Use fetchurl for amd-uprof

It will not work without the host /lib64/ld

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1764522689,
+        "lastModified": 1767634882,
-        "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=",
+        "narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f",
+        "rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c",
         "type": "github"
       },
       "original": {

m/apex/configuration.nix

@@ -57,6 +57,18 @@
     };
   };
 
+  services.fail2ban = {
+    enable = true;
+    maxretry = 5;
+    bantime-increment = {
+      enable = true; # Double ban time on each attack
+      maxtime = "7d"; # Ban up to a week
+    };
+  };
+
+  # Disable SSH login with password, allow only keypair
+  services.openssh.settings.PasswordAuthentication = false;
+
   networking.firewall = {
     extraCommands = ''
       # Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our

m/bay/configuration.nix

@@ -24,7 +24,7 @@
       address = "10.0.40.40";
       prefixLength = 24;
     } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
       address = "10.0.42.40";
       prefixLength = 24;
     } ];

m/common/base/env.nix

@@ -2,11 +2,36 @@
 
 {
   environment.systemPackages = with pkgs; [
-    vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
+    cmake
-    nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
+    ethtool
-    ncdu perf ldns pv
+    file
+    freeipmi
+    git
+    gnumake
+    home-manager
+    htop
+    ipmitool
+    ldns
+    lm_sensors
+    ncdu
+    nix-diff
+    nix-index
+    nix-output-monitor
+    nixfmt-tree
+    nixos-option
+    pciutils
+    perf
+    pv
+    ripgrep
+    tcpdump
+    tmux
+    tree
+    vim
+    wget
+
     # From jungle overlay
-    osumb nixgen
+    nixgen
+    osumb
   ];
 
   programs.direnv.enable = true;

m/common/base/users.nix

@@ -139,6 +139,7 @@
         openssh.authorizedKeys.keys = [
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
         ];
+        shell = pkgs.zsh;
       };
 
       pmartin1 = {
@@ -193,6 +194,32 @@
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlRX7ZCnqtUJYCxKgWmgSrFCYuA2LHY96rVwqxXPl86 aaguirre@BSC-8488184117"
         ];
       };
+
+      emonteir = {
+        uid = 9656;
+        isNormalUser = true;
+        home = "/home/Computational/emonteir";
+        description = "Erwin Royson Monteiro";
+        group = "Computational";
+        hosts = [ "apex" "fox" ];
+        hashedPassword = "$6$0mU88zd3ZuK5NiJQ$DFWL5RMLH6esQM5UyhBCiiNryw4lDDmvJp7Usz3tmevnsiSJr6u0RsUKAnR/K8GRBFrV1.GocrgNjKjik5GY//";
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKZKot/Y3F5Wq9pQIXlCbyvQuVVeWMCsAC96Nd+LTcG erwin@Oreo"
+        ];
+      };
+
+      ssanzmar = {
+        uid = 9657;
+        isNormalUser = true;
+        home = "/home/Computational/ssanzmar";
+        description = "Sergio Sanz Martínez";
+        group = "Computational";
+        hosts = [ "apex" "fox" ];
+        hashedPassword = "$6$HUjNDJeJMmNQ6M64$laXSOZcXg6o4v2r8Jm8Xj9kmqw7veCY32po3TVDPRR4WlyxvOeqwoKr4NjlUlPPpKN55Oot3ZYHi.9iNXsH5E1";
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIELrsRRHXryrdA2ZBx5XmdGxL4DC5bmJydhBeTWQ0SQ sergio.sanz.martinez@estudiantat.upc.edu"
+        ];
+      };
     };
 
     groups = {

m/eudy/kernel/perf.nix

@@ -1,11 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ pkgs, lib, ... }:
 
 {
-  # add the perf tool
-  environment.systemPackages = with pkgs; [
-    config.boot.kernelPackages.perf
-  ];
-
   # allow non-root users to read tracing data from the kernel
   boot.kernel.sysctl."kernel.perf_event_paranoid" = -2;
   boot.kernel.sysctl."kernel.kptr_restrict" = 0;

m/hut/configuration.nix

@@ -45,7 +45,7 @@
       address = "10.0.40.7";
       prefixLength = 24;
     } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
       address = "10.0.42.7";
       prefixLength = 24;
     } ];

m/hut/nginx.nix

@@ -4,8 +4,8 @@ let
     name = "jungle-web";
     src = pkgs.fetchgit {
       url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
-      rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
+      rev = "5f18335d14126d2fef134c0cd441771436f7dfa1";
-      hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
+      hash = "sha256-s9VBF91sQ7hg9+lrwNFPYgoXTTyXaQcAulCiGJgWERo=";
     };
     buildInputs = [ pkgs.hugo ];
     buildPhase = ''

m/lake2/configuration.nix

@@ -46,7 +46,7 @@
       address = "10.0.40.42";
       prefixLength = 24;
     } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
       address = "10.0.42.42";
       prefixLength = 24;
     } ];

m/module/tc1-board.nix

@@ -0,0 +1,27 @@
+{ lib, pkgs, ... }:
+
+{
+  # Allow user access to FTDI USB device
+  services.udev.packages = lib.singleton (pkgs.writeTextFile {
+    # Needs to be < 73
+    name = "60-ftdi-tc1.rules";
+    text = ''
+      # Bus 003 Device 003: ID 0403:6011 Future Technology Devices International, Ltd FT4232H Quad HS USB-UART/FIFO IC
+      # Use := to make sure it doesn't get changed later
+      SUBSYSTEMS=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", MODE:="0666"
+    '';
+    destination = "/etc/udev/rules.d/60-ftdi-tc1.rules";
+  });
+
+  # Allow access to USB for docker in GitLab runner
+  services.gitlab-runner = {
+    services.gitlab-bsc-docker = {
+      registrationFlags = [
+        # We need raw access to the USB port to reboot the board
+        "--docker-devices /dev/bus/usb/003/003"
+        # And TTY access for the serial port
+        "--docker-devices /dev/ttyUSB2"
+      ];
+    };
+  };
+}

m/owl1/configuration.nix

@@ -20,7 +20,7 @@
       address = "10.0.40.1";
       prefixLength = 24;
     } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
       address = "10.0.42.1";
       prefixLength = 24;
     } ];

m/owl2/configuration.nix

@@ -21,7 +21,7 @@
       prefixLength = 24;
     } ];
     # Watch out! The OmniPath device is not in the same place here:
-    interfaces.ibp129s0.ipv4.addresses = [ {
+    interfaces.ibs801.ipv4.addresses = [ {
       address = "10.0.42.2";
       prefixLength = 24;
     } ];

m/tent/configuration.nix

@@ -16,6 +16,7 @@
     ../module/p.nix
     ../module/vpn-dac.nix
     ../module/hut-substituter.nix
+    ../module/tc1-board.nix
   ];
 
   # Select the this using the ID to avoid mismatches

m/tent/gitea.nix

@@ -27,4 +27,7 @@
       };
     };
   };
+
+  # Allow gitea user to send mail
+  users.users.gitea.extraGroups = [ "mail-robot" ];
 }

m/tent/gitlab-runner.nix

@@ -43,6 +43,7 @@
         registrationFlags = [
           # Increase build log length to 64 MiB
           "--output-limit 65536"
+          "--docker-network-mode host"
         ];
         preBuildScript = pkgs.writeScript "setup-container" ''
           mkdir -p -m 0755 /nix/var/log/nix/drvs

m/tent/nginx.nix

@@ -4,8 +4,8 @@ let
     name = "jungle-web";
     src = pkgs.fetchgit {
       url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
-      rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
+      rev = "5f18335d14126d2fef134c0cd441771436f7dfa1";
-      hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
+      hash = "sha256-s9VBF91sQ7hg9+lrwNFPYgoXTTyXaQcAulCiGJgWERo=";
     };
     buildInputs = [ pkgs.hugo ];
     buildPhase = ''

m/weasel/configuration.nix

@@ -25,7 +25,7 @@
       address = "10.0.40.6";
       prefixLength = 24;
     } ];
-    interfaces.ibp5s0.ipv4.addresses = [ {
+    interfaces.ibs785.ipv4.addresses = [ {
       address = "10.0.42.6";
       prefixLength = 24;
     } ];

overlay.nix

@@ -39,9 +39,16 @@ let
     nanos6Debug = final.nanos6.override { enableDebug = true; };
     nixtools = callPackage ./pkgs/nixtools/default.nix { };
     nixgen = callPackage ./pkgs/nixgen/default.nix { };
-    # Broken because of pkgsStatic.libcap
+    nix-portable = callPackage ./pkgs/nix-portable/default.nix {
-    # See: https://github.com/NixOS/nixpkgs/pull/268791
+      busybox = final.pkgsStatic.busybox;
-    #nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { };
+      bwrap = final.pkgsStatic.bubblewrap;
+      gnutar = final.pkgsStatic.gnutar;
+      perl = final.pkgsBuildBuild.perl;
+      xz = final.pkgsStatic.xz;
+      zstd = final.pkgsStatic.zstd;
+      bashInteractive = final.pkgsStatic.bashInteractive;
+    };
+    nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { };
     nodes = callPackage ./pkgs/nodes/default.nix { };
     nosv = callPackage ./pkgs/nosv/default.nix { };
     openmp = callPackage ./pkgs/llvm-ompss2/openmp.nix { monorepoSrc = final.clangOmpss2Unwrapped.src; version = final.clangOmpss2Unwrapped.version; };
@@ -50,8 +57,6 @@ let
     ovni = callPackage ./pkgs/ovni/default.nix { };
     ovniGit = final.ovni.override { useGit = true; };
     paraverKernel = callPackage ./pkgs/paraver/kernel.nix { };
-    pocl = callPackage ./pkgs/pocl/default.nix { };
-    pocl-noicd = callPackage ./pkgs/pocl/default.nix { enableICD = false; };
     prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { };
     #pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned
     #psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned
@@ -64,16 +69,7 @@ let
     tagaspi = callPackage ./pkgs/tagaspi/default.nix { };
     tampi = callPackage ./pkgs/tampi/default.nix { };
     upc-qaire-exporter = prev.callPackage ./pkgs/upc-qaire-exporter/default.nix { };
-    taopencl = callPackage ./pkgs/taopencl/default.nix { };
     wxparaver = callPackage ./pkgs/paraver/default.nix { };
-
-    gromacs = callPackage ./pkgs/gromacs/default.nix { enableSYCL = true; };
-
-    _cuda = prev._cuda.extend (_: _prev: final.lib.recursiveUpdate _prev {
-      extensions = _prev.extensions ++ [(finalAttrs: _: {
-        tacuda = finalAttrs.callPackage ./pkgs/tacuda/default.nix { };
-      })];
-    });
   };
 
   tests = rec {
@@ -107,13 +103,6 @@ let
     clangNosvOmpv-ld = callPackage ./test/compilers/clang-openmp-ld.nix {
       stdenv = final.stdenvClangOmpss2NodesOmpv;
     };
-
-    ocl-build = callPackage ./test/compilers/opencl.nix { };
-    ocl-build-noicd = callPackage ./test/compilers/opencl.nix { ocl-icd = final.pocl-noicd; };
-
-    pocl = callPackage ./test/compilers/pocl.nix { };
-    ocl-run-pocl = ocl-build.test-icd;
-    ocl-run-pocl-noicd = ocl-build-noicd.test-noicd;
   };
 
