Compare commits

..

1 Commits

Author SHA1 Message Date
0287ac80b8
Clean up paraver derivations 2025-10-07 17:03:13 +02:00
60 changed files with 183 additions and 1142 deletions

View File

@ -12,9 +12,4 @@ jobs:
runs-on: native runs-on: native
steps: steps:
- uses: https://gitea.com/ScMi1/checkout@v1.4 - uses: https://gitea.com/ScMi1/checkout@v1.4
- run: nix build -L --no-link --print-out-paths .#bsc.ci.all - run: nix build -L --no-link --print-out-paths .#bsc-ci.all
build:cross:
runs-on: native
steps:
- uses: https://gitea.com/ScMi1/checkout@v1.4
- run: nix build -L --no-link --print-out-paths .#bsc.ci.cross

View File

@ -1,30 +0,0 @@
# Maintainers
## Role of a maintainer
The responsibilities of maintainers are quite lax, and similar in spirit to
[nixpkgs' maintainers][1]:
The main responsibility of a maintainer is to keep the packages they
maintain in a functioning state, and keep up with updates. In order to do
that, they are empowered to make decisions over the packages they maintain.
That being said, the maintainer is not alone in proposing changes to the
packages. Anybody (both bots and humans) can send PRs to bump or tweak the
package.
In practice, this means that when updating or proposing changes to a package,
we will notify maintainers by mentioning them in Gitea so they can test changes
and give feedback.
Since we do bi-yearly release cycles, there is no expectation from maintainers
to update packages at each upstream release. Nevertheless, on each release cycle
we may request help from maintainers when updating or testing their packages.
## Becoming a maintainer
You'll have to add yourself in the `maintainers.nix` list; your username should
match your `bsc.es` email. Then you can add yourself to the `meta.maintainers`
of any package you are interested in maintaining.
[1]: [https://github.com/NixOS/nixpkgs/tree/nixos-25.05/maintainers]

82
flake.lock generated
View File

@ -1,5 +1,71 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1752436162, "lastModified": 1752436162,
@ -18,8 +84,24 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View File

@ -1,13 +1,15 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, ... }: outputs = { self, nixpkgs, agenix, ... }:
let let
mkConf = name: nixpkgs.lib.nixosSystem { mkConf = name: nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit nixpkgs; theFlake = self; }; specialArgs = { inherit nixpkgs agenix; theFlake = self; };
modules = [ "${self.outPath}/m/${name}/configuration.nix" ]; modules = [ "${self.outPath}/m/${name}/configuration.nix" ];
}; };
# For now we only support x86 # For now we only support x86
@ -40,13 +42,11 @@ in
# full nixpkgs with our overlay applied # full nixpkgs with our overlay applied
legacyPackages.${system} = pkgs; legacyPackages.${system} = pkgs;
hydraJobs = self.legacyPackages.${system}.bsc.hydraJobs; hydraJobs = {
inherit (self.legacyPackages.${system}.bsc-ci) tests pkgs cross;
};
# propagate nixpkgs lib, so we can do bscpkgs.lib # propagate nixpkgs lib, so we can do bscpkgs.lib
lib = nixpkgs.lib // { inherit (nixpkgs) lib;
maintainers = nixpkgs.lib.maintainers // {
bsc = import ./pkgs/maintainers.nix;
};
};
}; };
} }

View File

@ -11,7 +11,6 @@
./base/hw.nix ./base/hw.nix
./base/net.nix ./base/net.nix
./base/nix.nix ./base/nix.nix
./base/sys-devices.nix
./base/ntp.nix ./base/ntp.nix
./base/rev.nix ./base/rev.nix
./base/ssh.nix ./base/ssh.nix

View File

@ -1,8 +1,9 @@
{ pkgs, ... }: { agenix, ... }:
{ {
imports = [ ../../module/agenix.nix ]; imports = [ agenix.nixosModules.default ];
# Add agenix to system packages environment.systemPackages = [
environment.systemPackages = [ pkgs.agenix ]; agenix.packages.x86_64-linux.default
];
} }

View File

@ -1,9 +0,0 @@
{
nix.settings.system-features = [ "sys-devices" ];
programs.nix-required-mounts.enable = true;
programs.nix-required-mounts.allowedPatterns.sys-devices.paths = [
"/sys/devices/system/cpu"
"/sys/devices/system/node"
];
}

View File

@ -180,19 +180,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc"
]; ];
}; };
aaguirre = {
uid = 9655;
isNormalUser = true;
home = "/home/Computational/aaguirre";
description = "Alejandro Aguirre";
group = "Computational";
hosts = [ "apex" "hut" ];
hashedPassword = "$6$TXRXQT6jjBvxkxU6$E.sh5KspAm1qeG5Ct7OPHpo8REmbGDwjFGvqeGgTVz3GASGOAnPL7UMZsMAsAKBoahOw.v8LNno6XGrTEPzZH1";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlRX7ZCnqtUJYCxKgWmgSrFCYuA2LHY96rVwqxXPl86 aaguirre@BSC-8488184117"
];
};
}; };
groups = { groups = {

View File

@ -4,8 +4,8 @@ let
name = "jungle-web"; name = "jungle-web";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git"; url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c"; rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1";
hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M="; hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4=";
}; };
buildInputs = [ pkgs.hugo ]; buildInputs = [ pkgs.hugo ];
buildPhase = '' buildPhase = ''

