hello\")") = world ]]
+(! nix eval --raw --expr "builtins.readFile (fetchGit file://$repo + \"/hello\")")
 
 # Fetch using an explicit revision hash.
-path2=$(nix eval --raw "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
+path2=$(nix eval --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
 [[ $path = $path2 ]]
 
 # In pure eval mode, fetchGit with a revision should succeed.
-[[ $(nix eval --raw "(builtins.readFile (fetchGit { url = file://$repo; rev = \"$rev2\"; } + \"/hello\"))") = world ]]
+[[ $(nix eval --raw --expr "builtins.readFile (fetchGit { url = file://$repo; rev = \"$rev2\"; } + \"/hello\")") = world ]]
 
 # Fetch again. This should be cached.
 mv $repo ${repo}-tmp
-path2=$(nix eval --impure --raw "(builtins.fetchGit file://$repo).outPath")
+path2=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
 [[ $path = $path2 ]]
 
-[[ $(nix eval --impure "(builtins.fetchGit file://$repo).revCount") = 2 ]]
-[[ $(nix eval --impure --raw "(builtins.fetchGit file://$repo).rev") = $rev2 ]]
+[[ $(nix eval --impure --expr "(builtins.fetchGit file://$repo).revCount") = 2 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).rev") = $rev2 ]]
 
 # Fetching with a explicit hash should succeed.
-path2=$(nix eval --tarball-ttl 0 --raw "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
+path2=$(nix eval --tarball-ttl 0 --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev2\"; }).outPath")
 [[ $path = $path2 ]]
 
-path2=$(nix eval --tarball-ttl 0 --raw "(builtins.fetchGit { url = file://$repo; rev = \"$rev1\"; }).outPath")
+path2=$(nix eval --tarball-ttl 0 --raw --expr "(builtins.fetchGit { url = file://$repo; rev = \"$rev1\"; }).outPath")
 [[ $(cat $path2/hello) = utrecht ]]
 
 mv ${repo}-tmp $repo
 
 # Using a clean working tree should produce the same result.
-path2=$(nix eval --impure --raw "(builtins.fetchGit $repo).outPath")
+path2=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
 [[ $path = $path2 ]]
 
 # Using an unclean tree should yield the tracked but uncommitted changes.
@@ -71,26 +71,26 @@ echo bar > $repo/dir2/bar
 git -C $repo add dir1/foo
 git -C $repo rm hello
 
-path2=$(nix eval --impure --raw "(builtins.fetchGit $repo).outPath")
+path2=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
 [ ! -e $path2/hello ]
 [ ! -e $path2/bar ]
 [ ! -e $path2/dir2/bar ]
 [ ! -e $path2/.git ]
 [[ $(cat $path2/dir1/foo) = foo ]]
 
-[[ $(nix eval --impure --raw "(builtins.fetchGit $repo).rev") = 0000000000000000000000000000000000000000 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchGit $repo).rev") = 0000000000000000000000000000000000000000 ]]
 
 # ... unless we're using an explicit ref or rev.
-path3=$(nix eval --impure --raw "(builtins.fetchGit { url = $repo; ref = \"master\"; }).outPath")
+path3=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = $repo; ref = \"master\"; }).outPath")
 [[ $path = $path3 ]]
 
-path3=$(nix eval --raw "(builtins.fetchGit { url = $repo; rev = \"$rev2\"; }).outPath")
+path3=$(nix eval --raw --expr "(builtins.fetchGit { url = $repo; rev = \"$rev2\"; }).outPath")
 [[ $path = $path3 ]]
 
 # Committing should not affect the store path.
 git -C $repo commit -m 'Bla3' -a
 
-path4=$(nix eval --impure --tarball-ttl 0 --raw "(builtins.fetchGit file://$repo).outPath")
+path4=$(nix eval --impure --tarball-ttl 0 --raw --expr "(builtins.fetchGit file://$repo).outPath")
 [[ $path2 = $path4 ]]
 
