targetTarget might be missing when native build

tmp
Use explicit splicing in clang wrapper
2026-01-12 11:21:34 +01:00 · 2026-01-12 11:21:34 +01:00 · 2026-01-12 11:21:34 +01:00 · 2026-01-12 11:21:34 +01:00 · 2026-01-12 11:20:24 +01:00 · 2026-01-12 11:20:24 +01:00
6 changed files with 75 additions and 31 deletions
--- a/m/apex/configuration.nix
+++ b/m/apex/configuration.nix
@@ -57,6 +57,18 @@
    };
  };

+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime-increment = {
+      enable = true; # Double ban time on each attack
+      maxtime = "7d"; # Ban up to a week
+    };
+  };
+
+  # Disable SSH login with password, allow only keypair
+  services.openssh.settings.PasswordAuthentication = false;
+
  networking.firewall = {
    extraCommands = ''
      # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our
--- a/m/common/base/users.nix
+++ b/m/common/base/users.nix
@@ -139,6 +139,7 @@
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
        ];
+        shell = pkgs.zsh;
      };

      pmartin1 = {
--- a/overlay.nix
+++ b/overlay.nix
@@ -12,9 +12,9 @@ let
    bench6 = callPackage ./pkgs/bench6/default.nix { };
    bigotes = callPackage ./pkgs/bigotes/default.nix { };
    clangOmpss2 = callPackage ./pkgs/llvm-ompss2/default.nix { };
-    clangOmpss2Nanos6 = callPackage ./pkgs/llvm-ompss2/default.nix { ompss2rt = final.nanos6; };
-    clangOmpss2Nodes = callPackage ./pkgs/llvm-ompss2/default.nix { ompss2rt = final.nodes; openmp = final.openmp; };
-    clangOmpss2NodesOmpv = callPackage ./pkgs/llvm-ompss2/default.nix { ompss2rt = final.nodes; openmp = final.openmpv; };
+    clangOmpss2Nanos6 = callPackage ./pkgs/llvm-ompss2/default.nix { useNanos6 = true; };
+    clangOmpss2Nodes = callPackage ./pkgs/llvm-ompss2/default.nix { useNodes = true; useOpenmp = true; };
+    clangOmpss2NodesOmpv = callPackage ./pkgs/llvm-ompss2/default.nix { useNodes = true; useOpenmpV = true; };
    clangOmpss2Unwrapped = callPackage ./pkgs/llvm-ompss2/clang.nix { };
    cudainfo = prev.callPackage ./pkgs/cudainfo/default.nix { };
    #extrae = callPackage ./pkgs/extrae/default.nix { }; # Broken and outdated
@@ -54,10 +54,10 @@ let
    #psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned
    slurm = import ./pkgs/slurm/default.nix { slurm = prev.slurm; };
    sonar = callPackage ./pkgs/sonar/default.nix { };
-    stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; };
-    stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; };
-    stdenvClangOmpss2Nodes = final.stdenv.override { cc = final.clangOmpss2Nodes; allowedRequisites = null; };
-    stdenvClangOmpss2NodesOmpv = final.stdenv.override { cc = final.clangOmpss2NodesOmpv; allowedRequisites = null; };
+    stdenvClangOmpss2 = final.stdenv.override { cc = final.buildPackages.clangOmpss2; allowedRequisites = null; };
+    stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.buildPackages.clangOmpss2Nanos6; allowedRequisites = null; };
+    stdenvClangOmpss2Nodes = final.stdenv.override { cc = final.buildPackages.clangOmpss2Nodes; allowedRequisites = null; };
+    stdenvClangOmpss2NodesOmpv = final.stdenv.override { cc = final.buildPackages.clangOmpss2NodesOmpv; allowedRequisites = null; };
    tagaspi = callPackage ./pkgs/tagaspi/default.nix { };
    tampi = callPackage ./pkgs/tampi/default.nix { };
    upc-qaire-exporter = prev.callPackage ./pkgs/upc-qaire-exporter/default.nix { };
--- a/pkgs/llvm-ompss2/clang.nix
+++ b/pkgs/llvm-ompss2/clang.nix
@@ -1,9 +1,9 @@
 {
-  llvmPackages_latest
+  stdenv
+, llvmPackages_latest
 , lib
 , fetchFromGitHub
 , cmake
-, bash
 , python3
 , perl
 , which
@@ -11,7 +11,6 @@
 , libffi
 , zlib
 , pkg-config
-, gcc # needed to set the rpath of libstdc++ for clang-tblgen
 , enableDebug ? false
 , useGit ? false
 , gitUrl ? "ssh://git@bscpm04.bsc.es/llvm-ompss/llvm-mono.git"
@@ -20,7 +19,10 @@
 }:

 let
-  stdenv = llvmPackages_latest.stdenv;
+  llvmPackages = llvmPackages_latest;
+  llvmStdenv = llvmPackages.stdenv;
+  # needed to set the rpath of libstdc++ for clang-tblgen
+  gcc = stdenv.cc;

  release = rec {
    version = "2025.11";
@@ -43,7 +45,7 @@ let

  source = if (useGit) then git else release;

