rarias/jungle
2
0
Fork 3
Code Issues 62 Pull Requests 10 Actions Packages Projects Releases Wiki Activity

Compare commits

base: rarias:pkgs/tasycl
Branches Tags
rarias:master rarias:enableStrictDeps rarias:pkgs/tasycl rarias:slurm-groups rarias:add-nextcloud rarias:project-management rarias:fox-regression rarias:pkgs/tacuda rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib abonerib:enableStrictDeps abonerib:ompss-ninja abonerib:desc abonerib:main-test abonerib:master abonerib:llvm-intel abonerib:pkgs/tasycl abonerib:selfhost-actions abonerib:nix-portable abonerib:pkgs/pocl abonerib:nix-portable-riscv abonerib:weasel-gitea-test abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra
..
compare: abonerib:remove-old
Branches Tags
abonerib:enableStrictDeps abonerib:ompss-ninja abonerib:desc abonerib:main-test abonerib:master abonerib:llvm-intel abonerib:pkgs/tasycl abonerib:selfhost-actions abonerib:nix-portable abonerib:pkgs/pocl abonerib:nix-portable-riscv abonerib:weasel-gitea-test abonerib:fix/cross/ompss-2 abonerib:mega-merge abonerib:pkgs/tacuda abonerib:upgrade/25.11 abonerib:fix/cross-clang abonerib:add-private abonerib:fix/paraver abonerib:pkgs/gromacs abonerib:pkgs/aocc abonerib:pkgs/clsparse abonerib:pkgs/taopencl abonerib:quick-shell abonerib:fix/gcc14 abonerib:remove-old abonerib:remove-inputs abonerib:weasel-hydra abonerib:feat/hydra rarias:master rarias:enableStrictDeps rarias:pkgs/tasycl rarias:slurm-groups rarias:add-nextcloud rarias:project-management rarias:fox-regression rarias:pkgs/tacuda rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib

1 Commits
pkgs/tasyc ... remove-old

Author SHA1 Message Date
Aleix Boné
3816c1bcb2 Remove old packages
All checks were successful
CI / build:cross (pull_request) Successful in 6s
Details
CI / build:all (pull_request) Successful in 15s
Details
2025-10-10 16:59:23 +02:00
151 changed files with 43238 additions and 6717 deletions
Expand all files Collapse all files

90
flake.lock generated
View File

@@ -1,25 +1,107 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1767634882,
"narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=",
"lastModified": 1752436162,
"narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c",
"rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

8
flake.nix
View File

@@ -1,13 +1,15 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, ... }:
outputs = { self, nixpkgs, agenix, ... }:
let
mkConf = name: nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit nixpkgs; theFlake = self; };
specialArgs = { inherit nixpkgs agenix; theFlake = self; };
modules = [ "${self.outPath}/m/${name}/configuration.nix" ];
};
# For now we only support x86

3
keys.nix
View File

@@ -22,9 +22,8 @@ rec {
storage = [ bay lake2 ];
monitor = [ hut ];
login = [ apex ];
services = [ tent ];
system = storage ++ monitor ++ login ++ services;
system = storage ++ monitor ++ login;
safe = system ++ compute;
all = safe ++ playground;
};

12
m/apex/configuration.nix
View File

@@ -57,18 +57,6 @@
};
};
services.fail2ban = {
enable = true;
maxretry = 5;
bantime-increment = {
enable = true; # Double ban time on each attack
maxtime = "7d"; # Ban up to a week
};
};
# Disable SSH login with password, allow only keypair
services.openssh.settings.PasswordAuthentication = false;
networking.firewall = {
extraCommands = ''
# Blackhole BSC vulnerability scanner (OpenVAS) as it is spamming our

26
m/apex/nfs.nix
View File

@@ -7,7 +7,7 @@
mountdPort = 4002;
statdPort = 4000;
exports = ''
/home 10.0.40.0/21(rw,async,no_subtree_check,no_root_squash)
/home 10.0.40.0/24(rw,async,no_subtree_check,no_root_squash)
/home 10.106.0.0/24(rw,async,no_subtree_check,no_root_squash)
'';
};
@@ -15,19 +15,19 @@
# Check with `rpcinfo -p`
extraCommands = ''
# Accept NFS traffic from compute nodes but not from the outside
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 111 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 2049 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 4000 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 4001 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 4002 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 --dport 20048 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 111 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 2049 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 4000 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 4001 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 4002 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 20048 -j nixos-fw-accept
# Same but UDP
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 111 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 2049 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 4000 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 4001 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 4002 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/21 --dport 20048 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 111 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 2049 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4000 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4001 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 4002 -j nixos-fw-accept
iptables -A nixos-fw -p udp -s 10.0.40.0/24 --dport 20048 -j nixos-fw-accept
# Accept NFS traffic from wg0
iptables -A nixos-fw -p tcp -i wg0 -s 10.106.0.0/24 --dport 111 -j nixos-fw-accept

4
m/bay/configuration.nix
View File

@@ -24,7 +24,7 @@
address = "10.0.40.40";
prefixLength = 24;
} ];
interfaces.ibs785.ipv4.addresses = [ {
interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.40";
prefixLength = 24;
} ];
@@ -35,7 +35,7 @@
# Accept monitoring requests from hut
iptables -A nixos-fw -p tcp -s hut -m multiport --dport 9283,9002 -j nixos-fw-accept
# Accept all Ceph traffic from the local network
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
'';
};
};

9
m/common/base/agenix.nix
View File

@@ -1,8 +1,9 @@
{ pkgs, ... }:
{ agenix, ... }:
{
imports = [ ../../module/agenix.nix ];
imports = [ agenix.nixosModules.default ];
# Add agenix to system packages
environment.systemPackages = [ pkgs.agenix ];
environment.systemPackages = [
agenix.packages.x86_64-linux.default
];
}

35
m/common/base/env.nix
View File

@@ -1,36 +1,11 @@
{ pkgs, ... }:
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
cmake
ethtool
file
freeipmi
git
gnumake
home-manager
htop
ipmitool
ldns
lm_sensors
ncdu
nix-diff
nix-index
nix-output-monitor
nixfmt-tree
nixos-option
pciutils
perf
pv
ripgrep
tcpdump
tmux
tree
vim
wget
# From jungle overlay
nixgen
vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
ncdu config.boot.kernelPackages.perf ldns pv
# From bsckgs overlay
osumb
];

42
m/common/base/users.nix
View File

@@ -134,12 +134,11 @@
home = "/home/Computational/varcila";
description = "Vincent Arcila";
group = "Computational";
hosts = [ "apex" "hut" "tent" "fox" "owl1" "owl2" ];
hosts = [ "apex" "hut" "tent" "fox" ];
hashedPassword = "$6$oB0Tcn99DcM4Ch$Vn1A0ulLTn/8B2oFPi9wWl/NOsJzaFAWjqekwcuC9sMC7cgxEVb.Nk5XSzQ2xzYcNe5MLtmzkVYnRS1CqP39Y0";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKGt0ESYxekBiHJQowmKpfdouw0hVm3N7tUMtAaeLejK vincent@varch"
];
shell = pkgs.zsh;
};
pmartin1 = {
@@ -181,45 +180,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmMqKqPg4uocNOr3O41kLbZMOMJn3m2ZdN1JvTR96z3 bsccns@arnau-bsc"
];
};
aaguirre = {
uid = 9655;
isNormalUser = true;
home = "/home/Computational/aaguirre";
description = "Alejandro Aguirre";
group = "Computational";
hosts = [ "apex" "hut" ];
hashedPassword = "$6$TXRXQT6jjBvxkxU6$E.sh5KspAm1qeG5Ct7OPHpo8REmbGDwjFGvqeGgTVz3GASGOAnPL7UMZsMAsAKBoahOw.v8LNno6XGrTEPzZH1";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlRX7ZCnqtUJYCxKgWmgSrFCYuA2LHY96rVwqxXPl86 aaguirre@BSC-8488184117"
];
};
emonteir = {
uid = 9656;
isNormalUser = true;
home = "/home/Computational/emonteir";
description = "Erwin Royson Monteiro";
group = "Computational";
hosts = [ "apex" "fox" ];
hashedPassword = "$6$0mU88zd3ZuK5NiJQ$DFWL5RMLH6esQM5UyhBCiiNryw4lDDmvJp7Usz3tmevnsiSJr6u0RsUKAnR/K8GRBFrV1.GocrgNjKjik5GY//";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKZKot/Y3F5Wq9pQIXlCbyvQuVVeWMCsAC96Nd+LTcG erwin@Oreo"
];
};
ssanzmar = {
uid = 9657;
isNormalUser = true;
home = "/home/Computational/ssanzmar";
description = "Sergio Sanz Martínez";
group = "Computational";
hosts = [ "apex" "fox" ];
hashedPassword = "$6$HUjNDJeJMmNQ6M64$laXSOZcXg6o4v2r8Jm8Xj9kmqw7veCY32po3TVDPRR4WlyxvOeqwoKr4NjlUlPPpKN55Oot3ZYHi.9iNXsH5E1";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIELrsRRHXryrdA2ZBx5XmdGxL4DC5bmJydhBeTWQ0SQ sergio.sanz.martinez@estudiantat.upc.edu"
];
};
};
groups = {

2
m/common/base/watchdog.nix
View File

@@ -5,5 +5,5 @@
boot.kernelModules = [ "ipmi_watchdog" ];
# Enable systemd watchdog with 30 s interval
systemd.settings.Manager.RuntimeWatchdogSec = 30;
systemd.watchdog.runtimeTime = "30s";
}

7
m/eudy/kernel/perf.nix
View File

@@ -1,6 +1,11 @@
{ pkgs, lib, ... }:
{ config, pkgs, lib, ... }:
{
# add the perf tool
environment.systemPackages = with pkgs; [
config.boot.kernelPackages.perf
];
# allow non-root users to read tracing data from the kernel
boot.kernel.sysctl."kernel.perf_event_paranoid" = -2;
boot.kernel.sysctl."kernel.kptr_restrict" = 0;

16
m/fox/configuration.nix
View File

@@ -93,4 +93,20 @@
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = script;
};
# Only allow SSH connections from users who have a SLURM allocation
# See: https://slurm.schedmd.com/pam_slurm_adopt.html
security.pam.services.sshd.rules.account.slurm = {
control = "required";
enable = true;
modulePath = "${pkgs.slurm}/lib/security/pam_slurm_adopt.so";
args = [ "log_level=debug5" ];
order = 999999; # Make it last one
};
# Disable systemd session (pam_systemd.so) as it will conflict with the
# pam_slurm_adopt.so module. What happens is that the shell is first adopted
# into the slurmstepd task and then into the systemd session, which is not
# what we want, otherwise it will linger even if all jobs are gone.
security.pam.services.sshd.startSession = lib.mkForce false;
}

3
m/hut/configuration.nix
View File

@@ -17,7 +17,6 @@
./postgresql.nix
./nginx.nix
./p.nix
./ompss2-timer.nix
#./pxe.nix
];
@@ -45,7 +44,7 @@
address = "10.0.40.7";
prefixLength = 24;
} ];
interfaces.ibs785.ipv4.addresses = [ {
interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.7";
prefixLength = 24;
} ];

3
m/hut/gitea.nix
View File

@@ -29,9 +29,6 @@
};
};
# Allow gitea user to send mail
users.users.gitea.extraGroups = [ "mail-robot" ];
services.gitea-actions-runner.instances = {
runrun = {
enable = true;

1
m/hut/gitlab-runner.nix
View File

@@ -51,7 +51,6 @@
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
"/var/run/postgresql/:/var/run/postgresql/"
];
dockerExtraHosts = [
# Required to pass the proxy via hut

19
m/hut/ssh-robot-probes.nix → m/hut/gpfs-probe.nix
View File

@@ -6,12 +6,6 @@ let
chmod +x $out
''
;
sblame-probe-script = pkgs.runCommand "sblame-probe.sh" { }
''
cp ${./sblame-probe.sh} $out;
chmod +x $out
''
;
in
{
# Use a new user to handle the SSH keys
@@ -34,17 +28,4 @@ in
Group = "ssh-robot";
};
};
systemd.services.sblame-probe = {
description = "Daemon to report SLURM statistics via SSH";
path = [ pkgs.openssh pkgs.netcat ];
after = [ "network.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.socat}/bin/socat TCP4-LISTEN:9967,fork EXEC:${sblame-probe-script}";
User = "ssh-robot";
Group = "ssh-robot";
};
};
}

3
m/hut/monitoring.nix
View File

@@ -5,7 +5,7 @@
../module/slurm-exporter.nix
../module/meteocat-exporter.nix
../module/upc-qaire-exporter.nix
./ssh-robot-probes.nix
./gpfs-probe.nix
../module/nix-daemon-exporter.nix
];
@@ -111,7 +111,6 @@
"127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
"127.0.0.1:9341" # Slurm exporter
"127.0.0.1:9966" # GPFS custom exporter
"127.0.0.1:9967" # SLURM custom exporter
"127.0.0.1:9999" # Nix-daemon custom exporter
"127.0.0.1:9929" # Meteocat custom exporter
"127.0.0.1:9928" # UPC Qaire custom exporter

5
m/hut/msmtp.nix
View File

@@ -1,11 +1,8 @@
{ config, lib, ... }:
{
# Robot user that can see the password to send mail from jungle-robot
users.groups.mail-robot = {};
age.secrets.jungleRobotPassword = {
file = ../../secrets/jungle-robot-password.age;
group = "mail-robot";
group = "gitea";
mode = "440";
};

4
m/hut/nginx.nix
View File

@@ -4,8 +4,8 @@ let
name = "jungle-web";
src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "5f18335d14126d2fef134c0cd441771436f7dfa1";
hash = "sha256-s9VBF91sQ7hg9+lrwNFPYgoXTTyXaQcAulCiGJgWERo=";
rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1";
hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4=";
};
buildInputs = [ pkgs.hugo ];
buildPhase = ''

85
m/hut/ompss2-timer.nix
View File

@@ -1,85 +0,0 @@
{ config, pkgs, ... }:
{
systemd.timers = {
"ompss2-closing" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-closing.service";
OnCalendar = [ "*-03-15 07:00:00" "*-09-15 07:00:00"];
};
};
"ompss2-freeze" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-freeze.service";
OnCalendar = [ "*-04-15 07:00:00" "*-10-15 07:00:00" ];
};
};
"ompss2-release" = {
wantedBy = [ "timers.target" ];
timerConfig = {
Unit = "ompss2-release.service";
OnCalendar = [ "*-05-15 07:00:00" "*-11-15 07:00:00" ];
};
};
};
systemd.services =
let
closing = pkgs.writeText "closing.txt"
''
Subject: OmpSs-2 release enters closing period
Hi,
You have one month to merge the remaining features for the next OmpSs-2
release. Please, identify what needs to be merged and discuss it in the next
OmpSs-2 meeting.
Thanks!,
Jungle robot
'';
freeze = pkgs.writeText "freeze.txt"
''
Subject: OmpSs-2 release enters freeze period
Hi,
The period to introduce new features or breaking changes is over, only bug
fixes are allowed now. During this time, please prepare the release notes
to be included in the next OmpSs-2 release.
Thanks!,
Jungle robot
'';
release = pkgs.writeText "release.txt"
''
Subject: OmpSs-2 release now
Hi,
The period to introduce bug fixes is now over. Please, proceed to do the
OmpSs-2 release.
Thanks!,
Jungle robot
'';
mkServ = name: mail: {
"ompss2-${name}" = {
script = ''
set -eu
set -o pipefail
cat ${mail} | ${config.security.wrapperDir}/sendmail star@bsc.es
'';
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
Group = "mail-robot";
};
};
};
in
(mkServ "closing" closing) //
(mkServ "freeze" freeze) //
(mkServ "release" release);
}

10
m/hut/postgresql.nix
View File

@@ -8,14 +8,12 @@
{ name = "anavarro"; ensureClauses.superuser = true; }
{ name = "rarias"; ensureClauses.superuser = true; }
{ name = "grafana"; }
{ name = "gitlab-runner"; }
];
authentication = ''
#type database DBuser auth-method
local perftestsdb rarias trust
local perftestsdb anavarro trust
local perftestsdb grafana trust
local perftestsdb gitlab-runner trust
#type database DBuser auth-method
local perftestsdb rarias trust
local perftestsdb anavarro trust
local perftestsdb grafana trust
'';
};
}

8
m/hut/sblame-probe.sh
View File

@@ -1,8 +0,0 @@
#!/bin/sh
cat <<EOF
HTTP/1.1 200 OK
Content-Type: text/plain; version=0.0.4; charset=utf-8; escaping=values
EOF
ssh bsc015557@glogin2.bsc.es "timeout 3 command sblame -E"

4
m/lake2/configuration.nix
View File

@@ -46,7 +46,7 @@
address = "10.0.40.42";
prefixLength = 24;
} ];
interfaces.ibs785.ipv4.addresses = [ {
interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.42";
prefixLength = 24;
} ];
@@ -57,7 +57,7 @@
# Accept monitoring requests from hut
iptables -A nixos-fw -p tcp -s hut --dport 9002 -j nixos-fw-accept
# Accept all Ceph traffic from the local network
iptables -A nixos-fw -p tcp -s 10.0.40.0/21 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
'';
};
};

357
m/module/agenix.nix
View File

@@ -1,357 +0,0 @@
{
config,
options,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.age;
isDarwin = lib.attrsets.hasAttrByPath [ "environment" "darwinConfig" ] options;
ageBin = config.age.ageBin;
users = config.users.users;
sysusersEnabled =
if isDarwin then
false
else
options.systemd ? sysusers && (config.systemd.sysusers.enable || config.services.userborn.enable);
mountCommand =
if isDarwin then
''
if ! diskutil info "${cfg.secretsMountPoint}" &> /dev/null; then
num_sectors=1048576
dev=$(hdiutil attach -nomount ram://"$num_sectors" | sed 's/[[:space:]]*$//')
newfs_hfs -v agenix "$dev"
mount -t hfs -o nobrowse,nodev,nosuid,-m=0751 "$dev" "${cfg.secretsMountPoint}"
fi
''
else
''
grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts ||
mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0751
'';
newGeneration = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] creating new generation in ${cfg.secretsMountPoint}/$_agenix_generation"
mkdir -p "${cfg.secretsMountPoint}"
chmod 0751 "${cfg.secretsMountPoint}"
${mountCommand}
mkdir -p "${cfg.secretsMountPoint}/$_agenix_generation"
chmod 0751 "${cfg.secretsMountPoint}/$_agenix_generation"
'';
chownGroup = if isDarwin then "admin" else "keys";
# chown the secrets mountpoint and the current generation to the keys group
# instead of leaving it root:root.
chownMountPoint = ''
chown :${chownGroup} "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_agenix_generation"
'';
setTruePath = secretType: ''
${
if secretType.symlink then
''
_truePath="${cfg.secretsMountPoint}/$_agenix_generation/${secretType.name}"
''
else
''
_truePath="${secretType.path}"
''
}
'';
installSecret = secretType: ''
${setTruePath secretType}
echo "decrypting '${secretType.file}' to '$_truePath'..."
TMP_FILE="$_truePath.tmp"
IDENTITIES=()
for identity in ${toString cfg.identityPaths}; do
test -r "$identity" || continue
test -s "$identity" || continue
IDENTITIES+=(-i)
IDENTITIES+=("$identity")
done
test "''${#IDENTITIES[@]}" -eq 0 && echo "[agenix] WARNING: no readable identities found!"
mkdir -p "$(dirname "$_truePath")"
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && mkdir -p "$(dirname "${secretType.path}")"
(
umask u=r,g=,o=
test -f "${secretType.file}" || echo '[agenix] WARNING: encrypted file ${secretType.file} does not exist!'
test -d "$(dirname "$TMP_FILE")" || echo "[agenix] WARNING: $(dirname "$TMP_FILE") does not exist!"
LANG=${
config.i18n.defaultLocale or "C"
} ${ageBin} --decrypt "''${IDENTITIES[@]}" -o "$TMP_FILE" "${secretType.file}"
)
chmod ${secretType.mode} "$TMP_FILE"
mv -f "$TMP_FILE" "$_truePath"
${optionalString secretType.symlink ''
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
''}
'';
testIdentities = map (path: ''
test -f ${path} || echo '[agenix] WARNING: config.age.identityPaths entry ${path} not present!'
'') cfg.identityPaths;
cleanupAndLink = ''
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
(( _agenix_generation > 1 )) && {
echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
}
'';
installSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] decrypting secrets...'" ]
++ testIdentities
++ (map installSecret (builtins.attrValues cfg.secrets))
++ [ cleanupAndLink ]
);
chownSecret = secretType: ''
${setTruePath secretType}
chown ${secretType.owner}:${secretType.group} "$_truePath"
'';
chownSecrets = builtins.concatStringsSep "\n" (
[ "echo '[agenix] chowning...'" ]
++ [ chownMountPoint ]
++ (map chownSecret (builtins.attrValues cfg.secrets))
);
secretType = types.submodule (
{ config, ... }:
{
options = {
name = mkOption {
type = types.str;
default = config._module.args.name;
defaultText = literalExpression "config._module.args.name";
description = ''
Name of the file used in {option}`age.secretsDir`
'';
};
file = mkOption {
type = types.path;
description = ''
Age file the secret is loaded from.
'';
};
path = mkOption {
type = types.str;
default = "${cfg.secretsDir}/${config.name}";
defaultText = literalExpression ''
"''${cfg.secretsDir}/''${config.name}"
'';
description = ''
Path where the decrypted secret is installed.
'';
};
mode = mkOption {
type = types.str;
default = "0400";
description = ''
Permissions mode of the decrypted secret in a format understood by chmod.
'';
};
owner = mkOption {
type = types.str;
default = "0";
description = ''
User of the decrypted secret.
'';
};
group = mkOption {
type = types.str;
default = users.${config.owner}.group or "0";
defaultText = literalExpression ''
users.''${config.owner}.group or "0"
'';
description = ''
Group of the decrypted secret.
'';
};
symlink = mkEnableOption "symlinking secrets to their destination" // {
default = true;
};
};
}
);
in
{
imports = [
(mkRenamedOptionModule [ "age" "sshKeyPaths" ] [ "age" "identityPaths" ])
];
options.age = {
ageBin = mkOption {
type = types.str;
default = "${pkgs.age}/bin/age";
defaultText = literalExpression ''
"''${pkgs.age}/bin/age"
'';
description = ''
The age executable to use.
'';
};
secrets = mkOption {
type = types.attrsOf secretType;
default = { };
description = ''
Attrset of secrets.
'';
};
secretsDir = mkOption {
type = types.path;
default = "/run/agenix";
description = ''
Folder where secrets are symlinked to
'';
};
secretsMountPoint = mkOption {
type =
types.addCheck types.str (
s:
(builtins.match "[ \t\n]*" s) == null # non-empty
&& (builtins.match ".+/" s) == null
) # without trailing slash
// {
description = "${types.str.description} (with check: non-empty without trailing slash)";
};
default = "/run/agenix.d";
description = ''
Where secrets are created before they are symlinked to {option}`age.secretsDir`
'';
};
identityPaths = mkOption {
type = types.listOf types.path;
default =
if isDarwin then
[
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false) then
map (e: e.path) (
lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys
)
else
[ ];
defaultText = literalExpression ''
if isDarwin
then [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
]
else if (config.services.openssh.enable or false)
then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
else [];
'';
description = ''
Path to SSH keys to be used as identities in age decryption.
'';
};
};
config = mkIf (cfg.secrets != { }) (mkMerge [
{
assertions = [
{
assertion = cfg.identityPaths != [ ];
message = "age.identityPaths must be set, for example by enabling openssh.";
}
];
}
(optionalAttrs (!isDarwin) {
# When using sysusers we no longer be started as an activation script
# because those are started in initrd while sysusers is started later.
systemd.services.agenix-install-secrets = mkIf sysusersEnabled {
wantedBy = [ "sysinit.target" ];
after = [ "systemd-sysusers.service" ];
unitConfig.DefaultDependencies = "no";
path = [ pkgs.mount ];
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "agenix-install" (concatLines [
newGeneration
installSecrets
chownSecrets
]);
RemainAfterExit = true;
};
};
# Create a new directory full of secrets for symlinking (this helps
# ensure removed secrets are actually removed, or at least become
# invalid symlinks).
system.activationScripts = mkIf (!sysusersEnabled) {
agenixNewGeneration = {
text = newGeneration;
deps = [
"specialfs"
];
};
agenixInstall = {
text = installSecrets;
deps = [
"agenixNewGeneration"
"specialfs"
];
};
# So user passwords can be encrypted.
users.deps = [ "agenixInstall" ];
# Change ownership and group after users and groups are made.
agenixChown = {
text = chownSecrets;
deps = [
"users"
"groups"
];
};
# So other activation scripts can depend on agenix being done.
agenix = {
text = "";
deps = [ "agenixChown" ];
};
};
})
(optionalAttrs isDarwin {
launchd.daemons.activate-agenix = {
script = ''
set -e
set -o pipefail
export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
${newGeneration}
${installSecrets}
${chownSecrets}
exit 0
'';
serviceConfig = {
RunAtLoad = true;
KeepAlive.SuccessfulExit = false;
};
};
})
]);
}