   # For now, only build toplevel packages in CI/Hydra

pkgs/amd-uprof/default.nix

@@ -1,8 +1,6 @@
 { stdenv
 , lib
-, curl
+, fetchurl
-, cacert
-, runCommandLocal
 , autoPatchelfHook
 , elfutils
 , glib
@@ -26,26 +24,26 @@ let
   tarball = "AMDuProf_Linux_x64_${version}.tar.bz2";
 
   # NOTE: Remember to update the radare2 patch below if AMDuProfPcm changes.
-  uprofSrc = runCommandLocal tarball {
+  src = fetchurl {
-    nativeBuildInputs = [ curl ];
+    url = "https://download.amd.com/developer/eula/uprof/uprof-5-1/${tarball}";
-    outputHash = "sha256-j9gxcBcIg6Zhc5FglUXf/VV9bKSo+PAKeootbN7ggYk=";
+    sha256 = "sha256-jAmsw/xmctJ2r7BKyuA+9exLgZbu3cvrYtyRUUTt8sM=";
-    SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt";
+    curlOptsList = [
-  } ''
+      "-H" "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:139.0) Gecko/20100101 Firefox/139.0"
-    curl \
+      "-H" "'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'"
-    -o $out \
+      "-H" "Accept-Language: en-US,en;q=0.5"
-    'https://download.amd.com/developer/eula/uprof/uprof-5-1/${tarball}' \
+      "-H" "Accept-Encoding: gzip, deflate, br, zstd"
-    -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:139.0) Gecko/20100101 Firefox/139.0' \
+      "-H" "Referer: https://www.amd.com/"
-    -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
+    ];
-    -H 'Accept-Language: en-US,en;q=0.5' \
+    downloadToTemp = true;
-    -H 'Accept-Encoding: gzip, deflate, br, zstd' \
+    postFetch = ''
-    -H 'Referer: https://www.amd.com/' 2>&1 | tr '\r' '\n'
+      cat "$downloadedFile" | tr '\r' '\n' > "$out"
-  '';
+    '';
+  };
 
 in
   stdenv.mkDerivation {
     pname = "AMD-uProf";
-    inherit version;
+    inherit src version;
-    src = uprofSrc;
     dontStrip = true;
     phases = [ "installPhase" "fixupPhase" ];
     nativeBuildInputs = [ autoPatchelfHook radare2 ];

pkgs/gromacs/default.nix

@@ -1,190 +0,0 @@
-{
-  lib,
-  stdenv,
-  fetchurl,
-  cmake,
-  hwloc,
-  fftw,
-  perl,
-  blas,
-  lapack,
-  llvmPackages,
-  intelPackages ? null,
-  mpi,
-  cudaPackages,
-  plumed,
-  singlePrec ? true,
-  config,
-  enableSYCL ? false,
-  enableCuda ? config.cudaSupport,
-  enableMpi ? false,
-  enablePlumed ? false,
-  cpuAcceleration ? null,
-}:
-
-# CUDA is only implemented for single precission
-assert enableCuda -> singlePrec;
-
-assert !(enableSYCL && enableCuda);
-
-assert enableSYCL -> intelPackages != null;
-
-let
-  inherit (cudaPackages.flags) cmakeCudaArchitecturesString;
-
-  # Select reasonable defaults for all major platforms
-  # The possible values are defined in CMakeLists.txt:
-  # AUTO None SSE2 SSE4.1 AVX_128_FMA AVX_256 AVX2_256
-  # AVX2_128 AVX_512 AVX_512_KNL MIC ARM_NEON ARM_NEON_ASIMD
-  SIMD =
-    x:
-    if (cpuAcceleration != null) then
-      x
-    else if stdenv.hostPlatform.system == "i686-linux" then
-      "SSE2"
-    else if stdenv.hostPlatform.system == "x86_64-linux" then
-      "SSE4.1"
-    else if stdenv.hostPlatform.system == "x86_64-darwin" then
-      "SSE4.1"
-    else if stdenv.hostPlatform.system == "aarch64-linux" then
-      "ARM_NEON_ASIMD"
-    else
-      "None";
-
-  source =
-    if enablePlumed then
-      {
-        version = "2024.2";
-        hash = "sha256-gCp+M18uiVdw9XsVnk7DaOuw/yzm2sz3BsboAlw2hSs=";
-      }
-    else
-      {
-        version = "2025.3";
-        hash = "sha256-i9/KAmjz8Qp8o8BuWbYvc+oCQgxnIRwP85EvMteDPGU=";
-      };
-
-  stdenv' = if enableSYCL then intelPackages.stdenv else stdenv;
-
-in
-stdenv'.mkDerivation rec {
-  pname = "gromacs";
-  version = source.version;
-
-  src = fetchurl {
-    url = "ftp://ftp.gromacs.org/pub/gromacs/gromacs-${version}.tar.gz";
-    inherit (source) hash;
-  };
-
-  patches = [ (if enablePlumed then ./pkgconfig-2024.patch else ./pkgconfig-2025.patch) ];
-
-  postPatch = lib.optionalString enablePlumed ''
-    plumed patch -p -e gromacs-${source.version}
-  '';
-
-  outputs = [
-    "out"
-    "dev"
-    "man"
-  ];
-
-  nativeBuildInputs = [
-    cmake
-  ]
-  ++ lib.optional enablePlumed plumed
-  ++ lib.optionals enableCuda [ cudaPackages.cuda_nvcc ];
-
-  env.MKLROOT = intelPackages.mkl;
-
-  buildInputs = [
-    fftw
-    perl
-    hwloc
-    blas
-    lapack
-  ]
-  ++ lib.optional enableMpi mpi
-  ++ lib.optionals enableCuda [
-    cudaPackages.cuda_cccl
-    cudaPackages.cuda_cudart
-    cudaPackages.libcufft
-    cudaPackages.cuda_profiler_api
-  ]
-  ++ lib.optional stdenv.hostPlatform.isDarwin llvmPackages.openmp;
-
-  propagatedBuildInputs = lib.optional enableMpi mpi;
-  propagatedUserEnvPkgs = lib.optional enableMpi mpi;
-
-  cmakeFlags = [
-    (lib.cmakeBool "GMX_HWLOC" true)
-    "-DGMX_SIMD:STRING=${SIMD cpuAcceleration}"
-    "-DGMX_OPENMP:BOOL=TRUE"
-    "-DBUILD_SHARED_LIBS=ON"
-  ]
-  ++ (
-    if singlePrec then
-      [
-        "-DGMX_DOUBLE=OFF"
-      ]
-    else
-      [
-        "-DGMX_DOUBLE=ON"
-        "-DGMX_DEFAULT_SUFFIX=OFF"
-      ]
-  )
-  ++ (
-    if enableMpi then
-      [
-        "-DGMX_MPI:BOOL=TRUE"
-        "-DGMX_THREAD_MPI:BOOL=FALSE"
-      ]
-    else
-      [
-        "-DGMX_MPI:BOOL=FALSE"
-      ]
-  )
-  ++ (lib.optionals enableSYCL [
-    "-DGMX_GPU=SYCL"
-    "-DGMX_OPENMP=OFF" # TODO: enable OpenMP with SYCL?
-  ])
-  ++ lib.optionals enableCuda [
-    "-DGMX_GPU=CUDA"
-    (lib.cmakeFeature "CMAKE_CUDA_ARCHITECTURES" cmakeCudaArchitecturesString)
-
-    # Gromacs seems to ignore and override the normal variables, so we add this ad hoc:
-    (lib.cmakeFeature "GMX_CUDA_TARGET_COMPUTE" cmakeCudaArchitecturesString)
-  ];
-
-  postInstall = ''
-    moveToOutput share/cmake $dev
-  '';
-
-  meta = with lib; {
-    homepage = "https://www.gromacs.org";
-    license = licenses.lgpl21Plus;
-    description = "Molecular dynamics software package";
-    longDescription = ''
-      GROMACS is a versatile package to perform molecular dynamics,
-      i.e. simulate the Newtonian equations of motion for systems
-      with hundreds to millions of particles.
-
-      It is primarily designed for biochemical molecules like
-      proteins, lipids and nucleic acids that have a lot of
-      complicated bonded interactions, but since GROMACS is
-      extremely fast at calculating the nonbonded interactions (that
-      usually dominate simulations) many groups are also using it
-      for research on non-biological systems, e.g. polymers.
-
-      GROMACS supports all the usual algorithms you expect from a
-      modern molecular dynamics implementation, (check the online
-      reference or manual for details), but there are also quite a
-      few features that make it stand out from the competition.
-
-      See: https://www.gromacs.org/about.html for details.
-    '';
-    platforms = platforms.unix;
-    maintainers = with maintainers; [
-      sheepforce
-      markuskowa
-    ];
-  };
-}