View File

@ -1,357 +0,0 @@
{
config,
options,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.age;
isDarwin = lib.attrsets.hasAttrByPath [ "environment" "darwinConfig" ] options;
ageBin = config.age.ageBin;
users = config.users.users;
sysusersEnabled =
if isDarwin then
false
else
options.systemd ? sysusers && (config.systemd.sysusers.enable || config.services.userborn.enable);
mountCommand =
if isDarwin then
''
if ! diskutil info "${cfg.secretsMountPoint}" &> /dev/null; then
num_sectors=1048576
dev=$(hdiutil attach -nomount ram://"$num_sectors" | sed 's/[[:space:]]*$//')
newfs_hfs -v agenix "$dev"
mount -t hfs -o nobrowse,nodev,nosuid,-m=0751 "$dev" "${cfg.secretsMountPoint}"
fi
''
else
''
grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts ||
mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0751
'';
newGeneration = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] creating new generation in ${cfg.secretsMountPoint}/$_agenix_generation"
mkdir -p "${cfg.secretsMountPoint}"
chmod 0751 "${cfg.secretsMountPoint}"
${mountCommand}
mkdir -p "${cfg.secretsMountPoint}/$_agenix_generation"
chmod 0751 "${cfg.secretsMountPoint}/$_agenix_generation"
'';
chownGroup = if isDarwin then "admin" else "keys";
# chown the secrets mountpoint and the current generation to the keys group
# instead of leaving it root:root.
chownMountPoint = ''
chown :${chownGroup} "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_agenix_generation"
'';
setTruePath = secretType: ''
${
if secretType.symlink then
''
_truePath="${cfg.secretsMountPoint}/$_agenix_generation/${secretType.name}"
''
else
''
_truePath="${secretType.path}"
''
}
'';
installSecret = secretType: ''
${setTruePath secretType}
echo "decrypting '${secretType.file}' to '$_truePath'..."
TMP_FILE="$_truePath.tmp"
IDENTITIES=()
for identity in ${toString cfg.identityPaths}; do
test -r "$identity" || continue
test -s "$identity" || continue
IDENTITIES+=(-i)
IDENTITIES+=("$identity")
done
test "''${#IDENTITIES[@]}" -eq 0 && echo "[agenix] WARNING: no readable identities found!"
mkdir -p "$(dirname "$_truePath")"
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && mkdir -p "$(dirname "${secretType.path}")"
(
umask u=r,g=,o=
test -f "${secretType.file}" || echo '[agenix] WARNING: encrypted file ${secretType.file} does not exist!'
test -d "$(dirname "$TMP_FILE")" || echo "[agenix] WARNING: $(dirname "$TMP_FILE") does not exist!"
LANG=${
config.i18n.defaultLocale or "C"
} ${ageBin} --decrypt "''${IDENTITIES[@]}" -o "$TMP_FILE" "${secretType.file}"
)
chmod ${secretType.mode} "$TMP_FILE"
mv -f "$TMP_FILE" "$_truePath"
${optionalString secretType.symlink ''
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
''}
'';
testIdentities = map (path: ''
test -f ${path} || echo '[agenix] WARNING: config.age.identityPaths entry ${path} not present!'
'') cfg.identityPaths;
cleanupAndLink = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
(( _agenix_generation > 1 )) && {
echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
}
'';
installSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] decrypting secrets...'" ]
++ testIdentities
++ (map installSecret (builtins.attrValues cfg.secrets))
++ [ cleanupAndLink ]
);
chownSecret = secretType: ''
${setTruePath secretType}
chown ${secretType.owner}:${secretType.group} "$_truePath"
'';
chownSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] chowning...'" ]
++ [ chownMountPoint ]
++ (map chownSecret (builtins.attrValues cfg.secrets))
);
secretType = types.submodule (
{ config, ... }:
{
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
defaultText = literalExpression "config._module.args.name";
description = ''
Name of the file used in {option}`age.secretsDir`
'';
};
file = mkOption {
type = types.path;
description = ''
Age file the secret is loaded from.
'';
};
path = mkOption {
type = types.str;
default = "${cfg.secretsDir}/${config.name}";
defaultText = literalExpression ''
"''${cfg.secretsDir}/''${config.name}"
'';
description = ''
Path where the decrypted secret is installed.
'';
};
mode = mkOption {
type = types.str;
default = "0400";
description = ''
Permissions mode of the decrypted secret in a format understood by chmod.
'';
};
owner = mkOption {
type = types.str;
default = "0";
description = ''
User of the decrypted secret.
'';
};
group = mkOption {
type = types.str;
default = users.${config.owner}.group or "0";
defaultText = literalExpression ''
users.''${config.owner}.group or "0"
'';
description = ''
Group of the decrypted secret.
'';
};
symlink = mkEnableOption "symlinking secrets to their destination" // {
default = true;
};
};
}
);
in
{
imports = [
(mkRenamedOptionModule [ "age" "sshKeyPaths" ] [ "age" "identityPaths" ])
];
options.age = {
ageBin = mkOption {
type = types.str;
default = "${pkgs.age}/bin/age";
defaultText = literalExpression ''
"''${pkgs.age}/bin/age"
'';
description = ''
The age executable to use.
'';
};
secrets = mkOption {
type = types.attrsOf secretType;
default = { };
description = ''
Attrset of secrets.
'';
};
secretsDir = mkOption {
type = types.path;
default = "/run/agenix";
description = ''
Folder where secrets are symlinked to
'';
};
secretsMountPoint = mkOption {
type =
types.addCheck types.str (
s:
(builtins.match "[ \t\n]*" s) == null # non-empty
&& (builtins.match ".+/" s) == null
) # without trailing slash
// {
description = "${types.str.description} (with check: non-empty without trailing slash)";
};
default = "/run/agenix.d";
description = ''
Where secrets are created before they are symlinked to {option}`age.secretsDir`
'';
};
identityPaths = mkOption {
type = types.listOf types.path;
default =
if isDarwin then
[
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false) then
map (e: e.path) (
lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys
)
else
[ ];
defaultText = literalExpression ''
if isDarwin
then [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false)
then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
else [];
'';
description = ''
Path to SSH keys to be used as identities in age decryption.
'';
};
};
config = mkIf (cfg.secrets != { }) (mkMerge [
{
assertions = [
{
assertion = cfg.identityPaths != [ ];
message = "age.identityPaths must be set, for example by enabling openssh.";
}
];
}
(optionalAttrs (!isDarwin) {
# When using sysusers we no longer be started as an activation script
# because those are started in initrd while sysusers is started later.
systemd.services.agenix-install-secrets = mkIf sysusersEnabled {
wantedBy = [ "sysinit.target" ];
after = [ "systemd-sysusers.service" ];
unitConfig.DefaultDependencies = "no";
path = [ pkgs.mount ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "agenix-install" (concatLines [
newGeneration
installSecrets
chownSecrets
]);
RemainAfterExit = true;
};
};
# Create a new directory full of secrets for symlinking (this helps
# ensure removed secrets are actually removed, or at least become
# invalid symlinks).
system.activationScripts = mkIf (!sysusersEnabled) {
agenixNewGeneration = {
text = newGeneration;
deps = [
"specialfs"
];
};
agenixInstall = {
text = installSecrets;
deps = [
"agenixNewGeneration"
"specialfs"
];
};
# So user passwords can be encrypted.
users.deps = [ "agenixInstall" ];
# Change ownership and group after users and groups are made.
agenixChown = {
text = chownSecrets;
deps = [
"users"
"groups"
];
};
# So other activation scripts can depend on agenix being done.
agenix = {
text = "";
deps = [ "agenixChown" ];
};
};
})
(optionalAttrs isDarwin {
launchd.daemons.activate-agenix = {
script = ''
set -e
set -o pipefail
export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
${newGeneration}
${installSecrets}
${chownSecrets}
exit 0
'';
serviceConfig = {
RunAtLoad = true;
KeepAlive.SuccessfulExit = false;
};
};
})
]);
}

View File

@ -4,8 +4,8 @@ let
name = "jungle-web"; name = "jungle-web";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git"; url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c"; rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1";
hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M="; hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4=";
}; };
buildInputs = [ pkgs.hugo ]; buildInputs = [ pkgs.hugo ];
buildPhase = '' buildPhase = ''