-in stdenv.mkDerivation {
+in llvmStdenv.mkDerivation {
  pname = "clang-ompss2";
  inherit (source) src version;

@@ -60,13 +62,12 @@ in stdenv.mkDerivation {
  };

  nativeBuildInputs = [
-    bash
    cmake
    elfutils
-    llvmPackages_latest.lld
+    llvmPackages.lld
+    perl
    pkg-config
    python3
-    perl
    which
    zlib
  ];
@@ -97,8 +98,13 @@ in stdenv.mkDerivation {
    cd build
    cmakeDir="../llvm"
    cmakeFlagsArray=(
-      "-DLLVM_HOST_TRIPLE=${stdenv.targetPlatform.config}"
+      "-DLLVM_HOST_TRIPLE=${llvmStdenv.targetPlatform.config}"
+    '' + (if "${llvmStdenv.targetPlatform.config}" == "riscv64-unknown-linux-gnu" then ''
+      "-DLLVM_DEFAULT_TARGET_TRIPLE=riscv64-unknown-linux-gnu"
+      "-DLLVM_TARGETS_TO_BUILD=RISCV"
+    '' else ''
      "-DLLVM_TARGETS_TO_BUILD=host"
+    '') + ''
      "-DLLVM_BUILD_LLVM_DYLIB=ON"
      "-DLLVM_LINK_LLVM_DYLIB=ON"
      # Required to run clang-ast-dump and clang-tblgen during build
@@ -107,7 +113,8 @@ in stdenv.mkDerivation {
      "-DCMAKE_CXX_FLAGS_DEBUG=-g -ggnu-pubnames"
      "-DCMAKE_EXE_LINKER_FLAGS_DEBUG=-Wl,--gdb-index"
      "-DLLVM_LIT_ARGS=-sv --xunit-xml-output=xunit.xml"
-      "-DLLVM_ENABLE_PROJECTS=clang;compiler-rt;lld"
+      "-DLLVM_ENABLE_PROJECTS=clang;lld"
+      #"-DLLVM_ENABLE_PROJECTS=clang;compiler-rt;lld"
      "-DLLVM_ENABLE_ASSERTIONS=ON"
      "-DLLVM_INSTALL_TOOLCHAIN_ONLY=ON"
      "-DCMAKE_INSTALL_BINDIR=bin"
@@ -117,8 +124,8 @@ in stdenv.mkDerivation {
      # install
      "-DCMAKE_INSTALL_RPATH_USE_LINK_PATH=ON"
      "-DCMAKE_INSTALL_RPATH=${zlib}/lib:${gcc.cc.lib}/lib"
-      "-DLLVM_APPEND_VC_REV=ON"
-      "-DLLVM_FORCE_VC_REVISION=${source.version}"
+      #"-DLLVM_APPEND_VC_REV=ON"
+      #"-DLLVM_FORCE_VC_REVISION=${source.version}"
    )
  '';

--- a/pkgs/llvm-ompss2/default.nix
+++ b/pkgs/llvm-ompss2/default.nix
@@ -3,25 +3,43 @@
 , lib
 , gcc
 , clangOmpss2Unwrapped
-, openmp ? null
+
+, openmp
+, useOpenmp  ? false
+, openmpv
+, useOpenmpV ? false
+, nanos6
+, useNanos6 ? false
+, nodes
+, useNodes ? false
+
 , wrapCCWith
 , llvmPackages_latest
-, ompss2rt ? null
 }:

 with lib;

 let
-  usingNodesAndOmpv = (openmp.pname == "openmp-v" && ompss2rt.pname == "nodes");
-  sameNosv = openmp.nosv == ompss2rt.nosv;
+  getSplice = target: pkg: if pkg ? "__spliced" && pkg.__spliced ? target then pkg.__spliced."${target}" else pkg;
+  #getSpliceTargetTarget = pkg: if pkg ? "__spliced" && pkg.__spliced ? "targetTarget" then pkg.__spliced.targetTarget else pkg;
+  getSpliceTargetTarget = getSplice "targetTarget";
+  omp = if useOpenmp then openmp else if useOpenmpV then openmpv else null;
+  ompss2rtUnspliced = if useNanos6 then nanos6 else if useNodes then nodes else null;
+  ompss2rt = getSpliceTargetTarget ompss2rtUnspliced;
+  usingNodesAndOmpv = (omp.pname == "openmp-v" && ompss2rt.pname == "nodes");
+  sameNosvUnspliced = omp.nosv == ompss2rtUnspliced.nosv;
+  sameNosvSpliced = (getSpliceTargetTarget omp.nosv) == ompss2rt.nosv;
 in