pkgs/gromacs/pkgconfig-2024.patch

@@ -1,24 +0,0 @@
-diff --git a/src/external/muparser/muparser.pc.in b/src/external/muparser/muparser.pc.in
-index 646787cb53..9b97ad57f7 100644
---- a/src/external/muparser/muparser.pc.in
-+++ b/src/external/muparser/muparser.pc.in
-@@ -1,7 +1,5 @@
--prefix=@CMAKE_INSTALL_PREFIX@
--exec_prefix=${prefix}
--libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
--includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
-+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
-+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
- 
- Name: @PACKAGE_NAME@
- Description: Mathematical expressions parser library
-diff --git a/src/gromacs/libgromacs.pc.cmakein b/src/gromacs/libgromacs.pc.cmakein
-index ec1ed6684e..ca1105474a 100644
---- a/src/gromacs/libgromacs.pc.cmakein
-+++ b/src/gromacs/libgromacs.pc.cmakein
-@@ -1,4 +1,4 @@
--libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@
-+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
- 
- Name: libgromacs@GMX_LIBS_SUFFIX@
- Description: Gromacs library

pkgs/gromacs/pkgconfig-2025.patch

@@ -1,36 +0,0 @@
-diff --git a/src/external/muparser/muparser.pc.in b/src/external/muparser/muparser.pc.in
-index 646787cb53..d26e84de8f 100644
---- a/src/external/muparser/muparser.pc.in
-+++ b/src/external/muparser/muparser.pc.in
-@@ -1,11 +1,9 @@
--prefix=@CMAKE_INSTALL_PREFIX@
--exec_prefix=${prefix}
--libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
--includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
--
--Name: @PACKAGE_NAME@
--Description: Mathematical expressions parser library
--Version: @MUPARSER_VERSION@
--Requires:
--Libs: -L${libdir} -lmuparser
--Cflags: -I${includedir} @PKG_CONFIG_FLAGS@
-+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
-+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
-+
-+Name: @PACKAGE_NAME@
-+Description: Mathematical expressions parser library
-+Version: @MUPARSER_VERSION@
-+Requires:
-+Libs: -L${libdir} -lmuparser
-+Cflags: -I${includedir} @PKG_CONFIG_FLAGS@
-diff --git a/src/gromacs/libgromacs.pc.cmakein b/src/gromacs/libgromacs.pc.cmakein
-index af9b5a6dc0..5f58d549bf 100644
---- a/src/gromacs/libgromacs.pc.cmakein
-+++ b/src/gromacs/libgromacs.pc.cmakein
-@@ -1,5 +1,4 @@
--prefix=@CMAKE_INSTALL_PREFIX@
--libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
-+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
-
- Name: libgromacs@GMX_LIBS_SUFFIX@
- Description: Gromacs library

pkgs/nanos6/jemalloc.nix

@@ -5,6 +5,7 @@ jemalloc.overrideAttrs (old: {
     "--with-jemalloc-prefix=nanos6_je_"
     "--enable-stats"
   ];
+  enableParallelBuilding = true;
   hardeningDisable = [ "all" ];
   meta = old.meta // {
     description = old.meta.description + " (for Nanos6)";