View File

@ -7,7 +7,6 @@ let
callPackage = final.callPackage; callPackage = final.callPackage;
bscPkgs = { bscPkgs = {
agenix = prev.callPackage ./pkgs/agenix/default.nix { };
amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { }; amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { };
bench6 = callPackage ./pkgs/bench6/default.nix { }; bench6 = callPackage ./pkgs/bench6/default.nix { };
bigotes = callPackage ./pkgs/bigotes/default.nix { }; bigotes = callPackage ./pkgs/bigotes/default.nix { };
@ -63,7 +62,7 @@ let
}; };
tests = rec { tests = rec {
hwloc = callPackage ./test/bugs/hwloc.nix { }; #hwloc = callPackage ./test/bugs/hwloc.nix { }; # Broken, no /sys
#sigsegv = callPackage ./test/reproducers/sigsegv.nix { }; #sigsegv = callPackage ./test/reproducers/sigsegv.nix { };
hello-c = callPackage ./test/compilers/hello-c.nix { }; hello-c = callPackage ./test/compilers/hello-c.nix { };
hello-cpp = callPackage ./test/compilers/hello-cpp.nix { }; hello-cpp = callPackage ./test/compilers/hello-cpp.nix { };
@ -95,18 +94,12 @@ let
}; };
}; };
# For now, only build toplevel packages in CI/Hydra pkgs = filterAttrs (_: isDerivation) bscPkgs;
pkgsTopLevel = filterAttrs (_: isDerivation) bscPkgs;
# Native build in that platform doesn't imply cross build works crossTargets = [ "riscv64" ];
canCrossCompile = platform: pkg: cross = prev.lib.genAttrs crossTargets (target:
(isDerivation pkg) && final.pkgsCross.${target}.bsc-ci.pkgs
# Must be defined explicitly );
(pkg.meta.cross or false) &&
(meta.availableOn platform pkg);
# For now only RISC-V
crossSet = { riscv64 = final.pkgsCross.riscv64.bsc.pkgsTopLevel; };
buildList = name: paths: buildList = name: paths:
final.runCommandLocal name { } '' final.runCommandLocal name { } ''
@ -120,38 +113,22 @@ let
printf '%s\n' $deps >$out printf '%s\n' $deps >$out
''; '';
pkgsList = buildList "ci-pkgs" (builtins.attrValues pkgsTopLevel); crossList = builtins.mapAttrs (t: v: buildList t (builtins.attrValues v)) cross;
testsList = buildList "ci-tests" (collect isDerivation tests);
allList = buildList' "ci-all" [ pkgsList testsList ]; pkgsList = buildList "ci-pkgs" (builtins.attrValues pkgs);
# For now only RISC-V testList = buildList "ci-tests" (collect isDerivation tests);
crossList = buildList "ci-cross"
(filter all = buildList' "ci-all" [ pkgsList testList ];
(canCrossCompile final.pkgsCross.riscv64.stdenv.hostPlatform)
(builtins.attrValues crossSet.riscv64));
in bscPkgs // { in bscPkgs // {
# Prevent accidental usage of bsc attribute
lib = prev.lib // { bsc = throw "the bsc attribute is deprecated, packages are now in the root";
maintainers = prev.lib.maintainers // {
bsc = import ./pkgs/maintainers.nix;
};
};
# Prevent accidental usage of bsc-ci attribute
bsc-ci = throw "the bsc-ci attribute is deprecated, use bsc.ci";
# Internal for our CI tests # Internal for our CI tests
bsc = { bsc-ci = {
# CI targets for nix build inherit pkgs pkgsList;
ci = { pkgs = pkgsList; tests = testsList; all = allList; cross = crossList; }; inherit tests testList;
inherit cross crossList;
# Direct access to package sets inherit all;
tests = tests;
pkgs = bscPkgs;
pkgsTopLevel = pkgsTopLevel;
cross = crossSet;
# Hydra uses attribute sets of pkgs
hydraJobs = { tests = tests; pkgs = pkgsTopLevel; cross = crossSet; };
}; };
} }

View File

@ -1,212 +0,0 @@
#!/usr/bin/env bash
set -Eeuo pipefail
PACKAGE="agenix"
function show_help () {
echo "$PACKAGE - edit and rekey age secret files"
echo " "
echo "$PACKAGE -e FILE [-i PRIVATE_KEY]"
echo "$PACKAGE -r [-i PRIVATE_KEY]"
echo ' '
echo 'options:'
echo '-h, --help show help'
# shellcheck disable=SC2016
echo '-e, --edit FILE edits FILE using $EDITOR'
echo '-r, --rekey re-encrypts all secrets with specified recipients'
echo '-d, --decrypt FILE decrypts FILE to STDOUT'
echo '-i, --identity identity to use when decrypting'
echo '-v, --verbose verbose output'
echo ' '
echo 'FILE an age-encrypted file'
echo ' '
echo 'PRIVATE_KEY a path to a private SSH key used to decrypt file'
echo ' '
echo 'EDITOR environment variable of editor to use when editing FILE'
echo ' '
echo 'If STDIN is not interactive, EDITOR will be set to "cp /dev/stdin"'
echo ' '
echo 'RULES environment variable with path to Nix file specifying recipient public keys.'
echo "Defaults to './secrets.nix'"
echo ' '
echo "agenix version: @version@"
echo "age binary path: @ageBin@"
echo "age version: $(@ageBin@ --version)"
}
function warn() {
printf '%s\n' "$*" >&2
}
function err() {
warn "$*"
exit 1
}
test $# -eq 0 && (show_help && exit 1)
REKEY=0
DECRYPT_ONLY=0
DEFAULT_DECRYPT=(--decrypt)
while test $# -gt 0; do
case "$1" in
-h|--help)
show_help
exit 0
;;
-e|--edit)
shift
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-i|--identity)
shift
if test $# -gt 0; then
DEFAULT_DECRYPT+=(--identity "$1")
else
echo "no PRIVATE_KEY specified"
exit 1
fi
shift
;;
-r|--rekey)
shift
REKEY=1
;;
-d|--decrypt)
shift
DECRYPT_ONLY=1
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-v|--verbose)
shift
set -x
;;
*)
show_help
exit 1
;;
esac
done
RULES=${RULES:-./secrets.nix}
function cleanup {
if [ -n "${CLEARTEXT_DIR+x}" ]
then
rm -rf -- "$CLEARTEXT_DIR"
fi
if [ -n "${REENCRYPTED_DIR+x}" ]
then
rm -rf -- "$REENCRYPTED_DIR"
fi
}
trap "cleanup" 0 2 3 15
function keys {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
}
function armor {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in (builtins.hasAttr \"armor\" rules.\"$1\" && rules.\"$1\".armor))") || exit 1
}
function decrypt {
FILE=$1
KEYS=$2
if [ -z "$KEYS" ]
then
err "There is no rule for $FILE in $RULES."
fi
if [ -f "$FILE" ]
then
DECRYPT=("${DEFAULT_DECRYPT[@]}")
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
if [ -f "$HOME/.ssh/id_rsa" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_rsa")
fi
if [ -f "$HOME/.ssh/id_ed25519" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_ed25519")
fi
fi
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
err "No identity found to decrypt $FILE. Try adding an SSH key at $HOME/.ssh/id_rsa or $HOME/.ssh/id_ed25519 or using the --identity flag to specify a file."
fi
@ageBin@ "${DECRYPT[@]}" -- "$FILE" || exit 1
fi
}
function edit {
FILE=$1
KEYS=$(keys "$FILE") || exit 1
ARMOR=$(armor "$FILE") || exit 1
CLEARTEXT_DIR=$(@mktempBin@ -d)
CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename -- "$FILE")"
DEFAULT_DECRYPT+=(-o "$CLEARTEXT_FILE")
decrypt "$FILE" "$KEYS" || exit 1
[ ! -f "$CLEARTEXT_FILE" ] || cp -- "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"
[ -t 0 ] || EDITOR='cp -- /dev/stdin'
$EDITOR "$CLEARTEXT_FILE"
if [ ! -f "$CLEARTEXT_FILE" ]
then
warn "$FILE wasn't created."
return
fi
[ -f "$FILE" ] && [ "$EDITOR" != ":" ] && @diffBin@ -q -- "$CLEARTEXT_FILE.before" "$CLEARTEXT_FILE" && warn "$FILE wasn't changed, skipping re-encryption." && return
ENCRYPT=()
if [[ "$ARMOR" == "true" ]]; then
ENCRYPT+=(--armor)
fi
while IFS= read -r key
do
if [ -n "$key" ]; then
ENCRYPT+=(--recipient "$key")
fi
done <<< "$KEYS"
REENCRYPTED_DIR=$(@mktempBin@ -d)
REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename -- "$FILE")"
ENCRYPT+=(-o "$REENCRYPTED_FILE")
@ageBin@ "${ENCRYPT[@]}" <"$CLEARTEXT_FILE" || exit 1
mkdir -p -- "$(dirname -- "$FILE")"
mv -f -- "$REENCRYPTED_FILE" "$FILE"
}
function rekey {
FILES=$( (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in builtins.attrNames rules)" | @jqBin@ -r .[]) || exit 1)
for FILE in $FILES
do
warn "rekeying $FILE..."
EDITOR=: edit "$FILE"
cleanup
done
}
[ $REKEY -eq 1 ] && rekey && exit 0
[ $DECRYPT_ONLY -eq 1 ] && DEFAULT_DECRYPT+=("-o" "-") && decrypt "${FILE}" "$(keys "$FILE")" && exit 0
edit "$FILE" && cleanup && exit 0

