nixpkgs/pkgs/by-name/op/openscap/package.nix

{
  lib,
  stdenv,
  fetchFromGitHub,
  cmake,
  libsepol,
  popt,
  libxml2,
  libxslt,
  openssl,
  util-linux,
  pcre2,
  pcre,
  libselinux,
  graphviz,
  glib,
  python3,
  swig,
  libgcrypt,
  opendbx,
  xmlbird,
  haskellPackages,
  libyaml,
  yaml-filter,
  xmlsec,
  bzip2,
  valgrind,
  asciidoc,
  installShellFiles,
  rpm,
  system-sendmail,
  hyperscan,
  gnome2,
  curl,
  procps,
  systemd,
  perl,
  doxygen,
  pkg-config,
  perl538Packages,
}:

stdenv.mkDerivation rec {
  pname = "openscap";
  version = "1.3.10";

  src = fetchFromGitHub {
    owner = "OpenSCAP";
    repo = "openscap";
    rev = version;
    hash = "sha256-P7k+Ygz/XmpTSKBEqbyJsd1bIDVJ1HA/RJdrEtjYD5g=";
  };

  strictDeps = true;

  nativeBuildInputs = [
    cmake
    asciidoc
    doxygen
    rpm
    swig
    util-linux
    pkg-config
  ];

  buildInputs =
    with perl538Packages;
    [
      XMLXPath
      LinuxACL
      XMLTokeParser
    ]
    ++ [
      perl
      popt
      openssl
      valgrind
      pcre2
      pcre
      libxslt
      xmlsec
      hyperscan
      libselinux
      libyaml
      xmlbird
      installShellFiles
      bzip2
      yaml-filter
      python3
      libgcrypt
      libxml2
      systemd
      haskellPackages.pthread
      graphviz
      system-sendmail
      procps
      libsepol
      curl
      glib
      gnome2.ORBit2
      opendbx
    ];

  prePatch = ''
    export SWIG_PERL_DIR=lib/perl
    substituteInPlace swig/perl/CMakeLists.txt \
      --replace-fail "DESTINATION ''${PERL_VENDORLIB}" "DESTINATION ''${SWIG_PERL_DIR}''${PERL_VERSION}" \
      --replace-fail "DESTINATION ''${PERL_VENDORARCH}" "DESTINATION ''${SWIG_PERL_DIR}"
    substituteInPlace src/common/oscap_pcre.c \
      --replace-fail "#include <pcre2.h>" "#include <${pcre2.dev}/include/pcre2.h>" \
      --replace-fail "#include <pcre.h>" "#include <${pcre.dev}/include/pcre.h>"
  '';

  cmakeFlags = [
    "-DPCRE2_INCLUDE_DIRS=${pcre2.dev}/include"
    "-DPCRE2_LIBRARIES=${pcre2.out}/lib"
    "-DENABLE_DOCS=TRUE"
    "-DENABLE_TESTS=TRUE"
    "-DENABLE_OSCAP_UTIL=TRUE"
    "-DENABLE_OSCAP_UTIL_CHROOT=TRUE"
    "-DENABLE_OSCAP_UTIL_SSH=TRUE"
    "-DENABLE_OSCAP_UTIL_DOCKER=TRUE"
    "-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"
    "-DOPENSCAP_PROBE_INDEPENDENT_YAMLFILECONTENT=TRUE"
    "-DSYSTEMD_UNITDIR=lib/systemd/system"
    "-DENABLE_VALGRIND=TRUE"
    "-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"
    "-DPYTHON_SITE_PACKAGES_INSTALL_DIR=${python3.pkgs.python.sitePackages}"
    "-DOPENSCAP_INSTALL_DESTINATION=bin"
    "-DCMAKE_INSTALL_BINDIR=bin"
    "-DCMAKE_INSTALL_MANDIR=share"
    "-DENABLE_MITRE=TRUE"
    "-DCMAKE_INSTALL_LIBDIR=lib"
    "-DCMAKE_INSTALL_INCLUDEDIR=include"
    "-DCMAKE_INSTALL_DATADIR=share"
    "-DBUILD_TESTING=ON"
    "-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON"
    "-DCMAKE_POLICY_DEFAULT_CMP0025=NEW"
  ];

  postBuild = ''
    make docs
  '';

  installPhase = ''
    make install
    installManPage $out/share/man8/*.8
    rm -rf $out/share/man8
  '';

  meta = {
    description = "NIST Certified SCAP 1.2 toolkit";
    homepage = "https://github.com/OpenSCAP/openscap";
    changelog = "https://github.com/OpenSCAP/openscap/blob/${src.rev}/NEWS";
    license = lib.licenses.lgpl21Only;
    maintainers = with lib.maintainers; [ tochiaha ];
    mainProgram = "oscap";
    platforms = [ "x86_64-linux" ];
  };
}
openscap: init at 1.3.10 2024-07-17 04:36:20 +00:00			`{`
			`lib,`
			`stdenv,`
			`fetchFromGitHub,`
			`cmake,`
			`libsepol,`
			`popt,`
			`libxml2,`
			`libxslt,`
			`openssl,`
			`util-linux,`
			`pcre2,`
			`pcre,`
			`libselinux,`
			`graphviz,`
			`glib,`
			`python3,`
			`swig,`
			`libgcrypt,`
			`opendbx,`
			`xmlbird,`
			`haskellPackages,`
			`libyaml,`
			`yaml-filter,`
			`xmlsec,`
			`bzip2,`
			`valgrind,`
			`asciidoc,`
			`installShellFiles,`
			`rpm,`
			`system-sendmail,`
			`hyperscan,`
			`gnome2,`
			`curl,`
			`procps,`
			`systemd,`
			`perl,`
			`doxygen,`
			`pkg-config,`
			`perl538Packages,`
			`}:`

