pkgs/by-name/op/openscap/package.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / by-name / op / openscap / package.nix
at devShellTools-shell 155 lines 3.2 kB view raw
  1{
  2  lib,
  3  stdenv,
  4  fetchFromGitHub,
  5  cmake,
  6  libsepol,
  7  popt,
  8  libxml2,
  9  libxslt,
 10  openssl,
 11  util-linux,
 12  pcre2,
 13  libselinux,
 14  graphviz,
 15  glib,
 16  python3,
 17  swig,
 18  libgcrypt,
 19  opendbx,
 20  xmlbird,
 21  haskellPackages,
 22  libyaml,
 23  yaml-filter,
 24  xmlsec,
 25  bzip2,
 26  valgrind,
 27  asciidoc,
 28  installShellFiles,
 29  rpm,
 30  system-sendmail,
 31  gnome2,
 32  curl,
 33  procps,
 34  systemd,
 35  perl,
 36  doxygen,
 37  pkg-config,
 38  perl538Packages,
 39}:
 40
 41stdenv.mkDerivation rec {
 42  pname = "openscap";
 43  version = "1.4.2";
 44
 45  src = fetchFromGitHub {
 46    owner = "OpenSCAP";
 47    repo = "openscap";
 48    rev = version;
 49    hash = "sha256-AOldgYS8qMOLB/Nm2/O0obdDOrefSrubTETb50f3Gv8=";
 50  };
 51
 52  strictDeps = true;
 53
 54  nativeBuildInputs = [
 55    cmake
 56    asciidoc
 57    doxygen
 58    rpm
 59    swig
 60    util-linux
 61    pkg-config
 62  ];
 63
 64  buildInputs =
 65    with perl538Packages;
 66    [
 67      XMLXPath
 68      LinuxACL
 69      XMLTokeParser
 70    ]
 71    ++ [
 72      perl
 73      popt
 74      openssl
 75      valgrind
 76      pcre2
 77      libxslt
 78      xmlsec
 79      libselinux
 80      libyaml
 81      xmlbird
 82      installShellFiles
 83      bzip2
 84      yaml-filter
 85      python3
 86      libgcrypt
 87      libxml2
 88      systemd
 89      haskellPackages.pthread
 90      graphviz
 91      system-sendmail
 92      procps
 93      libsepol
 94      curl
 95      glib
 96      gnome2.ORBit2
 97      opendbx
 98    ];
 99
100  prePatch = ''
101    export SWIG_PERL_DIR=lib/perl
102    substituteInPlace swig/perl/CMakeLists.txt \
103      --replace-fail "DESTINATION ''${PERL_VENDORLIB}" "DESTINATION ''${SWIG_PERL_DIR}''${PERL_VERSION}" \
104      --replace-fail "DESTINATION ''${PERL_VENDORARCH}" "DESTINATION ''${SWIG_PERL_DIR}"
105    substituteInPlace src/common/oscap_pcre.c \
106      --replace-fail "#include <pcre2.h>" "#include <${pcre2.dev}/include/pcre2.h>"
107  '';
108
109  cmakeFlags = [
110    "-DPCRE2_INCLUDE_DIRS=${pcre2.dev}/include"
111    "-DPCRE2_LIBRARIES=${pcre2.out}/lib"
112    "-DENABLE_DOCS=TRUE"
113    "-DENABLE_TESTS=TRUE"
114    "-DENABLE_OSCAP_UTIL=TRUE"
115    "-DENABLE_OSCAP_UTIL_CHROOT=TRUE"
116    "-DENABLE_OSCAP_UTIL_SSH=TRUE"
117    "-DENABLE_OSCAP_UTIL_DOCKER=TRUE"
118    "-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"
119    "-DOPENSCAP_PROBE_INDEPENDENT_YAMLFILECONTENT=TRUE"
120    "-DSYSTEMD_UNITDIR=lib/systemd/system"
121    "-DENABLE_VALGRIND=TRUE"
122    "-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"
123    "-DPYTHON_SITE_PACKAGES_INSTALL_DIR=${python3.pkgs.python.sitePackages}"
124    "-DOPENSCAP_INSTALL_DESTINATION=bin"
125    "-DCMAKE_INSTALL_BINDIR=bin"
126    "-DCMAKE_INSTALL_MANDIR=share"
127    "-DENABLE_MITRE=TRUE"
128    "-DCMAKE_INSTALL_LIBDIR=lib"
129    "-DCMAKE_INSTALL_INCLUDEDIR=include"
130    "-DCMAKE_INSTALL_DATADIR=share"
131    "-DBUILD_TESTING=ON"
132    "-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON"
133    "-DCMAKE_POLICY_DEFAULT_CMP0025=NEW"
134  ];
135
136  postBuild = ''
137    make $makeFlags docs
138  '';
139
140  installPhase = ''
141    make install
142    installManPage $out/share/man8/*.8
143    rm -rf $out/share/man8
144  '';
145
146  meta = {
147    description = "NIST Certified SCAP 1.2 toolkit";
148    homepage = "https://github.com/OpenSCAP/openscap";
149    changelog = "https://github.com/OpenSCAP/openscap/blob/${src.rev}/NEWS";
150    license = lib.licenses.lgpl21Only;
151    maintainers = with lib.maintainers; [ tochiaha ];
152    mainProgram = "oscap";
153    platforms = lib.platforms.linux;
154  };
155}