View File

@ -1,66 +0,0 @@
{
lib,
stdenv,
age,
jq,
nix,
mktemp,
diffutils,
replaceVars,
ageBin ? "${age}/bin/age",
shellcheck,
}:
let
bin = "${placeholder "out"}/bin/agenix";
in
stdenv.mkDerivation rec {
pname = "agenix";
version = "0.15.0";
src = replaceVars ./agenix.sh {
inherit ageBin version;
jqBin = "${jq}/bin/jq";
nixInstantiate = "${nix}/bin/nix-instantiate";
mktempBin = "${mktemp}/bin/mktemp";
diffBin = "${diffutils}/bin/diff";
};
dontUnpack = true;
doInstallCheck = true;
installCheckInputs = [ shellcheck ];
postInstallCheck = ''
shellcheck ${bin}
${bin} -h | grep ${version}
test_tmp=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
export HOME="$test_tmp/home"
export NIX_STORE_DIR="$test_tmp/nix/store"
export NIX_STATE_DIR="$test_tmp/nix/var"
mkdir -p "$HOME" "$NIX_STORE_DIR" "$NIX_STATE_DIR"
function cleanup {
rm -rf "$test_tmp"
}
trap "cleanup" 0 2 3 15
mkdir -p $HOME/.ssh
cp -r "${./example}" $HOME/secrets
chmod -R u+rw $HOME/secrets
(
umask u=rw,g=r,o=r
cp ${./example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
chown $UID $HOME/.ssh/id_ed25519.pub
)
(
umask u=rw,g=,o=
cp ${./example_keys/user1} $HOME/.ssh/id_ed25519
chown $UID $HOME/.ssh/id_ed25519
)
cd $HOME/secrets
test $(${bin} -d secret1.age) = "hello"
'';
installPhase = ''
install -D $src ${bin}
'';
meta.description = "age-encrypted secrets for NixOS";
}

View File

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA zirqdzZZ1E+sedBn7fbEHq4ntLEkokZ4GctarBBOHXY
Rvs5YHaAUeCZyNwPedubPcHClWYIuXXWA5zadXPWY6w
-> ssh-ed25519 KLPP8w BVp4rDkOYSQyn8oVeHFeinSqW+pdVtxBF9+5VM1yORY
bMwppAi8Nhz0328taU4AzUkTVyWtSLvFZG6c5W/Fs78
--- xCbqLhXAcOziO2wmbjTiSQfZvt5Rlsc4SCvF+iEzpQA
ôKB£î/²ZÅÈrÙ%¾à4¡´—Mq5×Ô_ÌÂ݆ã„Ò11 ܨqM;& ¢‡LríÂÒføû”]>N

View File

@ -1,7 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFYzWG1FQSBpZkZW
aFpLNnJxc0VUMHRmZ2dZS0pjMGVENnR3OHd5K0RiT1RjRUhibFZBCnN5UG5vUjA3
SXpsNGtiVUw4T0tIVFo5Wkk5QS9NQlBndzVvektiQ0ozc0kKLS0tIGxyY1Q4dEZ1
VGZEanJyTFNta2JNRmpZb2FnK2JyS1hSVml1UGdMNWZKQXMKYla+wTXcRedyZoEb
LVWaSx49WoUTU0KBPJg9RArxaeC23GoCDzR/aM/1DvYU
-----END AGE ENCRYPTED FILE-----

View File

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 KLPP8w s1DYZRlZuSsyhmZCF1lFB+E9vB8bZ/+ZhBRlx8nprwE
nmYVCsVBrX2CFXXPU+D+bbkkIe/foofp+xoUrg9DHZw
-> ssh-ed25519 V3XmEA Pwv3oCwcY0DX8rY48UNfsj9RumWsn4dbgorYHCwObgI
FKxRYkL3JHtJxUwymWDF0rAtJ33BivDI6IfPsfumM90
-> V'v(/u$-grease em/Vgf 2qDuk
7I3iiQLPGi1COML9u/JeYkr7EqbSLoU
--- 57WJRigUGtmcObrssS3s4PvmR8wgh1AOC/ijJn1s3xI
<EFBFBD>'K©Æ·Y&7GÆOÝòFj±kÆXç«BnuJöê:9Ê(ÙÏX¬#¼AíÄÞÃÚ§j,ê_ÈþÝ?ÝZ“¥vœ¹V96]oks~%£c Îe^CÅ%JQ5€<H¢z}îCý,°pŒ¿*!W§§ÈA±º­Ò…dC¼K)¿¢-žy

Binary file not shown.

View File

@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA OB4+1FbPhQ3r6iGksM7peWX5it8NClpXIq/o5nnP7GA
FmHVUj+A5i5+bDFgySQskmlvynnosJiWUTJmBRiNA9I
--- tP+3mFVtd7ogVu1Lkboh55zoi5a77Ht08Uc/QuIviv4
¤¬Xæ{”ïOŠ£èätMXxÔvÓª(¬IÁmyPÇï¸è+3²S3i

View File

@ -1,23 +0,0 @@
let
user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH";
system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE";
in
{
"secret1.age".publicKeys = [
user1
system1
];
"secret2.age".publicKeys = [ user1 ];
"passwordfile-user1.age".publicKeys = [
user1
system1
];
"-leading-hyphen-filename.age".publicKeys = [
user1
system1
];
"armored-secret.age" = {
publicKeys = [ user1 ];
armor = true;
};
}

View File

@ -1,7 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxAAAAJA3yvCWN8rw
lgAAAAtzc2gtZWQyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxA
AAAEA+J2V6AG1NriAIvnNKRauIEh1JE9HSdhvKJ68a5Fm0w/JDyIr/FSz1cJdcoW69R+Nr
WzwGK/+3gJpqD1t8L2zEAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE

View File

@ -1,7 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRwAAAJC2JJ8htiSf
IQAAAAtzc2gtZWQyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRw
AAAEDxt5gC/s53IxiKAjfZJVCCcFIsdeERdIgbYhLO719+Kb0idNvgGiucWgup/mP78zyC
23uFjYq0evcWdjGQUaBHAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