 # tarball-ttl should be ignored if we specify a rev
@@ -98,32 +98,32 @@ echo delft > $repo/hello
 git -C $repo add hello
 git -C $repo commit -m 'Bla4'
 rev3=$(git -C $repo rev-parse HEAD)
-nix eval --tarball-ttl 3600 "(builtins.fetchGit { url = $repo; rev = \"$rev3\"; })" >/dev/null
+nix eval --tarball-ttl 3600 --expr "builtins.fetchGit { url = $repo; rev = \"$rev3\"; }" >/dev/null
 
 # Update 'path' to reflect latest master
-path=$(nix eval --impure --raw "(builtins.fetchGit file://$repo).outPath")
+path=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
 
 # Check behavior when non-master branch is used
 git -C $repo checkout $rev2 -b dev
 echo dev > $repo/hello
 
 # File URI uses 'master' unless specified otherwise
-path2=$(nix eval --impure --raw "(builtins.fetchGit file://$repo).outPath")
+path2=$(nix eval --impure --raw --expr "(builtins.fetchGit file://$repo).outPath")
 [[ $path = $path2 ]]
 
 # Using local path with branch other than 'master' should work when clean or dirty
-path3=$(nix eval --impure --raw "(builtins.fetchGit $repo).outPath")
+path3=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
 # (check dirty-tree handling was used)
-[[ $(nix eval --impure --raw "(builtins.fetchGit $repo).rev") = 0000000000000000000000000000000000000000 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchGit $repo).rev") = 0000000000000000000000000000000000000000 ]]
 
 # Committing shouldn't change store path, or switch to using 'master'
 git -C $repo commit -m 'Bla5' -a
-path4=$(nix eval --impure --raw "(builtins.fetchGit $repo).outPath")
+path4=$(nix eval --impure --raw --expr "(builtins.fetchGit $repo).outPath")
 [[ $(cat $path4/hello) = dev ]]
 [[ $path3 = $path4 ]]
 
 # Confirm same as 'dev' branch
-path5=$(nix eval --impure --raw "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath")
+path5=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath")
 [[ $path3 = $path5 ]]
 
 
@@ -133,8 +133,8 @@ rm -rf $TEST_HOME/.cache/nix/gitv2
 # Try again, but without 'git' on PATH
 NIX=$(command -v nix)
 # This should fail
-(! PATH= $NIX eval --impure --raw "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath" )
+(! PATH= $NIX eval --impure --raw --expr "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath" )
 
 # Try again, with 'git' available.  This should work.
-path5=$(nix eval --impure --raw "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath")
+path5=$(nix eval --impure --raw --expr "(builtins.fetchGit { url = $repo; ref = \"dev\"; }).outPath")
 [[ $path3 = $path5 ]]
diff --git a/tests/fetchMercurial.sh b/tests/fetchMercurial.sh
index a0f792612..048a66ee2 100644
--- a/tests/fetchMercurial.sh
+++ b/tests/fetchMercurial.sh
@@ -26,43 +26,43 @@ hg commit --cwd $repo -m 'Bla2'
 rev2=$(hg log --cwd $repo -r tip --template '{node}')
 
 # Fetch the default branch.
-path=$(nix eval --impure --raw "(builtins.fetchMercurial file://$repo).outPath")
+path=$(nix eval --impure --raw --expr "(builtins.fetchMercurial file://$repo).outPath")
 [[ $(cat $path/hello) = world ]]
 
 # In pure eval mode, fetchGit without a revision should fail.
-[[ $(nix eval --impure --raw "(builtins.readFile (fetchMercurial file://$repo + \"/hello\"))") = world ]]
-(! nix eval --raw "(builtins.readFile (fetchMercurial file://$repo + \"/hello\"))")
+[[ $(nix eval --impure --raw --expr "(builtins.readFile (fetchMercurial file://$repo + \"/hello\"))") = world ]]
+(! nix eval --raw --expr "builtins.readFile (fetchMercurial file://$repo + \"/hello\")")
 
