{ stdenv, fetchFromGitHub, python3, python3Packages, docker, autoreconfHook, coreutils, makeWrapper, gnused, gnutar, gzip, findutils, sudo, nixosTests }:

stdenv.mkDerivation rec {

  version = "0.20";
  pname = "charliecloud";

  src = fetchFromGitHub {
    owner = "hpc";
    repo = "charliecloud";
    rev = "v${version}";
    sha256 = "15ihffwhpjnzgz0ir5vc9la4fwkqj91vmrcsb2r58ikq7h9sk45j";
  };

  nativeBuildInputs = [ autoreconfHook makeWrapper ];
  buildInputs = [
    docker
    (python3.withPackages (ps: [ ps.lark-parser ps.requests ]))
  ];

  configureFlags = let
    pythonEnv = python3.withPackages (ps: [ ps.lark-parser ps.requests ]);
  in [
    "--with-python=${pythonEnv}/bin/python3"
  ];

  preConfigure = ''
    patchShebangs test/
    substituteInPlace configure.ac --replace "/usr/bin/env" "${coreutils}/bin/env"
  '';

  makeFlags = [
    "PREFIX=$(out)"
    "LIBEXEC_DIR=lib/charliecloud"
  ];

  # Charliecloud calls some external system tools.
  # Here we wrap those deps so they are resolved inside nixpkgs.
  postInstall = ''
    for file in $out/bin/* ; do \
      wrapProgram $file --prefix PATH : ${stdenv.lib.makeBinPath [ coreutils docker gnused gnutar gzip findutils sudo ]}
    done
  '';

  passthru.tests.charliecloud = nixosTests.charliecloud;

  meta = {
    description = "User-defined software stacks (UDSS) for high-performance computing (HPC) centers";
    longDescription = ''
      Charliecloud uses Linux user namespaces to run containers with no
      privileged operations or daemons and minimal configuration changes on
      center resources. This simple approach avoids most security risks
      while maintaining access to the performance and functionality already
      on offer.
    '';
    homepage = "https://hpc.github.io/charliecloud";
    license = stdenv.lib.licenses.asl20;
    maintainers = [ stdenv.lib.maintainers.bzizou ];
    platforms = stdenv.lib.platforms.linux;
  };

}