View File

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH

View File

@ -1,23 +0,0 @@
#!/bin/sh
set -e
# All operations are done relative to root
GITROOT=$(git rev-parse --show-toplevel)
cd "$GITROOT"
REVISION=${1:-main}
TMPCLONE=$(mktemp -d)
trap "rm -rf ${TMPCLONE}" EXIT
git clone https://github.com/ryantm/agenix.git --revision="$REVISION" "$TMPCLONE" --depth=1
cp "${TMPCLONE}/pkgs/agenix.sh" pkgs/agenix/agenix.sh
cp "${TMPCLONE}/pkgs/agenix.nix" pkgs/agenix/default.nix
sed -i 's#../example#./example#' pkgs/agenix/default.nix
cp "${TMPCLONE}/example/"* pkgs/agenix/example/
cp "${TMPCLONE}/example_keys/"* pkgs/agenix/example_keys/
cp "${TMPCLONE}/modules/age.nix" m/module/agenix.nix

View File

@ -86,13 +86,4 @@ in
patchelf --add-needed libnuma.so $out/bin/AMDuProfPcm patchelf --add-needed libnuma.so $out/bin/AMDuProfPcm
set +x set +x
''; '';
meta = {
description = "Performance analysis tool-suite for x86 based applications";
homepage = "https://www.amd.com/es/developer/uprof.html";
platforms = lib.platforms.linux;
license = lib.licenses.unfree;
maintainers = with lib.maintainers.bsc; [ rarias varcila ];
};
} }

View File

@ -29,7 +29,5 @@ in stdenv.mkDerivation {
description = "AMD Power Profiler Driver"; description = "AMD Power Profiler Driver";
homepage = "https://www.amd.com/es/developer/uprof.html"; homepage = "https://www.amd.com/es/developer/uprof.html";
platforms = lib.platforms.linux; platforms = lib.platforms.linux;
license = lib.licenses.unfree;
maintainers = with lib.maintainers.bsc; [ rarias varcila ];
}; };
} }

View File

@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, bigotes , bigotes
, cmake , cmake
, clangOmpss2 , clangOmpss2
@ -59,12 +58,4 @@ stdenv.mkDerivation rec {
]; ];
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
dontStrip = true; dontStrip = true;
meta = {
homepage = "https://gitlab.pm.bsc.es/rarias/bench6";
description = "Set of micro-benchmarks for OmpSs-2 and several mini-apps";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, fetchFromGitHub , fetchFromGitHub
, cmake , cmake
}: }:
@ -15,12 +14,4 @@ stdenv.mkDerivation {
sha256 = "sha256-ktxM3pXiL8YXSK+/IKWYadijhYXqGoLY6adLk36iigE="; sha256 = "sha256-ktxM3pXiL8YXSK+/IKWYadijhYXqGoLY6adLk36iigE=";
}; };
nativeBuildInputs = [ cmake ]; nativeBuildInputs = [ cmake ];
meta = {
homepage = "https://github.com/rodarima/bigotes";
description = "Versatile benchmark tool";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -20,7 +20,6 @@
#, python3Packages #, python3Packages
, installShellFiles , installShellFiles
, symlinkJoin , symlinkJoin
, enablePapi ? stdenv.hostPlatform == stdenv.buildPlatform # Disabled when cross-compiling
}: }:
let let
@ -88,7 +87,7 @@ stdenv.mkDerivation rec {
--enable-sampling --enable-sampling
--with-unwind=${libunwind.dev} --with-unwind=${libunwind.dev}
--with-xml-prefix=${libxml2.dev} --with-xml-prefix=${libxml2.dev}
${lib.optionalString enablePapi "--with-papi=${papi}"} --with-papi=${papi}
${if (mpi != null) then ''--with-mpi=${mpi}'' ${if (mpi != null) then ''--with-mpi=${mpi}''
else ''--without-mpi''} else ''--without-mpi''}
--without-dyninst) --without-dyninst)
@ -111,13 +110,4 @@ stdenv.mkDerivation rec {
# then [ "--enable-openmp" ] # then [ "--enable-openmp" ]
# else [] # else []
# ); # );
meta = {
homepage = "https://github.com/bsc-performance-tools/extrae";
description = "Instrumentation framework to generate execution traces of the most used parallel runtimes";
maintainers = [ ];
broken = true;
platforms = lib.platforms.linux;
license = lib.licenses.lgpl21Plus;
};
} }

View File

@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, fetchurl , fetchurl
, symlinkJoin , symlinkJoin
, slurm , slurm
@ -53,12 +52,4 @@ stdenv.mkDerivation rec {
buildInputs = [ slurm mpiAll rdma-core-all autoconf automake libtool rsync gfortran ]; buildInputs = [ slurm mpiAll rdma-core-all autoconf automake libtool rsync gfortran ];
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
meta = {
homepage = "https://pm.bsc.es/gitlab/interoperability/extern/GPI-2";
description = "GPI-2 extended for supporting Task-Aware GASPI (TAGASPI) library";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -1,5 +1,4 @@
{ stdenv { stdenv
, lib
, fetchurl , fetchurl
, rpmextract , rpmextract
, autoPatchelfHook , autoPatchelfHook
@ -60,12 +59,4 @@ stdenv.mkDerivation rec {
rm $out/lib/*.dbg rm $out/lib/*.dbg
popd popd
''; '';
meta = {
homepage = "https://www.intel.com/content/www/us/en/developer/tools/overview.html";
description = "Intel compiler";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.unfree;
};
} }

View File

@ -145,12 +145,4 @@ in
popd popd
''; '';
meta = {
homepage = "https://www.intel.com/content/www/us/en/developer/tools/overview.html";
description = "Intel compiler";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.unfree;
};
} }

View File

@ -1,5 +1,4 @@
{ stdenv { stdenv
, lib
, rpmextract , rpmextract
, gcc , gcc
, zlib , zlib
@ -102,12 +101,4 @@ stdenv.mkDerivation rec {
patchelf --set-rpath "$out/lib:${rdma-core}/lib:${libpsm2}/lib" $out/lib/libfabric.so patchelf --set-rpath "$out/lib:${rdma-core}/lib:${libpsm2}/lib" $out/lib/libfabric.so
echo "Patched RPATH in libfabric.so to: $(patchelf --print-rpath $out/lib/libfabric.so)" echo "Patched RPATH in libfabric.so to: $(patchelf --print-rpath $out/lib/libfabric.so)"
''; '';
meta = {
homepage = "https://www.intel.com/content/www/us/en/developer/tools/overview.html";
description = "Intel MPI";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.unfree;
};
} }