 # Fetch using an explicit revision hash.
-path2=$(nix eval --impure --raw "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev2\"; }).outPath")
+path2=$(nix eval --impure --raw --expr "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev2\"; }).outPath")
 [[ $path = $path2 ]]
 
 # In pure eval mode, fetchGit with a revision should succeed.
-[[ $(nix eval --raw "(builtins.readFile (fetchMercurial { url = file://$repo; rev = \"$rev2\"; } + \"/hello\"))") = world ]]
+[[ $(nix eval --raw --expr "builtins.readFile (fetchMercurial { url = file://$repo; rev = \"$rev2\"; } + \"/hello\")") = world ]]
 
 # Fetch again. This should be cached.
 mv $repo ${repo}-tmp
-path2=$(nix eval --impure --raw "(builtins.fetchMercurial file://$repo).outPath")
+path2=$(nix eval --impure --raw --expr "(builtins.fetchMercurial file://$repo).outPath")
 [[ $path = $path2 ]]
 
-[[ $(nix eval --impure --raw "(builtins.fetchMercurial file://$repo).branch") = default ]]
-[[ $(nix eval --impure "(builtins.fetchMercurial file://$repo).revCount") = 1 ]]
-[[ $(nix eval --impure --raw "(builtins.fetchMercurial file://$repo).rev") = $rev2 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchMercurial file://$repo).branch") = default ]]
+[[ $(nix eval --impure --expr "(builtins.fetchMercurial file://$repo).revCount") = 1 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchMercurial file://$repo).rev") = $rev2 ]]
 
 # But with TTL 0, it should fail.
-(! nix eval --impure --tarball-ttl 0 "(builtins.fetchMercurial file://$repo)")
+(! nix eval --impure --tarball-ttl 0 --expr "builtins.fetchMercurial file://$repo")
 
 # Fetching with a explicit hash should succeed.
-path2=$(nix eval --tarball-ttl 0 --raw "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev2\"; }).outPath")
+path2=$(nix eval --tarball-ttl 0 --raw --expr "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev2\"; }).outPath")
 [[ $path = $path2 ]]
 
-path2=$(nix eval --tarball-ttl 0 --raw "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev1\"; }).outPath")
+path2=$(nix eval --tarball-ttl 0 --raw --expr "(builtins.fetchMercurial { url = file://$repo; rev = \"$rev1\"; }).outPath")
 [[ $(cat $path2/hello) = utrecht ]]
 
 mv ${repo}-tmp $repo
 
 # Using a clean working tree should produce the same result.
-path2=$(nix eval --impure --raw "(builtins.fetchMercurial $repo).outPath")
+path2=$(nix eval --impure --raw --expr "(builtins.fetchMercurial $repo).outPath")
 [[ $path = $path2 ]]
 
 # Using an unclean tree should yield the tracked but uncommitted changes.
@@ -73,21 +73,21 @@ echo bar > $repo/dir2/bar
 hg add --cwd $repo dir1/foo
 hg rm --cwd $repo hello
 
-path2=$(nix eval --impure --raw "(builtins.fetchMercurial $repo).outPath")
+path2=$(nix eval --impure --raw --expr "(builtins.fetchMercurial $repo).outPath")
 [ ! -e $path2/hello ]
 [ ! -e $path2/bar ]
 [ ! -e $path2/dir2/bar ]
 [ ! -e $path2/.hg ]
 [[ $(cat $path2/dir1/foo) = foo ]]
 
-[[ $(nix eval --impure --raw "(builtins.fetchMercurial $repo).rev") = 0000000000000000000000000000000000000000 ]]
+[[ $(nix eval --impure --raw --expr "(builtins.fetchMercurial $repo).rev") = 0000000000000000000000000000000000000000 ]]
 