9
m/module/debuginfod.nix
View File

@@ -1,10 +1,3 @@
{
services.nixseparatedebuginfod2 = {
enable = true;
substituters = [
"local:"
"https://cache.nixos.org"
"http://hut/cache"
];
};
services.nixseparatedebuginfod.enable = true;
}

18
m/module/slurm-client.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgs, ... }:
{ lib, ... }:
{
imports = [
@@ -21,20 +21,4 @@
};
services.slurm.client.enable = true;
# Only allow SSH connections from users who have a SLURM allocation
# See: https://slurm.schedmd.com/pam_slurm_adopt.html
security.pam.services.sshd.rules.account.slurm = {
control = "required";
enable = true;
modulePath = "${pkgs.slurm}/lib/security/pam_slurm_adopt.so";
args = [ "log_level=debug5" ];
order = 999999; # Make it last one
};
# Disable systemd session (pam_systemd.so) as it will conflict with the
# pam_slurm_adopt.so module. What happens is that the shell is first adopted
# into the slurmstepd task and then into the systemd session, which is not
# what we want, otherwise it will linger even if all jobs are gone.
security.pam.services.sshd.startSession = lib.mkForce false;
}

41
m/module/slurm-common.nix
View File

@@ -1,6 +1,31 @@
{ config, pkgs, ... }:
{
let
suspendProgram = pkgs.writeShellScript "suspend.sh" ''
exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
set -x
export "PATH=/run/current-system/sw/bin:$PATH"
echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
hosts=$(scontrol show hostnames $1)
for host in $hosts; do
echo Shutting down host: $host
ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power off
done
'';
resumeProgram = pkgs.writeShellScript "resume.sh" ''
exec 1>>/var/log/power_save.log 2>>/var/log/power_save.log
set -x
export "PATH=/run/current-system/sw/bin:$PATH"
echo "$(date) Suspend invoked $0 $*" >> /var/log/power_save.log
hosts=$(scontrol show hostnames $1)
for host in $hosts; do
echo Starting host: $host
ipmitool -I lanplus -H ''${host}-ipmi -P "" -U "" chassis power on
done
'';
in {
services.slurm = {
controlMachine = "apex";
clusterName = "jungle";
@@ -34,6 +59,16 @@
# the resources. Use the task/cgroup plugin to enable process containment.
TaskPlugin=task/affinity,task/cgroup
# Power off unused nodes until they are requested
SuspendProgram=${suspendProgram}
SuspendTimeout=60
ResumeProgram=${resumeProgram}
ResumeTimeout=300
SuspendExcNodes=fox
# Turn the nodes off after 1 hour of inactivity
SuspendTime=3600
# Reduce port range so we can allow only this range in the firewall
SrunPortRange=60000-61000
@@ -51,7 +86,9 @@
# when a task runs (srun) so we can ssh early.
PrologFlags=Alloc,Contain,X11
LaunchParameters=use_interactive_step
# LaunchParameters=ulimit_pam_adopt will set RLIMIT_RSS in processes
# adopted by the external step, similar to tasks running in regular steps
# LaunchParameters=ulimit_pam_adopt
SlurmdDebug=debug5
#DebugFlags=Protocol,Cgroup
'';

27
m/module/tc1-board.nix
View File

@@ -1,27 +0,0 @@
{ lib, pkgs, ... }:
{
# Allow user access to FTDI USB device
services.udev.packages = lib.singleton (pkgs.writeTextFile {
# Needs to be < 73
name = "60-ftdi-tc1.rules";
text = ''
# Bus 003 Device 003: ID 0403:6011 Future Technology Devices International, Ltd FT4232H Quad HS USB-UART/FIFO IC
# Use := to make sure it doesn't get changed later
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", MODE:="0666"
'';
destination = "/etc/udev/rules.d/60-ftdi-tc1.rules";
});
# Allow access to USB for docker in GitLab runner
services.gitlab-runner = {
services.gitlab-bsc-docker = {
registrationFlags = [
# We need raw access to the USB port to reboot the board
"--docker-devices /dev/bus/usb/003/003"
# And TTY access for the serial port
"--docker-devices /dev/ttyUSB2"
];
};
};
}

2
m/owl1/configuration.nix
View File

@@ -20,7 +20,7 @@
address = "10.0.40.1";
prefixLength = 24;
} ];
interfaces.ibs785.ipv4.addresses = [ {
interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.1";
prefixLength = 24;
} ];

2
m/owl2/configuration.nix
View File

@@ -21,7 +21,7 @@
prefixLength = 24;
} ];
# Watch out! The OmniPath device is not in the same place here:
interfaces.ibs801.ipv4.addresses = [ {
interfaces.ibp129s0.ipv4.addresses = [ {
address = "10.0.42.2";
prefixLength = 24;
} ];

9
m/tent/configuration.nix
View File

@@ -16,8 +16,6 @@
../module/p.nix
../module/vpn-dac.nix
../module/hut-substituter.nix
../module/tc1-board.nix
../module/ceph.nix
];
# Select the this using the ID to avoid mismatches
@@ -65,13 +63,6 @@
fsType = "ext4";
};
# Mount the NFS home
fileSystems."/nfs/home" = {
device = "10.106.0.30:/home";
fsType = "nfs";
options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ];
};
# Make a /vault/$USER directory for each user.
systemd.services.create-vault-dirs = let
# Take only normal users in tent

52
m/tent/gitea.nix
View File

@@ -1,7 +1,4 @@
{ config, lib, ... }:
let
cfg = config.services.gitea;
in
{
services.gitea = {
enable = true;
@@ -29,54 +26,5 @@ in
SENDMAIL_ARGS = "--";
};
};
dump = {
enable = false; # Do not enable NixOS module, use our custom systemd script below
backupDir = "/vault/backup/gitea";
};
};
systemd.services.gitea-backup = let
exe = lib.getExe cfg.package;
in {
description = "Gitea daily backup";
after = [ "gitea.service" ];
path = [ cfg.package ];
environment = {
USER = cfg.user;
HOME = cfg.stateDir;
GITEA_WORK_DIR = cfg.stateDir;
GITEA_CUSTOM = cfg.customDir;
};
serviceConfig = {
Type = "oneshot";
User = cfg.user;
WorkingDirectory = cfg.dump.backupDir;
};
script = ''
name="gitea-dump-$(date +%a).${cfg.dump.type}"
${exe} dump --type ${cfg.dump.type} --file - >"$name.tmp"
mv "$name.tmp" "$name"
cp "$name" "/ceph/backup/gitea/$name"
'';
};
# Create also the /ceph directories if needed
systemd.tmpfiles.rules = [
"d /ceph/backup/gitea/ 0750 ${cfg.user} ${cfg.group} - -"
"z /ceph/backup/gitea/ 0750 ${cfg.user} ${cfg.group} - -"
];
systemd.timers.gitea-backup = {
description = "Update timer for gitea-backup";
partOf = [ "gitea-backup.service" ];
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = cfg.dump.interval;
};
# Allow gitea user to send mail
users.users.gitea.extraGroups = [ "mail-robot" ];
}

1
m/tent/gitlab-runner.nix
View File

@@ -43,7 +43,6 @@
registrationFlags = [
# Increase build log length to 64 MiB
"--output-limit 65536"
"--docker-network-mode host"
];
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs

4
m/tent/nginx.nix
View File

@@ -4,8 +4,8 @@ let
name = "jungle-web";
src = pkgs.fetchgit {
url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
rev = "5f18335d14126d2fef134c0cd441771436f7dfa1";
hash = "sha256-s9VBF91sQ7hg9+lrwNFPYgoXTTyXaQcAulCiGJgWERo=";
rev = "739bf0175a7f05380fe7ad7023ff1d60db1710e1";
hash = "sha256-ea5DzhYTzZ9TmqD+x95rdNdLbxPnBluqlYH2NmBYmc4=";
};
buildInputs = [ pkgs.hugo ];
buildPhase = ''

2
m/weasel/configuration.nix
View File

@@ -25,7 +25,7 @@
address = "10.0.40.6";
prefixLength = 24;
} ];
interfaces.ibs785.ipv4.addresses = [ {
interfaces.ibp5s0.ipv4.addresses = [ {
address = "10.0.42.6";
prefixLength = 24;
} ];

67
overlay.nix
View File

@@ -7,7 +7,6 @@ let
callPackage = final.callPackage;
bscPkgs = {
agenix = prev.callPackage ./pkgs/agenix/default.nix { };
amd-uprof = prev.callPackage ./pkgs/amd-uprof/default.nix { };
bench6 = callPackage ./pkgs/bench6/default.nix { };
bigotes = callPackage ./pkgs/bigotes/default.nix { };
@@ -19,13 +18,7 @@ let
cudainfo = prev.callPackage ./pkgs/cudainfo/default.nix { };
#extrae = callPackage ./pkgs/extrae/default.nix { }; # Broken and outdated
gpi-2 = callPackage ./pkgs/gpi-2/default.nix { };
gromacs = callPackage ./pkgs/gromacs/default.nix { enableSYCL = true; };
wrapIntel = callPackage ./pkgs/intel-oneapi/common/wrapper.nix { };
intel-apt = callPackage ./pkgs/intel-oneapi/deb/packages.nix { };
intelPackages_2023 = callPackage ./pkgs/intel-oneapi/deb/2023.nix { };
intelPackages_2024 = final.intel-apt.hpckit_2024;
intelPackages_2025 = final.intel-apt.hpckit_2025;
intelPackages = final.intelPackages_2025;
intelPackages_2023 = callPackage ./pkgs/intel-oneapi/2023.nix { };
jemallocNanos6 = callPackage ./pkgs/nanos6/jemalloc.nix { };
# FIXME: Extend this to all linuxPackages variants. Open problem, see:
# https://discourse.nixos.org/t/whats-the-right-way-to-make-a-custom-kernel-module-available/4636
@@ -35,35 +28,28 @@ let
linuxPackages_latest = prev.linuxPackages_latest.extend(_final: _prev: {
amd-uprof-driver = _prev.callPackage ./pkgs/amd-uprof/driver.nix { };
});
llvm-intel-unwrapped = callPackage ./pkgs/intel-oneapi/open/default.nix { };
llvm-intel = final.wrapIntel { cc = final.llvm-intel-unwrapped; };
lmbench = callPackage ./pkgs/lmbench/default.nix { };
# Broken and unmantained
# mcxx = callPackage ./pkgs/mcxx/default.nix { };
mcxx = callPackage ./pkgs/mcxx/default.nix { };
meteocat-exporter = prev.callPackage ./pkgs/meteocat-exporter/default.nix { };
mpi = final.mpich; # Set MPICH as default
mpich = callPackage ./pkgs/mpich/default.nix { mpich = prev.mpich; };
nanos6 = callPackage ./pkgs/nanos6/default.nix { };
nanos6Debug = final.nanos6.override { enableDebug = true; };
nixtools = callPackage ./pkgs/nixtools/default.nix { };
nixgen = callPackage ./pkgs/nixgen/default.nix { };
nix-portable = callPackage ./pkgs/nix-portable/default.nix { };
nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { };
# Broken because of pkgsStatic.libcap
# See: https://github.com/NixOS/nixpkgs/pull/268791
#nix-wrap = callPackage ./pkgs/nix-wrap/default.nix { };
nodes = callPackage ./pkgs/nodes/default.nix { };
nosv = callPackage ./pkgs/nosv/default.nix { };
oneMath = callPackage ./pkgs/onemath/default.nix { };
openmp = callPackage ./pkgs/llvm-ompss2/openmp.nix { monorepoSrc = final.clangOmpss2Unwrapped.src; version = final.clangOmpss2Unwrapped.version; };
openmpv = final.openmp.override { enableNosv = true; enableOvni = true; };
osumb = callPackage ./pkgs/osu/default.nix { };
ovni = callPackage ./pkgs/ovni/default.nix { };
ovniGit = final.ovni.override { useGit = true; };
paraverKernel = callPackage ./pkgs/paraver/kernel.nix { };
pocl = callPackage ./pkgs/pocl/default.nix { };
pocl-noicd = callPackage ./pkgs/pocl/default.nix { enableICD = false; };
prometheus-slurm-exporter = prev.callPackage ./pkgs/slurm-exporter/default.nix { };
#pscom = callPackage ./pkgs/parastation/pscom.nix { }; # Unmaintaned
#psmpi = callPackage ./pkgs/parastation/psmpi.nix { }; # Unmaintaned
slurm = import ./pkgs/slurm/default.nix { slurm = prev.slurm; };
sonar = callPackage ./pkgs/sonar/default.nix { };
stdenvClangOmpss2 = final.stdenv.override { cc = final.clangOmpss2; allowedRequisites = null; };
stdenvClangOmpss2Nanos6 = final.stdenv.override { cc = final.clangOmpss2Nanos6; allowedRequisites = null; };
@@ -71,8 +57,6 @@ let
stdenvClangOmpss2NodesOmpv = final.stdenv.override { cc = final.clangOmpss2NodesOmpv; allowedRequisites = null; };
tagaspi = callPackage ./pkgs/tagaspi/default.nix { };
tampi = callPackage ./pkgs/tampi/default.nix { };
tasycl = callPackage ./pkgs/tasycl/default.nix { };
tasycl-acpp = callPackage ./pkgs/tasycl/default.nix { useIntel = false; };
upc-qaire-exporter = prev.callPackage ./pkgs/upc-qaire-exporter/default.nix { };
wxparaver = callPackage ./pkgs/paraver/default.nix { };
};
@@ -82,13 +66,6 @@ let
#sigsegv = callPackage ./test/reproducers/sigsegv.nix { };
hello-c = callPackage ./test/compilers/hello-c.nix { };
hello-cpp = callPackage ./test/compilers/hello-cpp.nix { };
hello-sycl = callPackage ./test/compilers/hello-sycl.nix { };
hello-syclompss = callPackage ./test/compilers/icpx-ompss2.nix { };
hello-sycl-pocl = (callPackage ./test/compilers/hello-sycl.nix { }).withPocl;
hello-sycl-intel = (callPackage ./test/compilers/hello-sycl.nix { }).withIntel;
hello-syclompss-pocl = (callPackage ./test/compilers/icpx-ompss2.nix { }).withPocl;
hello-syclompss-intel = (callPackage ./test/compilers/icpx-ompss2.nix { }).withIntel;
lto = callPackage ./test/compilers/lto.nix { };
asan = callPackage ./test/compilers/asan.nix { };
intel2023-icx-c = hello-c.override { stdenv = final.intelPackages_2023.stdenv; };
@@ -98,17 +75,6 @@ let
intel2023-ifort = callPackage ./test/compilers/hello-f.nix {
stdenv = final.intelPackages_2023.stdenv-ifort;
};
intel2024-icx-c = hello-c.override { stdenv = final.intelPackages_2024.stdenv; };
intel2025-icx-c = hello-c.override { stdenv = final.intelPackages_2025.stdenv; };
intel2024-icx-cpp = hello-cpp.override { stdenv = final.intelPackages_2024.stdenv; };
intel2025-icx-cpp = hello-cpp.override { stdenv = final.intelPackages_2025.stdenv; };
# intel2023-sycl = hello-sycl.override { intelPackages = final.intelPackages_2023; }; # broken
intel2024-sycl = hello-sycl.override { intelPackages = final.intelPackages_2024; };
intel2025-sycl = hello-sycl.override { intelPackages = final.intelPackages_2025; };
oneapi-c = hello-c.override { inherit (final.llvm-intel) stdenv; };
oneapi-cpp = hello-cpp.override { inherit (final.llvm-intel) stdenv; };
oneapi-sycl = hello-sycl.override { intelPackages = final.llvm-intel; };
oneapi-syclompss = hello-syclompss.override { intelPackages = final.llvm-intel; };
clangOmpss2-lto = lto.override { stdenv = final.stdenvClangOmpss2Nanos6; };
clangOmpss2-asan = asan.override { stdenv = final.stdenvClangOmpss2Nanos6; };
clangOmpss2-task = callPackage ./test/compilers/ompss2.nix {
@@ -126,31 +92,20 @@ let
clangNosvOmpv-ld = callPackage ./test/compilers/clang-openmp-ld.nix {
stdenv = final.stdenvClangOmpss2NodesOmpv;
};
ocl-build = callPackage ./test/compilers/opencl.nix { };
ocl-build-noicd = callPackage ./test/compilers/opencl.nix { ocl-icd = final.pocl-noicd; };
pocl = callPackage ./test/compilers/pocl.nix { };
ocl-run-pocl = ocl-build.test-icd;
ocl-run-pocl-noicd = ocl-build-noicd.test-noicd;
sycl-ls = callPackage ./test/compilers/sycl-ls.nix { };
};
# For now, only build toplevel packages in CI/Hydra
pkgsTopLevel = filterAttrs (_: isDerivation) bscPkgs;
# Native build in that platform doesn't imply cross build works
canCrossCompile = platform: default: pkg:
canCrossCompile = platform: pkg:
(isDerivation pkg) &&
# If meta.cross is undefined, use default
(pkg.meta.cross or default) &&
(meta.availableOn final.pkgsCross.${platform}.stdenv.hostPlatform pkg);
# Must be defined explicitly
(pkg.meta.cross or false) &&
(meta.availableOn platform pkg);
# For now only RISC-V
crossSet = genAttrs [ "riscv64" ] (platform:
filterAttrs (_: canCrossCompile platform true)
final.pkgsCross.${platform}.bsc.pkgsTopLevel);
crossSet = { riscv64 = final.pkgsCross.riscv64.bsc.pkgsTopLevel; };
buildList = name: paths:
final.runCommandLocal name { } ''
@@ -170,7 +125,7 @@ let
# For now only RISC-V
crossList = buildList "ci-cross"
(filter
(canCrossCompile "riscv64" false) # opt-in (pkgs with: meta.cross = true)
(canCrossCompile final.pkgsCross.riscv64.stdenv.hostPlatform)
(builtins.attrValues crossSet.riscv64));
in bscPkgs // {