-assert assertMsg (usingNodesAndOmpv -> sameNosv) "OpenMP-V and NODES must share the same nOS-V";
+assert assertMsg (usingNodesAndOmpv -> sameNosvUnspliced) "OpenMP-V and NODES must share the same nOS-V before splice";
+assert assertMsg (usingNodesAndOmpv -> sameNosvSpliced) "OpenMP-V and NODES must share the same nOS-V after splice";
+assert assertMsg (useOpenmp -> !useOpenmpV) "Either OpenMP or OpenMP-V may be enabled, but not both";
+assert assertMsg (useNanos6 -> !useNodes) "Either Nanos6 or NODES may be enabled, but not both";

 let
  homevar = if ompss2rt.pname == "nanos6" then "NANOS6_HOME" else "NODES_HOME";
  rtname  = if ompss2rt.pname == "nanos6" then "libnanos6" else "libnodes";
-  ompname = if openmp.pname == "openmp-v" then  "libompv" else "libomp";
+  ompname = if omp.pname == "openmp-v" then  "libompv" else "libomp";


  # We need to replace the lld linker from bintools with our linker just built,
@@ -37,12 +55,13 @@ let
  inherit gcc;
  cc = clangOmpss2Unwrapped;
  gccVersion = with versions; let v = gcc.version; in concatStringsSep "." [(major v) (minor v) (patch v)];
-in wrapCCWith {
+in (wrapCCWith {
  inherit cc bintools;
  # extraPackages adds packages to depsTargetTargetPropagated
-  extraPackages = optional (openmp != null) openmp;
+  extraPackages = optional (omp != null) omp;
  extraBuildCommands = ''
    echo "-target ${targetConfig}" >> $out/nix-support/cc-cflags
+    #echo "-fuse-ld=lld" >> $out/nix-support/cc-cflags
    echo "-B${gcc.cc}/lib/gcc/${targetConfig}/${gccVersion}" >> $out/nix-support/cc-cflags
    echo "-L${gcc.cc}/lib/gcc/${targetConfig}/${gccVersion}" >> $out/nix-support/cc-ldflags
    echo "-L${gcc.cc.lib}/lib" >> $out/nix-support/cc-ldflags
@@ -56,15 +75,17 @@ in wrapCCWith {

    echo "--gcc-toolchain=${gcc}" >> $out/nix-support/cc-cflags

-    wrap clang++  $wrapper $ccPath/clang++
+    wrap ${targetConfig}clang++  $wrapper $ccPath/clang++
+    wrap ${targetConfig}clang    $wrapper $ccPath/clang

-  '' + optionalString (openmp != null) ''
+  '' + optionalString (omp != null) ''
    echo "export OPENMP_RUNTIME=${ompname}" >> $out/nix-support/cc-wrapper-hook
  '' + optionalString (ompss2rt != null) ''
    echo "export OMPSS2_RUNTIME=${rtname}" >> $out/nix-support/cc-wrapper-hook
    echo "export ${homevar}=${ompss2rt}"   >> $out/nix-support/cc-wrapper-hook
  '' + optionalString (ompss2rt != null && ompss2rt.pname == "nodes") ''
-    echo "export NOSV_HOME=${ompss2rt.nosv}" >> $out/nix-support/cc-wrapper-hook
+    echo "export NOSV_HOME=${ompss2rt}" >> $out/nix-support/cc-wrapper-hook
  '';
-}
+}) // { inherit ompss2rt; }
+

--- a/pkgs/llvm-ompss2/openmp.nix
+++ b/pkgs/llvm-ompss2/openmp.nix
@@ -39,6 +39,9 @@ stdenv.mkDerivation rec {
    perl
    pkg-config
    python3
+  ];
+
+  buildInputs = [
  ] ++ lib.optionals enableNosv [
    nosv
  ] ++ lib.optionals enableOvni [
Author	SHA1	Message	Date
Aleix Roca Nonell	3a75fc3c5a	targetTarget might be missing when native build	2026-01-12 11:21:34 +01:00
Aleix Roca Nonell	1cbedcb2ad	tmp	2026-01-12 11:21:34 +01:00
Aleix Roca Nonell	c9cc7bd060	Use explicit splicing in clang wrapper	2026-01-12 11:21:34 +01:00
Aleix Roca Nonell	9ac0e697d1	Do not force derviation inputs, use booleans instead	2026-01-12 11:21:34 +01:00
Aleix Roca Nonell	4f643f4603	TEMPORAL CLANG LINKER FIX FOR CROSS	2026-01-12 11:20:24 +01:00
Aleix Roca Nonell	996c99d5eb	Fix clang cross-build	2026-01-12 11:20:24 +01:00
Aleix Roca Nonell	f9c6f7d751	Fix clang cross-build	2026-01-12 11:19:35 +01:00
Aleix Roca Nonell	00a1133019	Split OpenMP dependencies into build and run	2026-01-12 11:13:35 +01:00
Vincent A. Arcila	859eebda98	Change varcila shell to zsh Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>	2026-01-07 13:22:17 +01:00
Rodrigo Arias Mallo	c2a201b085	Increase fail2ban ban time on each attempt Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:34 +01:00
Rodrigo Arias Mallo	f921f0a4bd	Disable password login via SSH in apex Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:30 +01:00
Rodrigo Arias Mallo	aa16bfc0bc	Enable fail2ban in apex login node We are seeing a lot of failed attempts from the same IPs: apex% sudo journalctl -u sshd -b0 \| grep 'Failed password' \| wc -l 2441 Reviewed-by: Aleix Boné <abonerib@bsc.es>	2026-01-07 13:14:22 +01:00