# Contributor: Ɓukasz Jendrysik <scadu@yandex.com>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=nss
pkgver=3.47
_ver=$(printf '%s' "$pkgver" | tr . _)
pkgrel=0
pkgdesc="Mozilla Network Security Services"
url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
arch="all"
options="!check"
license="MPL-2.0"
depends=""
depends_dev="nspr-dev"
makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers"
subpackages="$pkgname-static $pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src/$pkgname-$pkgver.tar.gz
	nss.pc.in
	nss-util.pc.in
	nss-softokn.pc.in
	nss-config.in
	add_spi+cacert_ca_certs.patch
	"

# secfixes:
#   3.45-r0:
#     - CVE-2019-11719
#     - CVE-2019-11727
#     - CVE-2019-11729

prepare() {
	default_prepare

	# Respect LDFLAGS
	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
		"$builddir"/nss/coreconf/rules.mk
}

build() {
	unset CFLAGS
	unset CXXFLAGS
	export BUILD_OPT=1
	export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
	export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
	export FREEBL_NO_DEPEND=0
	export NSS_USE_SYSTEM_SQLITE=1
	export NSS_ENABLE_WERROR=0
	export NSPR_INCLUDE_DIR=`pkg-config --cflags-only-I nspr | sed 's/-I//'`
	export NSPR_LIB_DIR=`pkg-config --libs-only-L nspr | sed 's/-L.//'`
	case "$CARCH" in
		*64* | s390x) export USE_64=1;;
	esac
	make -j 1 -C nss/coreconf
	make -j 1 -C nss/lib/dbm
	make -j 1 -C nss
}

package() {
	install -m755 -d "$pkgdir"/usr/lib/pkgconfig
	install -m755 -d "$pkgdir"/usr/bin
	install -m755 -d "$pkgdir"/usr/include/nss/private

	NSS_VMAJOR=`awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h `
	msg "DEBUG: $NSS_VMAJOR"
	NSS_VMINOR=`awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h`
	NSS_VPATCH=`awk '/#define.*NSS_VPATCH/ {print $3}' nss/lib/nss/nss.h`

	# pkgconfig files
	local _pc; for _pc in nss.pc nss-util.pc nss-softokn.pc; do
		sed "$srcdir"/${_pc}.in \
			-e "s,%libdir%,/usr/lib,g" \
			-e "s,%prefix%,/usr,g" \
			-e "s,%exec_prefix%,/usr/bin,g" \
			-e "s,%includedir%,/usr/include/nss,g" \
			-e "s,%SOFTOKEN_VERSION%,$pkgver,g" \
			-e "s,%NSPR_VERSION%,$pkgver,g" \
			-e "s,%NSS_VERSION%,$pkgver,g" \
			-e "s,%NSSUTIL_VERSION%,$pkgver,g" \
			> "$pkgdir"/usr/lib/pkgconfig/${_pc}
	done
	ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc
	chmod 644 "$pkgdir"/usr/lib/pkgconfig/*.pc

	# nss-config
	sed "$srcdir"/nss-config.in \
		-e "s,@libdir@,/usr/lib,g" \
		-e "s,@prefix@,/usr/bin,g" \
		-e "s,@exec_prefix@,/usr/bin,g" \
		-e "s,@includedir@,/usr/include/nss,g" \
		-e "s,@MOD_MAJOR_VERSION@,${NSS_VMAJOR},g" \
		-e "s,@MOD_MINOR_VERSION@,${NSS_VMINOR},g" \
		-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
		> "$pkgdir"/usr/bin/nss-config
	chmod 755 "$pkgdir"/usr/bin/nss-config
	minor="${pkgver#*.}"
	minor=${minor%.*}
	for file in $(find dist/*.OBJ/lib -name "*.so"); do
		install -m755 $file \
			"$pkgdir"/usr/lib/${file##*/}.$minor
		ln -s ${file##*/}.$minor "$pkgdir"/usr/lib/${file##*/}
	done
	install -m644 dist/*.OBJ/lib/*.a "$pkgdir"/usr/lib/
	install -m644 dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/

	for file in certutil cmsutil crlutil modutil pk12util shlibsign \
			signtool signver ssltap; do
		install -m755 dist/*.OBJ/bin/${file} "$pkgdir"/usr/bin/
	done
	install -m644 dist/public/nss/*.h "$pkgdir"/usr/include/nss/
	install -m644 dist/private/nss/blapi.h dist/private/nss/alghmac.h "$pkgdir"/usr/include/nss/private/
}

static() {
	pkgdesc="Static libraries for Network Security Services"
	mkdir -p "$subpkgdir"/usr/lib
	mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/

	# remove libssl.a which conflicts with libressl
	rm "$subpkgdir"/usr/lib/libssl.a
}

dev() {
	# we cannot use default_dev because we need the .so symlinks in main package
	pkgdesc="Development files for Network Security Services"
	depends="$pkgname $depends_dev"

	mkdir -p "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/nss-config "$subpkgdir"/usr/bin

	cd "$pkgdir"
	for i in usr/include usr/lib/pkgconfig usr/lib/*.a; do
		if [ -e "$pkgdir/$i" ] || [ -L "$pkgdir/$i" ]; then
			d="$subpkgdir/${i%/*}"  # dirname $i
			mkdir -p "$d"
			mv "$pkgdir/$i" "$d"
			rmdir "$pkgdir/${i%/*}" 2>/dev/null || true
		fi
	done
	mv "$pkgdir"/usr/lib/libgtest1.* "$pkgdir"/usr/lib/libnsssysinit.* \
		"$subpkgdir"/usr/lib
}

tools() {
	pkgdesc="Tools for Network Security Services"
	replaces="nss"
	mkdir -p "$subpkgdir"/usr/
	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}

sha512sums="99d04d28c38092826f5aab125662780865de49a97743ff0ab49a191bafae3ba3a937369cd6909ab23e7dcaf06482c8852b31ef057dc12c758f2681e03822e247  nss-3.47.tar.gz
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09  nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15  nss-softokn.pc.in
2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in
6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16  add_spi+cacert_ca_certs.patch"