212
pkgs/agenix/agenix.sh
View File

@@ -1,212 +0,0 @@
#!/usr/bin/env bash
set -Eeuo pipefail
PACKAGE="agenix"
function show_help () {
echo "$PACKAGE - edit and rekey age secret files"
echo " "
echo "$PACKAGE -e FILE [-i PRIVATE_KEY]"
echo "$PACKAGE -r [-i PRIVATE_KEY]"
echo ' '
echo 'options:'
echo '-h, --help show help'
# shellcheck disable=SC2016
echo '-e, --edit FILE edits FILE using $EDITOR'
echo '-r, --rekey re-encrypts all secrets with specified recipients'
echo '-d, --decrypt FILE decrypts FILE to STDOUT'
echo '-i, --identity identity to use when decrypting'
echo '-v, --verbose verbose output'
echo ' '
echo 'FILE an age-encrypted file'
echo ' '
echo 'PRIVATE_KEY a path to a private SSH key used to decrypt file'
echo ' '
echo 'EDITOR environment variable of editor to use when editing FILE'
echo ' '
echo 'If STDIN is not interactive, EDITOR will be set to "cp /dev/stdin"'
echo ' '
echo 'RULES environment variable with path to Nix file specifying recipient public keys.'
echo "Defaults to './secrets.nix'"
echo ' '
echo "agenix version: @version@"
echo "age binary path: @ageBin@"
echo "age version: $(@ageBin@ --version)"
}
function warn() {
printf '%s\n' "$*" >&2
}
function err() {
warn "$*"
exit 1
}
test $# -eq 0 && (show_help && exit 1)
REKEY=0
DECRYPT_ONLY=0
DEFAULT_DECRYPT=(--decrypt)
while test $# -gt 0; do
case "$1" in
-h|--help)
show_help
exit 0
;;
-e|--edit)
shift
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-i|--identity)
shift
if test $# -gt 0; then
DEFAULT_DECRYPT+=(--identity "$1")
else
echo "no PRIVATE_KEY specified"
exit 1
fi
shift
;;
-r|--rekey)
shift
REKEY=1
;;
-d|--decrypt)
shift
DECRYPT_ONLY=1
if test $# -gt 0; then
export FILE=$1
else
echo "no FILE specified"
exit 1
fi
shift
;;
-v|--verbose)
shift
set -x
;;
*)
show_help
exit 1
;;
esac
done
RULES=${RULES:-./secrets.nix}
function cleanup {
if [ -n "${CLEARTEXT_DIR+x}" ]
then
rm -rf -- "$CLEARTEXT_DIR"
fi
if [ -n "${REENCRYPTED_DIR+x}" ]
then
rm -rf -- "$REENCRYPTED_DIR"
fi
}
trap "cleanup" 0 2 3 15
function keys {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in rules.\"$1\".publicKeys)" | @jqBin@ -r .[]) || exit 1
}
function armor {
(@nixInstantiate@ --json --eval --strict -E "(let rules = import $RULES; in (builtins.hasAttr \"armor\" rules.\"$1\" && rules.\"$1\".armor))") || exit 1
}
function decrypt {
FILE=$1
KEYS=$2
if [ -z "$KEYS" ]
then
err "There is no rule for $FILE in $RULES."
fi
if [ -f "$FILE" ]
then
DECRYPT=("${DEFAULT_DECRYPT[@]}")
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
if [ -f "$HOME/.ssh/id_rsa" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_rsa")
fi
if [ -f "$HOME/.ssh/id_ed25519" ]; then
DECRYPT+=(--identity "$HOME/.ssh/id_ed25519")
fi
fi
if [[ "${DECRYPT[*]}" != *"--identity"* ]]; then
err "No identity found to decrypt $FILE. Try adding an SSH key at $HOME/.ssh/id_rsa or $HOME/.ssh/id_ed25519 or using the --identity flag to specify a file."
fi
@ageBin@ "${DECRYPT[@]}" -- "$FILE" || exit 1
fi
}
function edit {
FILE=$1
KEYS=$(keys "$FILE") || exit 1
ARMOR=$(armor "$FILE") || exit 1
CLEARTEXT_DIR=$(@mktempBin@ -d)
CLEARTEXT_FILE="$CLEARTEXT_DIR/$(basename -- "$FILE")"
DEFAULT_DECRYPT+=(-o "$CLEARTEXT_FILE")
decrypt "$FILE" "$KEYS" || exit 1
[ ! -f "$CLEARTEXT_FILE" ] || cp -- "$CLEARTEXT_FILE" "$CLEARTEXT_FILE.before"
[ -t 0 ] || EDITOR='cp -- /dev/stdin'
$EDITOR "$CLEARTEXT_FILE"
if [ ! -f "$CLEARTEXT_FILE" ]
then
warn "$FILE wasn't created."
return
fi
[ -f "$FILE" ] && [ "$EDITOR" != ":" ] && @diffBin@ -q -- "$CLEARTEXT_FILE.before" "$CLEARTEXT_FILE" && warn "$FILE wasn't changed, skipping re-encryption." && return
ENCRYPT=()
if [[ "$ARMOR" == "true" ]]; then
ENCRYPT+=(--armor)
fi
while IFS= read -r key
do
if [ -n "$key" ]; then
ENCRYPT+=(--recipient "$key")
fi
done <<< "$KEYS"
REENCRYPTED_DIR=$(@mktempBin@ -d)
REENCRYPTED_FILE="$REENCRYPTED_DIR/$(basename -- "$FILE")"
ENCRYPT+=(-o "$REENCRYPTED_FILE")
@ageBin@ "${ENCRYPT[@]}" <"$CLEARTEXT_FILE" || exit 1
mkdir -p -- "$(dirname -- "$FILE")"
mv -f -- "$REENCRYPTED_FILE" "$FILE"
}
function rekey {
FILES=$( (@nixInstantiate@ --json --eval -E "(let rules = import $RULES; in builtins.attrNames rules)" | @jqBin@ -r .[]) || exit 1)
for FILE in $FILES
do
warn "rekeying $FILE..."
EDITOR=: edit "$FILE"
cleanup
done
}
[ $REKEY -eq 1 ] && rekey && exit 0
[ $DECRYPT_ONLY -eq 1 ] && DEFAULT_DECRYPT+=("-o" "-") && decrypt "${FILE}" "$(keys "$FILE")" && exit 0
edit "$FILE" && cleanup && exit 0

66
pkgs/agenix/default.nix
View File

@@ -1,66 +0,0 @@
{
lib,
stdenv,
age,
jq,
nix,
mktemp,
diffutils,
replaceVars,
ageBin ? "${age}/bin/age",
shellcheck,
}:
let
bin = "${placeholder "out"}/bin/agenix";
in
stdenv.mkDerivation rec {
pname = "agenix";
version = "0.15.0";
src = replaceVars ./agenix.sh {
inherit ageBin version;
jqBin = "${jq}/bin/jq";
nixInstantiate = "${nix}/bin/nix-instantiate";
mktempBin = "${mktemp}/bin/mktemp";
diffBin = "${diffutils}/bin/diff";
};
dontUnpack = true;
doInstallCheck = true;
installCheckInputs = [ shellcheck ];
postInstallCheck = ''
shellcheck ${bin}
${bin} -h | grep ${version}
test_tmp=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
export HOME="$test_tmp/home"
export NIX_STORE_DIR="$test_tmp/nix/store"
export NIX_STATE_DIR="$test_tmp/nix/var"
mkdir -p "$HOME" "$NIX_STORE_DIR" "$NIX_STATE_DIR"
function cleanup {
rm -rf "$test_tmp"
}
trap "cleanup" 0 2 3 15
mkdir -p $HOME/.ssh
cp -r "${./example}" $HOME/secrets
chmod -R u+rw $HOME/secrets
(
umask u=rw,g=r,o=r
cp ${./example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
chown $UID $HOME/.ssh/id_ed25519.pub
)
(
umask u=rw,g=,o=
cp ${./example_keys/user1} $HOME/.ssh/id_ed25519
chown $UID $HOME/.ssh/id_ed25519
)
cd $HOME/secrets
test $(${bin} -d secret1.age) = "hello"
'';
installPhase = ''
install -D $src ${bin}
'';
meta.description = "age-encrypted secrets for NixOS";
}

7
pkgs/agenix/example/-leading-hyphen-filename.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA zirqdzZZ1E+sedBn7fbEHq4ntLEkokZ4GctarBBOHXY
Rvs5YHaAUeCZyNwPedubPcHClWYIuXXWA5zadXPWY6w
-> ssh-ed25519 KLPP8w BVp4rDkOYSQyn8oVeHFeinSqW+pdVtxBF9+5VM1yORY
bMwppAi8Nhz0328taU4AzUkTVyWtSLvFZG6c5W/Fs78
--- xCbqLhXAcOziO2wmbjTiSQfZvt5Rlsc4SCvF+iEzpQA
<EFBFBD>KB<EFBFBD><EFBFBD>/<2F>Z<><5A>r<EFBFBD>%<01><>4<EFBFBD><34><EFBFBD>Mq5<71><35>_<EFBFBD><5F>ݒ<><DD92><EFBFBD><EFBFBD><EFBFBD>11 ܨqM;& <20><>Lr<4C><72><EFBFBD>f<EFBFBD><66><EFBFBD>]>N

7
pkgs/agenix/example/armored-secret.age
View File

@@ -1,7 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFYzWG1FQSBpZkZW
aFpLNnJxc0VUMHRmZ2dZS0pjMGVENnR3OHd5K0RiT1RjRUhibFZBCnN5UG5vUjA3
SXpsNGtiVUw4T0tIVFo5Wkk5QS9NQlBndzVvektiQ0ozc0kKLS0tIGxyY1Q4dEZ1
VGZEanJyTFNta2JNRmpZb2FnK2JyS1hSVml1UGdMNWZKQXMKYla+wTXcRedyZoEb
LVWaSx49WoUTU0KBPJg9RArxaeC23GoCDzR/aM/1DvYU
-----END AGE ENCRYPTED FILE-----

9
pkgs/agenix/example/passwordfile-user1.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 KLPP8w s1DYZRlZuSsyhmZCF1lFB+E9vB8bZ/+ZhBRlx8nprwE
nmYVCsVBrX2CFXXPU+D+bbkkIe/foofp+xoUrg9DHZw
-> ssh-ed25519 V3XmEA Pwv3oCwcY0DX8rY48UNfsj9RumWsn4dbgorYHCwObgI
FKxRYkL3JHtJxUwymWDF0rAtJ33BivDI6IfPsfumM90
-> V'v(/u$-grease em/Vgf 2qDuk
7I3iiQLPGi1COML9u/JeYkr7EqbSLoU
--- 57WJRigUGtmcObrssS3s4PvmR8wgh1AOC/ijJn1s3xI
<EFBFBD>'K<>ƷY&<26>7G<37>O<EFBFBD><4F>Fj<13>k<EFBFBD>X<EFBFBD><58>BnuJ<75><4A>:9<>(<><7F><EFBFBD>X<EFBFBD>#<23>A<EFBFBD><41><EFBFBD><EFBFBD>ڧj<DAA7>,<02>_<17><><EFBFBD>?<3F>Z<EFBFBD><17>v<EFBFBD><76>V<EFBFBD>96]oks~%<25>c <04>e^C<>%JQ5<51><H<>z}<7D>C<EFBFBD>,<2C>p<EFBFBD><70>*!W<><57><EFBFBD>A<EFBFBD><41><EFBFBD>҅dC<15>K)<10><>-<2D>y

BIN
pkgs/agenix/example/secret1.age
View File

Binary file not shown.

5
pkgs/agenix/example/secret2.age
View File

@@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 V3XmEA OB4+1FbPhQ3r6iGksM7peWX5it8NClpXIq/o5nnP7GA
FmHVUj+A5i5+bDFgySQskmlvynnosJiWUTJmBRiNA9I
--- tP+3mFVtd7ogVu1Lkboh55zoi5a77Ht08Uc/QuIviv4
<EFBFBD><EFBFBD>X<EFBFBD>{<7B><>O<EFBFBD><4F><1F><04>tMXx<58>vӪ(<28>I<EFBFBD>myP<79><50><EFBFBD><EFBFBD>+3<>S3i

23
pkgs/agenix/example/secrets.nix
View File

@@ -1,23 +0,0 @@
let
user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH";
system1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE";
in
{
"secret1.age".publicKeys = [
user1
system1
];
"secret2.age".publicKeys = [ user1 ];
"passwordfile-user1.age".publicKeys = [
user1
system1
];
"-leading-hyphen-filename.age".publicKeys = [
user1
system1
];
"armored-secret.age" = {
publicKeys = [ user1 ];
armor = true;
};
}

7
pkgs/agenix/example_keys/system1
View File

@@ -1,7 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxAAAAJA3yvCWN8rw
lgAAAAtzc2gtZWQyNTUxOQAAACDyQ8iK/xUs9XCXXKFuvUfja1s8Biv/t4Caag9bfC9sxA
AAAEA+J2V6AG1NriAIvnNKRauIEh1JE9HSdhvKJ68a5Fm0w/JDyIr/FSz1cJdcoW69R+Nr
WzwGK/+3gJpqD1t8L2zEAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

1
pkgs/agenix/example_keys/system1.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPJDyIr/FSz1cJdcoW69R+NrWzwGK/+3gJpqD1t8L2zE

7
pkgs/agenix/example_keys/user1
View File

@@ -1,7 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRwAAAJC2JJ8htiSf
IQAAAAtzc2gtZWQyNTUxOQAAACC9InTb4BornFoLqf5j+/M8gtt7hY2KtHr3FnYxkFGgRw
AAAEDxt5gC/s53IxiKAjfZJVCCcFIsdeERdIgbYhLO719+Kb0idNvgGiucWgup/mP78zyC
23uFjYq0evcWdjGQUaBHAAAADHJ5YW50bUBob21lMQE=
-----END OPENSSH PRIVATE KEY-----

1
pkgs/agenix/example_keys/user1.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0idNvgGiucWgup/mP78zyC23uFjYq0evcWdjGQUaBH

23
pkgs/agenix/update.sh
View File

@@ -1,23 +0,0 @@
#!/bin/sh
set -e
# All operations are done relative to root
GITROOT=$(git rev-parse --show-toplevel)
cd "$GITROOT"
REVISION=${1:-main}
TMPCLONE=$(mktemp -d)
trap "rm -rf ${TMPCLONE}" EXIT
git clone https://github.com/ryantm/agenix.git --revision="$REVISION" "$TMPCLONE" --depth=1
cp "${TMPCLONE}/pkgs/agenix.sh" pkgs/agenix/agenix.sh
cp "${TMPCLONE}/pkgs/agenix.nix" pkgs/agenix/default.nix
sed -i 's#../example#./example#' pkgs/agenix/default.nix
cp "${TMPCLONE}/example/"* pkgs/agenix/example/
cp "${TMPCLONE}/example_keys/"* pkgs/agenix/example_keys/
cp "${TMPCLONE}/modules/age.nix" m/module/agenix.nix

34
pkgs/amd-uprof/default.nix
View File

@@ -1,6 +1,8 @@
{ stdenv
, lib
, fetchurl
, curl
, cacert
, runCommandLocal
, autoPatchelfHook
, elfutils
, glib
@@ -24,22 +26,26 @@ let
tarball = "AMDuProf_Linux_x64_${version}.tar.bz2";
# NOTE: Remember to update the radare2 patch below if AMDuProfPcm changes.
src = fetchurl {
url = "https://download.amd.com/developer/eula/uprof/uprof-5-1/${tarball}";
sha256 = "sha256-j9gxcBcIg6Zhc5FglUXf/VV9bKSo+PAKeootbN7ggYk=";
curlOptsList = [
"-H" "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:139.0) Gecko/20100101 Firefox/139.0"
"-H" "'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'"
"-H" "Accept-Language: en-US,en;q=0.5"
"-H" "Accept-Encoding: gzip, deflate, br, zstd"
"-H" "Referer: https://www.amd.com/"
];
};
uprofSrc = runCommandLocal tarball {
nativeBuildInputs = [ curl ];
outputHash = "sha256-j9gxcBcIg6Zhc5FglUXf/VV9bKSo+PAKeootbN7ggYk=";
SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt";
} ''
curl \
-o $out \
'https://download.amd.com/developer/eula/uprof/uprof-5-1/${tarball}' \
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:139.0) Gecko/20100101 Firefox/139.0' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-H 'Accept-Language: en-US,en;q=0.5' \
-H 'Accept-Encoding: gzip, deflate, br, zstd' \
-H 'Referer: https://www.amd.com/' 2>&1 | tr '\r' '\n'
'';
in
stdenv.mkDerivation {
pname = "AMD-uProf";
inherit src version;
inherit version;
src = uprofSrc;
dontStrip = true;
phases = [ "installPhase" "fixupPhase" ];
nativeBuildInputs = [ autoPatchelfHook radare2 ];
@@ -84,7 +90,7 @@ in
meta = {
description = "Performance analysis tool-suite for x86 based applications";
homepage = "https://www.amd.com/es/developer/uprof.html";
platforms = [ "x86_64-linux" ];
platforms = lib.platforms.linux;
license = lib.licenses.unfree;
maintainers = with lib.maintainers.bsc; [ rarias varcila ];
};

2
pkgs/amd-uprof/driver.nix
View File

@@ -19,7 +19,7 @@ in stdenv.mkDerivation {
'';
hardeningDisable = [ "pic" "format" ];
nativeBuildInputs = kernel.moduleBuildDependencies;
patches = [ ./makefile.patch ./hrtimer.patch ./remove-wr-rdmsrq.patch ];
patches = [ ./makefile.patch ./hrtimer.patch ];
makeFlags = [
"KERNEL_VERSION=${kernel.modDirVersion}"
"KERNEL_DIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"

20
pkgs/amd-uprof/remove-wr-rdmsrq.patch
View File

@@ -1,20 +0,0 @@
diff --git a/inc/PwrProfAsm.h b/inc/PwrProfAsm.h
index d77770a..c93a0e9 100644
--- a/inc/PwrProfAsm.h
+++ b/inc/PwrProfAsm.h
@@ -347,6 +347,7 @@
#endif
+/*
#define rdmsrq(msr,val1,val2,val3,val4) ({ \
__asm__ __volatile__( \
"rdmsr\n" \
@@ -362,6 +363,7 @@
:"c"(msr), "a"(val1), "d"(val2), "S"(val3), "D"(val4) \
); \
})
+*/
#define rdmsrpw(msr,val1,val2,val3,val4) ({ \
__asm__ __volatile__( \

25
pkgs/babeltrace/default.nix
View File

@@ -1,25 +0,0 @@
{ stdenv, lib, fetchurl, pkg-config, glib, libuuid, popt, elfutils, swig4, python3 }:
stdenv.mkDerivation rec {
name = "babeltrace-1.5.8";
src = fetchurl {
url = "https://www.efficios.com/files/babeltrace/${name}.tar.bz2";
sha256 = "1hkg3phnamxfrhwzmiiirbhdgckzfkqwhajl0lmr1wfps7j47wcz";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ glib libuuid popt elfutils swig4 python3 ];
meta = with lib; {
description = "Command-line tool and library to read and convert LTTng tracefiles";
homepage = "https://www.efficios.com/babeltrace";
license = licenses.mit;
platforms = platforms.linux;
maintainers = [ maintainers.bjornfor ];
};
configureFlags = [
"--enable-python-bindings"
];
}

34
pkgs/babeltrace2/default.nix
View File

@@ -1,34 +0,0 @@
{
stdenv
, fetchurl
, pkg-config
, glib
, libuuid
, popt
, elfutils
, python3
, swig4
, ncurses
, breakpointHook
}:
stdenv.mkDerivation rec {
pname = "babeltrace2";
version = "2.0.3";
src = fetchurl {
url = "https://www.efficios.com/files/babeltrace/${pname}-${version}.tar.bz2";
sha256 = "1804pyq7fz6rkcz4r1abkkn0pfnss13m6fd8if32s42l4lajadm5";
};
enableParallelBuilding = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ glib libuuid popt elfutils python3 swig4 ncurses breakpointHook ];
hardeningDisable = [ "all" ];
configureFlags = [
"--enable-python-plugins"
"--enable-python-bindings"
];
}

54
pkgs/clsync/default.nix
View File

@@ -1,54 +0,0 @@
{ stdenv
, fetchFromGitHub
, libcap
, libcgroup
, libmhash
, doxygen
, graphviz
, autoreconfHook
, pkg-config
, glib
}:
let
version = "0.4.4";
in stdenv.mkDerivation {
pname = "clsync";
inherit version;
src = fetchFromGitHub {
repo = "clsync";
owner = "clsync";
rev = "v${version}";
sha256 = "0sdiyfwp0iqr6l1sirm51pirzmhi4jzgky5pzfj24nn71q3fwqgz";
};
outputs = [ "out" "dev" ];
buildInputs = [
autoreconfHook
libcap
libcgroup
libmhash
doxygen
graphviz
pkg-config
glib
];
preConfigure = ''
./configure --help
'';
enableParallelBuilding = true;
meta = with lib; {
description = "File live sync daemon based on inotify/kqueue/bsm (Linux, FreeBSD), written in GNU C";
homepage = "https://github.com/clsync/clsync";
license = licenses.gpl3Plus;
maintainers = [ ];
platforms = platforms.linux;
};
}

51
pkgs/cn6/default.nix
View File

@@ -1,51 +0,0 @@
{
stdenv
, lib
, babeltrace2
, pkg-config
, uthash
, enableTest ? false
, mpi ? null
, clangOmpss2 ? null
, tampi ? null
}:
with lib;
assert (enableTest -> (mpi != null));
assert (enableTest -> (clangOmpss2 != null));
assert (enableTest -> (tampi != null));
stdenv.mkDerivation rec {
pname = "cn6";
version = "${src.shortRev}";
buildInputs = [
babeltrace2
pkg-config
uthash
mpi
] ++ optionals (enableTest) [ mpi clangOmpss2 tampi ];
src = builtins.fetchGit {
url = "ssh://git@bscpm04.bsc.es/rarias/cn6.git";
ref = "master";
rev = "c72c3b66b720c2a33950f536fc819051c8f20a69";
};
makeFlags = [ "PREFIX=$(out)" ];
postBuild = optionalString (enableTest) ''
(
cd test
make timediff timediff_mpi
)
'';
postInstall = optionalString (enableTest) ''
(
cd test
cp timediff timediff_mpi sync-err.sh $out/bin/
)
'';
}

21
pkgs/cpuid/default.nix
View File

@@ -1,21 +0,0 @@
{
stdenv
, perl # For the pod2man command
}:
stdenv.mkDerivation rec {
version = "20201006";
pname = "cpuid";
buildInputs = [ perl ];
# Replace /usr install directory for $out
postPatch = ''
sed -i "s@/usr@$out@g" Makefile
'';
src = builtins.fetchTarball {
url = "http://www.etallen.com/cpuid/${pname}-${version}.src.tar.gz";
sha256 = "04qhs938gs1kjxpsrnfy6lbsircsprfyh4db62s5cf83a1nrwn9w";
};
}

8
pkgs/cudainfo/default.nix
View File

@@ -1,6 +1,5 @@
{
stdenv
, lib
, cudatoolkit
, cudaPackages
, autoAddDriverRunpath
@@ -12,7 +11,7 @@ stdenv.mkDerivation (finalAttrs: {
src = ./.;
buildInputs = [
cudatoolkit # Required for nvcc
(lib.getOutput "static" cudaPackages.cuda_cudart) # Required for -lcudart_static
cudaPackages.cuda_cudart.static # Required for -lcudart_static
autoAddDriverRunpath
];
installPhase = ''
@@ -41,9 +40,4 @@ stdenv.mkDerivation (finalAttrs: {
'';
installPhase = "touch $out";
};
meta = {
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers.bsc; [ rarias ];
};
})

25
pkgs/dummy/default.nix
View File

@@ -1,25 +0,0 @@
{
stdenv
}:
stdenv.mkDerivation rec {
name = "dummy";
src = null;
dontUnpack = true;
dontBuild = true;
programPath = "/bin/dummy";
installPhase = ''
mkdir -p $out/bin
cat > $out/bin/dummy <<EOF
#!/bin/sh
echo Hello worlda!
EOF
chmod +x $out/bin/dummy
'';
}

58
pkgs/fftw/default.nix
View File

@@ -1,58 +0,0 @@
{ fetchurl, stdenv, lib, llvmPackages ? null, precision ? "double", perl, mpi }:
with lib;
assert stdenv.cc.isClang -> llvmPackages != null;
assert elem precision [ "single" "double" "long-double" "quad-precision" ];
let
version = "3.3.8";
withDoc = stdenv.cc.isGNU;
in
stdenv.mkDerivation {
name = "fftw-${precision}-${version}";
src = fetchurl {
urls = [
"http://fftw.org/fftw-${version}.tar.gz"
"ftp://ftp.fftw.org/pub/fftw/fftw-${version}.tar.gz"
];
sha256 = "00z3k8fq561wq2khssqg0kallk0504dzlx989x3vvicjdqpjc4v1";
};
outputs = [ "out" "dev" "man" ]
++ optional withDoc "info"; # it's dev-doc only
outputBin = "dev"; # fftw-wisdom
buildInputs = [ mpi ]
++ lib.optionals stdenv.cc.isClang [
# TODO: This may mismatch the LLVM version sin the stdenv, see #79818.
llvmPackages.openmp
];
configureFlags =
[ "--enable-shared"
"--enable-threads"
"--enable-mpi"
"--disable-openmp"
]
++ optional (precision != "double") "--enable-${precision}"
# all x86_64 have sse2
# however, not all float sizes fit
++ optional (stdenv.isx86_64 && (precision == "single" || precision == "double") ) "--enable-sse2"
# doc generation causes Fortran wrapper generation which hard-codes gcc
++ optional (!withDoc) "--disable-doc";
enableParallelBuilding = true;
checkInputs = [ perl ];
meta = with lib; {
description = "Fastest Fourier Transform in the West library";
homepage = "http://www.fftw.org/";
license = licenses.gpl2Plus;
maintainers = [ maintainers.spwhitt ];
platforms = platforms.unix;
};
}

