160 lines
3.3 KiB
Nix
160 lines
3.3 KiB
Nix
{
|
|
lib,
|
|
stdenv,
|
|
fetchFromGitHub,
|
|
cmake,
|
|
libsepol,
|
|
popt,
|
|
libxml2,
|
|
libxslt,
|
|
openssl,
|
|
util-linux,
|
|
pcre2,
|
|
pcre,
|
|
libselinux,
|
|
graphviz,
|
|
glib,
|
|
python3,
|
|
swig,
|
|
libgcrypt,
|
|
opendbx,
|
|
xmlbird,
|
|
haskellPackages,
|
|
libyaml,
|
|
yaml-filter,
|
|
xmlsec,
|
|
bzip2,
|
|
valgrind,
|
|
asciidoc,
|
|
installShellFiles,
|
|
rpm,
|
|
system-sendmail,
|
|
hyperscan,
|
|
gnome2,
|
|
curl,
|
|
procps,
|
|
systemd,
|
|
perl,
|
|
doxygen,
|
|
pkg-config,
|
|
perl538Packages,
|
|
}:
|
|
|
|
stdenv.mkDerivation rec {
|
|
pname = "openscap";
|
|
version = "1.3.10";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "OpenSCAP";
|
|
repo = "openscap";
|
|
rev = version;
|
|
hash = "sha256-P7k+Ygz/XmpTSKBEqbyJsd1bIDVJ1HA/RJdrEtjYD5g=";
|
|
};
|
|
|
|
strictDeps = true;
|
|
|
|
nativeBuildInputs = [
|
|
cmake
|
|
asciidoc
|
|
doxygen
|
|
rpm
|
|
swig
|
|
util-linux
|
|
pkg-config
|
|
];
|
|
|
|
buildInputs =
|
|
with perl538Packages;
|
|
[
|
|
XMLXPath
|
|
LinuxACL
|
|
XMLTokeParser
|
|
]
|
|
++ [
|
|
perl
|
|
popt
|
|
openssl
|
|
valgrind
|
|
pcre2
|
|
pcre
|
|
libxslt
|
|
xmlsec
|
|
hyperscan
|
|
libselinux
|
|
libyaml
|
|
xmlbird
|
|
installShellFiles
|
|
bzip2
|
|
yaml-filter
|
|
python3
|
|
libgcrypt
|
|
libxml2
|
|
systemd
|
|
haskellPackages.pthread
|
|
graphviz
|
|
system-sendmail
|
|
procps
|
|
libsepol
|
|
curl
|
|
glib
|
|
gnome2.ORBit2
|
|
opendbx
|
|
];
|
|
|
|
prePatch = ''
|
|
export SWIG_PERL_DIR=lib/perl
|
|
substituteInPlace swig/perl/CMakeLists.txt \
|
|
--replace-fail "DESTINATION ''${PERL_VENDORLIB}" "DESTINATION ''${SWIG_PERL_DIR}''${PERL_VERSION}" \
|
|
--replace-fail "DESTINATION ''${PERL_VENDORARCH}" "DESTINATION ''${SWIG_PERL_DIR}"
|
|
substituteInPlace src/common/oscap_pcre.c \
|
|
--replace-fail "#include <pcre2.h>" "#include <${pcre2.dev}/include/pcre2.h>" \
|
|
--replace-fail "#include <pcre.h>" "#include <${pcre.dev}/include/pcre.h>"
|
|
'';
|
|
|
|
cmakeFlags = [
|
|
"-DPCRE2_INCLUDE_DIRS=${pcre2.dev}/include"
|
|
"-DPCRE2_LIBRARIES=${pcre2.out}/lib"
|
|
"-DENABLE_DOCS=TRUE"
|
|
"-DENABLE_TESTS=TRUE"
|
|
"-DENABLE_OSCAP_UTIL=TRUE"
|
|
"-DENABLE_OSCAP_UTIL_CHROOT=TRUE"
|
|
"-DENABLE_OSCAP_UTIL_SSH=TRUE"
|
|
"-DENABLE_OSCAP_UTIL_DOCKER=TRUE"
|
|
"-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"
|
|
"-DOPENSCAP_PROBE_INDEPENDENT_YAMLFILECONTENT=TRUE"
|
|
"-DSYSTEMD_UNITDIR=lib/systemd/system"
|
|
"-DENABLE_VALGRIND=TRUE"
|
|
"-DENABLE_OSCAP_REMEDIATE_SERVICE=TRUE"
|
|
"-DPYTHON_SITE_PACKAGES_INSTALL_DIR=${python3.pkgs.python.sitePackages}"
|
|
"-DOPENSCAP_INSTALL_DESTINATION=bin"
|
|
"-DCMAKE_INSTALL_BINDIR=bin"
|
|
"-DCMAKE_INSTALL_MANDIR=share"
|
|
"-DENABLE_MITRE=TRUE"
|
|
"-DCMAKE_INSTALL_LIBDIR=lib"
|
|
"-DCMAKE_INSTALL_INCLUDEDIR=include"
|
|
"-DCMAKE_INSTALL_DATADIR=share"
|
|
"-DBUILD_TESTING=ON"
|
|
"-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=ON"
|
|
"-DCMAKE_POLICY_DEFAULT_CMP0025=NEW"
|
|
];
|
|
|
|
postBuild = ''
|
|
make docs
|
|
'';
|
|
|
|
installPhase = ''
|
|
make install
|
|
installManPage $out/share/man8/*.8
|
|
rm -rf $out/share/man8
|
|
'';
|
|
|
|
meta = {
|
|
description = "NIST Certified SCAP 1.2 toolkit";
|
|
homepage = "https://github.com/OpenSCAP/openscap";
|
|
changelog = "https://github.com/OpenSCAP/openscap/blob/${src.rev}/NEWS";
|
|
license = lib.licenses.lgpl21Only;
|
|
maintainers = with lib.maintainers; [ tochiaha ];
|
|
mainProgram = "oscap";
|
|
platforms = [ "x86_64-linux" ];
|
|
};
|
|
}
|