View File

@ -26,13 +26,6 @@
let let
meta = {
description = "Intel oneapi hpckit package component";
homepage = "https://www.intel.com/content/www/us/en/developer/tools/oneapi/hpc-toolkit-download.html";
license = lib.licenses.unfree;
maintainers = with lib.maintainers.bsc; [ abonerib ];
};
gcc = gcc13; gcc = gcc13;
v = { v = {
@ -94,8 +87,6 @@ let
dpkg -x $src $out dpkg -x $src $out
done done
''; '';
inherit meta;
}; };
joinDebs = name: names: joinDebs = name: names:
@ -154,8 +145,6 @@ let
sed -i "s:I_MPI_SUBSTITUTE_INSTALLDIR:$out:g" "$i" sed -i "s:I_MPI_SUBSTITUTE_INSTALLDIR:$out:g" "$i"
done done
''; '';
inherit meta;
}; };
intel-tbb = stdenv.mkDerivation rec { intel-tbb = stdenv.mkDerivation rec {
@ -194,8 +183,6 @@ let
rsync -a lib/intel64/gcc4.8/ $out/lib/ rsync -a lib/intel64/gcc4.8/ $out/lib/
popd popd
''; '';
inherit meta;
}; };
intel-compiler-shared = stdenv.mkDerivation rec { intel-compiler-shared = stdenv.mkDerivation rec {
@ -253,8 +240,6 @@ let
popd popd
popd popd
''; '';
inherit meta;
}; };
@ -320,8 +305,6 @@ let
ln -s $out/lib $out/lib_lin ln -s $out/lib $out/lib_lin
popd popd
''; '';
inherit meta;
}; };
intel-compiler = stdenv.mkDerivation rec { intel-compiler = stdenv.mkDerivation rec {
@ -409,8 +392,6 @@ let
rsync -a documentation/en/man/common/ $out/share/man/ rsync -a documentation/en/man/common/ $out/share/man/
popd popd
''; '';
inherit meta;
}; };
wrapIntel = { cc, mygcc, extraBuild ? "", extraInstall ? "" }: wrapIntel = { cc, mygcc, extraBuild ? "", extraInstall ? "" }:

View File

@ -126,12 +126,4 @@ in stdenv.mkDerivation {
# nanos6 installation, but this is would require a recompilation of clang each # nanos6 installation, but this is would require a recompilation of clang each
# time nanos6 is changed. Better to use the environment variable NANOS6_HOME, # time nanos6 is changed. Better to use the environment variable NANOS6_HOME,
# and specify nanos6 at run time. # and specify nanos6 at run time.
meta = {
homepage = "https://gitlab.pm.bsc.es/llvm-ompss/llvm-mono";
description = "C language family frontend for LLVM (for OmpSs-2)";
maintainers = with lib.maintainers.bsc; [ rpenacob ];
platforms = lib.platforms.linux;
license = [ lib.licenses.asl20 lib.licenses.llvm-exception ];
};
} }

View File

@ -74,13 +74,5 @@ stdenv.mkDerivation rec {
passthru = { passthru = {
inherit nosv; inherit nosv;
}; };
meta = {
homepage = "https://gitlab.pm.bsc.es/llvm-ompss/llvm-mono";
description = "Support for the OpenMP language (with nOS-V)";
maintainers = with lib.maintainers.bsc; [ rpenacob ];
platforms = lib.platforms.linux;
license = [ lib.licenses.asl20 lib.licenses.llvm-exception ];
};
} }

View File

@ -35,16 +35,13 @@ stdenv.mkDerivation rec {
CFLAGS=-Wno-implicit-int CFLAGS=-Wno-implicit-int
CPPFLAGS=-I${libtirpc.dev}/include/tirpc CPPFLAGS=-I${libtirpc.dev}/include/tirpc
LDFLAGS=-ltirpc LDFLAGS=-ltirpc
CC=$CC
AR=$AR
) )
''; '';
meta = { meta = {
description = "lmbench"; description = "lmbench";
homepage = "https://github.com/intel/lmbench"; homepage = "http://www.bitmover.com/lmbench/";
maintainers = with lib.maintainers.bsc; [ rarias ]; maintainers = [ ];
platforms = lib.platforms.all; platforms = lib.platforms.all;
license = lib.licenses.gpl2Plus;
}; };
} }

View File

@ -1,7 +0,0 @@
builtins.mapAttrs (name: value: { email = name + "@bsc.es"; } // value) {
abonerib.name = "Aleix Boné";
arocanon.name = "Aleix Roca";
rarias.name = "Rodrigo Arias";
rpenacob.name = "Raúl Peñacoba";
varcila.name = "Vincent Arcila";
}

View File

@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, fetchFromGitHub , fetchFromGitHub
, autoreconfHook , autoreconfHook
, nanos6 , nanos6
@ -63,12 +62,4 @@ stdenv.mkDerivation rec {
# Fails with "memory exhausted" with bison 3.7.1 # Fails with "memory exhausted" with bison 3.7.1
# "--enable-bison-regeneration" # "--enable-bison-regeneration"
]; ];
meta = {
homepage = "https://github.com/bsc-pm/mcxx";
description = "C/C++/Fortran source-to-source compilation infrastructure aimed at fast prototyping";
maintainers = with lib.maintainers.bsc; [ rpenacob ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, fetchFromGitHub , fetchFromGitHub
, autoreconfHook , autoreconfHook
, nanos6 , nanos6
@ -58,12 +57,4 @@ stdenv.mkDerivation rec {
# Fails with "memory exhausted" with bison 3.7.1 # Fails with "memory exhausted" with bison 3.7.1
# "--enable-bison-regeneration" # "--enable-bison-regeneration"
]; ];
meta = {
homepage = "https://github.com/bsc-pm/mcxx";
description = "C/C++/Fortran source-to-source compilation infrastructure aimed at fast prototyping";
maintainers = with lib.maintainers.bsc; [ rpenacob ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -1,5 +1,4 @@
{ stdenv { stdenv
, lib
, fetchgit , fetchgit
, autoreconfHook , autoreconfHook
, nanos6 , nanos6
@ -57,12 +56,4 @@ stdenv.mkDerivation rec {
#preBuild = '' #preBuild = ''
# make generate_builtins_ia32 GXX_X86_BUILTINS=${gcc}/bin/g++ # make generate_builtins_ia32 GXX_X86_BUILTINS=${gcc}/bin/g++
#''; #'';
#
meta = {
homepage = "https://github.com/bsc-pm/mcxx";
description = "C/C++/Fortran source-to-source compilation infrastructure aimed at fast prototyping";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -33,8 +33,4 @@ in mpich.overrideAttrs (old: {
"FCFLAGS=-fallow-argument-mismatch" "FCFLAGS=-fallow-argument-mismatch"
]; ];
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
meta = old.meta // {
maintainers = old.meta.maintainers ++ (with lib.maintainers.bsc; [ rarias ]);
};
}) })