pkgs/nix-portable/default.nix

@@ -0,0 +1,671 @@
+with builtins;
+{
+  bwrap,
+  nix,
+  proot,
+  unzip,
+  zip,
+  unixtools,
+  stdenv,
+  buildPackages,
+  upx,
+
+  bootstrapPrograms ? [
+    "gitMinimal"
+    "netcat-openbsd"
+    "openssh"
+    "bashInteractive"
+  ],
+
+  busybox,
+  cacert ? pkgs.cacert,
+  compression ? "zstd -19 -T0",
+  gnutar ? pkgs.pkgsStatic.gnutar,
+  lib ? pkgs.lib,
+  perl ? pkgs.perl,
+  pkgs ? import <nixpkgs> {},
+  xz ? pkgs.pkgsStatic.xz,
+  zstd ? pkgs.pkgsStatic.zstd,
+  nixStatic,
+  # hardcode executable to run. Useful when creating a bundle.
+  bundledPackage ? null,
+  ...
+}@inp:
+with lib;
+let
+
+  pname =
+    if bundledPackage == null
+    then "nix-portable"
+    else lib.getName bundledPackage;
+
+  bundledExe = lib.getExe bundledPackage;
+
+  nixpkgsSrc = pkgs.path;
+
+  maketar = targets:
+    let
+      closureInfo = buildPackages.closureInfo { rootPaths = targets; };
+    in
+    stdenv.mkDerivation {
+      name = "nix-portable-store-tarball";
+      nativeBuildInputs = [ perl zstd ];
+      exportReferencesGraph = map (x: [("closure-" + baseNameOf x) x]) targets;
+      buildCommand = ''
+        storePaths=$(cat ${closureInfo}/store-paths)
+        mkdir $out
+        echo $storePaths > $out/index
+        cp -r ${closureInfo} $out/closureInfo
+
+        tar -cf - \
+          --owner=0 --group=0 --mode=u+rw,uga+r \
+          --hard-dereference \
+          $storePaths | ${compression} > $out/tar
+      '';
+    };
+
+  packStaticBin = binPath: let
+      binName = (last (splitString "/" binPath)); in
+    pkgs.runCommand
+    binName
+    { nativeBuildInputs = [ upx ]; }
+    ''
+      mkdir -p $out/bin
+      theBinPath=${binPath}
+
+      if [[ -L "$theBinPath" ]]; then
+        theBinPath=$(readlink -f "$theBinPath")
+      fi
+
+      upx -9 -o $out/bin/${binName} $theBinPath
+    '';
+
+  installBin = pkg: bin: ''
+    unzip -qqoj "\$self" ${ lib.removePrefix "/" "${pkg}/bin/${bin}"} -d \$dir/bin
+    chmod +wx \$dir/bin/${bin};
+  '';
+
+  installDynamic = pkgname: let
+    out = pkgs.${pkgname}.out;
+  in ''
+    if [ ! -e \$store${lib.removePrefix "/nix/store" pkgs.${pkgname}.out} ] ; then
+      debug "Installing ${pkgname}"
+      \$run \$store${lib.removePrefix "/nix/store" nix}/bin/nix build --impure --no-link --expr "
+        (import ${nixpkgsSrc} {}).${pkgname}.out
+      "
+    else
+      debug "${pkgname} already installed"
+    fi
+
+    export PATH="${out}/bin:\$PATH"
+  '';
+
+  caBundleZstd = pkgs.runCommand "cacerts" {} "cat ${cacert}/etc/ssl/certs/ca-bundle.crt | ${inp.zstd}/bin/zstd -19 > $out";
+
+  bwrap = packStaticBin "${inp.bwrap}/bin/bwrap";
+  nixStatic = packStaticBin "${inp.nixStatic}/bin/nix";
+  proot = packStaticBin "${inp.proot}/bin/proot";
+  zstd = packStaticBin "${inp.zstd}/bin/zstd";
+
+  # the default nix store contents to extract when first used
+  storeTar = maketar ([ cacert nix nixpkgsSrc ] ++ lib.optional (bundledPackage != null) bundledPackage);
+
+
+  # The runtime script which unpacks the necessary files to $HOME/.nix-portable
+  # and then executes nix via proot or bwrap
+  # Some shell expressions will be evaluated at build time and some at run time.
+  # Variables/expressions escaped via `\$` will be evaluated at run time
+  runtimeScript = ''
+    #!/usr/bin/env bash
+
+    set -eo pipefail
+
+    start=\$(date +%s%N)  # start time in nanoseconds
+
+    # dump environment on exit if debug is enabled
+    if [ -n "\$NP_DEBUG" ] && [ "\$NP_DEBUG" -ge 1 ]; then
+      trap "declare -p > \''${TMPDIR:-/tmp}/np_env" EXIT
+    fi
+
+    # there seem to be less issues with proot when disabling seccomp
+    # though on android it is needed
+    if [ -n "\$TERMUX_VERSION" ]; then
+      unset LD_PRELOAD
+      NP_RUNTIME=\''${NP_RUNTIME:-proot}
+      export PROOT_TMP_DIR="\$TMPDIR/proot"
+      mkdir -p "\$PROOT_TMP_DIR"
+    else
+      export PROOT_NO_SECCOMP=\''${PROOT_NO_SECCOMP:-1}
+    fi
+
+    set -e
+    if [ -n "\$NP_DEBUG" ] && [ "\$NP_DEBUG" -ge 2 ]; then
+      set -x
+    fi
+
+    # &3 is our error out which we either forward to &2 or to /dev/null
+    # depending on the setting
+    if [ -n "\$NP_DEBUG" ] && [ "\$NP_DEBUG" -ge 1 ]; then
+      debug(){
+        echo \$@ || true
+      }
+      exec 3>&2
+    else
+      debug(){
+        true
+      }
+      exec 3>/dev/null
+    fi
+
+    # to reference this script's file
+    self="\$(realpath \''${BASH_SOURCE[0]})"
+
+    # fingerprint will be inserted by builder
+    fingerprint="_FINGERPRINT_PLACEHOLDER_"
+
+    # user specified location for program files and nix store
+    [ -z "\$NP_LOCATION" ] && NP_LOCATION="\$HOME"
+    NP_LOCATION="\$(readlink -f "\$NP_LOCATION")"
+    dir="\$NP_LOCATION/.nix-portable"
+
+    # Create NP_LOCATION and remove sgid bit
+    mkdir -p \$dir
+    if [ ! -z "\$BSC_MACHINE" ]; then
+      # Attempt to avoid issues with sgid folders
+      chmod g-s \$dir
+      chgrp bsc \$dir
+    fi
+
+    store="\$dir/nix/store"
+    # create /nix/var/nix to prevent nix from falling back to chroot store.
+    mkdir -p \$dir/{bin,nix/var/nix,nix/store}
+
+    # create minimal drv file for nix to spawn a nix shell
+    echo 'builtins.derivation {name="foo"; builder="/bin/sh"; args = ["-c" "echo hello \> \\\$out"]; system=builtins.currentSystem;}' > "\$dir/mini-drv.nix"
+
+    # the fingerprint being present inside a file indicates that
+    # this version of nix-portable has already been initialized
+    if test -e \$dir/conf/fingerprint && [ "\$(cat \$dir/conf/fingerprint)" == "\$fingerprint" ]; then
+      newNPVersion=false
+    else
+      newNPVersion=true
+    fi
+
+    # Nix portable ships its own nix.conf
+    export NIX_CONF_DIR=\$dir/conf/
+
+    NP_CONF_SANDBOX=\''${NP_CONF_SANDBOX:-false}
+    NP_CONF_STORE=\''${NP_CONF_STORE:-auto}
+
+
+    recreate_nix_conf(){
+      mkdir -p "\$NIX_CONF_DIR"
+      rm -f "\$NIX_CONF_DIR/nix.conf"
+
+      # static config
+      echo "build-users-group = " >> \$dir/conf/nix.conf
+      echo "experimental-features = nix-command flakes" >> \$dir/conf/nix.conf
+      echo "ignored-acls = security.selinux system.nfs4_acl" >> \$dir/conf/nix.conf
+      echo "sandbox-paths = /bin/sh=\$dir/busybox/bin/busybox" >> \$dir/conf/nix.conf
+      echo "extra-substituters = https://jungle.bsc.es/cache">> \$dir/conf/nix.conf
+      echo "extra-trusted-public-keys = jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" >> \$dir/conf/nix.conf
+
+      echo "extra-system-features = sys-devices" >> \$dir/conf/nix.conf
+      echo "extra-sandbox-paths = /sys/devices/system/cpu=/sys/devices/system/cpu /sys/devices/system/node=/sys/devices/system/node" >> \$dir/conf/nix.conf
+      echo "extra-trusted-users = @bsc" >> \$dir/conf/nix.conf
+
+
+      # configurable config
+      echo "sandbox = \$NP_CONF_SANDBOX" >> \$dir/conf/nix.conf
+      echo "store = \$NP_CONF_STORE" >> \$dir/conf/nix.conf
+    }
+
+
+    ### install files
+
+    PATH_OLD="\$PATH"
+
+    # as soon as busybox is unpacked, restrict PATH to busybox to ensure reproducibility of this script
+    # only unpack binaries if necessary
+    if [ "\$newNPVersion" == "false" ]; then
+
+      debug "binaries already installed"
+      # our busybox does not run on termux, therefore we suffix the PATH only on termux
+      export PATH="\''${TERMUX_VERSION:+\$PATH:}\$dir/busybox/bin"
+
+    else
+
+      debug "installing files"
+
+      mkdir -p \$dir/emptyroot
+
+      # install busybox
+      mkdir -p \$dir/busybox/bin
+      (base64 -d> "\$dir/busybox/bin/busybox" && chmod +x "\$dir/busybox/bin/busybox") << END
+    $(cat ${busybox}/bin/busybox | base64)
+    END
+      busyBins="${toString (attrNames (filterAttrs (d: type: type == "symlink") (readDir "${inp.busybox}/bin")))}"
+      for bin in \$busyBins; do
+        [ ! -e "\$dir/busybox/bin/\$bin" ] && ln -s busybox "\$dir/busybox/bin/\$bin"
+      done
+
+      # our busybox does not run on termux, therefore we suffix the PATH only on termux
+      export PATH="\''${TERMUX_VERSION:+\$PATH:}\$dir/busybox/bin"
+
+      # install other binaries
+      ${installBin zstd "zstd"}
+      ${installBin proot "proot"}
+      ${installBin bwrap "bwrap"}
+      ${installBin nixStatic "nix"}
+
+      # install ssl cert bundle
+      unzip -poj "\$self" ${ lib.removePrefix "/" "${caBundleZstd}"} | \$dir/bin/zstd -d > \$dir/ca-bundle.crt
+
+      recreate_nix_conf
+    fi
+
+    # Override $SHELL with nix bashInteractive
+    export SHELL="${pkgs.bashInteractive.out}/bin/bash"
+    export PS1="\n\[\033[1;32m\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\$\[\033[0m\] "
+
+    ### setup SSL
+    # find ssl certs or use from nixpkgs
+    debug "figuring out ssl certs"
+    if [ -z "\$SSL_CERT_FILE" ]; then
+      debug "SSL_CERT_FILE not defined. trying to find certs automatically"
+      if [ -e /etc/ssl/certs/ca-bundle.crt ]; then
+        export SSL_CERT_FILE=\$(realpath /etc/ssl/certs/ca-bundle.crt)
+        debug "found /etc/ssl/certs/ca-bundle.crt with real path \$SSL_CERT_FILE"
+      elif [ -e /etc/ssl/certs/ca-certificates.crt ]; then
+        export SSL_CERT_FILE=\$(realpath /etc/ssl/certs/ca-certificates.crt)
+        debug "found /etc/ssl/certs/ca-certificates.crt with real path \$SSL_CERT_FILE"
+      elif [ ! -e /etc/ssl/certs ]; then
+        debug "/etc/ssl/certs does not exist. Will use certs from nixpkgs."
+        export SSL_CERT_FILE=\$dir/ca-bundle.crt
+      else
+        debug "certs seem to reside in /etc/ssl/certs. No need to set up anything"
+      fi
+    fi
+    if [ -n "\$SSL_CERT_FILE" ]; then
+      sslBind="\$(realpath \$SSL_CERT_FILE) \$dir/ca-bundle.crt"
+      export SSL_CERT_FILE="\$dir/ca-bundle.crt"
+    else
+      sslBind="/etc/ssl /etc/ssl"
+    fi
+
+    if [ -n "\$NP_GIT" ]; then
+      echo "WARN: NP_GIT is not supported, using nix version instead"
+    fi
+
+
+
+    storePathOfFile(){
+      file=\$(realpath \$1)
+      sPath="\$(echo \$file | awk -F "/" 'BEGIN{OFS="/";}{print \$2,\$3,\$4}')"
+      echo "/\$sPath"
+    }
+
+
+    collectBinds(){
+      pathsTopLevel="/boot /run /sys \$PWD /gpfs /tmp /scratch"
+
+      toBind=""
+      for p in \$pathsTopLevel; do
+        if [ -e "\$p" ]; then
+          real=\$(realpath \$p)
+          if [ -e "\$real" ]; then
+            if [[ "\$real" == /nix/store/* ]]; then
+              storePath=\$(storePathOfFile \$real)
+              toBind="\$toBind \$storePath \$storePath"
+            else
+              toBind="\$toBind \$real \$p"
+            fi
+          fi
+        fi
+      done
+
+
+      # TODO: add /var/run/dbus/system_bus_socket
+      paths="/etc/host.conf /etc/hosts /etc/hosts.equiv /etc/mtab /etc/netgroup /etc/networks /etc/passwd /etc/group /etc/nsswitch.conf /etc/resolv.conf /etc/localtime \$HOME"
+
+      for p in \$paths; do
+        if [ -e "\$p" ]; then
+          real=\$(realpath \$p)
+          if [ -e "\$real" ]; then
+            if [[ "\$real" == /nix/store/* ]]; then
+              storePath=\$(storePathOfFile \$real)
+              toBind="\$toBind \$storePath \$storePath"
+            else
+              toBind="\$toBind \$real \$real"
+            fi
+          fi
+        fi
+      done
+
+      toBind="\$toBind \$dir/busybox/bin /bin"
+      # provide /bin/sh via the shipped busybox
+      toBind="\$toBind \$dir/busybox/bin/busybox /bin/sh"
+      toBind="\$toBind \$dir/busybox/bin/busybox /usr/bin/env"
+
+      # on termux, make sure termux packages still work inside the nix-portable environment
+      if [ -n "\$TERMUX_VERSION" ]; then
+        # binds required so termux native packages still run inside the nix-portable sandbox