17
pkgs/gpi-2/default.nix
View File

@@ -9,6 +9,7 @@
, automake
, libtool
, mpi
, rsync
, gfortran
}:
@@ -43,24 +44,13 @@ stdenv.mkDerivation rec {
configureFlags = [
"--with-infiniband=${rdma-core-all}"
"--with-mpi=yes" # fixes mpi detection when cross-compiling
"--with-mpi=${mpiAll}"
"--with-slurm"
"CFLAGS=-fPIC"
"CXXFLAGS=-fPIC"
];
nativeBuildInputs = [
autoconf
automake
gfortran
libtool
];
buildInputs = [
slurm
mpiAll
rdma-core-all
];
buildInputs = [ slurm mpiAll rdma-core-all autoconf automake libtool rsync gfortran ];
hardeningDisable = [ "all" ];
@@ -70,6 +60,5 @@ stdenv.mkDerivation rec {
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.gpl3Plus;
cross = false; # infiniband detection does not work
};
}

46
pkgs/groff/0001-Fix-cross-compilation-by-looking-for-ar.patch
View File

@@ -1,46 +0,0 @@
From 1454525f70b43a6957b7c9e1870e997368787da3 Mon Sep 17 00:00:00 2001
From: Samuel Dionne-Riel <samuel@dionne-riel.com>
Date: Fri, 8 Nov 2019 21:59:21 -0500
Subject: [PATCH] Fix cross-compilation by looking for `ar`.
---
Makefile.am | 2 +-
configure.ac | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index d18c49b8..b1b53338 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -494,7 +494,7 @@ CCC=@CXX@
# INSTALL_INFO
# LN_S
-AR=ar
+AR=@AR@
ETAGS=etags
ETAGSFLAGS=
# Flag that tells etags to assume C++.
diff --git a/configure.ac b/configure.ac
index 28e75f17..2449b9f5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,6 +37,7 @@ AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([src/include/config.h:src/include/config.hin])
AC_CONFIG_SRCDIR([src/roff/groff/groff.cpp])
+AC_CONFIG_MACRO_DIR([m4])
AC_USE_SYSTEM_EXTENSIONS
@@ -72,6 +73,7 @@ GROFF_DOC_CHECK
GROFF_MAKEINFO
GROFF_TEXI2DVI
AC_PROG_RANLIB
+AC_CHECK_TOOL([AR], [ar], [ar])
GROFF_INSTALL_SH
GROFF_INSTALL_INFO
AC_PROG_INSTALL
--
2.23.0

127
pkgs/groff/default.nix
View File

@@ -1,127 +0,0 @@
{ stdenv, lib, fetchurl, perl
, ghostscript #for postscript and html output
, psutils, netpbm #for html output
, buildPackages
, autoreconfHook
, pkg-config
, texinfo
}:
stdenv.mkDerivation rec {
pname = "groff";
version = "1.22.4";
src = fetchurl {
url = "mirror://gnu/groff/${pname}-${version}.tar.gz";
sha256 = "14q2mldnr1vx0l9lqp9v2f6iww24gj28iyh4j2211hyynx67p3p7";
};
enableParallelBuilding = false;
patches = [
./0001-Fix-cross-compilation-by-looking-for-ar.patch
];
postPatch = lib.optionalString (psutils != null) ''
substituteInPlace src/preproc/html/pre-html.cpp \
--replace "psselect" "${psutils}/bin/psselect"
'' + lib.optionalString (netpbm != null) ''
substituteInPlace src/preproc/html/pre-html.cpp \
--replace "pnmcut" "${lib.getBin netpbm}/bin/pnmcut" \
--replace "pnmcrop" "${lib.getBin netpbm}/bin/pnmcrop" \
--replace "pnmtopng" "${lib.getBin netpbm}/bin/pnmtopng"
substituteInPlace tmac/www.tmac.in \
--replace "pnmcrop" "${lib.getBin netpbm}/bin/pnmcrop" \
--replace "pngtopnm" "${lib.getBin netpbm}/bin/pngtopnm" \
--replace "@PNMTOPS_NOSETPAGE@" "${lib.getBin netpbm}/bin/pnmtops -nosetpage"
'';
buildInputs = [ ghostscript psutils netpbm perl ];
nativeBuildInputs = [ autoreconfHook pkg-config texinfo ];
# Builds running without a chroot environment may detect the presence
# of /usr/X11 in the host system, leading to an impure build of the
# package. To avoid this issue, X11 support is explicitly disabled.
# Note: If we ever want to *enable* X11 support, then we'll probably
# have to pass "--with-appresdir", too.
configureFlags = [
"--without-x"
] ++ lib.optionals (ghostscript != null) [
"--with-gs=${ghostscript}/bin/gs"
] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
"ac_cv_path_PERL=${buildPackages.perl}/bin/perl"
];
makeFlags = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
# Trick to get the build system find the proper 'native' groff
# http://www.mail-archive.com/bug-groff@gnu.org/msg01335.html
"GROFF_BIN_PATH=${buildPackages.groff}/bin"
"GROFFBIN=${buildPackages.groff}/bin/groff"
];
doCheck = true;
postInstall = ''
for f in 'man.local' 'mdoc.local'; do
cat '${./site.tmac}' >>"$out/share/groff/site-tmac/$f"
done
moveToOutput bin/gropdf $out
moveToOutput bin/pdfmom $out
moveToOutput bin/roff2text $out
moveToOutput bin/roff2pdf $out
moveToOutput bin/roff2ps $out
moveToOutput bin/roff2dvi $out
moveToOutput bin/roff2ps $out
moveToOutput bin/roff2html $out
moveToOutput bin/glilypond $out
moveToOutput bin/mmroff $out
moveToOutput bin/roff2x $out
moveToOutput bin/afmtodit $out
moveToOutput bin/gperl $out
moveToOutput bin/chem $out
moveToOutput share/groff/${version}/font/devpdf $out
# idk if this is needed, but Fedora does it
moveToOutput share/groff/${version}/tmac/pdf.tmac $out
moveToOutput bin/gpinyin $out
moveToOutput lib/groff/gpinyin $out
substituteInPlace $out/bin/gpinyin \
--replace $out/lib/groff/gpinyin $out/lib/groff/gpinyin
moveToOutput bin/groffer $out
moveToOutput lib/groff/groffer $out
substituteInPlace $out/bin/groffer \
--replace $out/lib/groff/groffer $out/lib/groff/groffer
moveToOutput bin/grog $out
moveToOutput lib/groff/grog $out
substituteInPlace $out/bin/grog \
--replace $out/lib/groff/grog $out/lib/groff/grog
'' + lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) ''
find $out/ -type f -print0 | xargs --null sed -i 's|${buildPackages.perl}|${perl}|'
'';
meta = with lib; {
homepage = "https://www.gnu.org/software/groff/";
description = "GNU Troff, a typesetting package that reads plain text and produces formatted output";
license = licenses.gpl3Plus;
platforms = platforms.all;
maintainers = with maintainers; [ pSub ];
longDescription = ''
groff is the GNU implementation of troff, a document formatting
system. Included in this release are implementations of troff,
pic, eqn, tbl, grn, refer, -man, -mdoc, -mom, and -ms macros,
and drivers for PostScript, TeX dvi format, HP LaserJet 4
printers, Canon CAPSL printers, HTML and XHTML format (beta
status), and typewriter-like devices. Also included is a
modified version of the Berkeley -me macros, the enhanced
version gxditview of the X11 xditview previewer, and an
implementation of the -mm macros.
'';
};
}

16
pkgs/groff/site.tmac
View File

@@ -1,16 +0,0 @@
.
.if n \{\
. \" Character translations for non-keyboard
. \" characters - to make them searchable
. if '\*[.T]'utf8' \{\
. char \- \N'45'
. char - \N'45'
. char ' \N'39'
. char \' \N'39'
. \}
.
. \" Shut off SGR by default (groff colors)
. \" Require GROFF_SGR envvar defined to turn it on
. if '\V[GROFF_SGR]'' \
. output x X tty: sgr 0
.\}

191
pkgs/gromacs/default.nix
View File

@@ -1,191 +0,0 @@
{
lib,
stdenv,
fetchurl,
cmake,
hwloc,
fftw,
perl,
blas,
lapack,
llvmPackages,
intelPackages ? null,
mpi,
cudaPackages,
plumed,
singlePrec ? true,
config,
enableSYCL ? false,
enableCuda ? config.cudaSupport,
enableMpi ? false,
enablePlumed ? false,
cpuAcceleration ? null,
}:
# CUDA is only implemented for single precission
assert enableCuda -> singlePrec;
assert !(enableSYCL && enableCuda);
assert enableSYCL -> intelPackages != null;
let
inherit (cudaPackages.flags) cmakeCudaArchitecturesString;
# Select reasonable defaults for all major platforms
# The possible values are defined in CMakeLists.txt:
# AUTO None SSE2 SSE4.1 AVX_128_FMA AVX_256 AVX2_256
# AVX2_128 AVX_512 AVX_512_KNL MIC ARM_NEON ARM_NEON_ASIMD
SIMD =
x:
if (cpuAcceleration != null) then
x
else if stdenv.hostPlatform.system == "i686-linux" then
"SSE2"
else if stdenv.hostPlatform.system == "x86_64-linux" then
"SSE4.1"
else if stdenv.hostPlatform.system == "x86_64-darwin" then
"SSE4.1"
else if stdenv.hostPlatform.system == "aarch64-linux" then
"ARM_NEON_ASIMD"
else
"None";
source =
if enablePlumed then
{
version = "2024.2";
hash = "sha256-gCp+M18uiVdw9XsVnk7DaOuw/yzm2sz3BsboAlw2hSs=";
}
else
{
version = "2025.3";
hash = "sha256-i9/KAmjz8Qp8o8BuWbYvc+oCQgxnIRwP85EvMteDPGU=";
};
stdenv' = if enableSYCL then intelPackages.stdenv else stdenv;
in
stdenv'.mkDerivation rec {
pname = "gromacs";
version = source.version;
src = fetchurl {
url = "ftp://ftp.gromacs.org/pub/gromacs/gromacs-${version}.tar.gz";
inherit (source) hash;
};
patches = [ (if enablePlumed then ./pkgconfig-2024.patch else ./pkgconfig-2025.patch) ];
postPatch = lib.optionalString enablePlumed ''
plumed patch -p -e gromacs-${source.version}
'';
outputs = [
"out"
"dev"
"man"
];
nativeBuildInputs = [
cmake
]
++ lib.optional enablePlumed plumed
++ lib.optionals enableCuda [ cudaPackages.cuda_nvcc ];
env.MKLROOT = intelPackages.mkl;
buildInputs = [
fftw
perl
hwloc
blas
lapack
]
++ lib.optional enableMpi mpi
++ lib.optionals enableCuda [
cudaPackages.cuda_cccl
cudaPackages.cuda_cudart
cudaPackages.libcufft
cudaPackages.cuda_profiler_api
]
++ lib.optional stdenv.hostPlatform.isDarwin llvmPackages.openmp;
propagatedBuildInputs = lib.optional enableMpi mpi;
propagatedUserEnvPkgs = lib.optional enableMpi mpi;
cmakeFlags = [
(lib.cmakeBool "GMX_HWLOC" true)
"-DGMX_SIMD:STRING=${SIMD cpuAcceleration}"
"-DGMX_OPENMP:BOOL=TRUE"
"-DBUILD_SHARED_LIBS=ON"
]
++ (
if singlePrec then
[
"-DGMX_DOUBLE=OFF"
]
else
[
"-DGMX_DOUBLE=ON"
"-DGMX_DEFAULT_SUFFIX=OFF"
]
)
++ (
if enableMpi then
[
"-DGMX_MPI:BOOL=TRUE"
"-DGMX_THREAD_MPI:BOOL=FALSE"
]
else
[
"-DGMX_MPI:BOOL=FALSE"
]
)
++ (lib.optionals enableSYCL [
"-DGMX_GPU=SYCL"
"-DGMX_OPENMP=OFF" # TODO: enable OpenMP with SYCL?
])
++ lib.optionals enableCuda [
"-DGMX_GPU=CUDA"
(lib.cmakeFeature "CMAKE_CUDA_ARCHITECTURES" cmakeCudaArchitecturesString)
# Gromacs seems to ignore and override the normal variables, so we add this ad hoc:
(lib.cmakeFeature "GMX_CUDA_TARGET_COMPUTE" cmakeCudaArchitecturesString)
];
postInstall = ''
moveToOutput share/cmake $dev
'';
meta = with lib; {
homepage = "https://www.gromacs.org";
license = licenses.lgpl21Plus;
description = "Molecular dynamics software package";
longDescription = ''
GROMACS is a versatile package to perform molecular dynamics,
i.e. simulate the Newtonian equations of motion for systems
with hundreds to millions of particles.
It is primarily designed for biochemical molecules like
proteins, lipids and nucleic acids that have a lot of
complicated bonded interactions, but since GROMACS is
extremely fast at calculating the nonbonded interactions (that
usually dominate simulations) many groups are also using it
for research on non-biological systems, e.g. polymers.
GROMACS supports all the usual algorithms you expect from a
modern molecular dynamics implementation, (check the online
reference or manual for details), but there are also quite a
few features that make it stand out from the competition.
See: https://www.gromacs.org/about.html for details.
'';
platforms = platforms.unix;
maintainers = with maintainers; [
sheepforce
markuskowa
bsc.abonerib
];
};
}

24
pkgs/gromacs/pkgconfig-2024.patch
View File

@@ -1,24 +0,0 @@
diff --git a/src/external/muparser/muparser.pc.in b/src/external/muparser/muparser.pc.in
index 646787cb53..9b97ad57f7 100644
--- a/src/external/muparser/muparser.pc.in
+++ b/src/external/muparser/muparser.pc.in
@@ -1,7 +1,5 @@
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
Name: @PACKAGE_NAME@
Description: Mathematical expressions parser library
diff --git a/src/gromacs/libgromacs.pc.cmakein b/src/gromacs/libgromacs.pc.cmakein
index ec1ed6684e..ca1105474a 100644
--- a/src/gromacs/libgromacs.pc.cmakein
+++ b/src/gromacs/libgromacs.pc.cmakein
@@ -1,4 +1,4 @@
-libdir=@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
Name: libgromacs@GMX_LIBS_SUFFIX@
Description: Gromacs library

36
pkgs/gromacs/pkgconfig-2025.patch
View File

@@ -1,36 +0,0 @@
diff --git a/src/external/muparser/muparser.pc.in b/src/external/muparser/muparser.pc.in
index 646787cb53..d26e84de8f 100644
--- a/src/external/muparser/muparser.pc.in
+++ b/src/external/muparser/muparser.pc.in
@@ -1,11 +1,9 @@
-prefix=@CMAKE_INSTALL_PREFIX@
-exec_prefix=${prefix}
-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
-includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
-
-Name: @PACKAGE_NAME@
-Description: Mathematical expressions parser library
-Version: @MUPARSER_VERSION@
-Requires:
-Libs: -L${libdir} -lmuparser
-Cflags: -I${includedir} @PKG_CONFIG_FLAGS@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
+includedir=@CMAKE_INSTALL_FULL_INCLUDEDIR@
+
+Name: @PACKAGE_NAME@
+Description: Mathematical expressions parser library
+Version: @MUPARSER_VERSION@
+Requires:
+Libs: -L${libdir} -lmuparser
+Cflags: -I${includedir} @PKG_CONFIG_FLAGS@
diff --git a/src/gromacs/libgromacs.pc.cmakein b/src/gromacs/libgromacs.pc.cmakein
index af9b5a6dc0..5f58d549bf 100644
--- a/src/gromacs/libgromacs.pc.cmakein
+++ b/src/gromacs/libgromacs.pc.cmakein
@@ -1,5 +1,4 @@
-prefix=@CMAKE_INSTALL_PREFIX@
-libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+libdir=@CMAKE_INSTALL_FULL_LIBDIR@
Name: libgromacs@GMX_LIBS_SUFFIX@
Description: Gromacs library

70
pkgs/hwloc/1.11.6/default.nix
View File

@@ -1,70 +0,0 @@
{ stdenv, lib, fetchurl, pkg-config, expat, ncurses
, pciutils, numactl }:
with lib;
stdenv.mkDerivation rec {
name = "hwloc-1.11.6";
src = fetchurl {
url = "http://www.open-mpi.org/software/hwloc/v1.11/downloads/${name}.tar.bz2";
sha256 = "1yl7dm2qplwmnidd712zy12qfvxk28k8ccs694n42ybwdjwzg1bn";
};
nativeBuildInputs = [ pkg-config ];
# Filter out `null' inputs. This allows users to `.override' the
# derivation and set optional dependencies to `null'.
buildInputs = filter (x: x != null)
([ expat ncurses ]
++ (optionals stdenv.isLinux [ numactl ]));
propagatedBuildInputs =
# Since `libpci' appears in `hwloc.pc', it must be propagated.
optional stdenv.isLinux pciutils;
enableParallelBuilding = true;
postInstall =
optionalString (stdenv.isLinux && numactl != null)
'' if [ -d "${numactl}/lib64" ]
then
numalibdir="${numactl}/lib64"
else
numalibdir="${numactl}/lib"
test -d "$numalibdir"
fi
sed -i "$out/lib/libhwloc.la" \
-e "s|-lnuma|-L$numalibdir -lnuma|g"
'';
# Checks disabled because they're impure (hardware dependent) and
# fail on some build machines.
doCheck = false;
meta = {
description = "Portable abstraction of hierarchical architectures for high-performance computing";
longDescription = ''
hwloc provides a portable abstraction (across OS,
versions, architectures, ...) of the hierarchical topology of
modern architectures, including NUMA memory nodes, sockets,
shared caches, cores and simultaneous multithreading. It also
gathers various attributes such as cache and memory
information. It primarily aims at helping high-performance
computing applications with gathering information about the
hardware so as to exploit it accordingly and efficiently.
hwloc may display the topology in multiple convenient
formats. It also offers a powerful programming interface to
gather information about the hardware, bind processes, and much
more.
'';
# http://www.open-mpi.org/projects/hwloc/license.php
license = licenses.bsd3;
homepage = http://www.open-mpi.org/projects/hwloc/;
maintainers = [ ];
platforms = platforms.all;
};
}

40
pkgs/intel-compiler/default.nix
View File

@@ -1,40 +0,0 @@
{
stdenv
, gcc
, iccUnwrapped
, wrapCCWith
, intelLicense
}:
let
targetConfig = stdenv.targetPlatform.config;
inherit gcc;
in wrapCCWith rec {
cc = iccUnwrapped;
extraBuildCommands = ''
echo "-B${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}" >> $out/nix-support/cc-cflags
echo "-isystem ${iccUnwrapped}/include" >> $out/nix-support/cc-cflags
echo "-isystem ${iccUnwrapped}/include/intel64" >> $out/nix-support/cc-cflags
echo "-L${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}" >> $out/nix-support/cc-ldflags
echo "-L${gcc.cc.lib}/lib" >> $out/nix-support/cc-ldflags
cat "${iccUnwrapped}/nix-support/propagated-build-inputs" >> \
$out/nix-support/propagated-build-inputs
echo "export INTEL_LICENSE_FILE=${intelLicense}" \
>> $out/nix-support/setup-hook
# Create the wrappers for icc and icpc
if [ -e $ccPath/icc ]; then
wrap icc $wrapper $ccPath/icc
fi
if [ -e $ccPath/icpc ]; then
wrap icpc $wrapper $ccPath/icpc
fi
if [ -e $ccPath/ifort ]; then
wrap ifort $wrapper $ccPath/ifort
fi
'';
}

71
pkgs/intel-compiler/icc2020.nix
View File

@@ -1,71 +0,0 @@
{ stdenv
, lib
, fetchurl
, rpmextract
, autoPatchelfHook
, gcc
, intel-mpi
}:
stdenv.mkDerivation rec {
version = "${year}.${v_a}.${v_b}";
name = "intel-compiler-${version}";
passthru = {
CC = "icc";
CXX = "icpc";
};
# From Arch Linux PKGBUILD
dir_nr="17114";
year="2020";
v_a="4";
v_b="304";
update="4";
composer_xe_dir="compilers_and_libraries_${year}.${v_a}.${v_b}";
tgz="parallel_studio_xe_2020_update${update}_professional_edition.tgz";
src = fetchurl {
url = "https://registrationcenter-download.intel.com/akdlm/irc_nas/tec/${dir_nr}/${tgz}";
sha256 = "1rn9kk5bjj0jfv853b09dxrx7kzvv8dlyzw3hl9ijx9mqr09lrzr";
};
buildInputs = [
rpmextract
autoPatchelfHook
gcc.cc.lib
gcc
intel-mpi
];
# The gcc package is required for building other programs
propagatedBuildInputs = [ gcc ];
installPhase = ''
pwd
ls -l rpm
rpmextract rpm/intel-icc-*.rpm
rpmextract rpm/intel-comp-*.rpm
rpmextract rpm/intel-c-comp-*.rpm
rpmextract rpm/intel-openmp*.rpm
rpmextract rpm/intel-ifort*.rpm
mkdir -p $out/{bin,lib,include}
pushd ./opt/intel/${composer_xe_dir}/linux/
cp -a bin/intel64/* $out/bin/
cp -a compiler/include/* $out/include/
cp -a compiler/lib/intel64_lin/* $out/lib/
ln -s lib $out/lib_lin
rm $out/lib/*.dbg
popd
'';
meta = {
homepage = "https://www.intel.com/content/www/us/en/developer/tools/overview.html";
description = "Intel compiler";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.unfree;
};
}