View File

@ -16,7 +16,6 @@
, jemallocNanos6 ? null , jemallocNanos6 ? null
, cachelineBytes ? 64 , cachelineBytes ? 64
, enableGlibcxxDebug ? false , enableGlibcxxDebug ? false
, enablePapi ? stdenv.hostPlatform == stdenv.buildPlatform # Disabled when cross-compiling
, useGit ? false , useGit ? false
, gitUrl ? "ssh://git@bscpm04.bsc.es/nanos6/nanos6" , gitUrl ? "ssh://git@bscpm04.bsc.es/nanos6/nanos6"
, gitBranch ? "master" , gitBranch ? "master"
@ -48,8 +47,6 @@ let
}; };
source = if (useGit) then git else release; source = if (useGit) then git else release;
isCross = stdenv.hostPlatform != stdenv.buildPlatform;
in in
stdenv.mkDerivation (source // { stdenv.mkDerivation (source // {
pname = "nanos6"; pname = "nanos6";
@ -74,13 +71,9 @@ in
"--disable-all-instrumentations" "--disable-all-instrumentations"
"--enable-ovni-instrumentation" "--enable-ovni-instrumentation"
"--with-ovni=${ovni}" "--with-ovni=${ovni}"
"--with-boost=${boost.dev}"
] ++ ] ++
(optional enableJemalloc "--with-jemalloc=${jemallocNanos6}") ++ (optional enableJemalloc "--with-jemalloc=${jemallocNanos6}") ++
(optional enableGlibcxxDebug "CXXFLAGS=-D_GLIBCXX_DEBUG") ++ (optional enableGlibcxxDebug "CXXFLAGS=-D_GLIBCXX_DEBUG");
# Most nanos6 api symbols are resolved at runtime, so prefer
# ifunc by default
(optional isCross "--with-symbol-resolution=ifunc");
postConfigure = lib.optionalString (!enableDebug) '' postConfigure = lib.optionalString (!enableDebug) ''
# Disable debug # Disable debug
@ -104,14 +97,16 @@ in
# TODO: papi_version is needed for configure: # TODO: papi_version is needed for configure:
# ./configure: line 27378: papi_version: command not found # ./configure: line 27378: papi_version: command not found
# This probably breaks cross-compilation # This probably breaks cross-compilation
] ++ lib.optionals enablePapi [ papi ]; papi
];
buildInputs = [ buildInputs = [
boost boost
numactl numactl
hwloc hwloc
papi
ovni ovni
] ++ lib.optionals enablePapi [ papi ]; ];
# Create a script that sets NANOS6_HOME # Create a script that sets NANOS6_HOME
postInstall = '' postInstall = ''
@ -119,12 +114,11 @@ in
echo "export NANOS6_HOME=$out" >> $out/nix-support/setup-hook echo "export NANOS6_HOME=$out" >> $out/nix-support/setup-hook
''; '';
meta = { meta = with lib; {
homepage = "https://github.com/bsc-pm/nanos6"; homepage = "https://github.com/bsc-pm/nanos6";
description = "Nanos6 runtime for OmpSs-2" + description = "Nanos6 runtime for OmpSs-2" +
optionalString (enableDebug) " (with debug symbols)"; optionalString (enableDebug) " (with debug symbols)";
maintainers = with lib.maintainers.bsc; [ rarias ]; platforms = platforms.linux;
platforms = lib.platforms.linux; license = licenses.gpl3;
license = lib.licenses.gpl3Plus;
}; };
}) })

View File

@ -1,4 +1,4 @@
{ jemalloc, lib }: { jemalloc }:
jemalloc.overrideAttrs (old: { jemalloc.overrideAttrs (old: {
configureFlags = old.configureFlags ++ [ configureFlags = old.configureFlags ++ [
@ -8,6 +8,5 @@ jemalloc.overrideAttrs (old: {
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
meta = old.meta // { meta = old.meta // {
description = old.meta.description + " (for Nanos6)"; description = old.meta.description + " (for Nanos6)";
maintainers = (old.meta.maintainers or []) ++ (with lib.maintainers.bsc; [ rarias ]);
}; };
}) })

View File

@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, bashInteractive , bashInteractive
, busybox , busybox
, nix , nix
@ -87,14 +86,5 @@ stdenv.mkDerivation rec {
mkdir -p $out/share mkdir -p $out/share
cp ${nix_conf} $out/share/nix.conf cp ${nix_conf} $out/share/nix.conf
''; '';
meta = {
homepage = null;
description = "nix bubblewrap wrapper";
maintainers = [ ];
broken = true;
platforms = lib.platforms.linux;
license = lib.licenses.mit;
};
} }

View File

@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, glibc , glibc
}: }:
@ -16,11 +15,4 @@ stdenv.mkDerivation rec {
makeFlags = [ "DESTDIR=$(out)" ]; makeFlags = [ "DESTDIR=$(out)" ];
preBuild = "env"; preBuild = "env";
dontPatchShebangs = true; dontPatchShebangs = true;
meta = {
homepage = "https://gitlab.pm.bsc.es/rarias/nixtools";
description = "nix bubblewrap wrapper";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
};
} }

View File

@ -3,6 +3,7 @@
, lib , lib
, fetchFromGitHub , fetchFromGitHub
, pkg-config , pkg-config
, perl
, numactl , numactl
, hwloc , hwloc
, boost , boost
@ -10,7 +11,6 @@
, ovni , ovni
, nosv , nosv
, clangOmpss2 , clangOmpss2
, which
, useGit ? false , useGit ? false
, gitUrl ? "ssh://git@gitlab-internal.bsc.es/nos-v/nodes.git" , gitUrl ? "ssh://git@gitlab-internal.bsc.es/nos-v/nodes.git"
, gitBranch ? "master" , gitBranch ? "master"
@ -59,7 +59,6 @@ in
doCheck = false; doCheck = false;
nativeCheckInputs = [ nativeCheckInputs = [
clangOmpss2 clangOmpss2
which
]; ];
# The "bindnow" flags are incompatible with ifunc resolution mechanism. We # The "bindnow" flags are incompatible with ifunc resolution mechanism. We
@ -82,12 +81,4 @@ in
passthru = { passthru = {
inherit nosv; inherit nosv;
}; };
meta = {
homepage = "https://gitlab.bsc.es/nos-v/nodes";
description = "Runtime library designed to work on top of the nOS-V runtime";
maintainers = with lib.maintainers.bsc; [ abonerib rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -7,7 +7,7 @@
, numactl , numactl
, hwloc , hwloc
, papi , papi
, enablePapi ? stdenv.hostPlatform == stdenv.buildPlatform # Disabled when cross-compiling , enablePapi ? true
, cacheline ? 64 # bits , cacheline ? 64 # bits
, ovni ? null , ovni ? null
, useGit ? false , useGit ? false
@ -59,12 +59,4 @@ in
hwloc hwloc
ovni ovni
] ++ lib.optionals enablePapi [ papi ]; ] ++ lib.optionals enablePapi [ papi ];
meta = {
homepage = "https://gitlab.bsc.es/nos-v/nos-v";
description = "Tasking library enables the co-execution of multiple applications with system-wide scheduling and a centralized management of resources";
maintainers = with lib.maintainers.bsc; [ abonerib rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -55,13 +55,4 @@ in
doCheck = true; doCheck = true;
checkTarget = "test"; checkTarget = "test";
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
meta = {
homepage = "https://ovni.readthedocs.io";
description = "Obtuse but Versatile Nanoscale Instrumentation";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
cross = true;
};
} }

