nix: wrap program from libexec

This avoids renaming the fortify binary.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>

package.nix

@@ -29,7 +29,7 @@ buildGoModule rec {
         "-s"
         "-w"
         "-X"
-        "main.Fmain=${placeholder "out"}/bin/.fortify-wrapped"
+        "main.Fmain=${placeholder "out"}/libexec/fortify"
         "-X"
         "main.Fshim=${placeholder "out"}/libexec/fshim"
       ]
@@ -47,14 +47,15 @@ buildGoModule rec {
   nativeBuildInputs = [ makeBinaryWrapper ];
 
   postInstall = ''
-    wrapProgram $out/bin/${pname} --prefix PATH : ${
+    mkdir "$out/libexec"
-      lib.makeBinPath [
+    mv "$out"/bin/* "$out/libexec/"
-        bubblewrap
-        xdg-dbus-proxy
-      ]
-    }
 
-    mkdir $out/libexec
+    makeBinaryWrapper "$out/libexec/fortify" "$out/bin/fortify" \
-    (cd $out/bin && mv fsu fshim finit fuserdb ../libexec/)
+      --inherit-argv0 --prefix PATH : ${
+        lib.makeBinPath [
+          bubblewrap
+          xdg-dbus-proxy
+        ]
+      }
   '';
 }