156
pkgs/intel-compiler/icc2021.nix
View File

@@ -1,156 +0,0 @@
{ stdenv
, lib
, fetchurl
, dpkg
, rsync
, libffi
, libelf
, libxml2
, hwloc
, autoPatchelfHook
}:
with lib;
let
getsrc = url: sha256: fetchurl { inherit url sha256; };
version = "2021.2.0";
_debpkgrel = "610";
tbbrel = "357";
# Shorhands
main = "intel-oneapi-dpcpp-cpp";
compiler = "intel-oneapi-compiler-dpcpp-cpp";
shared = "intel-oneapi-compiler-shared";
openmp = "intel-oneapi-openmp";
tbb = "intel-oneapi-tbb";
# From Arch Linux PKGBUILD:
# https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=intel-oneapi-compiler-dpcpp-cpp
debs = [
# From intel-oneapi-compiler-dpcpp-cpp
"${main}-${version}-${version}-${_debpkgrel}_amd64.deb"
"${compiler}-common-${version}-${version}-${_debpkgrel}_all.deb"
"${compiler}-runtime-${version}-${version}-${_debpkgrel}_amd64.deb"
# From intel-oneapi-compiler-shared
"${shared}-${version}-${version}-${_debpkgrel}_amd64.deb"
"${shared}-runtime-${version}-${version}-${_debpkgrel}_amd64.deb"
"${shared}-common-${version}-${version}-${_debpkgrel}_all.deb"
"${shared}-common-runtime-${version}-${version}-${_debpkgrel}_all.deb"
"${compiler}-classic-fortran-shared-runtime-${version}-${version}-${_debpkgrel}_amd64.deb"
# From intel-oneapi-openmp
"${openmp}-${version}-${version}-${_debpkgrel}_amd64.deb"
"${openmp}-common-${version}-${version}-${_debpkgrel}_all.deb"
# From intel-oneapi-tbb
"${tbb}-${version}-${version}-${tbbrel}_amd64.deb"
"${tbb}-devel-${version}-${version}-${tbbrel}_amd64.deb"
"${tbb}-common-${version}-${version}-${tbbrel}_all.deb"
"${tbb}-common-devel-${version}-${version}-${tbbrel}_all.deb"
];
apthost = "https://apt.repos.intel.com/oneapi/pool/main/";
urls = map (x: apthost + x) debs;
sums = [
# From intel-oneapi-compiler-dpcpp-cpp
"0pwsfzkazr9yf6v6lgwb3p2in6ch3rlcc9qcfarkyqn052p760kk"
"0vzsanldhs4ym4gsfn0zjqm03x53ma1zjkj24hpkhpsvlr2r069w"
"0nx62v6g0wl70lqdh7sh7gfgxbynhrrips9gpj9if60ngz6fm21m"
# From intel-oneapi-compiler-shared
"1al80pcy2r3q2r2pm04sva7rd3z6y287mkdv5jq4p5bfd8yi14d4"
"07rp0cjmbgj48wly9dm6ibxzbsanmgrsjjqr7mx688ms6qbhv314"
"1pf4xckyyhssjknhs6hwampjsz2qjlg81jw2fc441zaccwf25yf3"
"0hk0x4wq60g9wnn9j051v25zcmbasjdzp34xfvrihmcvyws0s69g"
"0dhbw8kshw4abqc9zf891z5ic0x13x3kvhk56nrqkqgcfwps9w8a"
# From intel-oneapi-openmp
"1wqy2sjwlqdh72zhfrxl9pm106hjzfdbbm98cxigbg20fb5lbv5a"
"19nbqypvqcf8c3mwriaqrmp5igjpwvwrb9mq2fxa5i40w7bhlxjl"
# From intel-oneapi-tbb
"1dpii3g861kimky0x7dqcj6hg7zb6i5kw1wgwrxdc5yxhi5slbm9"
"0bl1flm6w0w9nzrh34ig4p9qz2gbdgw9q14as2pwp8flicd8p899"
"0w3kip6q713v1xlfc10ai4v15cbwmbqrv8r1f5x6pfqdbb0bpmbv"
"0v95nmddyi0mjjdvm07w9fm3vq4a0wkx7zxlyzn2f4xg38qc5j73"
];
in
stdenv.mkDerivation {
inherit version;
name = "intel-compiler-${version}";
passthru = {
CC = "icc";
CXX = "icpc";
};
srcs = zipListsWith getsrc urls sums;
buildInputs = [
dpkg
rsync
libffi
libelf
libxml2
hwloc
autoPatchelfHook
stdenv.cc.cc.lib
];
dontBuild = true;
dontStrip = true;
# The gcc package is required for building other programs
#propagatedBuildInputs = [ gcc ];
unpackCmd = ''
dpkg -x $curSrc .
'';
# FIXME: Some dependencies are missing
autoPatchelfIgnoreMissingDeps = true;
#autoPatchelfIgnoreMissingDeps = [ "*" ];
# Compiler
installPhase = ''
mkdir -p $out/{bin,lib,include}
pushd intel/oneapi/compiler/${version}/linux
# Binaries
rsync -a bin/ $out/bin/
rsync -a bin/intel64/ $out/bin/
# Libraries
rsync -a --exclude=oclfpga lib/ $out/lib/
rsync -a compiler/lib/intel64_lin/ $out/lib/
# Headers
rsync -a include/ $out/include/
rsync -a compiler/include/ $out/include/
popd
# TBB
pushd intel/oneapi/tbb/${version}
# Libraries
rsync -a lib/intel64/gcc4.8/ $out/lib/
# Headers
rsync -a include/ $out/include/
popd
'';
meta = {
homepage = "https://www.intel.com/content/www/us/en/developer/tools/overview.html";
description = "Intel compiler";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.unfree;
};
}

39
pkgs/intel-compiler/license.nix
View File

@@ -1,39 +0,0 @@
{ stdenv
, requireFile
}:
stdenv.mkDerivation rec {
name = "intel-compiler-license";
version = "2019.7.217";
src = requireFile {
name = "license.lic";
sha256 = "0rgmsqkhpqcfny8j7msa4sgz3prhh248ylh69gjh12dkra77prsj";
message = ''
The Intel Compiler requires a license. You can get one (free of charge) if
you meet the requeriments at the website:
https://software.intel.com/content/www/us/en/develop/articles/qualify-for-free-software.html#opensourcecontributor
Or you can use your own license. Add it to the store with:
$ nix-store --add-fixed sha256 license.lic
/nix/store/2p9v0nvsl3scshjx348z6j32rh7ac0db-license.lic
Notice that the name must match exactly "license.lic".
Then update the hash in the bsc/intel-compiler/license.nix file using the
nix-hash command with:
$ nix-hash --type sha256 --base32 --flat /nix/store/2p9v0nvsl3scshjx348z6j32rh7ac0db-license.lic
06g2xgm1lch6zqfkhb768wacdx46kf61mfvj5wfpyssw0anr0x9q
'';
};
dontUnpack = true;
installPhase = ''
mkdir -p $out
cp $src $out/
'';
}

29
pkgs/intel-compiler/wrapper2021.nix
View File

@@ -1,29 +0,0 @@
{
stdenv
, gcc
, iccUnwrapped
, wrapCCWith
}:
let
targetConfig = stdenv.targetPlatform.config;
inherit gcc;
in wrapCCWith rec {
cc = iccUnwrapped;
extraBuildCommands = ''
echo "-B${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}" >> $out/nix-support/cc-cflags
echo "-isystem ${iccUnwrapped}/include" >> $out/nix-support/cc-cflags
echo "-isystem ${iccUnwrapped}/include/icc" >> $out/nix-support/cc-cflags
echo "-isystem ${gcc.cc}/include/c++/${gcc.version}" >> $out/nix-support/cc-cflags
echo "-isystem ${gcc.cc}/include/c++/${gcc.version}/${targetConfig}" >> $out/nix-support/cc-cflags
echo "-L${iccUnwrapped}/lib" >> $out/nix-support/cc-ldflags
echo "-L${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}" >> $out/nix-support/cc-ldflags
echo "-L${gcc.cc.lib}/lib" >> $out/nix-support/cc-ldflags
# Create the wrappers for icx*
wrap lld $wrapper $ccPath/lld
wrap icx $wrapper $ccPath/icx
wrap icpx $wrapper $ccPath/icpx
'';
}

113
pkgs/intel-mpi/default.nix
View File

@@ -1,113 +0,0 @@
{ stdenv
, lib
, rpmextract
, gcc
, zlib
, ucx
, numactl
, rdma-core
, libpsm2
, patchelf
, autoPatchelfHook
, enableDebug ? false
# The _mt version seems to cause seg-faults and deadlocks with the libpsm2
# provider library with programs that call the MPI library without any locking
# mechanism. See https://pm.bsc.es/gitlab/rarias/bscpkgs/-/issues/28. By
# default, we use the non-mt variant, which provides a big lock. If you want to
# use it, take a look at the I_MPI_THREAD_SPLIT env-var as well.
, enableMt ? false
}:
let
lib_variant = (if enableDebug then "debug" else "release");
# See https://software.intel.com/content/www/us/en/develop/documentation/mpi-developer-reference-linux/top/environment-variable-reference/other-environment-variables.html
lib_mt = (if enableMt then "_mt" else "");
lib_name = "${lib_variant}${lib_mt}";
in
stdenv.mkDerivation rec {
name = "intel-mpi-${version}";
version = "2019.10.317";
dir_nr = "17534";
src = builtins.fetchTarball {
url = "http://registrationcenter-download.intel.com/akdlm/irc_nas/tec/${dir_nr}/l_mpi_${version}.tgz";
sha256 = "00nimgqywr20dv1ns5kg4r8539gvharn0xfj48i7mhbg8kwf8s08";
};
buildInputs = [
rpmextract
autoPatchelfHook
gcc.cc.lib
zlib
ucx
numactl
rdma-core
libpsm2
patchelf
];
postUnpack = ''
pushd $sourceRoot
rpmextract rpm/intel-mpi-*.rpm
# Predictable name
mv opt/intel/compilers_and_libraries_* opt/intel/compilers_and_libraries
popd
sourceRoot="$sourceRoot/opt/intel/compilers_and_libraries/linux/mpi/intel64"
'';
patches = [
./mpicc.patch
./mpicxx.patch
];
postPatch = ''
for i in bin/mpi* ; do
echo "Fixing paths in $i"
sed -i "s:I_MPI_SUBSTITUTE_INSTALLDIR:$out:g" "$i"
done
'';
dontBuild = true;
installPhase = ''
mkdir -p $out
mv etc $out
mv bin $out
mv include $out
mkdir $out/lib
cp -a lib/lib* $out/lib
cp -a lib/${lib_name}/lib* $out/lib
cp -a libfabric/lib/* $out/lib
cp -a libfabric/lib/prov/* $out/lib
cp -a libfabric/bin/* $out/bin
ln -s . $out/intel64
rm $out/lib/libmpi.dbg
# Fixup Intel PSM2 library missing (now located at PSMX2)
ln -s $out/lib/libpsmx2-fi.so $out/lib/libpsm2-fi.so
'';
dontAutoPatchelf = true;
# The rpath of libfabric.so bundled with Intel MPI is patched to include the
# rdma-core lib path, as is required for dlopen to find the rdma components.
# TODO: Try the upstream libfabric library with rdma support, so we can avoid
# this hack.
postFixup = ''
autoPatchelf -- $out
patchelf --set-rpath "$out/lib:${rdma-core}/lib:${libpsm2}/lib" $out/lib/libfabric.so
echo "Patched RPATH in libfabric.so to: $(patchelf --print-rpath $out/lib/libfabric.so)"
'';
meta = {
homepage = "https://www.intel.com/content/www/us/en/developer/tools/overview.html";
description = "Intel MPI";
maintainers = with lib.maintainers.bsc; [ rarias ];
platforms = lib.platforms.linux;
license = lib.licenses.unfree;
};
}

20
pkgs/intel-mpi/mpicc.patch
View File

@@ -1,20 +0,0 @@
--- a/bin/mpicc 2021-02-04 18:15:11.233632360 +0100
+++ b/bin/mpicc 2021-02-05 09:33:49.493598479 +0100
@@ -50,7 +50,7 @@
if [ x"$opt_args" == x"" ]; then
case "${compiler_short_name}" in
icc|icx) "$dir"/mpiicc -cc=$compiler_name "$@" ;;
- cc|*gcc*|clang*) "$dir"/mpigcc -cc=$compiler_name "$@" ;;
+ cc|*gcc*|clang*|mcc|echo) "$dir"/mpigcc -cc=$compiler_name "$@" ;;
mpicc) "$dir"/mpigcc "$@" ;;
*)
echo "Error: unsupported compiler name '$compiler_name'."
@@ -60,7 +60,7 @@
else
case "${compiler_short_name}" in
icc|icx) "$dir"/mpiicc -cc=$compiler_name "$@" $opt_args ;;
- cc|*gcc*|clang*) "$dir"/mpigcc -cc=$compiler_name "$@" $opt_args ;;
+ cc|*gcc*|clang*|mcc|echo) "$dir"/mpigcc -cc=$compiler_name "$@" $opt_args ;;
mpicc) "$dir"/mpigcc "$@" $opt_args ;;
*)
echo "Error: unsupported compiler name '$compiler_name'."

20
pkgs/intel-mpi/mpicxx.patch
View File

@@ -1,20 +0,0 @@
--- a/bin/mpicxx 2021-02-04 18:15:11.233632360 +0100
+++ b/bin/mpicxx 2021-02-05 09:36:21.396922569 +0100
@@ -50,7 +50,7 @@
if [ x"$opt_args" == x"" ]; then
case "${compiler_short_name}" in
icc|icpc|dpcpp) "$dir"/mpiicpc -cxx=$compiler_name "$@" ;;
- *g++*) "$dir"/mpigxx -cxx=$compiler_name "$@" ;;
+ *g++*|clang*++|mcxx|echo) "$dir"/mpigxx -cxx=$compiler_name "$@" ;;
mpicxx) "$dir"/mpigxx "$@" ;;
*)
echo "Error: unsupported compiler name '$compiler_name'."
@@ -60,7 +60,7 @@
else
case "${compiler_short_name}" in
icc|icpc|dpcpp) "$dir"/mpiicpc -cxx=$compiler_name "$@" $opt_args ;;
- *g++*) "$dir"/mpigxx -cxx=$compiler_name "$@" $opt_args ;;
+ *g++*|clang*++|mcxx|echo) "$dir"/mpigxx -cxx=$compiler_name "$@" $opt_args ;;
mpicxx) "$dir"/mpigxx "$@" $opt_args ;;
*)
echo "Error: unsupported compiler name '$compiler_name'."

59
pkgs/intel-oneapi/deb/2023.nix → pkgs/intel-oneapi/2023.nix
View File

@@ -10,7 +10,7 @@
, zlib
, autoPatchelfHook
, libfabric
, gcc
, gcc13
, wrapCCWith
}:
@@ -33,6 +33,8 @@ let
maintainers = with lib.maintainers.bsc; [ abonerib ];
};
gcc = gcc13;
v = {
hpckit = "2023.1.0";
compiler = "2023.1.0";
@@ -40,19 +42,45 @@ let
mpi = "2021.9.0";
};
findMatch = name:
let
aptPackages = builtins.fromJSON (builtins.readFile ./packages.json);
matches = lib.filter (x: name == x.pname) aptPackages;
n = lib.length matches;
match = builtins.traceVerbose (name + " -- ${builtins.toString n}") (builtins.head matches);
aptPackageIndex = stdenv.mkDerivation {
name = "intel-oneapi-packages";
srcs = [
# Run update.sh to update the package lists
./amd64-packages ./all-packages
];
phases = [ "installPhase" ];
installPhase = ''
awk -F': ' '\
BEGIN { print "[ {" } \
NR>1 && /^Package: / { print "} {"; } \
/: / { printf "%s = \"%s\";\n", $1, $2 } \
END { print "} ]" }' $srcs > $out
'';
};
apthost = "https://apt.repos.intel.com/oneapi/";
aptPackages = import aptPackageIndex;
apthost = "https://apt.repos.intel.com/oneapi/";
getSum = pkgList: name:
let
matches = lib.filter (x: name == x.Package) pkgList;
#n = lib.length matches;
#match = builtins.trace (name + " -- ${builtins.toString n}") (lib.elemAt matches 0);
match = lib.elemAt matches 0;
in
{
url = apthost + match.filename;
sha256 = match.sha256;
};
match.SHA256;
getUrl = pkgList: name:
let
matches = lib.filter (x: name == x.Package) pkgList;
#match = assert lib.length matches == 1; lib.elemAt matches 0;
n = lib.length matches;
match =
#builtins.trace (name + " -- n=${builtins.toString n}")
(lib.elemAt matches 0);
in
apthost + match.Filename;
uncompressDebs = debs: name: stdenv.mkDerivation {
name = name;
@@ -72,7 +100,10 @@ let
joinDebs = name: names:
let
debs = builtins.map (x: builtins.fetchurl (findMatch x)) names;
urls = builtins.map (x: getUrl aptPackages x) names;
sums = builtins.map (x: getSum aptPackages x) names;
getsrc = url: sha256: builtins.fetchurl { inherit url sha256; };
debs = lib.zipListsWith getsrc urls sums;
in
uncompressDebs debs "${name}-source";
@@ -441,7 +472,7 @@ let
'';
};
ifort-wrapper = wrapIntel {
ifort-wrapper = wrapIntel rec {
cc = intel-compiler-fortran;
mygcc = gcc;
extraBuild = ''

8769
pkgs/intel-oneapi/all-packages Normal file
View File

File diff suppressed because it is too large Load Diff

34075
pkgs/intel-oneapi/amd64-packages Normal file
View File

File diff suppressed because it is too large Load Diff

73
pkgs/intel-oneapi/common/wrapper.nix
View File

@@ -1,73 +0,0 @@
{
stdenv,
lib,
gcc,
libgcc,
overrideCC,
wrapCCWith,
}:
{
cc,
extraPath ? lib.makeBinPath (
[ gcc.cc ] ++ (lib.optionals (cc.enableCuda or false) [ cc.cudaPackages.cudatoolkit ])
),
extraBuildCommands ? "",
extraInstallCommands ? "",
}:
let
targetConfig = stdenv.targetPlatform.config;
in
(wrapCCWith {
inherit cc;
nixSupport = {
cc-ldflags = [
"-L${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}"
"-L${gcc.cc.lib}/lib"
"-L${libgcc.out}/lib"
"-L${gcc.libc}/lib"
"-L${cc}/lib"
];
cc-cflags = [
"--gcc-toolchain=${gcc.cc}"
"-isystem ${cc.original or cc}/lib/clang/${toString cc.llvmMajorVersion}/include"
"-isystem ${cc}/include"
"-isystem ${cc}/include/intel64"
"-isystem ${gcc.cc}/lib/gcc/${targetConfig}/${gcc.version}/include"
];
libcxx-cxxflags = [
"-isystem ${gcc.cc}/include/c++/${gcc.version}"
"-isystem ${gcc.cc}/include/c++/${gcc.version}/${targetConfig}"
];
};
extraBuildCommands = ''
# FIXME: We should find a better way to modify the PATH instead of using
# this ugly hack. See https://jungle.bsc.es/git/rarias/bscpkgs/issues/9
echo 'path_backup="${extraPath}:$path_backup"' >>$out/nix-support/cc-wrapper-hook
# Disable hardening by default
echo "" > $out/nix-support/add-hardening.sh
pushd $ccPath
for i in $ {llvm,sycl}-* ; do
ln -s $ccPath/$i $out/bin/$i
done
popd
# Use this to detect when a compiler subprocess is called
# from icpx (--fsycl-host-compiler)
echo 'export NIX_CC_WRAPPER_INTEL=1' >>$out/nix-support/cc-wrapper-hook
# oneMath looks for sycl libraries in bin/../lib
ln -s ${cc}/lib $out/lib
ln -s ${cc}/include $out/include
''
+ extraBuildCommands;
}).overrideAttrs
(finalAttrs: prevAttrs: {
installPhase = prevAttrs.installPhase + extraInstallCommands;
passthru.stdenv = overrideCC stdenv finalAttrs.finalPackage;
})

1
pkgs/intel-oneapi/deb/packages.json
View File

File diff suppressed because one or more lines are too long

301
pkgs/intel-oneapi/deb/packages.nix
View File

@@ -1,301 +0,0 @@
{
lib,
stdenv,
callPackage,
dpkg,
fetchurl,
sqlite,
elfutils,
}:
let
inherit (builtins)
attrNames
attrValues
concatMap
elem
filter
fromJSON
getAttr
groupBy
head
isNull
listToAttrs
map
mapAttrs
readFile
replaceStrings
splitVersion
;
inherit (lib)
converge
findFirst
groupBy'
hasPrefix
optional
pipe
take
toInt
toList
versionAtLeast
versionOlder
;
aptData = fromJSON (readFile ./packages.json);
# Compare versions in debian control file syntax
# See: https://www.debian.org/doc/debian-policy/ch-relationships.html#syntax-of-relationship-fields
#
# NOTE: this is not a proper version comparison
#
# A proper version solver, should aggregate dependencies with the same name
# and compute the constraint (e.g. a (>= 2) a (<< 5) -> 2 <= a << 5)
#
# But in the intel repo, there are no such "duplicated" dependencies to specify
# upper limits, which leads to issues when intel-hpckit-2021 depends on things
# like intel-basekit >= 2021.1.0-2403 and we end up installing the newest
# basekit instead of the one from 2021.
#
# To mitigate this, >= is set to take the latest version with matching major
# and minor (only revision and patch are allowed to change)
compareVersions =
got: kind: want:
let
g0 = take 2 (splitVersion got);
w0 = take 2 (splitVersion want);
in
if isNull want then
true
else if kind == "=" then
got == want
else if kind == "<<" then
versionOlder got want
else if kind == "<=" then
versionAtLeast want got
else if kind == ">>" then
versionOlder want got
else if kind == ">=" then
(g0 == w0) && versionAtLeast got want # always match major version
else
throw "unknown operation: ${kind}";
findMatching =
{
pname,
kind,
version,
}:
findFirst (x: pname == x.pname && compareVersions x.version kind version) null aptData;
isIntel = pkg: (hasPrefix "intel-" pkg.pname);
expandDeps =
pkg: (map findMatching (filter isIntel pkg.dependencies)) ++ (optional (pkg.size != 0) pkg);
# get the oldest by major version. If they have the same major version, take
# the newest. This prevents most issues with resolutions
# versionOlder b a -> true if b is older than a (b `older` a)
getNewerInMajor =
a: b:
let
va = a.version;
vb = b.version;
va0 = head (splitVersion va);
vb0 = head (splitVersion vb);
in
if isNull a then
b
else if va0 != vb0 then
if va0 > vb0 then b else a
else if versionOlder vb va then
a
else
b;
removeDups = l: attrValues (groupBy' getNewerInMajor null (getAttr "provides") l);
_resolveDeps = converge (l: removeDups (concatMap expandDeps l));
resolveDeps =
pkg:
let
deps = _resolveDeps (toList pkg);
namedDeps = (map (x: "${x.pname}-${x.version}") deps);
in
builtins.traceVerbose (builtins.deepSeq namedDeps namedDeps) deps;
blacklist = [
"intel-basekit-env"
"intel-basekit-getting-started"
"intel-hpckit-env"
"intel-hpckit-getting-started"
"intel-oneapi-advisor"
"intel-oneapi-common-licensing"
"intel-oneapi-common-oneapi-vars"
"intel-oneapi-common-vars"
"intel-oneapi-compiler-cpp-eclipse-cfg"
"intel-oneapi-compiler-dpcpp-eclipse-cfg"
"intel-oneapi-condaindex"
"intel-oneapi-dev-utilities-eclipse-cfg"
"intel-oneapi-dpcpp-ct-eclipse-cfg"
"intel-oneapi-eclipse-ide"
"intel-oneapi-hpc-toolkit-getting-started"
"intel-oneapi-icc-eclipse-plugin-cpp"
"intel-oneapi-vtune"
"intel-oneapi-vtune-eclipse-plugin-vtune"
];
isInBlacklist = pkg: elem pkg.provides blacklist;
removeBlacklist = filter (e: !(isInBlacklist e));
dpkgExtractAll =
pname: version:
{ srcs, deps }:
stdenv.mkDerivation {
inherit pname version srcs;
nativeBuildInputs = [ dpkg ];
phases = [ "installPhase" ];
passthru = { inherit deps; };
installPhase = ''
mkdir -p $out
for src in $srcs; do
echo "Unpacking $src"
dpkg -x $src $out
done
'';
};
apthost = "https://apt.repos.intel.com/oneapi/";
fetchDeb =
p:
fetchurl {
url = apthost + p.filename;
inherit (p) sha256;
};
buildIntel =
pkg:
pipe pkg [
resolveDeps
removeBlacklist
(l: {
srcs = map fetchDeb l;
deps = l;
})
(dpkgExtractAll "${pkg.provides}-extracted" pkg.version)
];
findHpcKit =
year:
findMatching {
pname = "intel-hpckit";
kind = "<<";
version = toString (year + 1);
};
years = map toInt (attrNames components);
patchIntel = callPackage ./patch_intel.nix { };
# Version information for each hpckit. This is used to normalize the paths
# so that files are in $out/{bin,lib,include...} instead of all over the place
# in $out/opt/intel/oneapi/*/*/{...}.
#
# The most important is the compiler component, which is used to build the
# stdenv for the hpckit.
#
# NOTE: this have to be manually specified, so we can avoid IFD. To add a
# new version, add a new field with an empty attrset, (e.g. "2026" = {}; ),
# build hpckit_2026.unpatched and use the values from
# result/opt/intel/oneapi/* to populate the attrset.
#
# WARN: if there are more than one version in the folders of the unpatched
# components, our dependency resolution hacks have probably failed and the
# package set may be broken.
components = {
"2025" = {
ishmem = "1.4";
pti = "0.13";
tcm = "1.4";
umf = "0.11";
ccl = "2021.16";
compiler = "2025.2";
dal = "2025.8";
debugger = "2025.2";
dev-utilities = "2025.2";
dnnl = "2025.2";
dpcpp-ct = "2025.2";
dpl = "2022.9";
ipp = "2022.2";
ippcp = "2025.2";
mkl = "2025.2";
mpi = "2021.16";
tbb = "2022.2";
llvmMajorVersion = 21;
};
"2024" = {
tcm = "1.1";
ccl = "2021.13";
compiler = "2024.2";
dal = "2024.6";
debugger = "2024.2";
dev-utilities = "2024.2";
diagnostics = "2024.2";
dnnl = "2024.2";
dpcpp-ct = "2024.2";
dpl = "2022.6";
ipp = "2021.12";
ippcp = "2021.12";
mkl = "2024.2";
mpi = "2021.13";
tbb = "2021.13";
llvmMajorVersion = 19;
extraPackages = [
sqlite
elfutils
];
};
};
replaceDots = replaceStrings [ "." ] [ "_" ];
in
lib.recurseIntoAttrs (
listToAttrs (
map (
year:
let
year_str = toString year;
in
{
name = "hpckit_${year_str}";
value = patchIntel {
unpatched = buildIntel (findHpcKit year);
components = components.${year_str};
};
}
) years
)
)
// {
apt = pipe aptData [
(groupBy (p: replaceDots p.provides))
(mapAttrs (
_: l:
listToAttrs (
map (pkg: {
name = replaceDots ("v" + pkg.version);
value = pkg;
}) l
)
))
];
inherit resolveDeps patchIntel buildIntel;
}