+        # TODO: this doesn't quite work yet. debug and fix
+        toBind="\$toBind /system/lib64/libc.so /system/lib64/libc.so"
+        toBind="\$toBind /system/lib64/ld-android.so /system/lib64/ld-android.so"
+        toBind="\$toBind /system/lib64/libdl.so /system/lib64/libdl.so"
+        toBind="\$toBind /system/bin /system/bin"
+        toBind="\$toBind /system/lib64 /system/lib64"
+        toBind="\$toBind /apex/com.android.runtime/bin /apex/com.android.runtime/bin"
+        toBind="\$toBind /linkerconfig/ld.config.txt /linkerconfig/ld.config.txt"
+        toBind="\$toBind \$dir/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt"
+        toBind="\$toBind \$(realpath \$HOME/../usr/etc/resolv.conf) /etc/resolv.conf"
+      fi
+
+    }
+
+
+    makeBindArgs(){
+      arg=\$1; shift
+      sep=\$1; shift
+      binds=""
+      while :; do
+        if [ -n "\$1" ]; then
+          from="\$1"; shift
+          to="\$1"; shift || { echo "no bind destination provided for \$from!"; exit 3; }
+          binds="\$binds \$arg \$from\$sep\$to";
+        else
+          break
+        fi
+      done
+    }
+
+
+
+    ### select container runtime
+    debug "figuring out which runtime to use"
+    [ -z "\$NP_BWRAP" ] && NP_BWRAP=\$dir/bin/bwrap
+    debug "bwrap executable: \$NP_BWRAP"
+    [ -z "\$NP_NIX" ] && NP_NIX=\$dir/bin/nix
+    debug "nix executable: \$NP_NIX"
+    [ -z "\$NP_PROOT" ] && NP_PROOT=\$(PATH="\$PATH_OLD:\$PATH" which proot 2>/dev/null) || true
+    [ -z "\$NP_PROOT" ] && NP_PROOT=\$dir/bin/proot
+    debug "proot executable: \$NP_PROOT"
+    debug "testing all available runtimes..."
+    if [ -z "\$NP_RUNTIME" ]; then
+      # read last automatic selected runtime from disk
+      if [ "\$newNPVersion" == "true" ]; then
+        debug "removing cached auto selected runtime"
+        rm -f "\$dir/conf/last_auto_runtime"
+      fi
+      if [ -f "\$dir/conf/last_auto_runtime" ]; then
+        last_auto_runtime="\$(cat "\$dir/conf/last_auto_runtime")"
+      else
+        last_auto_runtime=
+      fi
+      debug "last auto selected runtime: \$last_auto_runtime"
+      if [ "\$last_auto_runtime" != "" ]; then
+        NP_RUNTIME="\$last_auto_runtime"
+      # check if nix --store works
+      elif \\
+          debug "testing nix --store" \\
+          && mkdir -p \$dir/tmp/ \\
+          && touch \$dir/tmp/testfile \\
+          && "\$NP_NIX" --store "\$dir/tmp/__store" shell -f "\$dir/mini-drv.nix" -c "\$dir/bin/nix" store add-file --store "\$dir/tmp/__store" "\$dir/tmp/testfile" >/dev/null 2>&3; then
+        chmod -R +w \$dir/tmp/__store
+        rm -r \$dir/tmp/__store
+        debug "nix --store works on this system -> will use nix as runtime"
+        NP_RUNTIME=nix
+      # check if bwrap works properly
+      elif \\
+          debug "nix --store failed -> testing bwrap" \\
+          && \$NP_BWRAP --bind \$dir/emptyroot / --bind \$dir/ /nix --bind \$dir/busybox/bin/busybox "\$dir/true" "\$dir/true" 2>&3 ; then
+        debug "bwrap seems to work on this system -> will use bwrap"
+        NP_RUNTIME=bwrap
+      else
+        debug "bwrap doesn't work on this system -> will use proot"
+        NP_RUNTIME=proot
+      fi
+      echo -n "\$NP_RUNTIME" > "\$dir/conf/last_auto_runtime"
+    else
+      debug "runtime selected via NP_RUNTIME: \$NP_RUNTIME"
+    fi
+    debug "NP_RUNTIME: \$NP_RUNTIME"
+    if [ "\$NP_RUNTIME" == "nix" ]; then
+      run="\$NP_NIX shell -f \$dir/mini-drv.nix -c"
+      export PATH="\$PATH:\$store${lib.removePrefix "/nix/store" nix}/bin"
+      NP_CONF_STORE="\$dir"
+      recreate_nix_conf
+    elif [ "\$NP_RUNTIME" == "bwrap" ]; then
+      collectBinds
+      makeBindArgs --bind " " \$toBind \$sslBind
+      run="\$NP_BWRAP \$BWRAP_ARGS \\
+        --bind \$dir/emptyroot /\\
+        --dev-bind /dev /dev\\
+        --proc /proc\\
+        --bind \$dir/nix /nix\\
+        \$binds"
+        # --bind \$dir/busybox/bin/busybox /bin/sh\\
+    else
+      # proot
+      collectBinds
+      makeBindArgs -b ":" \$toBind \$sslBind
+      run="\$NP_PROOT \$PROOT_ARGS\\
+        -r \$dir/emptyroot\\
+        -b /dev:/dev\\
+        -b \$dir/nix:/nix\\
+        \$binds"
+        # -b \$dir/busybox/bin/busybox:/bin/sh\\
+    fi
+    debug "base command will be: \$run"
+
+
+
+    ### setup environment
+    export NIX_PATH="\$dir/channels:nixpkgs=\$dir/channels/nixpkgs"
+    mkdir -p \$dir/channels
+    [ -h \$dir/channels/nixpkgs ] || ln -s ${nixpkgsSrc} \$dir/channels/nixpkgs
+
+
+    ### install nix store
+    # Install all the nix store paths necessary for the current nix-portable version
+    # We only unpack missing store paths from the tar archive.
+    index="$(cat ${storeTar}/index)"
+
+    export missing=\$(
+      for path in \$index; do
+        basepath=\$(basename \$path)
+        if [ ! -e \$store/\$basepath ]; then
+          echo "nix/store/\$basepath"
+        fi
+      done
+    )
+
+    if [ -n "\$missing" ]; then
+      debug "extracting missing store paths"
+      (
+        mkdir -p \$dir/tmp \$store/
+        rm -rf \$dir/tmp/*
+        cd \$dir/tmp
+        unzip -qqp "\$self" ${ lib.removePrefix "/" "${storeTar}/tar"} \
+          | \$dir/bin/zstd -d \
+          | tar -x \$missing --strip-components 2
+        mv \$dir/tmp/* \$store/
+      )
+      rm -rf \$dir/tmp
+    fi
+
+    if [ -n "\$missing" ]; then
+      debug "registering new store paths to DB"
+      reg="$(cat ${storeTar}/closureInfo/registration)"
+      cmd="\$run \$store${lib.removePrefix "/nix/store" nix}/bin/nix-store --load-db"
+      debug "running command: \$cmd"
+      echo "\$reg" | \$cmd
+    fi
+
+
+    ### select executable
+    # the executable can either be selected by
+    # - executing './nix-portable BIN_NAME',
+    # - symlinking to nix-portable, in which case the name of the symlink selects the nix executable
+    # Alternatively the executable can be hardcoded by specifying the argument 'executable' of nix-portable's default.nix file.
+    executable="${if bundledPackage == null then "" else bundledExe}"
+    if [ "\$executable" != "" ]; then
+      bin="\$executable"
+      debug "executable is hardcoded to: \$bin"
+
+    elif [[ "\$(basename \$0)" == nix-portable* ]]; then\
+      if [ -z "\$1" ]; then
+        echo "Error: please specify the nix binary to execute"
+        echo "Alternatively symlink against \$0"
+        exit 1
+      elif [ "\$1" == "debug" ]; then
+        bin="\$(which \$2)"
+        shift; shift
+      else
+        bin="\$store${lib.removePrefix "/nix/store" nix}/bin/\$1"
+        shift
+      fi
+    # for binary selection via symlink
+    else
+      bin="\$store${lib.removePrefix "/nix/store" nix}/bin/\$(basename \$0)"
+    fi
+
+
+
+    ### check which runtime has been used previously
+    if [ -f "\$dir/conf/last_runtime" ]; then
+      lastRuntime=\$(cat "\$dir/conf/last_runtime")
+    else
+      lastRuntime=
+    fi
+
+
+
+    ### check if nix is functional with or without sandbox
+    # sandbox-fallback is not reliable: https://github.com/NixOS/nix/issues/4719
+    if [ "\$newNPVersion" == "true" ] || [ "\$lastRuntime" != "\$NP_RUNTIME" ]; then
+      nixBin="\$(dirname \$bin)/nix"
+      debug "Testing if nix can build stuff without sandbox"
+      if ! \$run "\$nixBin" build --no-link -f "\$dir/mini-drv.nix" --option sandbox false >&3 2>&3; then
+        echo "Fatal error: nix is unable to build packages"
+        exit 1
+      fi
+
+      debug "Testing if nix sandbox is functional"
+      if ! \$run "\$nixBin" build --no-link -f "\$dir/mini-drv.nix" --option sandbox true >&3 2>&3; then
+        debug "Sandbox doesn't work -> disabling sandbox"
+        NP_CONF_SANDBOX=false
+        recreate_nix_conf
+      else
+        debug "Sandboxed builds work -> enabling sandbox"
+        NP_CONF_SANDBOX=true
+        recreate_nix_conf
+      fi
+
+    fi
+
+
+    ### save fingerprint and lastRuntime
+    if [ "\$newNPVersion" == "true" ]; then
+      echo -n "\$fingerprint" > "\$dir/conf/fingerprint"
+    fi
+    if [ "\$lastRuntime" != \$NP_RUNTIME ]; then
+      echo -n \$NP_RUNTIME > "\$dir/conf/last_runtime"
+    fi
+
+
+
+    ### set PATH
+    # restore original PATH and append busybox
+    export PATH="\$PATH_OLD:\$dir/busybox/bin"
+
+    ### install programs via nix
+    ${concatMapStringsSep "\n" installDynamic bootstrapPrograms}
+
+    ### print elapsed time
+    end=\$(date +%s%N)  # end time in nanoseconds
+    # time elapsed in millis with two decimal places
+
+    # print stats about initialization time of nix-portable
+    # skipt for termux, as it doesn't have bc installed
+    if [ -z "\$TERMUX_VERSION" ]; then
+      elapsed=\$(echo "scale=2; (\$end - \$start)/1000000" | bc)
+      debug "Time to initialize nix-portable: \$elapsed millis"
+    fi
+
+
+    ### run commands
+    [ -z "\$NP_RUN" ] && NP_RUN="\$run"
+    if [ "\$NP_RUNTIME" == "proot" ]; then
+      debug "running command: \$NP_RUN \$bin \$@"
+      exec \$NP_RUN \$bin "\$@"
+    else
+      cmd="\$NP_RUN \$bin \$@"
+      debug "running command: \$cmd"
+      exec \$NP_RUN \$bin "\$@"
+    fi
+    exit
+  '';
+
+  runtimeScriptEscaped = replaceStrings ["\""] ["\\\""] runtimeScript;
+
+  nixPortable = pkgs.runCommand pname {
+    nativeBuildInputs = [unixtools.xxd unzip];
+
+    meta = {
+      homepage = "https://github.com/DavHau/nix-portable";
+      description = "Nix - Static, Permissionless, Installation-free, Pre-configured for mn5";
+      maintainers = with lib.maintainers.bsc; [ abonerib ];
+      platforms = lib.platforms.linux;
+      license = lib.licenses.mit;
+    };
+  } ''
+    mkdir -p $out/bin
+    echo "${runtimeScriptEscaped}" > $out/bin/nix-portable.zip
+    xxd $out/bin/nix-portable.zip | tail
+
+    sizeA=$(printf "%08x" `stat -c "%s" $out/bin/nix-portable.zip` | tac -rs ..)
+    echo 504b 0304 0000 0000 0000 0000 0000 0000 | xxd -r -p >> $out/bin/nix-portable.zip
+    echo 0000 0000 0000 0000 0000 0200 0000 4242 | xxd -r -p >> $out/bin/nix-portable.zip
+
+    sizeB=$(printf "%08x" `stat -c "%s" $out/bin/nix-portable.zip` | tac -rs ..)
+    echo 504b 0102 0000 0000 0000 0000 0000 0000 | xxd -r -p >> $out/bin/nix-portable.zip
+    echo 0000 0000 0000 0000 0000 0000 0200 0000 | xxd -r -p >> $out/bin/nix-portable.zip
+    echo 0000 0000 0000 0000 0000 $sizeA 4242 | xxd -r -p >> $out/bin/nix-portable.zip
+
+    echo 504b 0506 0000 0000 0000 0100 3000 0000 | xxd -r -p >> $out/bin/nix-portable.zip
+    echo $sizeB 0000 0000 0000 0000 0000 0000 | xxd -r -p >> $out/bin/nix-portable.zip
+
+    unzip -vl $out/bin/nix-portable.zip
+
+    zip="${zip}/bin/zip -0"
+    $zip $out/bin/nix-portable.zip ${bwrap}/bin/bwrap
+    $zip $out/bin/nix-portable.zip ${nixStatic}/bin/nix
+    $zip $out/bin/nix-portable.zip ${proot}/bin/proot
+    $zip $out/bin/nix-portable.zip ${zstd}/bin/zstd
+    $zip $out/bin/nix-portable.zip ${storeTar}/tar
+    $zip $out/bin/nix-portable.zip ${caBundleZstd}
+
+    # create fingerprint
+    fp=$(sha256sum $out/bin/nix-portable.zip | cut -d " "  -f 1)
+    sed -i "s/_FINGERPRINT_PLACEHOLDER_/$fp/g" $out/bin/nix-portable.zip
+    # fix broken zip header due to manual modification
+    ${zip}/bin/zip -F $out/bin/nix-portable.zip --out $out/bin/nix-portable-fixed.zip
+
+    rm $out/bin/nix-portable.zip
+    executable=${if bundledPackage == null then "" else bundledExe}
+    if [ "$executable" == "" ]; then
+      target="$out/bin/nix-portable"
+    else
+      target="$out/bin/$(basename "$executable")"
+    fi
+    mv $out/bin/nix-portable-fixed.zip "$target"
+    chmod +x "$target"
+  '';
+in
+nixPortable.overrideAttrs (prev: {
+  passthru = (prev.passthru or {}) // {
+    inherit bwrap proot;
+  };
+})

