openscap: discover built-in plugins (like SCE) (#461893)

  valgrind,

  asciidoc,

  installShellFiles,

  makeWrapper,

  rpm,

  system-sendmail,

  gnome2,

    cmake

    asciidoc

    doxygen

    makeWrapper

    rpm

    swig

    util-linux

      --replace-fail "DESTINATION ''${PERL_VENDORARCH}" "DESTINATION ''${SWIG_PERL_DIR}"

    substituteInPlace src/common/oscap_pcre.c \

      --replace-fail "#include <pcre2.h>" "#include <${pcre2.dev}/include/pcre2.h>"

    # Patch SCE engine to not hardcode FHS paths, allowing it to use the transient environment's PATH

    substituteInPlace src/SCE/sce_engine.c \

      --replace-fail 'env_values[0] = "PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin";' 'env_values[0] = "_PATCHED_OUT_DUMMY_VAR=patched-out";'

  '';

  cmakeFlags = [

    rm -rf $out/share/man8

  '';

  postFixup = ''

    # Set plugin directory to discover the SCE plugin.

    # openscap calls dlopen with this as the directory prefix.

    wrapProgram $out/bin/oscap \

      --set OSCAP_CHECK_ENGINE_PLUGIN_DIR $out/lib

  '';

  meta = {

    description = "NIST Certified SCAP 1.2 toolkit";

    homepage = "https://github.com/OpenSCAP/openscap";