156
pkgs/intel-oneapi/deb/patch_intel.nix
View File

@@ -1,156 +0,0 @@
{
stdenv,
stdenvNoCC,
lib,
symlinkJoin,
autoPatchelfHook,
wrapIntel,
overrideCC,
hwloc,
libelf,
libffi_3_3,
libpsm2,
libuuid,
libxml2,
numactl,
ocl-icd,
openssl,
python3,
rdma-core,
ucx,
zlib,
writeTextFile,
}:
lib.makeOverridable (
{
unpatched,
components ? { },
extraPackages ? components.extraPackages or [ ],
}:
let
inherit (builtins)
attrValues
filter
mapAttrs
removeAttrs
;
inherit (components) llvmMajorVersion;
__components = removeAttrs components [
"extraPackages"
"llvmMajorVersion"
];
_components = __components;
# _components = lib.traceSeqN 2 {
# inherit unpatched __components;
# deps = builtins.map (x: "${x.pname}-${x.version}") unpatched.deps;
# } __components;
in
stdenvNoCC.mkDerivation (finalAttrs: {
pname = lib.removeSuffix "-extracted" unpatched.pname;
inherit (unpatched) version;
src = unpatched;
phases = [
"installPhase"
"fixupPhase"
];
buildInputs = [
libffi_3_3
libelf
libxml2
hwloc
numactl
libuuid
libpsm2
zlib
ocl-icd
rdma-core
ucx
openssl
python3
stdenv.cc.cc.lib
]
++ extraPackages;
autoPatchelfIgnoreMissingDeps = [
"libhwloc.so.5"
"libcuda.so.1"
"libze_loader.so.1"
];
# There are broken symlinks that go outside packages, ignore them
dontCheckForBrokenSymlinks = true;
nativeBuildInputs = [ autoPatchelfHook ];
installPhase = ''
cp -r $src/opt/intel/oneapi/ $out
'';
passthru =
let
pkgs = mapAttrs (
folder: version:
let
original = "${finalAttrs.finalPackage}/${folder}/${version}";
etc-vendors = writeTextFile {
name = "intel-ocl-icd";
text = "${original}/lib/libintelocl.so";
destination = "/etc/OpenCL/vendors/intel.icd";
};
in
symlinkJoin {
pname = "intel-${folder}";
inherit version;
paths = [ original ] ++ lib.optionals (folder == "compiler") [ etc-vendors ];
passthru = { inherit original llvmMajorVersion; };
}
) _components;
in
pkgs
// {
inherit unpatched;
pkgs = lib.recurseIntoAttrs pkgs;
components = _components;
# This contains all packages properly symlinked into toplevel directories
# in $out.
#
# NOTE: there are clashes with packages that have symlinks outside their
# scope (libtcm and env/vars.sh)
all = symlinkJoin {
pname = finalAttrs.finalPackage.pname + "-symlinked";
inherit (finalAttrs.finalPackage) version;
paths = filter lib.isDerivation (attrValues finalAttrs.finalPackage.pkgs);
};
stdenv = overrideCC stdenv finalAttrs.finalPackage.cc;
cc = wrapIntel {
cc = finalAttrs.finalPackage.pkgs.compiler;
extraBuildCommands = ''
wrap icx $wrapper $ccPath/icx
wrap icpx $wrapper $ccPath/icpx
wrap ifx $wrapper $ccPath/ifx
ln -s $out/bin/icpx $out/bin/c++
ln -s $out/bin/icx $out/bin/cc
sed -i 's/.*isCxx=0/isCxx=1/' $out/bin/icpx
'';
extraInstallCommands = ''
export named_cc="icx"
export named_cxx="icpx"
export named_fc="ifx"
'';
};
};
})
)

29
pkgs/intel-oneapi/deb/process.jq
View File

@@ -1,29 +0,0 @@
#!/usr/bin/env -S jq -f
def extract_fields: {
pname : .Package,
version : .Version,
provides : .Package | sub("[0-9.-]*$"; ""),
filename : .Filename,
size : ."Installed-Size" | tonumber,
sha256 : .SHA256,
dependencies : .Depends,
} ;
# parses dependencies into a list of [{.pname, .kind, .version}]
# some dependencies do not have a version specified, in which case, kind = version = null
#
# example dependencies:
# intel-oneapi-common-vars (>= 2023.0.0-25325), intel-oneapi-common-licensing-2023.0.0
def split_dependencies : map(try(.dependencies |= split(",\\s?"; "")) // .dependencies |= []) ;
def match_version : capture("(?<pname>[a-zA-Z0-9_\\-.]*) *(\\((?<kind>[<>=]*) *(?<version>.*)\\))?"; "") ;
def parse_dependencies : map_values(.dependencies.[] |= match_version) ;
def sort_version_decreasing : sort_by(.version | split("[-.]"; "") | map(tonumber)) | reverse ;
map(extract_fields) | split_dependencies | parse_dependencies | sort_version_decreasing
# [.[] | select(.pname == "intel-hpckit") | .version]

29
pkgs/intel-oneapi/deb/toJson.awk
View File

@@ -1,29 +0,0 @@
#!/usr/bin/env -S awk -f
BEGIN {
FS=": "
prev_empty=1
t=" "
print "[ {"
}
!NF { # empty line, update separator so next non empty line closes the dict
prev_empty=1
t="},\n{ "
next # skip line (we won't match anything else)
}
{
printf t "\"%s\" : \"%s\"\n", $1, $2
if (prev_empty) {
# we were the first after a group of empty lines, following ones have to
# have a comma
prev_empty=0
t=", "
}
}
END { print "} ]" }

11
pkgs/intel-oneapi/deb/update.sh
View File

@@ -1,11 +0,0 @@
#!/bin/sh
out_64=$(mktemp intel-api.64.XXXXXX)
out_all=$(mktemp intel-api.all.XXXXXX)
trap 'rm -f "$out_64" "$out_all"' EXIT INT HUP
curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-amd64/Packages -o "$out_64"
curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-all/Packages -o "$out_all"
# NOTE: we use `jq -r tostring` to minify the json (3.2Mb -> 2.3Mb)
cat "$out_64" "$out_all" | ./toJson.awk | ./process.jq | jq -r tostring >packages.json

246
pkgs/intel-oneapi/open/default.nix
View File

@@ -1,246 +0,0 @@
{
stdenv,
lib,
ninja,
autoAddDriverRunpath,
wrapCC,
cmake,
emhash,
fetchFromGitHub,
khronos-ocl-icd-loader,
libbacktrace,
opencl-headers,
parallel-hashmap,
perl,
pkg-config,
python3,
spirv-headers,
spirv-tools,
symlinkJoin,
zlib,
config,
cudaPackages ? null,
enableCuda ? config.cudaSupport,
}:
let
llvmMajorVersion = "21";
version = "6.2.1";
src = fetchFromGitHub {
owner = "intel";
repo = "llvm";
tag = "v${version}";
sha256 = "sha256-j8+DmGKO0qDF5JjH+DlkLKs1kBz6dS7ukwySd/Crqv0=";
};
pinned = {
inherit parallel-hashmap;
vc-intrinsics.src = fetchFromGitHub {
owner = "intel";
repo = "vc-intrinsics";
rev = "4e51b2467104a257c22788e343dafbdde72e28bb";
sha256 = "sha256-AHXeKbih4bzmcuu+tx2TeS7Ixmk54uS1vKFVxI6ZP8g=";
};
unified-memory-framework.src = fetchFromGitHub {
owner = "oneapi-src";
repo = "unified-memory-framework";
tag = "v0.11.0";
sha256 = "sha256-k8QdP2u1QOoeCZ6ps4sM8+1iZq/H3q0lqCfVk8mz9KI=";
};
ocl-headers = opencl-headers.overrideAttrs {
version = "2024.10.24";
src = fetchFromGitHub {
owner = "KhronosGroup";
repo = "OpenCL-Headers";
tag = "v2024.10.24";
sha256 = "sha256-KDlruE0IG8d+lAChxYyc6dg5XOvqCMrMyO69sdAzejA=";
};
};
ocl-icd = khronos-ocl-icd-loader;
spirv-headers = spirv-headers.overrideAttrs {
version = "1.4.309.0";
src = fetchFromGitHub {
owner = "KhronosGroup";
repo = "SPIRV-Headers";
tag = "vulkan-sdk-1.4.309.0";
sha256 = "sha256-Q1i6i5XimULuGufP6mimwDW674anAETUiIEvDQwvg5Y=";
};
};
};
fetchcontent_cmakeFlags = lib.mapAttrsToList (
name: value: (lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_${lib.toUpper name}" (toString value.src))
) pinned;
# Hack to fix #include <emhash/...>
emhash' = symlinkJoin {
name = "emhash";
paths = [ emhash ];
postBuild = ''
pushd $out/include
ln -s . emhash
popd
'';
};
in
stdenv.mkDerivation {
pname = "intel-llvm";
inherit src version;
enableParallelBuilding = true;
strictDeps = true;
nativeBuildInputs = [
perl
cmake
ninja
pkg-config
python3
spirv-tools
]
++ lib.optionals enableCuda [
autoAddDriverRunpath
cudaPackages.cuda_nvcc
];
buildInputs = [
emhash'
libbacktrace
zlib
pinned.ocl-icd
pinned.ocl-headers
pinned.spirv-headers
]
++ lib.optionals enableCuda [
cudaPackages.cudatoolkit
];
patches = [ ./fix-ur.patch ]; # Has been fixed in next release
preBuild = ''
chmod -R u+w /build/source
'';
cmakeDir = "../llvm";
cmakeFlags =
let
cmakeList = name: l: lib.cmakeOptionType "list" name (builtins.concatStringsSep ";" l);
LLVM_EXTERNAL_PROJECTS = [
"sycl"
"llvm-spirv"
"opencl"
"xpti"
"xptifw"
"compiler-rt"
"sycl-jit"
"libdevice"
]
++ lib.optionals enableCuda [
"libclc"
];
in
[
(lib.cmakeBool "LLVM_ENABLE_ASSERTIONS" true)
(cmakeList "LLVM_TARGETS_TO_BUILD" (
[
"host"
"SPIRV"
]
++ lib.optionals enableCuda [ "NVPTX" ]
))
(cmakeList "LLVM_EXTERNAL_PROJECTS" LLVM_EXTERNAL_PROJECTS)
(cmakeList "LLVM_ENABLE_PROJECTS" ([ "clang" ] ++ LLVM_EXTERNAL_PROJECTS))
(lib.cmakeBool "UR_USE_EXTERNAL_UMF" false)
(lib.cmakeOptionType "path" "UR_OPENCL_INCLUDE_DIR" (toString pinned.ocl-headers))
(lib.cmakeOptionType "path" "UR_OPENCL_ICD_LOADER_LIBRARY" (toString pinned.ocl-icd))
(lib.cmakeFeature "UR_OPENCL_ICD_LOADER_LIBRARY" (toString pinned.ocl-icd))
(lib.cmakeBool "BUILD_SHARED_LIBS" false)
(lib.cmakeBool "LLVM_BUILD_TOOLS" true)
(lib.cmakeBool "LLVM_ENABLE_ZSTD" true)
(lib.cmakeBool "LLVM_USE_STATIC_ZSTD" true)
(lib.cmakeBool "LLVM_ENABLE_DOXYGEN" false)
(lib.cmakeBool "LLVM_ENABLE_LLD" false)
(lib.cmakeBool "LLVM_ENABLE_SPHINX" false)
(lib.cmakeBool "LLVM_SPIRV_ENABLE_LIBSPIRV_DIS" false)
(lib.cmakeBool "SYCL_ENABLE_WERROR" false)
(lib.cmakeBool "SYCL_INCLUDE_TESTS" false)
(lib.cmakeBool "SYCL_ENABLE_EXTENSION_JIT" true)
(lib.cmakeBool "SYCL_ENABLE_MAJOR_RELEASE_PREVIEW_LIB" false)
(lib.cmakeBool "SYCL_ENABLE_XPTI_TRACING" true)
(lib.cmakeBool "XPTI_ENABLE_WERROR" false)
(cmakeList "SYCL_ENABLE_BACKENDS" ([ "opencl" ] ++ lib.optionals enableCuda [ "cuda" ]))
]
++ fetchcontent_cmakeFlags
++ lib.optionals enableCuda [
(lib.cmakeOptionType "list" "LIBCLC_TARGETS_TO_BUILD" "nvptx64--nvidiacl")
(lib.cmakeBool "LIBCLC_GENERATE_REMANGLED_VARIANTS" true)
(lib.cmakeBool "LIBCLC_NATIVECPU_HOST_TARGET" false)
];
hardeningDisable = [ "zerocallusedregs" ];
postPatch =
let
# See the postPatch phase for details on why this is used
ccWrapperStub = wrapCC (
stdenv.mkDerivation {
name = "ccWrapperStub";
dontUnpack = true;
installPhase = ''
mkdir -p $out/bin
cat > $out/bin/clang-${llvmMajorVersion} <<'EOF'
#!/bin/sh
exec "$NIX_BUILD_TOP/source/build/bin/clang-${llvmMajorVersion}" "$@"
EOF
chmod +x $out/bin/clang-${llvmMajorVersion}
cp $out/bin/clang-${llvmMajorVersion} $out/bin/clang
cp $out/bin/clang-${llvmMajorVersion} $out/bin/clang++
'';
passthru.isClang = true;
}
);
in
''
# Parts of libdevice are built using the freshly-built compiler.
# As it tries to link to system libraries, we need to wrap it with the
# usual nix cc-wrapper.
# Since the compiler to be wrapped is not available at this point,
# we use a stub that points to where it will be later on
# in `$NIX_BUILD_TOP/source/build/bin/clang-${llvmMajorVersion}`
substituteInPlace libdevice/cmake/modules/SYCLLibdevice.cmake \
--replace-fail "\''${clang_exe}" "${ccWrapperStub}/bin/clang++"
'';
passthru = {
inherit llvmMajorVersion;
inherit enableCuda cudaPackages;
};
meta = {
homepage = "https://github.com/intel/llvm";
description = "Intel staging area for llvm.org contribution";
maintainers = with lib.maintainers.bsc; [ abonerib ];
platforms = lib.platforms.linux;
license = [
lib.licenses.asl20
lib.licenses.llvm-exception
];
};
}

23
pkgs/intel-oneapi/open/fix-ur.patch
View File

@@ -1,23 +0,0 @@
diff --git a/unified-runtime/source/adapters/cuda/CMakeLists.txt b/unified-runtime/source/adapters/cuda/CMakeLists.txt
index a8401c71a..2ab363926 100644
--- a/unified-runtime/source/adapters/cuda/CMakeLists.txt
+++ b/unified-runtime/source/adapters/cuda/CMakeLists.txt
@@ -62,14 +62,14 @@ add_library(cudadrv SHARED IMPORTED GLOBAL)
if (WIN32)
set_target_properties(
cudadrv PROPERTIES
- IMPORTED_IMPLIB ${CUDA_cuda_driver_LIBRARY}
- INTERFACE_INCLUDE_DIRECTORIES ${CUDAToolkit_INCLUDE_DIRS}
+ IMPORTED_IMPLIB "${CUDA_cuda_driver_LIBRARY}"
+ INTERFACE_INCLUDE_DIRECTORIES "${CUDAToolkit_INCLUDE_DIRS}"
)
else()
set_target_properties(
cudadrv PROPERTIES
- IMPORTED_LOCATION ${CUDA_cuda_driver_LIBRARY}
- INTERFACE_INCLUDE_DIRECTORIES ${CUDAToolkit_INCLUDE_DIRS}
+ IMPORTED_LOCATION "${CUDA_cuda_driver_LIBRARY}"
+ INTERFACE_INCLUDE_DIRECTORIES "${CUDAToolkit_INCLUDE_DIRS}"
)
endif()

4
pkgs/intel-oneapi/update.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-amd64/Packages -o amd64-packages
curl https://apt.repos.intel.com/oneapi/dists/all/main/binary-all/Packages -o all-packages

44
pkgs/libpsm2/default.nix
View File

@@ -1,44 +0,0 @@
{ stdenv, lib, fetchFromGitHub, numactl, pkg-config }:
let
version = "11.2.185";
in
stdenv.mkDerivation {
pname = "libpsm2";
inherit version;
preConfigure= ''
export UDEVDIR=$out/etc/udev
substituteInPlace ./Makefile --replace "udevrulesdir}" "prefix}/etc/udev";
'';
enableParallelBuilding = true;
buildInputs = [ numactl pkg-config ];
installFlags = [
"DESTDIR=$(out)"
"UDEVDIR=/etc/udev"
"LIBPSM2_COMPAT_CONF_DIR=/etc"
];
src = fetchFromGitHub {
owner = "intel";
repo = "opa-psm2";
rev = "PSM2_${version}";
sha256 = "062hg4r6gz7pla9df70nqs5i2a3mp1wszmp4l0g771fykhhrxsjg";
};
postInstall = ''
mv $out/usr/* $out
rmdir $out/usr
'';
meta = with lib; {
homepage = "https://github.com/intel/opa-psm2";
description = "The PSM2 library supports a number of fabric media and stacks";
license = with licenses; [ gpl2 bsd3 ];
platforms = [ "x86_64-linux" ];
maintainers = [ maintainers.bzizou ];
};
}

6
pkgs/llvm-ompss2/clang.nix
View File

@@ -16,19 +16,19 @@
, useGit ? false
, gitUrl ? "ssh://git@bscpm04.bsc.es/llvm-ompss/llvm-mono.git"
, gitBranch ? "master"
, gitCommit ? "872ba63f86edaefc9787984ef3fae9f2f94e0124" # github-release-2025.11
, gitCommit ? "880e2341c56bad1dc14e8c369fb3356bec19018e"
}:
let
stdenv = llvmPackages_latest.stdenv;
release = rec {
version = "2025.11";
version = "2025.06";
src = fetchFromGitHub {
owner = "bsc-pm";
repo = "llvm";
rev = "refs/tags/github-release-${version}";
hash = "sha256-UgwMTUkM9Z87dDH205swZFBeFhrcbLAxginViG40pBM=";
hash = "sha256-ww9PpRmtz/M9IyLiZ8rAehx2UW4VpQt+svf4XfKBzKo=";
};
};