 # ... unless we're using an explicit rev.
-path3=$(nix eval --raw "(builtins.fetchMercurial { url = $repo; rev = \"default\"; }).outPath")
+path3=$(nix eval --raw --expr "(builtins.fetchMercurial { url = $repo; rev = \"default\"; }).outPath")
 [[ $path = $path3 ]]
 
 # Committing should not affect the store path.
 hg commit --cwd $repo -m 'Bla3'
 
-path4=$(nix eval --impure --tarball-ttl 0 --raw "(builtins.fetchMercurial file://$repo).outPath")
+path4=$(nix eval --impure --tarball-ttl 0 --raw --expr "(builtins.fetchMercurial file://$repo).outPath")
 [[ $path2 = $path4 ]]
diff --git a/tests/gc-auto.sh b/tests/gc-auto.sh
index a74c675b0..e593697a9 100644
--- a/tests/gc-auto.sh
+++ b/tests/gc-auto.sh
@@ -57,11 +57,11 @@ with import ./config.nix; mkDerivation {
 EOF
 )
 
-nix build --impure -v -o $TEST_ROOT/result-A -L "($expr)" \
+nix build --impure -v -o $TEST_ROOT/result-A -L --expr "$expr" \
     --min-free 1000 --max-free 2000 --min-free-check-interval 1 &
 pid=$!
 
-nix build --impure -v -o $TEST_ROOT/result-B -L "($expr2)" \
+nix build --impure -v -o $TEST_ROOT/result-B -L --expr "$expr2" \
     --min-free 1000 --max-free 2000 --min-free-check-interval 1
 
 wait "$pid"
diff --git a/tests/plugins.sh b/tests/plugins.sh
index 4b1baeddc..50bfaf7e9 100644
--- a/tests/plugins.sh
+++ b/tests/plugins.sh
@@ -2,6 +2,6 @@ source common.sh
 
 set -o pipefail
 
-res=$(nix eval '(builtins.anotherNull)' --option setting-set true --option plugin-files $PWD/plugins/libplugintest*)
+res=$(nix eval --expr builtins.anotherNull --option setting-set true --option plugin-files $PWD/plugins/libplugintest*)
 
 [ "$res"x = "nullx" ]
diff --git a/tests/pure-eval.sh b/tests/pure-eval.sh
index 6e2c6962d..43a765997 100644
--- a/tests/pure-eval.sh
+++ b/tests/pure-eval.sh
@@ -2,17 +2,17 @@ source common.sh
 
 clearStore
 
-nix eval '(assert 1 + 2 == 3; true)'
+nix eval --expr 'assert 1 + 2 == 3; true'
 
-[[ $(nix eval --impure '(builtins.readFile ./pure-eval.sh)') =~ clearStore ]]
+[[ $(nix eval --impure --expr 'builtins.readFile ./pure-eval.sh') =~ clearStore ]]
 
-(! nix eval '(builtins.readFile ./pure-eval.sh)')
+(! nix eval --expr 'builtins.readFile ./pure-eval.sh')
 
-(! nix eval '(builtins.currentTime)')
-(! nix eval '(builtins.currentSystem)')
+(! nix eval --expr builtins.currentTime)
+(! nix eval --expr builtins.currentSystem)
 
 (! nix-instantiate --pure-eval ./simple.nix)
 
-[[ $(nix eval --impure "((import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x)") == 123 ]]
-(! nix eval "((import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x)")
-nix eval "((import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; sha256 = \"$(nix hash-file pure-eval.nix --type sha256)\"; })).x)"
+[[ $(nix eval --impure --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x") == 123 ]]
+(! nix eval --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; })).x")
+nix eval --expr "(import (builtins.fetchurl { url = file://$(pwd)/pure-eval.nix; sha256 = \"$(nix hash-file pure-eval.nix --type sha256)\"; })).x"
diff --git a/tests/restricted.sh b/tests/restricted.sh
index e660de127..242b901dd 100644
--- a/tests/restricted.sh
+++ b/tests/restricted.sh
@@ -17,18 +17,18 @@ nix-instantiate --restrict-eval --eval -E 'builtins.readDir ../src/nix-channel'
 (! nix-instantiate --restrict-eval --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>')
 nix-instantiate --restrict-eval --eval -E 'let __nixPath = [ { prefix = "foo"; path = ./.; } ]; in <foo>' -I src=.
 