View File

@ -1,6 +1,4 @@
{ { stdenv
stdenv
, lib
, fetchFromGitHub , fetchFromGitHub
, autoreconfHook , autoreconfHook
, boost , boost
@ -13,14 +11,17 @@
, openssl , openssl
, glibcLocales , glibcLocales
, wrapGAppsHook , wrapGAppsHook
, enableDebug ? false
}: }:
let let
wx = wxGTK32; wx = wxGTK32;
in
stdenv.mkDerivation rec {
pname = "wxparaver";
version = "4.12.0"; version = "4.12.0";
in
stdenv.mkDerivation {
pname = "wxparaver";
inherit version;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-performance-tools"; owner = "bsc-performance-tools";
@ -37,21 +38,26 @@ stdenv.mkDerivation rec {
./fix-boost-87.patch ./fix-boost-87.patch
]; ];
hardeningDisable = [ "all" ];
# Fix the PARAVER_HOME variable # Fix the PARAVER_HOME variable
postPatch = '' postPatch = ''
sed -i 's@^PARAVER_HOME=.*$@PARAVER_HOME='$out'@g' docs/wxparaver sed -i 's@^PARAVER_HOME=.*$@PARAVER_HOME='$out'@g' docs/wxparaver
sed -i '1aexport LOCALE_ARCHIVE="${glibcLocales}/lib/locale/locale-archive"' docs/wxparaver sed -i '1aexport LOCALE_ARCHIVE="${glibcLocales}/lib/locale/locale-archive"' docs/wxparaver
''; '';
dontStrip = true;
enableParallelBuilding = true; enableParallelBuilding = true;
preConfigure = '' hardeningDisable = [ "all" ];
export CFLAGS="-O3"
export CXXFLAGS="-O3" dontStrip = true;
'';
env =
let
flags = if enableDebug then "-ggdb -Og" else "-O3";
in
{
CFLAGS = flags;
CXXFLAGS = flags;
};
configureFlags = [ configureFlags = [
"--with-boost=${boost}" "--with-boost=${boost}"
@ -69,11 +75,11 @@ stdenv.mkDerivation rec {
buildInputs = [ buildInputs = [
boost boost
libxml2.dev libxml2
xml2 xml2
wx wx
paraverKernel paraverKernel
openssl.dev openssl
]; ];
postInstall = '' postInstall = ''
@ -89,18 +95,4 @@ stdenv.mkDerivation rec {
mkdir -p $out/share/man mkdir -p $out/share/man
mv $out/share/doc/wxparaver_help_contents/man $out/share/man/man1 mv $out/share/doc/wxparaver_help_contents/man $out/share/man/man1
''; '';
meta = {
homepage = "https://tools.bsc.es/paraver";
downloadPage = "https://github.com/bsc-performance-tools/wxparaver";
description = "Performance analyzer based on event traces";
longDescription = ''
Trace-based visualization and analysis tool designed to study quantitative
detailed metrics and obtain qualitative knowledge of the performance of
applications, libraries, processors and whole architectures
'';
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.lgpl21Plus;
};
} }

View File

@ -1,6 +1,4 @@
{ { stdenv
stdenv
, lib
, fetchFromGitHub , fetchFromGitHub
, autoreconfHook , autoreconfHook
, boost , boost
@ -10,11 +8,16 @@
, automake , automake
, pkg-config , pkg-config
, zlib , zlib
, enableDebug ? false
}: }:
stdenv.mkDerivation rec { let
pname = "paraver-kernel";
version = "4.12.0"; version = "4.12.0";
in
stdenv.mkDerivation {
pname = "paraver-kernel";
inherit version;
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "bsc-performance-tools"; owner = "bsc-performance-tools";
@ -35,10 +38,14 @@ stdenv.mkDerivation rec {
dontStrip = true; dontStrip = true;
preConfigure = '' env =
export CFLAGS="-O3 -DPARALLEL_ENABLED" let
export CXXFLAGS="-O3 -DPARALLEL_ENABLED" flags = "-DPARALLEL_ENABLED " + (if enableDebug then "-ggdb -Og" else "-O3");
''; in
{
CFLAGS = flags;
CXXFLAGS = flags;
};
configureFlags = [ configureFlags = [
"--with-boost=${boost}" "--with-boost=${boost}"
@ -58,13 +65,4 @@ stdenv.mkDerivation rec {
xml2 xml2
zlib zlib
]; ];
meta = {
homepage = "https://tools.bsc.es/paraver";
downloadPage = "https://github.com/bsc-performance-tools/paraver-kernel";
description = "Kernel library used by wxparaver";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.lgpl21Plus;
};
} }

View File

@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, autoreconfHook , autoreconfHook
, fetchFromGitHub , fetchFromGitHub
, ovni , ovni
@ -28,12 +27,4 @@ stdenv.mkDerivation rec {
ovni ovni
mpi mpi
]; ];
meta = {
homepage = "https://github.com/bsc-pm/sonar";
description = "Set of runtime libraries which instrument parallel programming models through the ovni instrumentation library";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.mit;
};
} }

View File

@ -1,6 +1,5 @@
{ {
stdenv stdenv
, lib
, fetchFromGitHub , fetchFromGitHub
, automake , automake
, autoconf , autoconf
@ -56,12 +55,4 @@ stdenv.mkDerivation rec {
]; ];
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
meta = {
homepage = "https://github.com/bsc-pm/tagaspi";
description = "Task-Aware GASPI";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -61,12 +61,4 @@ in stdenv.mkDerivation {
configureFlags = optional (enableOvni) "--with-ovni=${ovni}"; configureFlags = optional (enableOvni) "--with-ovni=${ovni}";
dontDisableStatic = true; dontDisableStatic = true;
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
meta = {
homepage = "https://github.com/bsc-pm/tampi";
description = "Task-Aware MPI";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
};
} }

View File

@ -6,7 +6,6 @@
stdenv.mkDerivation { stdenv.mkDerivation {
name = "hwloc-test"; name = "hwloc-test";
requiredSystemFeatures = [ "sys-devices" ];
src = ./.; src = ./.;
@ -15,7 +14,7 @@ stdenv.mkDerivation {
buildPhase = '' buildPhase = ''
ls -l /sys ls -l /sys
gcc -lhwloc hwloc.c -o hwloc gcc -lhwloc hwloc.c -o hwloc
strace ./hwloc > $out strace ./hwloc
''; '';
} }

View File

@ -23,8 +23,9 @@ in stdenv.mkDerivation {
dontUnpack = true; dontUnpack = true;
dontConfigure = true; dontConfigure = true;
# nOS-V requires access to /sys/devices to request NUMA information # nOS-V requires access to /sys/devices to request NUMA information. It will
requiredSystemFeatures = [ "sys-devices" ]; # fail to run otherwise, so we disable the sandbox for this test.
__noChroot = true;
buildInputs = [ openmp ]; buildInputs = [ openmp ];

View File

@ -36,8 +36,9 @@ in stdenv.mkDerivation {
dontUnpack = true; dontUnpack = true;
dontConfigure = true; dontConfigure = true;
# nOS-V requires access to /sys/devices to request NUMA information # nOS-V requires access to /sys/devices to request NUMA information. It will
requiredSystemFeatures = [ "sys-devices" ]; # fail to run otherwise, so we disable the sandbox for this test.
__noChroot = true;
buildInputs = [ nosv ]; buildInputs = [ nosv ];

View File

@ -24,8 +24,9 @@ in stdenv.mkDerivation {
dontUnpack = true; dontUnpack = true;
dontConfigure = true; dontConfigure = true;
# nOS-V requires access to /sys/devices to request NUMA information # nOS-V requires access to /sys/devices to request NUMA information. It will
requiredSystemFeatures = [ "sys-devices" ]; # fail to run otherwise, so we disable the sandbox for this test.
__noChroot = true;
buildPhase = '' buildPhase = ''
set -x set -x

View File

@ -25,10 +25,9 @@ stdenv.mkDerivation rec {
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];
#NIX_DEBUG = 1; #NIX_DEBUG = 1;
buildInputs = [ ]; #strace gdb; buildInputs = [ ]; #strace gdb;
# NODES requires access to /sys/devices to request NUMA information. It will
# NODES requires access to /sys/devices to request NUMA information # fail to run otherwise, so we disable the sandbox for this test.
requiredSystemFeatures = [ "sys-devices" ]; __noChroot = true;
buildPhase = '' buildPhase = ''
set -x set -x
#$CC -v #$CC -v