64
pkgs/llvm-ompss2/default.nix
View File

@@ -3,7 +3,6 @@
, lib
, gcc
, clangOmpss2Unwrapped
, writeShellScript
, openmp ? null
, wrapCCWith
, llvmPackages_latest
@@ -28,17 +27,20 @@ let
# We need to replace the lld linker from bintools with our linker just built,
# otherwise we run into incompatibility issues when mixing compiler and linker
# versions.
bintools-unwrapped = llvmPackages_latest.bintools-unwrapped.override {
bintools-unwrapped = llvmPackages_latest.tools.bintools-unwrapped.override {
lld = clangOmpss2Unwrapped;
};
bintools = llvmPackages_latest.bintools.override {
bintools = llvmPackages_latest.tools.bintools.override {
bintools = bintools-unwrapped;
};
targetConfig = stdenv.targetPlatform.config;
inherit gcc;
cc = clangOmpss2Unwrapped;
gccVersion = with versions; let v = gcc.version; in concatStringsSep "." [(major v) (minor v) (patch v)];
in wrapCCWith {
inherit cc bintools;
# extraPackages adds packages to depsTargetTargetPropagated
extraPackages = optional (openmp != null) openmp;
extraBuildCommands = ''
echo "-target ${targetConfig}" >> $out/nix-support/cc-cflags
echo "-B${gcc.cc}/lib/gcc/${targetConfig}/${gccVersion}" >> $out/nix-support/cc-cflags
@@ -55,50 +57,14 @@ let
echo "--gcc-toolchain=${gcc}" >> $out/nix-support/cc-cflags
wrap clang++ $wrapper $ccPath/clang++
'' + optionalString (openmp != null) ''
echo "export OPENMP_RUNTIME=${ompname}" >> $out/nix-support/cc-wrapper-hook
'' + optionalString (ompss2rt != null) ''
echo "export OMPSS2_RUNTIME=${rtname}" >> $out/nix-support/cc-wrapper-hook
echo "export ${homevar}=${ompss2rt}" >> $out/nix-support/cc-wrapper-hook
'' + optionalString (ompss2rt != null && ompss2rt.pname == "nodes") ''
echo "export NOSV_HOME=${ompss2rt.nosv}" >> $out/nix-support/cc-wrapper-hook
'';
}
envExports = lib.optionalString (openmp != null) ''
echo "export OPENMP_RUNTIME=${ompname}" >> $out/nix-support/cc-wrapper-hook
'' + optionalString (ompss2rt != null) ''
echo "export OMPSS2_RUNTIME=${rtname}" >> $out/nix-support/cc-wrapper-hook
echo "export ${homevar}=${ompss2rt}" >> $out/nix-support/cc-wrapper-hook
'' + optionalString (ompss2rt != null && ompss2rt.pname == "nodes") ''
echo "export NOSV_HOME=${ompss2rt.nosv}" >> $out/nix-support/cc-wrapper-hook
'';
extraPackages = optional (openmp != null) openmp;
wrappedCC = wrapCCWith {
# extraPackages adds packages to depsTargetTargetPropagated
inherit cc bintools extraPackages;
extraBuildCommands = extraBuildCommands + envExports;
};
resetIntelCCFlags = let tconf = builtins.replaceStrings ["-"] ["_"] targetConfig;
in writeShellScript "remove-intel.sh" ''
if [ "''${NIX_CC_WRAPPER_INTEL:-0}" = 1 ]; then
unset NIX_CFLAGS_COMPILE_${tconf}
unset NIX_CC_WRAPPER_FLAGS_SET_${tconf}
if (( "''${NIX_DEBUG:-0}" >= 1 )); then
echo "ompss2: cleaned NIX_CFLAGS_COMPILE_${tconf} (invokation from intel compiler detected)"
fi
fi
'';
intelExtraBuildCommands = ''
sed -i 's|# Flirting.*|source ${resetIntelCCFlags}\n\n&|' $out/bin/clang
sed -i 's|# Flirting.*|source ${resetIntelCCFlags}\n\n&|' $out/bin/clang++
'';
wrappedCCIntel = wrapCCWith {
inherit cc bintools extraPackages;
# extraPackages adds packages to depsTargetTargetPropagated
extraBuildCommands = intelExtraBuildCommands + envExports;
};
in wrappedCC.overrideAttrs (oldAttrs: {
passthru = oldAttrs.passthru // {
forIcpx = wrappedCCIntel;
};
})

1
pkgs/mcxx/default.nix
View File

@@ -65,7 +65,6 @@ stdenv.mkDerivation rec {
];
meta = {
broken = true;
homepage = "https://github.com/bsc-pm/mcxx";
description = "C/C++/Fortran source-to-source compilation infrastructure aimed at fast prototyping";
maintainers = with lib.maintainers.bsc; [ rpenacob ];

4
pkgs/meteocat-exporter/default.nix
View File

@@ -1,11 +1,9 @@
{ python3Packages, lib }:
python3Packages.buildPythonApplication {
python3Packages.buildPythonApplication rec {
pname = "meteocat-exporter";
version = "1.0";
pyproject = true;
src = ./.;
doCheck = false;

23
pkgs/mpich/default.nix
View File

@@ -6,13 +6,6 @@
, pmix
, gfortran
, symlinkJoin
# Disabled when cross-compiling
# To fix cross compilation, we should fill the values in:
# https://github.com/pmodels/mpich/blob/main/maint/fcrosscompile/cross_values.txt.in
# For each arch
, enableFortran ? stdenv.hostPlatform == stdenv.buildPlatform
, perl
, targetPackages
}:
let
@@ -22,13 +15,10 @@ let
paths = [ pmix.dev pmix.out ];
};
in mpich.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [
buildInput = old.buildInputs ++ [
libfabric
pmixAll
];
nativeBuildInputs = old.nativeBuildInputs ++ [
perl
];
configureFlags = [
"--enable-shared"
"--enable-sharedlib"
@@ -41,21 +31,10 @@ in mpich.overrideAttrs (old: {
] ++ lib.optionals (lib.versionAtLeast gfortran.version "10") [
"FFLAGS=-fallow-argument-mismatch" # https://github.com/pmodels/mpich/issues/4300
"FCFLAGS=-fallow-argument-mismatch"
] ++ lib.optionals (!enableFortran) [
"--disable-fortran"
];
preFixup = ''
sed -i 's:^CC=.*:CC=${targetPackages.stdenv.cc}/bin/${targetPackages.stdenv.cc.targetPrefix}cc:' $out/bin/mpicc
sed -i 's:^CXX=.*:CXX=${targetPackages.stdenv.cc}/bin/${targetPackages.stdenv.cc.targetPrefix}c++:' $out/bin/mpicxx
'' + lib.optionalString enableFortran ''
sed -i 's:^FC=.*:FC=${targetPackages.gfortran or gfortran}/bin/${targetPackages.gfortran.targetPrefix or gfortran.targetPrefix}gfortran:' $out/bin/mpifort
'';
hardeningDisable = [ "all" ];
meta = old.meta // {
maintainers = old.meta.maintainers ++ (with lib.maintainers.bsc; [ rarias ]);
cross = true;
};
})

1
pkgs/nanos6/jemalloc.nix
View File

@@ -5,7 +5,6 @@ jemalloc.overrideAttrs (old: {
"--with-jemalloc-prefix=nanos6_je_"
"--enable-stats"
];
enableParallelBuilding = true;
hardeningDisable = [ "all" ];
meta = old.meta // {
description = old.meta.description + " (for Nanos6)";

650
pkgs/nix-portable/default.nix
View File

@@ -1,650 +0,0 @@
with builtins;
{
nix,
unzip,
zip,
unixtools,
stdenv,
buildPackages,
upx,
bootstrapPrograms ? [
"gitMinimal"
"netcat-openbsd"
"openssh"
"bashInteractive"
],
cacert ? pkgs.cacert,
compression ? "zstd -19 -T0",
lib ? pkgs.lib,
pkgs ? import <nixpkgs> {},
# hardcode executable to run. Useful when creating a bundle.
bundledPackage ? null,
nixStatic,
busyboxStatic ? pkgs.pkgsStatic.busybox,
bwrapStatic ? pkgs.pkgsStatic.bubblewrap,
zstdStatic ? pkgs.pkgsStatic.zstd,
perlBuildBuild ? pkgs.pkgsBuildBuild.perl,
}@inp:
with lib;
let
perl = perlBuildBuild;
pname =
if bundledPackage == null
then "nix-portable"
else lib.getName bundledPackage;
bundledExe = lib.getExe bundledPackage;
nixpkgsSrc = pkgs.path;
maketar = targets:
let
closureInfo = buildPackages.closureInfo { rootPaths = targets; };
in
stdenv.mkDerivation {
name = "nix-portable-store-tarball";
nativeBuildInputs = [ perl zstd ];
exportReferencesGraph = map (x: [("closure-" + baseNameOf x) x]) targets;
buildCommand = ''
storePaths=$(cat ${closureInfo}/store-paths)
mkdir $out
echo $storePaths > $out/index
cp -r ${closureInfo} $out/closureInfo
tar -cf - \
--owner=0 --group=0 --mode=u+rw,uga+r \
--hard-dereference \
$storePaths | ${compression} > $out/tar
'';
};
packStaticBin = binPath: let
binName = (last (splitString "/" binPath)); in
pkgs.runCommand
binName
{ nativeBuildInputs = [ upx ]; }
''
mkdir -p $out/bin
theBinPath=${binPath}
if [[ -L "$theBinPath" ]]; then
theBinPath=$(readlink -f "$theBinPath")
fi
upx -9 -o $out/bin/${binName} $theBinPath
'';
installBin = pkg: bin: ''
unzip -qqoj "\$self" ${ lib.removePrefix "/" "${pkg}/bin/${bin}"} -d \$dir/bin
chmod +wx \$dir/bin/${bin};
'';
installDynamic = pkgname: let
out = pkgs.${pkgname}.out;
in ''
if [ ! -e \$store${lib.removePrefix "/nix/store" pkgs.${pkgname}.out} ] ; then
debug "Installing ${pkgname}"
\$run \$store${lib.removePrefix "/nix/store" nix}/bin/nix build --impure --no-link --expr "
(import ${nixpkgsSrc} {}).${pkgname}.out
"
else
debug "${pkgname} already installed"
fi
export PATH="${out}/bin:\$PATH"
'';
caBundleZstd = pkgs.runCommand "cacerts" {} "cat ${cacert}/etc/ssl/certs/ca-bundle.crt | ${zstd}/bin/zstd -19 > $out";
bwrap = packStaticBin "${bwrapStatic}/bin/bwrap";
nixStatic = packStaticBin "${inp.nixStatic}/bin/nix";
zstd = packStaticBin "${zstdStatic}/bin/zstd";
# the default nix store contents to extract when first used
storeTar = maketar ([ cacert nix nixpkgsSrc ] ++ lib.optional (bundledPackage != null) bundledPackage);
# The runtime script which unpacks the necessary files to $HOME/.nix-portable
# and then executes nix via bwrap
# Some shell expressions will be evaluated at build time and some at run time.
# Variables/expressions escaped via `\$` will be evaluated at run time
runtimeScript = ''
#!/usr/bin/env bash
set -eo pipefail
start=\$(date +%s%N) # start time in nanoseconds
# dump environment on exit if debug is enabled
if [ -n "\$NP_DEBUG" ] && [ "\$NP_DEBUG" -ge 1 ]; then
trap "declare -p > \''${TMPDIR:-/tmp}/np_env" EXIT
fi
set -e
if [ -n "\$NP_DEBUG" ] && [ "\$NP_DEBUG" -ge 2 ]; then
set -x
fi
# &3 is our error out which we either forward to &2 or to /dev/null
# depending on the setting
if [ -n "\$NP_DEBUG" ] && [ "\$NP_DEBUG" -ge 1 ]; then
debug(){
echo \$@ || true
}
exec 3>&2
else
debug(){
true
}
exec 3>/dev/null
fi
# to reference this script's file
self="\$(realpath \''${BASH_SOURCE[0]})"
# fingerprint will be inserted by builder
fingerprint="_FINGERPRINT_PLACEHOLDER_"
# user specified location for program files and nix store
[ -z "\$NP_LOCATION" ] && NP_LOCATION="\$HOME"
NP_LOCATION="\$(readlink -f "\$NP_LOCATION")"
dir="\$NP_LOCATION/.nix-portable"
# Create NP_LOCATION and remove sgid bit
mkdir -p \$dir
if [ ! -z "\$BSC_MACHINE" ]; then
# Attempt to avoid issues with sgid folders
chmod g-s \$dir
chgrp bsc \$dir
fi
store="\$dir/nix/store"
# create /nix/var/nix to prevent nix from falling back to chroot store.
mkdir -p \$dir/{bin,nix/var/nix,nix/store}
# create minimal drv file for nix to spawn a nix shell
echo 'builtins.derivation {name="foo"; builder="/bin/sh"; args = ["-c" "echo hello \> \\\$out"]; system=builtins.currentSystem;}' > "\$dir/mini-drv.nix"
# the fingerprint being present inside a file indicates that
# this version of nix-portable has already been initialized
if test -e \$dir/conf/fingerprint && [ "\$(cat \$dir/conf/fingerprint)" == "\$fingerprint" ]; then
newNPVersion=false
else
newNPVersion=true
fi
# Nix portable ships its own nix.conf
export NIX_CONF_DIR=\$dir/conf/
NP_CONF_SANDBOX=\''${NP_CONF_SANDBOX:-false}
NP_CONF_STORE=\''${NP_CONF_STORE:-auto}
recreate_nix_conf(){
mkdir -p "\$NIX_CONF_DIR"
rm -f "\$NIX_CONF_DIR/nix.conf"
# static config
echo "build-users-group = " >> \$dir/conf/nix.conf
echo "experimental-features = nix-command flakes" >> \$dir/conf/nix.conf
echo "ignored-acls = security.selinux system.nfs4_acl" >> \$dir/conf/nix.conf
echo "sandbox-paths = /bin/sh=\$dir/busybox/bin/busybox" >> \$dir/conf/nix.conf
echo "extra-substituters = https://jungle.bsc.es/cache">> \$dir/conf/nix.conf
echo "extra-trusted-public-keys = jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" >> \$dir/conf/nix.conf
echo "extra-system-features = sys-devices" >> \$dir/conf/nix.conf
echo "extra-sandbox-paths = /sys/devices/system/cpu=/sys/devices/system/cpu /sys/devices/system/node=/sys/devices/system/node" >> \$dir/conf/nix.conf
echo "extra-trusted-users = @bsc" >> \$dir/conf/nix.conf
# configurable config
echo "sandbox = \$NP_CONF_SANDBOX" >> \$dir/conf/nix.conf
echo "store = \$NP_CONF_STORE" >> \$dir/conf/nix.conf
}
### install files
PATH_OLD="\$PATH"
# as soon as busybox is unpacked, restrict PATH to busybox to ensure reproducibility of this script
# only unpack binaries if necessary
if [ "\$newNPVersion" == "false" ]; then
debug "binaries already installed"
# our busybox does not run on termux, therefore we suffix the PATH only on termux
export PATH="\''${TERMUX_VERSION:+\$PATH:}\$dir/busybox/bin"
else
debug "installing files"
mkdir -p \$dir/emptyroot
# install busybox
mkdir -p \$dir/busybox/bin
(base64 -d> "\$dir/busybox/bin/busybox" && chmod +x "\$dir/busybox/bin/busybox") << END
$(cat ${busyboxStatic}/bin/busybox | base64)
END
busyBins="${toString (attrNames (filterAttrs (d: type: type == "symlink") (readDir "${busyboxStatic}/bin")))}"
for bin in \$busyBins; do
[ ! -e "\$dir/busybox/bin/\$bin" ] && ln -s busybox "\$dir/busybox/bin/\$bin"
done
# our busybox does not run on termux, therefore we suffix the PATH only on termux
export PATH="\''${TERMUX_VERSION:+\$PATH:}\$dir/busybox/bin"
# install other binaries
${installBin zstd "zstd"}
${installBin bwrap "bwrap"}
${installBin nixStatic "nix"}
# install ssl cert bundle
unzip -poj "\$self" ${ lib.removePrefix "/" "${caBundleZstd}"} | \$dir/bin/zstd -d > \$dir/ca-bundle.crt
recreate_nix_conf
fi
# Override $SHELL with nix bashInteractive
export SHELL="${pkgs.bashInteractive.out}/bin/bash"
export PS1="\n\[\033[1;32m\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\$\[\033[0m\] "
# unset bash function aliases
unset -f which ml module
### setup SSL
# find ssl certs or use from nixpkgs
debug "figuring out ssl certs"
if [ -z "\$SSL_CERT_FILE" ]; then
debug "SSL_CERT_FILE not defined. trying to find certs automatically"
if [ -e /etc/ssl/certs/ca-bundle.crt ]; then
export SSL_CERT_FILE=\$(realpath /etc/ssl/certs/ca-bundle.crt)
debug "found /etc/ssl/certs/ca-bundle.crt with real path \$SSL_CERT_FILE"
elif [ -e /etc/ssl/certs/ca-certificates.crt ]; then
export SSL_CERT_FILE=\$(realpath /etc/ssl/certs/ca-certificates.crt)
debug "found /etc/ssl/certs/ca-certificates.crt with real path \$SSL_CERT_FILE"
elif [ ! -e /etc/ssl/certs ]; then
debug "/etc/ssl/certs does not exist. Will use certs from nixpkgs."
export SSL_CERT_FILE=\$dir/ca-bundle.crt
else
debug "certs seem to reside in /etc/ssl/certs. No need to set up anything"
fi
fi
if [ -n "\$SSL_CERT_FILE" ]; then
sslBind="\$(realpath \$SSL_CERT_FILE) \$dir/ca-bundle.crt"
export SSL_CERT_FILE="\$dir/ca-bundle.crt"
else
sslBind="/etc/ssl /etc/ssl"
fi
if [ -n "\$NP_GIT" ]; then
echo "WARN: NP_GIT is not supported, using nix version instead"
fi
storePathOfFile(){
file=\$(realpath \$1)
sPath="\$(echo \$file | awk -F "/" 'BEGIN{OFS="/";}{print \$2,\$3,\$4}')"
echo "/\$sPath"
}
collectBinds(){
pathsTopLevel="/boot /run /sys \$PWD /gpfs /tmp /scratch"
toBind=""
for p in \$pathsTopLevel; do
if [ -e "\$p" ]; then
real=\$(realpath \$p)
if [ -e "\$real" ]; then
if [[ "\$real" == /nix/store/* ]]; then
storePath=\$(storePathOfFile \$real)
toBind="\$toBind \$storePath \$storePath"
else
toBind="\$toBind \$real \$p"
fi
fi
fi
done
# TODO: add /var/run/dbus/system_bus_socket
paths="/etc/host.conf /etc/hosts /etc/hosts.equiv /etc/mtab /etc/netgroup /etc/networks /etc/passwd /etc/group /etc/nsswitch.conf /etc/resolv.conf /etc/localtime \$HOME"
for p in \$paths; do
if [ -e "\$p" ]; then
real=\$(realpath \$p)
if [ -e "\$real" ]; then
if [[ "\$real" == /nix/store/* ]]; then
storePath=\$(storePathOfFile \$real)
toBind="\$toBind \$storePath \$storePath"
else
toBind="\$toBind \$real \$real"
fi
fi
fi
done
# provide /bin/sh via the shipped busybox
toBind="\$toBind \$dir/busybox/bin/busybox /bin/sh"
toBind="\$toBind \$dir/busybox/bin/busybox /usr/bin/env"
# on termux, make sure termux packages still work inside the nix-portable environment
if [ -n "\$TERMUX_VERSION" ]; then
# binds required so termux native packages still run inside the nix-portable sandbox
# TODO: this doesn't quite work yet. debug and fix
toBind="\$toBind /system/lib64/libc.so /system/lib64/libc.so"
toBind="\$toBind /system/lib64/ld-android.so /system/lib64/ld-android.so"
toBind="\$toBind /system/lib64/libdl.so /system/lib64/libdl.so"
toBind="\$toBind /system/bin /system/bin"
toBind="\$toBind /system/lib64 /system/lib64"
toBind="\$toBind /apex/com.android.runtime/bin /apex/com.android.runtime/bin"
toBind="\$toBind /linkerconfig/ld.config.txt /linkerconfig/ld.config.txt"
toBind="\$toBind \$dir/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt"
toBind="\$toBind \$(realpath \$HOME/../usr/etc/resolv.conf) /etc/resolv.conf"
fi
}
makeBindArgs(){
arg=\$1; shift
sep=\$1; shift
binds=""
while :; do
if [ -n "\$1" ]; then
from="\$1"; shift
to="\$1"; shift || { echo "no bind destination provided for \$from!"; exit 3; }
binds="\$binds \$arg \$from\$sep\$to";
else
break
fi
done
}
### select container runtime
debug "figuring out which runtime to use"
[ -z "\$NP_BWRAP" ] && NP_BWRAP=\$dir/bin/bwrap
debug "bwrap executable: \$NP_BWRAP"
[ -z "\$NP_NIX" ] && NP_NIX=\$dir/bin/nix
debug "nix executable: \$NP_NIX"
debug "testing all available runtimes..."
if [ -z "\$NP_RUNTIME" ]; then
# read last automatic selected runtime from disk
if [ "\$newNPVersion" == "true" ]; then
debug "removing cached auto selected runtime"
rm -f "\$dir/conf/last_auto_runtime"
fi
if [ -f "\$dir/conf/last_auto_runtime" ]; then
last_auto_runtime="\$(cat "\$dir/conf/last_auto_runtime")"
else
last_auto_runtime=
fi
debug "last auto selected runtime: \$last_auto_runtime"
if [ "\$last_auto_runtime" != "" ]; then
NP_RUNTIME="\$last_auto_runtime"
# check if nix --store works
elif \\
debug "testing nix --store" \\
&& mkdir -p \$dir/tmp/ \\
&& touch \$dir/tmp/testfile \\
&& "\$NP_NIX" --store "\$dir/tmp/__store" shell -f "\$dir/mini-drv.nix" -c "\$dir/bin/nix" store add-file --store "\$dir/tmp/__store" "\$dir/tmp/testfile" >/dev/null 2>&3; then
chmod -R +w \$dir/tmp/__store
rm -r \$dir/tmp/__store
debug "nix --store works on this system -> will use nix as runtime"
NP_RUNTIME=nix
# check if bwrap works properly
elif \\
debug "nix --store failed -> testing bwrap" \\
&& \$NP_BWRAP --bind \$dir/emptyroot / --bind \$dir/ /nix --bind \$dir/busybox/bin/busybox "\$dir/true" "\$dir/true" 2>&3 ; then
debug "bwrap seems to work on this system -> will use bwrap"
NP_RUNTIME=bwrap
else
debug "bwrap doesn't work on this system -> will use proot"
NP_RUNTIME=proot
fi
echo -n "\$NP_RUNTIME" > "\$dir/conf/last_auto_runtime"
else
debug "runtime selected via NP_RUNTIME: \$NP_RUNTIME"
fi
debug "NP_RUNTIME: \$NP_RUNTIME"
if [ "\$NP_RUNTIME" == "nix" ]; then
run="\$NP_NIX shell -f \$dir/mini-drv.nix -c"
export PATH="\$PATH:\$store${lib.removePrefix "/nix/store" nix}/bin"
NP_CONF_STORE="\$dir"
recreate_nix_conf
elif [ "\$NP_RUNTIME" == "bwrap" ]; then
collectBinds
makeBindArgs --bind " " \$toBind \$sslBind
run="\$NP_BWRAP \$BWRAP_ARGS \\
--bind \$dir/emptyroot /\\
--dev-bind /dev /dev\\
--proc /proc\\
--bind \$dir/nix /nix\\
\$binds"
# --bind \$dir/busybox/bin/busybox /bin/sh\\
else
# proot
echo Unsupported runtime: $NP_RUNTIME
exit 1
fi
debug "base command will be: \$run"
### setup environment
export NIX_PATH="\$dir/channels:nixpkgs=\$dir/channels/nixpkgs"
mkdir -p \$dir/channels
[ -h \$dir/channels/nixpkgs ] || ln -s ${nixpkgsSrc} \$dir/channels/nixpkgs
### install nix store
# Install all the nix store paths necessary for the current nix-portable version
# We only unpack missing store paths from the tar archive.
index="$(cat ${storeTar}/index)"
export missing=\$(
for path in \$index; do
basepath=\$(basename \$path)
if [ ! -e \$store/\$basepath ]; then
echo "nix/store/\$basepath"
fi
done
)
if [ -n "\$missing" ]; then
debug "extracting missing store paths"
(
mkdir -p \$dir/tmp \$store/
rm -rf \$dir/tmp/*
cd \$dir/tmp
unzip -qqp "\$self" ${ lib.removePrefix "/" "${storeTar}/tar"} \
| \$dir/bin/zstd -d \
| tar -x \$missing --strip-components 2
mv \$dir/tmp/* \$store/
)
rm -rf \$dir/tmp
fi
if [ -n "\$missing" ]; then
debug "registering new store paths to DB"
reg="$(cat ${storeTar}/closureInfo/registration)"
cmd="\$run \$store${lib.removePrefix "/nix/store" nix}/bin/nix-store --load-db"
debug "running command: \$cmd"
echo "\$reg" | \$cmd
fi
### select executable
# the executable can either be selected by
# - executing './nix-portable BIN_NAME',
# - symlinking to nix-portable, in which case the name of the symlink selects the nix executable
# Alternatively the executable can be hardcoded by specifying the argument 'executable' of nix-portable's default.nix file.
executable="${if bundledPackage == null then "" else bundledExe}"
if [ "\$executable" != "" ]; then
bin="\$executable"
debug "executable is hardcoded to: \$bin"
elif [[ "\$(basename \$0)" == nix-portable* ]]; then\
if [ -z "\$1" ]; then
echo "Error: please specify the nix binary to execute"
echo "Alternatively symlink against \$0"
exit 1
elif [ "\$1" == "debug" ]; then
bin="\$(which \$2)"
shift; shift
else
bin="\$store${lib.removePrefix "/nix/store" nix}/bin/\$1"
shift
fi
# for binary selection via symlink
else
bin="\$store${lib.removePrefix "/nix/store" nix}/bin/\$(basename \$0)"
fi
### check which runtime has been used previously
if [ -f "\$dir/conf/last_runtime" ]; then
lastRuntime=\$(cat "\$dir/conf/last_runtime")
else
lastRuntime=
fi
### check if nix is functional with or without sandbox
# sandbox-fallback is not reliable: https://github.com/NixOS/nix/issues/4719
if [ "\$newNPVersion" == "true" ] || [ "\$lastRuntime" != "\$NP_RUNTIME" ]; then
nixBin="\$(dirname \$bin)/nix"
debug "Testing if nix can build stuff without sandbox"
if ! \$run "\$nixBin" build --no-link -f "\$dir/mini-drv.nix" --option sandbox false >&3 2>&3; then
echo "Fatal error: nix is unable to build packages"
exit 1
fi
debug "Testing if nix sandbox is functional"
if ! \$run "\$nixBin" build --no-link -f "\$dir/mini-drv.nix" --option sandbox true >&3 2>&3; then
debug "Sandbox doesn't work -> disabling sandbox"
NP_CONF_SANDBOX=false
recreate_nix_conf
else
debug "Sandboxed builds work -> enabling sandbox"
NP_CONF_SANDBOX=true
recreate_nix_conf
fi
fi
### save fingerprint and lastRuntime
if [ "\$newNPVersion" == "true" ]; then
echo -n "\$fingerprint" > "\$dir/conf/fingerprint"
fi
if [ "\$lastRuntime" != \$NP_RUNTIME ]; then
echo -n \$NP_RUNTIME > "\$dir/conf/last_runtime"
fi
### set PATH
export PATH="\$dir/busybox/bin"
export PATH="\$PATH:\$store${lib.removePrefix "/nix/store" nix}/bin"
### install programs via nix
${concatMapStringsSep "\n" installDynamic bootstrapPrograms}
### print elapsed time
end=\$(date +%s%N) # end time in nanoseconds
# time elapsed in millis with two decimal places
# print stats about initialization time of nix-portable
# skipt for termux, as it doesn't have bc installed
if [ -z "\$TERMUX_VERSION" ]; then
elapsed=\$(echo "scale=2; (\$end - \$start)/1000000" | bc)
debug "Time to initialize nix-portable: \$elapsed millis"
fi
### run commands
[ -z "\$NP_RUN" ] && NP_RUN="\$run"
if [ "\$NP_RUNTIME" == "proot" ]; then
debug "running command: \$NP_RUN \$bin \$@"
exec \$NP_RUN \$bin "\$@"
else
cmd="\$NP_RUN \$bin \$@"
debug "running command: \$cmd"
exec \$NP_RUN \$bin "\$@"
fi
exit
'';
runtimeScriptEscaped = replaceStrings ["\""] ["\\\""] runtimeScript;
nixPortable = pkgs.runCommand pname {
nativeBuildInputs = [unixtools.xxd unzip];
meta = {
homepage = "https://github.com/DavHau/nix-portable";
description = "Nix - Static, Permissionless, Installation-free, Pre-configured for mn5";
maintainers = with lib.maintainers.bsc; [ abonerib ];
platforms = lib.platforms.linux;
license = lib.licenses.mit;
};
} ''
mkdir -p $out/bin
echo "${runtimeScriptEscaped}" > $out/bin/nix-portable.zip
xxd $out/bin/nix-portable.zip | tail
sizeA=$(printf "%08x" `stat -c "%s" $out/bin/nix-portable.zip` | tac -rs ..)
echo 504b 0304 0000 0000 0000 0000 0000 0000 | xxd -r -p >> $out/bin/nix-portable.zip
echo 0000 0000 0000 0000 0000 0200 0000 4242 | xxd -r -p >> $out/bin/nix-portable.zip
sizeB=$(printf "%08x" `stat -c "%s" $out/bin/nix-portable.zip` | tac -rs ..)
echo 504b 0102 0000 0000 0000 0000 0000 0000 | xxd -r -p >> $out/bin/nix-portable.zip
echo 0000 0000 0000 0000 0000 0000 0200 0000 | xxd -r -p >> $out/bin/nix-portable.zip
echo 0000 0000 0000 0000 0000 $sizeA 4242 | xxd -r -p >> $out/bin/nix-portable.zip
echo 504b 0506 0000 0000 0000 0100 3000 0000 | xxd -r -p >> $out/bin/nix-portable.zip
echo $sizeB 0000 0000 0000 0000 0000 0000 | xxd -r -p >> $out/bin/nix-portable.zip
unzip -vl $out/bin/nix-portable.zip
zip="${zip}/bin/zip -0"
$zip $out/bin/nix-portable.zip ${bwrap}/bin/bwrap
$zip $out/bin/nix-portable.zip ${nixStatic}/bin/nix
$zip $out/bin/nix-portable.zip ${zstd}/bin/zstd
$zip $out/bin/nix-portable.zip ${storeTar}/tar
$zip $out/bin/nix-portable.zip ${caBundleZstd}
# create fingerprint
fp=$(sha256sum $out/bin/nix-portable.zip | cut -d " " -f 1)
sed -i "s/_FINGERPRINT_PLACEHOLDER_/$fp/g" $out/bin/nix-portable.zip
# fix broken zip header due to manual modification
${zip}/bin/zip -F $out/bin/nix-portable.zip --out $out/bin/nix-portable-fixed.zip
rm $out/bin/nix-portable.zip
executable=${if bundledPackage == null then "" else bundledExe}
if [ "$executable" == "" ]; then
target="$out/bin/nix-portable"
else
target="$out/bin/$(basename "$executable")"
fi
mv $out/bin/nix-portable-fixed.zip "$target"
chmod +x "$target"
'';
in
nixPortable.overrideAttrs (prev: {
passthru = (prev.passthru or {}) // {
inherit bwrap;
};
})