pkgs/nix-wrap/default.nix

@@ -14,7 +14,7 @@ let
   nixConfDir = "share";
   nix_wrap_sh = writeText "nix-wrap.sh" ''
     #!/usr/bin/env bash
-    #
+
     busybox_bin="${nixPrefix}${busybox}/bin"
     bubblewrap_bin="${nixPrefix}/${bubblewrap}/bin"
 
@@ -69,7 +69,6 @@ stdenv.mkDerivation rec {
   name = "nix-wrap";
   buildInputs = [
     bashInteractive
-    busybox
     nix
   ];
   src = null;
@@ -92,7 +91,6 @@ stdenv.mkDerivation rec {
     homepage = null;
     description = "nix bubblewrap wrapper";
     maintainers = [ ];
-    broken = true;
     platforms = lib.platforms.linux;
     license = lib.licenses.mit;
   };

pkgs/pocl/0001-cmake-do-not-use-suffix.patch

@@ -1,26 +0,0 @@
-From ccf301659caac9b5e973ba1f2d32352acf617a98 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
-Date: Tue, 2 Jul 2024 16:45:05 +0200
-Subject: [PATCH] cmake: do not use suffix
-
----
- cmake/LLVM.cmake                              |  3 ++
- 1 files changed, 3 insertions(+)
-
-diff --git a/cmake/LLVM.cmake b/cmake/LLVM.cmake
-index f4dbda065..e29144dce 100644
---- a/cmake/LLVM.cmake
-+++ b/cmake/LLVM.cmake
-@@ -65,6 +65,9 @@ else()
-     message(WARNING "Cannot determine llvm binary suffix from ${LLVM_CONFIG}")
-   endif()
-   message(STATUS "LLVM binaries suffix : ${LLVM_BINARY_SUFFIX}")
-+
-+  # We don't want suffixes in nix
-+  set(LLVM_BINARY_SUFFIX "")
- endif()
- 
- get_filename_component(LLVM_CONFIG_LOCATION "${LLVM_CONFIG}" DIRECTORY)
--- 
-2.45.1
-

pkgs/pocl/0001-cmake-native-build-tools.patch

@@ -1,33 +0,0 @@
-From f24b456c50f587b05cc8f2699c94d8cdefc5b13e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
-Date: Tue, 2 Jul 2024 17:11:11 +0200
-Subject: [PATCH] cmake: native build tools
-
----
- cmake/LLVM.cmake                    |   7 +-
- 1 files changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/cmake/LLVM.cmake b/cmake/LLVM.cmake
-index e29144dce..b9f14ce6a 100644
---- a/cmake/LLVM.cmake
-+++ b/cmake/LLVM.cmake
-@@ -269,10 +269,15 @@ endforeach()
- 
- ####################################################################
- 
-+if(DEFINED LLVM_NATIVE_TOOL_DIR)
-+  set(TOOL_DIR "${LLVM_NATIVE_TOOL_DIR}")
-+  message(STATUS "TOOL_DIR=${TOOL_DIR}")
-+endif()
-+
- macro(find_program_or_die OUTPUT_VAR PROG_NAME DOCSTRING)
-   find_program(${OUTPUT_VAR}
-     NAMES "${PROG_NAME}${LLVM_BINARY_SUFFIX}${CMAKE_EXECUTABLE_SUFFIX}"
--    HINTS "${LLVM_BINDIR}" "${LLVM_CONFIG_LOCATION}"
-+    HINTS "${TOOL_DIR}" "${LLVM_BINDIR}" "${LLVM_CONFIG_LOCATION}"
-     DOC "${DOCSTRING}"
-     NO_CMAKE_PATH
-     NO_CMAKE_ENVIRONMENT_PATH
--- 
-2.45.1
-

pkgs/pocl/0001-cmake-use-clang-from-cmake-variable.patch

@@ -1,48 +0,0 @@
-From 4688b5ce895761c884ae15fc0234ed8d623b988b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Aleix=20Bon=C3=A9?= <aleix.boneribo@bsc.es>
-Date: Tue, 2 Jul 2024 15:41:47 +0200
-Subject: [PATCH] cmake: use clang from cmake variable
-
----
- cmake/LLVM.cmake | 22 ++++++++++++++++++++--
- 1 file changed, 20 insertions(+), 2 deletions(-)
-
-diff --git a/cmake/LLVM.cmake b/cmake/LLVM.cmake
-index 71b786dc7..f4dbda065 100644
---- a/cmake/LLVM.cmake
-+++ b/cmake/LLVM.cmake
-@@ -281,11 +281,29 @@ macro(find_program_or_die OUTPUT_VAR PROG_NAME DOCSTRING)
-   endif()
- endmacro()
- 
--find_program_or_die( CLANG "clang" "clang binary")
-+# -DCMAKE_C_COMPILER=riscv64-unknown-linux-gnu-clang -DCMAKE_CXX_COMPILER=riscv64-unknown-linux-gnu-clang++
-+
-+# if(DEFINED CLANG_EXECUTABLE)
-+if(DEFINED CMAKE_C_COMPILER)
-+  # set(CLANG "${CLANG_EXECUTABLE}")
-+  set(CLANG "${CMAKE_C_COMPILER}")
-+  message(STATUS "Using CLANG_EXECUTABLE: ${CLANG}")
-+else()
-+  find_program_or_die( CLANG "clang" "clang binary")
-+endif()
- execute_process(COMMAND "${CLANG}" "--version" OUTPUT_VARIABLE LLVM_CLANG_VERSION RESULT_VARIABLE CLANG_RES)
-+
- # TODO this should be optional
--find_program_or_die( CLANGXX "clang++" "clang++ binary")
-+# if(DEFINED CLANGXX_EXECUTABLE)
-+if(DEFINED CMAKE_CXX_COMPILER)
-+  # set(CLANGXX "${CLANGXX_EXECUTABLE}")
-+  set(CLANGXX "${CMAKE_CXX_COMPILER}")
-+  message(STATUS "Using CLANGXX_EXECUTABLE: ${CLANGXX}")
-+else()
-+  find_program_or_die( CLANGXX "clang++" "clang++ binary")
-+endif()
- execute_process(COMMAND "${CLANGXX}" "--version" OUTPUT_VARIABLE LLVM_CLANGXX_VERSION RESULT_VARIABLE CLANGXX_RES)
-+
- if(CLANGXX_RES OR CLANG_RES)
-   message(FATAL_ERROR "Failed running clang/clang++ --version")
- endif()
--- 
-2.45.1
-