-p=$(nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --impure --restrict-eval --allowed-uris "file://$(pwd)")
+p=$(nix eval --raw --expr "builtins.fetchurl file://$(pwd)/restricted.sh" --impure --restrict-eval --allowed-uris "file://$(pwd)")
 cmp $p restricted.sh
 
-(! nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --impure --restrict-eval)
+(! nix eval --raw --expr "builtins.fetchurl file://$(pwd)/restricted.sh" --impure --restrict-eval)
 
-(! nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --impure --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh/")
+(! nix eval --raw --expr "builtins.fetchurl file://$(pwd)/restricted.sh" --impure --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh/")
 
-nix eval --raw "(builtins.fetchurl file://$(pwd)/restricted.sh)" --impure --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh"
+nix eval --raw --expr "builtins.fetchurl file://$(pwd)/restricted.sh" --impure --restrict-eval --allowed-uris "file://$(pwd)/restricted.sh"
 
-(! nix eval --raw "(builtins.fetchurl https://github.com/NixOS/patchelf/archive/master.tar.gz)" --impure --restrict-eval)
-(! nix eval --raw "(builtins.fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)" --impure --restrict-eval)
-(! nix eval --raw "(fetchGit git://github.com/NixOS/patchelf.git)" --impure --restrict-eval)
+(! nix eval --raw --expr "builtins.fetchurl https://github.com/NixOS/patchelf/archive/master.tar.gz" --impure --restrict-eval)
+(! nix eval --raw --expr "builtins.fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz" --impure --restrict-eval)
+(! nix eval --raw --expr "fetchGit git://github.com/NixOS/patchelf.git" --impure --restrict-eval)
 
 ln -sfn $(pwd)/restricted.nix $TEST_ROOT/restricted.nix
 [[ $(nix-instantiate --eval $TEST_ROOT/restricted.nix) == 3 ]]
@@ -37,7 +37,7 @@ ln -sfn $(pwd)/restricted.nix $TEST_ROOT/restricted.nix
 (! nix-instantiate --eval --restrict-eval $TEST_ROOT/restricted.nix -I .)
 nix-instantiate --eval --restrict-eval $TEST_ROOT/restricted.nix -I $TEST_ROOT -I .
 
-[[ $(nix eval --raw --impure --restrict-eval -I . '(builtins.readFile "${import ./simple.nix}/hello")') == 'Hello World!' ]]
+[[ $(nix eval --raw --impure --restrict-eval -I . --expr 'builtins.readFile "${import ./simple.nix}/hello"') == 'Hello World!' ]]
 
 # Check whether we can leak symlink information through directory traversal.
 traverseDir="$(pwd)/restricted-traverse-me"
@@ -45,7 +45,7 @@ ln -sfn "$(pwd)/restricted-secret" "$(pwd)/restricted-innocent"
 mkdir -p "$traverseDir"
 goUp="..$(echo "$traverseDir" | sed -e 's,[^/]\+,..,g')"
 output="$(nix eval --raw --restrict-eval -I "$traverseDir" \
-    "(builtins.readFile \"$traverseDir/$goUp$(pwd)/restricted-innocent\")" \
+    --expr "builtins.readFile \"$traverseDir/$goUp$(pwd)/restricted-innocent\"" \
     2>&1 || :)"
 echo "$output" | grep "is forbidden"
 ! echo "$output" | grep -F restricted-secret
-- 
GitLab