			`stdenv.mkDerivation rec {`
			`pname = "openscap";`
			`version = "1.3.10";`

			`src = fetchFromGitHub {`
			`owner = "OpenSCAP";`
			`repo = "openscap";`
			`rev = version;`
			`hash = "sha256-P7k+Ygz/XmpTSKBEqbyJsd1bIDVJ1HA/RJdrEtjYD5g=";`
			`};`

			`strictDeps = true;`

			`nativeBuildInputs = [`
			`cmake`
			`asciidoc`
			`doxygen`
			`rpm`
			`swig`
			`util-linux`
			`pkg-config`
			`];`

			`buildInputs =`
			`with perl538Packages;`
			`[`
			`XMLXPath`
			`LinuxACL`
			`XMLTokeParser`
			`]`
			`++ [`
			`perl`
			`popt`
			`openssl`
			`valgrind`
			`pcre2`
			`pcre`
			`libxslt`
			`xmlsec`
			`hyperscan`
			`libselinux`
			`libyaml`
			`xmlbird`
			`installShellFiles`
			`bzip2`
			`yaml-filter`
			`python3`
			`libgcrypt`
			`libxml2`
			`systemd`
			`haskellPackages.pthread`
			`graphviz`
			`system-sendmail`
			`procps`
			`libsepol`
			`curl`
			`glib`
			`gnome2.ORBit2`
			`opendbx`
			`];`

			`prePatch = ''`
			`export SWIG_PERL_DIR=lib/perl`
			`substituteInPlace swig/perl/CMakeLists.txt \`
			`--replace-fail "DESTINATION ''${PERL_VENDORLIB}" "DESTINATION ''${SWIG_PERL_DIR}''${PERL_VERSION}" \`
			`--replace-fail "DESTINATION ''${PERL_VENDORARCH}" "DESTINATION ''${SWIG_PERL_DIR}"`
			`substituteInPlace src/common/oscap_pcre.c \`
			`--replace-fail "#include <pcre2.h>" "#include <${pcre2.dev}/include/pcre2.h>" \`
			`--replace-fail "#include <pcre.h>" "#include <${pcre.dev}/include/pcre.h>"`
			`'';`

			`cmakeFlags = [`
			`"-DPCRE2_INCLUDE_DIRS=${pcre2.dev}/include"`
			`"-DPCRE2_LIBRARIES=${pcre2.out}/lib"`
			`"-DENABLE_DOCS=TRUE"`
			`"-DENABLE_TESTS=TRUE"`
			`"-DENABLE_OSCAP_UTIL=TRUE"`
			`"-DENABLE_OSCAP_UTIL_CHROOT=TRUE"`
			`"-DENABLE_OSCAP_UTIL_SSH=TRUE"`
			`"-DENABLE_OSCAP_UTIL_DOCKER=TRUE"`
			`"-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"`
			`"-DOPENSCAP_PROBE_INDEPENDENT_YAMLFILECONTENT=TRUE"`
			`"-DSYSTEMD_UNITDIR=lib/systemd/system"`
			`"-DENABLE_VALGRIND=TRUE"`
			`"-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"`
			`"-DPYTHON_SITE_PACKAGES_INSTALL_DIR=${python3.pkgs.python.sitePackages}"`
			`"-DOPENSCAP_INSTALL_DESTINATION=bin"`
			`"-DCMAKE_INSTALL_BINDIR=bin"`
			`"-DCMAKE_INSTALL_MANDIR=share"`
			`"-DENABLE_MITRE=TRUE"`
			`"-DCMAKE_INSTALL_LIBDIR=lib"`
			`"-DCMAKE_INSTALL_INCLUDEDIR=include"`
			`"-DCMAKE_INSTALL_DATADIR=share"`
			`"-DBUILD_TESTING=ON"`
			`"-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON"`
			`"-DCMAKE_POLICY_DEFAULT_CMP0025=NEW"`
			`];`

			`postBuild = ''`
			`make docs`
			`'';`

			`installPhase = ''`
			`make install`
			`installManPage $out/share/man8/*.8`
			`rm -rf $out/share/man8`
			`'';`

			`meta = {`
			`description = "NIST Certified SCAP 1.2 toolkit";`
			`homepage = "https://github.com/OpenSCAP/openscap";`
			`changelog = "https://github.com/OpenSCAP/openscap/blob/${src.rev}/NEWS";`
			`license = lib.licenses.lgpl21Only;`
			`maintainers = with lib.maintainers; [ tochiaha ];`
			`mainProgram = "oscap";`
			`platforms = [ "x86_64-linux" ];`
			`};`
			`}`