pkgs/pocl/default.nix

@@ -1,255 +0,0 @@
-{
-  lib,
-  llvmPackages,
-  ninja,
-  cmake,
-  hwloc,
-  ocl-icd,
-  opencl-headers,
-  getconf,
-  pkg-config,
-  spirv-llvm-translator,
-  spirv-tools,
-  libxml2, # required for statically linked llvm
-  python3,
-  writableTmpDirAsHomeHook,
-  writeText,
-  runCommand,
-  opencl-cts,
-
-  fetchFromGitHub,
-
-  useGit ? false,
-  gitUrl ? "git@gitlab-internal.bsc.es:task-awareness/pocl/pocl.git",
-  gitBranch ? "new-device",
-  gitCommit ? "dd10c2221b31223cbb796182df6a07f11c7541f5",
-
-  staticLLVM ? true,
-  enableICD ? true,
-  enableSPIRV ? true,
-  enableHWLOC ? true,
-  enableRemoteServer ? false,
-  enableRemoteClient ? false,
-  enableDistroVariants ? false,
-
-  lttng-ust,
-  enableLTTNG ? false,
-
-  onetbb,
-  enableTBB ? false,
-
-  nosv ? null,
-  ovni ? null,
-  enableNOSV ? useGit,
-  enableOVNI ? useGit,
-
-  buildPackages,
-  targetPackages,
-  nix-update-script,
-}:
-
-assert (enableNOSV || enableOVNI) -> useGit;
-
-let
-
-  release = rec {
-    version = "7.1";
-    src = fetchFromGitHub {
-      owner = "pocl";
-      repo = "pocl";
-      tag = "v${version}";
-      hash = "sha256-bS6vTIjLO7YLs7qYLKW0cYYbEJ/hRS/+IjjAKbkj8ac=";
-    };
-  };
-
-  git = rec {
-    version = src.shortRev;
-    src = builtins.fetchGit {
-      url = gitUrl;
-      ref = gitBranch;
-      rev = gitCommit;
-    };
-  };
-
-  source = if (useGit) then git else release;
-
-  stdenv = llvmPackages.stdenv;
-
-  buildLlvmPackages = buildPackages.llvmPackages;
-
-  isCross = stdenv.hostPlatform != stdenv.buildPlatform;
-
-  featureList = lib.concatStringsSep "+" (
-    (lib.optionals enableICD [ "icd" ])
-    ++ (lib.optionals enableNOSV [ "nosv" ])
-    ++ (lib.optionals enableOVNI [ "ovni" ])
-    ++ (lib.optionals enableSPIRV [ "spirv" ])
-    ++ (lib.optionals enableTBB [ "tbb" ])
-    ++ (lib.optionals enableRemoteClient [ "server" ])
-    ++ (lib.optionals enableRemoteServer [ "client" ])
-  );
-in
-
-stdenv.mkDerivation (finalAttrs: {
-  pname = "pocl";
-  version = featureList + "-" + source.version;
-  inherit (source) src;
-
-  patches = lib.optionals useGit [
-    ./0001-cmake-use-clang-from-cmake-variable.patch
-    ./0001-cmake-do-not-use-suffix.patch
-    ./0001-cmake-native-build-tools.patch
-  ];
-
-  cmakeFlags = [
-    # TODO: all these are broken when cross compiling. Upstream has refactored
-    # all the cmake infra for cross compilation, but it's not in a release yet
-    (lib.cmakeOptionType "filepath" "WITH_LLVM_CONFIG" (
-      lib.getExe' buildLlvmPackages.llvm.dev "llvm-config"
-    ))
-    (lib.cmakeOptionType "filepath" "CLANG" (lib.getExe' buildLlvmPackages.clangUseLLVM "clang"))
-    (lib.cmakeOptionType "filepath" "CLANGXX" (lib.getExe' buildLlvmPackages.clangUseLLVM "clang++"))
-    (lib.cmakeOptionType "path" "CLANG_RESOURCE_DIR" "${llvmPackages.stdenv.cc}/resource-root")
-
-    (lib.cmakeBool "ENABLE_TESTS" finalAttrs.finalPackage.doCheck)
-
-    (lib.cmakeBool "ENABLE_RELOCATION" true)
-    (lib.cmakeBool "ENABLE_POCL_BUILDING" true)
-    (lib.cmakeBool "POCL_ICD_ABSOLUTE_PATH" true)
-
-    (lib.cmakeBool "ENABLE_TBB_DEVICE" enableTBB)
-    (lib.cmakeBool "ENABLE_ICD" enableICD)
-    (lib.cmakeBool "ENABLE_HWLOC" enableHWLOC)
-    (lib.cmakeBool "ENABLE_LTTNG" enableLTTNG)
-
-    (lib.cmakeBool "ENABLE_REMOTE_CLIENT" enableRemoteClient)
-    (lib.cmakeBool "ENABLE_REMOTE_SERVER" enableRemoteServer)
-
-    # avoid the runtime linker pulling in a different llvm e.g. from graphics drivers
-    (lib.cmakeBool "STATIC_LLVM" staticLLVM)
-  ]
-  ++ lib.optionals (enableNOSV || enableOVNI) [
-    (lib.cmakeBool "ENABLE_NOSV" enableNOSV)
-    (lib.cmakeBool "ENABLE_OVNI" enableOVNI)
-  ]
-  ++ lib.optionals (!isCross && enableDistroVariants) [
-    (lib.cmakeFeature "KERNELLIB_HOST_CPU_VARIANTS" "distro") # TODO: check if we can do it when cross compiling
-  ]
-  ++ lib.optionals isCross [
-    (lib.cmakeFeature "CMAKE_SYSTEM_NAME" "Linux")
-    (lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_PROGRAM" "NEVER")
-    (lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_LIBRARY" "ONLY")
-    (lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_INCLUDE" "ONLY")
-    (lib.cmakeFeature "CMAKE_FIND_ROOT_PATH_MODE_PACKAGE" "ONLY")
-  ]
-  ++ lib.optionals stdenv.hostPlatform.isRiscV [
-    (lib.cmakeFeature "LLC_TRIPLE" "riscv64-unknown-linux-gnu")
-    (lib.cmakeFeature "LLC_HOST_CPU" "rv64g")
-    (lib.cmakeFeature "CLANG_MARCH_FLAG" "-march=")
-  ];
-
-  # Fixes error: ld: cannot find -lgcc / -lgcc_s when linking from libpocl on
-  # host
-  preConfigure = ''
-    cmakeFlagsArray+=(
-      -DEXTRA_HOST_LD_FLAGS="${lib.escapeShellArg (builtins.readFile "${targetPackages.stdenv.cc}/nix-support/cc-ldflags")}"
-      -DEXTRA_KERNEL_FLAGS="${lib.escapeShellArg (builtins.readFile "${targetPackages.stdenv.cc}/nix-support/cc-ldflags")}"
-    )
-  '';
-
-  nativeBuildInputs = [
-    cmake
-    getconf
-    ninja
-    pkg-config
-    python3
-  ];
-
-  buildInputs = [
-    opencl-headers
-    llvmPackages.libclang
-    llvmPackages.llvm
-  ]
-  ++ lib.optionals staticLLVM [ libxml2 ]
-  ++ lib.optionals enableNOSV [ nosv ]
-  ++ lib.optionals enableOVNI [ ovni ]
-  ++ lib.optionals enableHWLOC [ hwloc ]
-  ++ lib.optionals enableTBB [ onetbb ]
-  ++ lib.optionals enableICD [ ocl-icd ]
-  ++ lib.optionals enableLTTNG [ lttng-ust ]
-  ++ lib.optionals enableSPIRV [
-    (spirv-llvm-translator.override { inherit (llvmPackages) llvm; })
-    spirv-tools
-  ];
-
-  nativeInstallCheckInputs = [
-    writableTmpDirAsHomeHook # needed for POCL_CACHE_DIR
-  ];
-
-  doInstallCheck = true;
-
-  installCheckPhase = lib.optionalString enableICD ''
-    runHook preInstallCheck
-
-    export OCL_ICD_VENDORS=$out/etc/OpenCL/vendors
-    $out/bin/poclcc -o poclcc.cl.pocl $src/examples/poclcc/poclcc.cl
-
-    runHook postInstallCheck
-  '';
-
-  setupHook = lib.optionalDrvAttr enableICD (
-    writeText "setup-hook" ''
-      addToSearchPath OCL_ICD_VENDORS @out@/etc/OpenCL/vendors
-    ''
-  );
-
-  passthru =
-    let
-      self = finalAttrs.finalPackage;
-    in
-    {
-      updateScript = nix-update-script { };
-      git = self.override { useGit = true; };
-
-      withICD = enableICD;
-
-      test = {
-        # Run builtin tests (causes a rebuild)
-        self = self.overrideAttrs { doCheck = true; };
-
-        # Run basic test from Khronos OpenCL Conformance Test Suite
-        # WARN: despite its name, test_basic is very exhaustive, and can take more
-        # than 1 hour in a marenostrum5 node.
-        cts =
-          assert enableICD;
-          lib.genAttrs [ "api" "basic" "c11_atomics" "printf" "svm" ] (
-            name:
-            runCommand "pocl-cts-test_${name}" {
-              nativeBuildInputs = [ self ];
-              requiredSystemFeatures = [ "sys-devices" ];
-              env = {
-                POCL_DEBUG = "error,warn";
-                POCL_CACHE_DIR = "/build/pocl_cache";
-              };
-            } "${opencl-cts}/bin/Release/test_${name} | tee $out"
-          );
-      };
-    };
-
-  env.HWLOC_SYNTHETIC = lib.optionalDrvAttr enableHWLOC "node:1 core:1 pu:1";
-
-  propagatedBuildInputs = [ stdenv.cc.cc ];
-
-  meta = with lib; {
-    description = "A portable open source (MIT-licensed) implementation of the OpenCL standard";
-    homepage = "http://portablecl.org";
-    license = licenses.mit;
-    maintainers = with maintainers; [
-      leixb
-      jansol
-      xddxdd
-      bsc.maintainers.leixb
-    ];
-    platforms = platforms.linux ++ platforms.darwin;
-  };
-})

pkgs/tacuda/default.nix

@@ -1,72 +0,0 @@
-{
-  backendStdenv,
-  fetchFromGitHub,
-  automake,
-  autoconf,
-  libtool,
-  gnumake,
-  autoreconfHook,
-  boost,
-  cudatoolkit,
-  libcublas,
-  cuda_cudart,
-
-  useGit ? false,
-  gitUrl ? "git@gitlab-internal.bsc.es:task-awareness/tacuda/tacuda.git",
-  gitBranch ? "main",
-  gitCommit ? "35234f9445e6149a2bd38d119841e2485d6ee05e",
-}:
-
-let
-
-  release_ver = "2.1.0";
-  release = {
-    version = release_ver;
-    src = fetchFromGitHub {
-      owner = "bsc-pm";
-      repo = "tacuda";
-      rev = release_ver;
-      hash = "sha256-Cj3EiLVJSLvRv0ydeg7Vp4SpkniEqHkcWF+YOJQ8EcM=";
-    };
-  };
-
-  git = rec {
-    version = src.shortRev;
-    src = builtins.fetchGit {
-      url = gitUrl;
-      ref = gitBranch;
-      rev = gitCommit;
-    };
-  };
-
-  source = if (useGit) then git else release;
-
-in
-
-backendStdenv.mkDerivation {
-  pname = "tacuda";
-  inherit (source) src version;
-
-  enableParallelBuilding = true;
-  separateDebugInfo = true;
-  strictDeps = true;
-
-  nativeBuildInputs = [
-    autoreconfHook
-    automake
-    autoconf
-    libtool
-    gnumake
-  ];
-
-  patches = [ ./fix_config.patch ];
-
-  configureFlags = [ "--with-cuda-include=${cudatoolkit}/include" ];
-
-  buildInputs = [
-    boost
-    libcublas
-    cuda_cudart
-  ];
-
-}