4
pkgs/nix-wrap/default.nix
View File

@@ -14,7 +14,7 @@ let
nixConfDir = "share";
nix_wrap_sh = writeText "nix-wrap.sh" ''
#!/usr/bin/env bash
#
busybox_bin="${nixPrefix}${busybox}/bin"
bubblewrap_bin="${nixPrefix}/${bubblewrap}/bin"
@@ -69,6 +69,7 @@ stdenv.mkDerivation rec {
name = "nix-wrap";
buildInputs = [
bashInteractive
busybox
nix
];
src = null;
@@ -91,6 +92,7 @@ stdenv.mkDerivation rec {
homepage = null;
description = "nix bubblewrap wrapper";
maintainers = [ ];
broken = true;
platforms = lib.platforms.linux;
license = lib.licenses.mit;
};

219
pkgs/nix/default.nix
View File

@@ -1,219 +0,0 @@
{ lib, fetchurl, fetchFromGitHub, callPackage
, storeDir ? "/nix/store"
, stateDir ? "/nix/var"
, confDir ? "/etc"
, boehmgc
, stdenv, llvmPackages_6
}:
let
common =
{ lib, stdenv, fetchpatch, perl, curl, bzip2, sqlite, openssl ? null, xz
, bash, coreutils, gzip, gnutar
, pkg-config, boehmgc, perlPackages, libsodium, brotli, boost, editline, nlohmann_json
, autoreconfHook, autoconf-archive, bison, flex, libxml2, libxslt, docbook5, docbook_xsl_ns
, jq, libarchive, rustc, cargo
# Used by tests
, gmock
, busybox-sandbox-shell
, storeDir
, stateDir
, confDir
, withLibseccomp ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) libseccomp.meta.platforms, libseccomp
, withAWS ? stdenv.isLinux || stdenv.isDarwin, aws-sdk-cpp
, name, suffix ? "", src, crates ? null
}:
let
sh = busybox-sandbox-shell;
nix = stdenv.mkDerivation rec {
inherit name src;
version = lib.getVersion name;
is24 = lib.versionAtLeast version "2.4pre";
isExactly23 = lib.versionAtLeast version "2.3" && lib.versionOlder version "2.4";
VERSION_SUFFIX = suffix;
outputs = [ "out" "dev" "man" "doc" ];
nativeBuildInputs =
[ pkg-config ]
++ lib.optionals is24 [ autoreconfHook autoconf-archive bison flex libxml2 libxslt
docbook5 docbook_xsl_ns jq gmock ];
buildInputs =
[ curl openssl sqlite xz bzip2 nlohmann_json
brotli boost editline
]
++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium
++ lib.optionals is24 [ libarchive rustc cargo ]
++ lib.optional withLibseccomp libseccomp
++ lib.optional withAWS
((aws-sdk-cpp.override {
apis = ["s3" "transfer"];
customMemoryManagement = false;
}).overrideDerivation (args: {
patches = args.patches or [] ++ [(fetchpatch {
url = "https://github.com/edolstra/aws-sdk-cpp/commit/7d58e303159b2fb343af9a1ec4512238efa147c7.patch";
sha256 = "103phn6kyvs1yc7fibyin3lgxz699qakhw671kl207484im55id1";
})];
}));
propagatedBuildInputs = [ boehmgc ];
# Seems to be required when using std::atomic with 64-bit types
NIX_LDFLAGS = lib.optionalString (stdenv.hostPlatform.system == "armv5tel-linux" || stdenv.hostPlatform.system == "armv6l-linux") "-latomic";
preConfigure =
# Copy libboost_context so we don't get all of Boost in our closure.
# https://github.com/NixOS/nixpkgs/issues/45462
''
mkdir -p $out/lib
cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
rm -f $out/lib/*.a
${lib.optionalString stdenv.isLinux ''
chmod u+w $out/lib/*.so.*
patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
''}
'' +
# Unpack the Rust crates.
lib.optionalString is24 ''
tar xvf ${crates} -C nix-rust/
mv nix-rust/nix-vendored-crates* nix-rust/vendor
'' +
# For Nix-2.3, patch around an issue where the Nix configure step pulls in the
# build system's bash and other utilities when cross-compiling
lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform && isExactly23) ''
mkdir tmp/
substitute corepkgs/config.nix.in tmp/config.nix.in \
--subst-var-by bash ${bash}/bin/bash \
--subst-var-by coreutils ${coreutils}/bin \
--subst-var-by bzip2 ${bzip2}/bin/bzip2 \
--subst-var-by gzip ${gzip}/bin/gzip \
--subst-var-by xz ${xz}/bin/xz \
--subst-var-by tar ${gnutar}/bin/tar \
--subst-var-by tr ${coreutils}/bin/tr
mv tmp/config.nix.in corepkgs/config.nix.in
'';
configureFlags =
[ "--with-store-dir=${storeDir}"
"--localstatedir=${stateDir}"
"--sysconfdir=${confDir}"
"--disable-init-state"
"--enable-gc"
]
++ lib.optionals stdenv.isLinux [
"--with-sandbox-shell=${sh}/bin/busybox"
]
++ lib.optional (
stdenv.hostPlatform != stdenv.buildPlatform && stdenv.hostPlatform ? nix && stdenv.hostPlatform.nix ? system
) ''--with-system=${stdenv.hostPlatform.nix.system}''
# RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
++ lib.optional (!withLibseccomp) "--disable-seccomp-sandboxing";
makeFlags = [ "profiledir=$(out)/etc/profile.d" ];
installFlags = [ "sysconfdir=$(out)/etc" ];
doInstallCheck = false;
# socket path becomes too long otherwise
#preInstallCheck = lib.optional stdenv.isDarwin ''
# export TMPDIR=$NIX_BUILD_TOP
#'';
separateDebugInfo = stdenv.isLinux;
enableParallelBuilding = true;
meta = {
description = "Powerful package manager that makes package management reliable and reproducible";
longDescription = ''
Nix is a powerful package manager for Linux and other Unix systems that
makes package management reliable and reproducible. It provides atomic
upgrades and rollbacks, side-by-side installation of multiple versions of
a package, multi-user package management and easy setup of build
environments.
'';
homepage = "https://nixos.org/";
license = lib.licenses.lgpl2Plus;
maintainers = [ lib.maintainers.eelco ];
platforms = lib.platforms.unix;
outputsToInstall = [ "out" "man" ];
};
passthru = {
perl-bindings = stdenv.mkDerivation {
pname = "nix-perl";
inherit version;
inherit src;
postUnpack = "sourceRoot=$sourceRoot/perl";
# This is not cross-compile safe, don't have time to fix right now
# but noting for future travellers.
nativeBuildInputs =
[ perl pkg-config curl nix libsodium boost autoreconfHook autoconf-archive ];
configureFlags =
[ "--with-dbi=${perlPackages.DBI}/${perl.libPrefix}"
"--with-dbd-sqlite=${perlPackages.DBDSQLite}/${perl.libPrefix}"
];
preConfigure = "export NIX_STATE_DIR=$TMPDIR";
preBuild = "unset NIX_INDENT_MAKE";
};
};
};
in nix;
in rec {
nix = nixUnstable;
nixUnstable = lib.lowPrio (callPackage common rec {
name = "nix-2.4${suffix}";
suffix = "pre7534_b92f58f6";
#src = /home/Computational/rarias/nix/nix-rodarima;
src = fetchFromGitHub {
owner = "rodarima";
repo = "nix";
rev = "3a642187c33ed46d952d3a50a83b2576b704fab7";
sha256 = "0s8is2czpkcj1x1kcjqgbnsbbl03w3fwjjiclsd44zh1ij3wb90s";
};
crates = fetchurl {
url = "https://hydra.nixos.org/build/118797694/download/1/nix-vendored-crates-2.4pre7534_b92f58f6.tar.xz";
sha256 = "a4c2612bbd81732bbb899bc0c230e07b16f6b6150ffbb19c4907dedbbc2bf9fc";
};
inherit storeDir stateDir confDir boehmgc;
});
nixFlakes = lib.lowPrio (callPackage common rec {
name = "nix-2.4${suffix}";
suffix = "pre20200521_00b562c";
src = fetchFromGitHub {
owner = "NixOS";
repo = "nix";
rev = "00b562c87ec4c3bbe514f5dc1f4d1c41f66f66bf";
sha256 = "0s8is2czpkcj1x1kcjqgbnsbbl03w3fwjjiclsd44zh1ij3wb90s";
};
crates = fetchurl {
url = "https://hydra.nixos.org/build/118093786/download/1/nix-vendored-crates-2.4pre20200501_941f952.tar.xz";
sha256 = "060f4n5srdbb8vsj0m14aqch7im79a4h5g3nrs41p1xc602vhcdl";
};
inherit storeDir stateDir confDir boehmgc;
});
}

214
pkgs/nix/static.nix
View File

@@ -1,214 +0,0 @@
{ lib, fetchurl, fetchFromGitHub, callPackage
, storeDir ? "/nix/store"
, stateDir ? "/nix/var"
, confDir ? "/etc"
, boehmgc
, stdenv, llvmPackages_6
, sandbox-shell ? "/bin/sh"
}:
let
enableStatic = true;
common =
{ lib, stdenv, fetchpatch, perl, curl, bzip2, sqlite, openssl ? null, xz
, bash, coreutils, gzip, gnutar
, pkg-config, boehmgc, perlPackages, libsodium, brotli, boost, editline, nlohmann_json
, autoreconfHook, autoconf-archive, bison, flex, libxml2, libxslt, docbook5, docbook_xsl_ns
, jq, libarchive
# Used by tests
, gmock
, storeDir
, stateDir
, confDir
, withLibseccomp ? lib.any (lib.meta.platformMatch stdenv.hostPlatform) libseccomp.meta.platforms, libseccomp
, withAWS ? !enableStatic && (stdenv.isLinux || stdenv.isDarwin), aws-sdk-cpp
, enableStatic ? true
, name, suffix ? "", src
}:
let
nix = stdenv.mkDerivation rec {
inherit name src;
version = lib.getVersion name;
is24 = lib.versionAtLeast version "2.4pre";
isExactly23 = lib.versionAtLeast version "2.3" && lib.versionOlder version "2.4";
VERSION_SUFFIX = suffix;
outputs = [ "out" "dev" "man" "doc" ];
nativeBuildInputs =
[ pkg-config ]
++ lib.optionals is24 [ autoreconfHook autoconf-archive bison flex libxml2 libxslt
docbook5 docbook_xsl_ns jq ];
buildInputs =
[ curl openssl sqlite xz bzip2 nlohmann_json
brotli boost editline boehmgc
]
++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium
++ lib.optionals is24 [ libarchive gmock ]
++ lib.optional withLibseccomp libseccomp
++ lib.optional withAWS
((aws-sdk-cpp.override {
apis = ["s3" "transfer"];
customMemoryManagement = false;
}).overrideDerivation (args: {
patches = args.patches or [] ++ [(fetchpatch {
url = "https://github.com/edolstra/aws-sdk-cpp/commit/7d58e303159b2fb343af9a1ec4512238efa147c7.patch";
sha256 = "103phn6kyvs1yc7fibyin3lgxz699qakhw671kl207484im55id1";
})];
}));
propagatedBuildInputs = [ boehmgc ];
# Seems to be required when using std::atomic with 64-bit types
NIX_LDFLAGS =
# need to list libraries individually until
# https://github.com/NixOS/nix/commit/3e85c57a6cbf46d5f0fe8a89b368a43abd26daba
# is in a release
lib.optionalString enableStatic "-lssl -lbrotlicommon -lssh2 -lz -lnghttp2 -lcrypto"
# need to detect it here until
# https://github.com/NixOS/nix/commits/74b4737d8f0e1922ef5314a158271acf81cd79f8
# is in a release
+ lib.optionalString (stdenv.hostPlatform.system == "armv5tel-linux" || stdenv.hostPlatform.system == "armv6l-linux") "-latomic";
preConfigure =
# Copy libboost_context so we don't get all of Boost in our closure.
# https://github.com/NixOS/nixpkgs/issues/45462
lib.optionalString (!enableStatic) ''
mkdir -p $out/lib
cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib
rm -f $out/lib/*.a
${lib.optionalString stdenv.isLinux ''
chmod u+w $out/lib/*.so.*
patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.*
''}
'' +
# For Nix-2.3, patch around an issue where the Nix configure step pulls in the
# build system's bash and other utilities when cross-compiling
lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform && isExactly23) ''
mkdir tmp/
substitute corepkgs/config.nix.in tmp/config.nix.in \
--subst-var-by bash ${bash}/bin/bash \
--subst-var-by coreutils ${coreutils}/bin \
--subst-var-by bzip2 ${bzip2}/bin/bzip2 \
--subst-var-by gzip ${gzip}/bin/gzip \
--subst-var-by xz ${xz}/bin/xz \
--subst-var-by tar ${gnutar}/bin/tar \
--subst-var-by tr ${coreutils}/bin/tr
mv tmp/config.nix.in corepkgs/config.nix.in
'';
configureFlags =
[ "--with-store-dir=${storeDir}"
"--localstatedir=${stateDir}"
"--sysconfdir=${confDir}"
"--disable-init-state"
"--enable-gc"
]
++ lib.optionals stdenv.isLinux [
"--with-sandbox-shell=${sandbox-shell}"
]
++ lib.optional (
stdenv.hostPlatform != stdenv.buildPlatform && stdenv.hostPlatform ? nix && stdenv.hostPlatform.nix ? system
) ''--with-system=${stdenv.hostPlatform.nix.system}''
# RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50
++ lib.optional (!withLibseccomp) "--disable-seccomp-sandboxing";
makeFlags = [ "profiledir=$(out)/etc/profile.d" ]
++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) "PRECOMPILE_HEADERS=0";
installFlags = [ "sysconfdir=$(out)/etc" ];
doInstallCheck = true; # not cross
# socket path becomes too long otherwise
preInstallCheck = lib.optional stdenv.isDarwin ''
export TMPDIR=$NIX_BUILD_TOP
'';
separateDebugInfo = stdenv.isLinux;
enableParallelBuilding = true;
meta = {
description = "Powerful package manager that makes package management reliable and reproducible";
longDescription = ''
Nix is a powerful package manager for Linux and other Unix systems that
makes package management reliable and reproducible. It provides atomic
upgrades and rollbacks, side-by-side installation of multiple versions of
a package, multi-user package management and easy setup of build
environments.
'';
homepage = "https://nixos.org/";
license = lib.licenses.lgpl2Plus;
maintainers = [ lib.maintainers.eelco ];
platforms = lib.platforms.unix;
outputsToInstall = [ "out" "man" ];
};
passthru = {
perl-bindings = stdenv.mkDerivation {
pname = "nix-perl";
inherit version;
inherit src;
postUnpack = "sourceRoot=$sourceRoot/perl";
# This is not cross-compile safe, don't have time to fix right now
# but noting for future travellers.
nativeBuildInputs =
[ perl pkg-config curl nix libsodium boost autoreconfHook autoconf-archive ];
configureFlags =
[ "--with-dbi=${perlPackages.DBI}/${perl.libPrefix}"
"--with-dbd-sqlite=${perlPackages.DBDSQLite}/${perl.libPrefix}"
];
preConfigure = "export NIX_STATE_DIR=$TMPDIR";
preBuild = "unset NIX_INDENT_MAKE";
};
};
};
in nix;
in rec {
nix = nixStable;
nixStable = callPackage common (rec {
name = "nix-2.3.7";
src = fetchurl {
url = "https://nixos.org/releases/nix/${name}/${name}.tar.xz";
sha256 = "dd8f52849414e5a878afe7e797aa4e22bab77c875d9da5a38d5f1bada704e596";
};
inherit storeDir stateDir confDir boehmgc;
} // lib.optionalAttrs stdenv.cc.isClang {
stdenv = llvmPackages_6.stdenv;
});
nixUnstable = lib.lowPrio (callPackage common rec {
name = "nix-2.4${suffix}";
suffix = "pre20200721_ff314f1";
src = fetchFromGitHub {
owner = "NixOS";
repo = "nix";
rev = "ff314f186e3f91d87af6ad96c0ae3b472494b940";
hash = "sha256-QibpLo4/gf2xYGoeQcgjZzH/qy5TBRVH+QCHgqOwur0=";
};
inherit storeDir stateDir confDir boehmgc;
});
nixFlakes = nixUnstable;
}

Some files were not shown because too many files have changed in this diff Show More