# Maintainer: Alexey Pavlov <alexpux@gmail.com>

pkgname=('openssl' 'libopenssl' 'openssl-devel' 'openssl-docs')
# Note: always rebuild openssh after updating openssl pkgver,
# it does strict version checks at runtime
pkgver=3.6.0
pkgrel=1
pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
arch=('i686' 'x86_64')
url='https://openssl-library.org'
msys2_repository_url="https://github.com/openssl/openssl"
msys2_references=(
  "cpe: cpe:/a:openssl:openssl"
)
license=('spdx:Apache-2.0')
makedepends=('gcc' 'tar' 'perl' 'diffutils' 'nasm')
noextract=(${pkgname}-${pkgver}.tar.gz)
source=("https://github.com/openssl/openssl/releases/download/${pkgname}-${pkgver}/${pkgname}-${pkgver}.tar.gz"{,.asc}
        '0001-Use-usr-ssl-as-ca-dir-instead-of-.-demoCA.patch'
        '0002-Support-MSYS2.patch'
        '0004-Override-engines-directory.patch'
        '0005-skip-dllmain-detach.patch')
sha256sums=('b6a5f44b7eb69e3fa35dbf15524405b44837a481d43d81daddde3ff21fcbb8e9'
            'SKIP'
            '7ff3213d8d085238695f076d254f16d15b16a9baca1f9393c1bed0057006da2c'
            'b73a45cf26830bbb3c110a8f9e042ea5c71a9627204d5d172b04c43aff5b0f1a'
            '345350546bf55dd069133e0c56b2c5f7e037db237a30f7ad38159bd61b6d4daf'
            '79b56c97da803493eb9bbc04dc67ddf3662a8486efb9ec7b15e668b8c0fa4e0f')
# https://openssl-library.org/source/index.html
validpgpkeys=(
  'BA5473A2B0587B07FB27CF2D216094DFD0CB81EF' # openssl@openssl.org
)

prepare() {
  [[ -d ${srcdir}/${pkgname}-${pkgver} ]] || tar -xzvf ${srcdir}/${pkgname}-${pkgver}.tar.gz -C ${srcdir}
  cd ${srcdir}/${pkgname}-${pkgver}

  patch -p1 -i ${srcdir}/0001-Use-usr-ssl-as-ca-dir-instead-of-.-demoCA.patch
  patch -p1 -i ${srcdir}/0002-Support-MSYS2.patch
  patch -p1 -i ${srcdir}/0004-Override-engines-directory.patch

  # For example "meson test" crashes without this, see
  # https://github.com/msys2/MSYS2-packages/issues/3013#issuecomment-1362734102
  # https://cygwin.com/pipermail/cygwin/2011-March/194454.html
  # (but this was never patched in cygwin from what I see)
  patch -p1 -i ${srcdir}/0005-skip-dllmain-detach.patch
}

build() {
  cd ${srcdir}/${pkgname}-${pkgver}

  if [ "${CARCH}" == 'x86_64' ]; then
    openssltarget='Cygwin-x86_64'
  elif [ "${CARCH}" == 'i686' ]; then
    openssltarget='Cygwin'
  fi

  export MSYSTEM=CYGWIN
  ./Configure \
    --prefix=/usr \
    --openssldir=/usr/ssl \
    --libdir=lib \
    shared \
    "${openssltarget}"

  make depend
  make all
  make DESTDIR=${srcdir}/dest MANDIR=/usr/share/man MANSUFFIX=ssl -j1 install
}

check() {
  cd ${srcdir}/${pkgname}-${pkgver}

  # the test would write test data into /usr/ssl, which we do not want
  patch -R -p1 -i ${srcdir}/0001-Use-usr-ssl-as-ca-dir-instead-of-.-demoCA.patch
  make HARNESS_JOBS="$(nproc)" test
  patch -p1 -i ${srcdir}/0001-Use-usr-ssl-as-ca-dir-instead-of-.-demoCA.patch
  # re-run make to re-generate CA.pl from the patched .in file.
  make apps/CA.pl
}

package_openssl() {
  depends=('libopenssl')
  optdepends=('ca-certificates' 'perl')

  mkdir -p ${pkgdir}/usr/bin
  cp -f ${srcdir}/dest/usr/bin/*.exe ${pkgdir}/usr/bin/
  cp -f ${srcdir}/dest/usr/bin/c_rehash ${pkgdir}/usr/bin/
  mkdir -p ${pkgdir}/usr/share/man
  cp -rf ${srcdir}/dest/usr/share/man/man1 ${pkgdir}/usr/share/man
  cp -rf ${srcdir}/dest/usr/share/man/man5 ${pkgdir}/usr/share/man
  cp -rf ${srcdir}/dest/usr/ssl ${pkgdir}/usr/
}

package_openssl-docs() {
  mkdir -p ${pkgdir}/usr/share/man
  cp -rf ${srcdir}/dest/usr/share/man/man3 ${pkgdir}/usr/share/man
  cp -rf ${srcdir}/dest/usr/share/man/man7 ${pkgdir}/usr/share/man
  cp -rf ${srcdir}/dest/usr/share/doc ${pkgdir}/usr/share
}

package_libopenssl() {
  depends=()
  groups=('libraries')

  mkdir -p ${pkgdir}/usr/bin
  cp -f ${srcdir}/dest/usr/bin/*.dll ${pkgdir}/usr/bin/

  mkdir -p ${pkgdir}/usr/lib/openssl
  cp -rf ${srcdir}/dest/usr/lib/openssl/engines-3 ${pkgdir}/usr/lib/openssl/
  chmod -R 755 ${pkgdir}/usr/lib/openssl/engines-3

  cp -rf ${srcdir}/dest/usr/lib/ossl-modules ${pkgdir}/usr/lib/
  chmod -R 755 ${pkgdir}/usr/lib/ossl-modules

  install -D -m644 ${srcdir}/openssl-${pkgver}/LICENSE.txt ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE.txt
}

package_openssl-devel() {
  pkgdesc="Openssl headers and libraries"
  groups=('development')
  depends=("libopenssl=${pkgver}")

  mkdir -p ${pkgdir}/usr/lib
  cp -rf ${srcdir}/dest/usr/include ${pkgdir}/usr/
  cp -rf ${srcdir}/dest/usr/lib/pkgconfig ${pkgdir}/usr/lib/
  cp -f ${srcdir}/dest/usr/lib/*.a ${pkgdir}/usr/lib
}