pkgs/tacuda/fix_config.patch

@@ -1,13 +0,0 @@
-diff --git a/m4/cuda.m4 b/m4/cuda.m4
-index 23f5c94..8f9b534 100644
---- a/m4/cuda.m4
-+++ b/m4/cuda.m4
-@@ -40,7 +40,7 @@ search_libs="cuda cublas cudart"
- required_libs=""
- 
- m4_foreach([function],
--           [cuInit,
-+           [
- 	    cublasSgemm,
-             cudaStreamCreate,
-             cudaLaunchKernel,

pkgs/taopencl/default.nix

@@ -1,46 +0,0 @@
-{
-  stdenv,
-  automake,
-  autoconf,
-  libtool,
-  gnumake,
-  boost,
-  mpi,
-  gcc,
-  autoreconfHook,
-  ocl-icd,
-  opencl-headers,
-}:
-
-stdenv.mkDerivation (finalAttrs: {
-  pname = "taopencl";
-  version = finalAttrs.src.shortRev;
-
-  src = builtins.fetchGit {
-    url = "git@gitlab-internal.bsc.es:task-awareness/taopencl/taopencl.git";
-    ref = "master";
-    rev = "c3b7b32ae8fa4af7ceff598532a881f8f1490aaf";
-  };
-
-  enableParallelBuilding = true;
-  separateDebugInfo = true;
-
-  configureFlags = [
-    "--with-opencl-lib=${ocl-icd}/lib"
-    "--with-opencl-include=${opencl-headers}/include"
-  ];
-
-  buildInputs = [
-    autoreconfHook
-    automake
-    autoconf
-    libtool
-    gnumake
-    boost
-    mpi
-    gcc
-  ];
-
-  dontDisableStatic = true;
-  hardeningDisable = [ "all" ];
-})

test/compilers/opencl.c

@@ -1,127 +0,0 @@
-#include <CL/cl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define BUF_LEN 128
-
-cl_int exit_err = CL_SUCCESS;
-
-#define CHECK(cmd)                                                             \
-  do {                                                                         \
-    cl_int err = cmd;                                                          \
-    if (err != CL_SUCCESS) {                                                   \
-      printf("[ERROR] " #cmd " (Error code: %d)\n"                             \
-             "@ "__FILE__                                                      \
-             ":%d",                                                            \
-             err, __LINE__);                                                   \
-      exit_err = err;                                                          \
-      goto cleanup;                                                            \
-    }                                                                          \
-  } while (0)
-
-const char *kernel_source = "__kernel void vector_add(__global const float *a, "
-                            "__global const float *b, __global float *c) {\n"
-                            "    int gid = get_global_id(0);\n"
-                            "    c[gid] = a[gid] + b[gid];\n"
-                            "}\n";
-
-cl_int test_kernel_compilation(cl_platform_id platform) {
-  cl_device_id device = NULL;
-  cl_context context = NULL;
-  cl_program program = NULL;
-  cl_int err = CL_SUCCESS;
-  char device_name[BUF_LEN];
-
-  // Get first device for this platform
-  CHECK(clGetDeviceIDs(platform, CL_DEVICE_TYPE_ALL, 1, &device, NULL));
-
-  // Get device name
-  CHECK(clGetDeviceInfo(device, CL_DEVICE_NAME, sizeof(device_name),
-                        device_name, NULL));
-  printf("    Device: %s\n", device_name);
-
-  context = clCreateContext(NULL, 1, &device, NULL, NULL, &err);
-  CHECK(err);
-
-  program = clCreateProgramWithSource(context, 1, &kernel_source, NULL, &err);
-  CHECK(err);
-
-  err = clBuildProgram(program, 1, &device, NULL, NULL, NULL);
-  if (err != CL_SUCCESS) {
-    printf("      [ERROR] Kernel compilation failed (Error code: %d)\n", err);
-
-    // Build log
-    size_t log_size;
-    CHECK(clGetProgramBuildInfo(program, device, CL_PROGRAM_BUILD_LOG, 0, NULL,
-                                &log_size));
-    char *log = (char *)malloc(log_size);
-    CHECK(clGetProgramBuildInfo(program, device, CL_PROGRAM_BUILD_LOG, log_size,
-                                log, NULL));
-    printf("      Build log:\n%s\n", log);
-    free(log);
-    goto cleanup;
-  }
-
-  printf("      [OK] Kernel compiled successfully!\n");
-
-cleanup:
-  if (program)
-    clReleaseProgram(program);
-  if (context)
-    clReleaseContext(context);
-  printf("\n");
-
-  return exit_err;
-}
-
-int main() {
-  cl_uint num_platforms;
-  cl_platform_id *platforms = NULL;
-
-  // Get number of platforms
-  CHECK(clGetPlatformIDs(0, NULL, &num_platforms));
-
-  printf("Found %d OpenCL platform(s)\n\n", num_platforms);
-
-  if (num_platforms == 0) {
-    printf("No OpenCL platforms found!\n");
-    return EXIT_FAILURE;
-  }
-
-  // Allocate memory for platforms
-  platforms = (cl_platform_id *)malloc(sizeof(cl_platform_id) * num_platforms);
-
-  // Get platform IDs
-  CHECK(clGetPlatformIDs(num_platforms, platforms, NULL));
-
-  // Query each platform and test kernel compilation
-  for (cl_uint i = 0; i < num_platforms; i++) {
-    char platform_name[BUF_LEN];
-    char platform_vendor[BUF_LEN];
-    char platform_version[BUF_LEN];
-
-    CHECK(clGetPlatformInfo(platforms[i], CL_PLATFORM_NAME,
-                            sizeof(platform_name), platform_name, NULL));
-    CHECK(clGetPlatformInfo(platforms[i], CL_PLATFORM_VENDOR,
-                            sizeof(platform_vendor), platform_vendor, NULL));
-    CHECK(clGetPlatformInfo(platforms[i], CL_PLATFORM_VERSION,
-                            sizeof(platform_version), platform_version, NULL));
-
-    printf("Platform %d: %s\n", i, platform_name);
-    printf("  Vendor: %s\n", platform_vendor);
-    printf("  Version: %s\n", platform_version);
-
-    // Test kernel compilation
-    CHECK(test_kernel_compilation(platforms[i]));
-  }
-
-cleanup:
-  if (platforms)
-    free(platforms);
-
-  if (exit_err == CL_SUCCESS)
-    return EXIT_SUCCESS;
-
-  return EXIT_FAILURE;
-}

test/compilers/opencl.nix

@@ -1,104 +0,0 @@
-{
-  stdenv,
-  ocl-icd,
-  opencl-headers,
-  pocl,
-  clinfo,
-  runCommand,
-  lib,
-}:
-
-stdenv.mkDerivation (finalAttrs: {
-  pname = "opencl-pocl-test";
-  version = "1.0.0";
-
-  src = ./opencl.c;
-
-  dontUnpack = true;
-  dontConfigure = true;
-
-  buildInputs = [
-    ocl-icd
-    opencl-headers
-  ];
-
-  buildPhase = ''
-    runHook preBuild
-
-    $CC -Wall -Wextra -D CL_TARGET_OPENCL_VERSION=100 $src -o ocl-hello -lOpenCL
-
-    runHook postBuild
-  '';
-
-  installPhase = ''
-    runHook preInstall
-
-    mkdir -p $out/bin
-    cp ocl-hello $out/bin
-
-    runHook postInstall
-  '';
-
-  passthru = {
-    test-icd =
-      runCommand "custom-clinfo"
-        {
-          nativeBuildInputs =
-            assert !(lib.hasPrefix "pocl" ocl-icd.pname);
-            [
-              clinfo
-              finalAttrs.finalPackage
-              pocl
-            ];
-
-          env = {
-            POCL_DEBUG = "error,warn";
-            POCL_CACHE_DIR = "/build/pocl_cache";
-          };
-
-          requiredSystemFeatures = [ "sys-devices" ];
-        }
-
-        ''
-          set -x
-
-          mkdir $out
-
-          clinfo -l >$out/clinfo
-          clinfo >$out/clinfo-full
-
-          ocl-hello >$out/hello
-
-          for i in $out/*; do
-            grep "Portable Computing Language" $i
-          done
-
-          echo $OCL_ICD_VENDORS >$out/env
-
-          grep "pocl.*/etc/OpenCL/vendors" $out/env
-
-          set +x
-        '';
-    # this needs: ocl-icd = pocl-noicd
-    test-noicd =
-      runCommand "custom-clinfo"
-        {
-          nativeBuildInputs = [
-            finalAttrs.finalPackage
-          ];
-
-          env = {
-            POCL_DEBUG = "error,warn";
-            POCL_CACHE_DIR = "/build/pocl_cache";
-          };
-
-          requiredSystemFeatures = [ "sys-devices" ];
-        }
-
-        ''
-          ocl-hello >$out
-
-          grep "Portable Computing Language" $out
-        '';
-  };
-})

test/compilers/pocl.nix

@@ -1,27 +0,0 @@
-{
-  runCommand,
-  pocl,
-  clinfo,
-}:
-
-runCommand "clinfo-pocl"
-  {
-    nativeBuildInputs = [
-      clinfo
-      pocl
-    ];
-
-    requiredSystemFeatures = [ "sys-devices" ];
-
-    env = {
-      POCL_DEBUG = "error,warn";
-      POCL_CACHE_DIR = "/build/pocl_cache";
-    };
-  }
-  ''
-    echo $OCL_ICD_VENDORS
-    clinfo >$out
-
-    # check that we have PoCL:
-    grep "Portable Computing Language" $out
-  ''