# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem      1.0

PortGroup       active_variants 1.1
PortGroup       conflicts_build 1.0
PortGroup       legacysupport 1.0
PortGroup       muniversal 1.0

name            gnutls
version         3.7.11
revision        1
categories      devel security
# yes, some of the libs are GPL only
license         LGPL-2.1+ GPL-3+
maintainers     {mps @Schamschula} openmaintainer
description     GNU Transport Layer Security Library
long_description \
                GnuTLS is a portable ANSI C based library which implements the TLS 1.0-1.3, \
                SSL 3.0, and Datagram TLS protocols. The library does \
                not include any patented algorithms and is available under the GNU \
                Lesser General Public License (LGPL).
homepage        http://www.gnutls.org/

checksums       rmd160  b8a3b948b2cfd504f72e04a31fce31a79b4316b1 \
                sha256  90e337504031ef7d3077ab1a52ca8bac9b2f72bc454c95365a1cd1e0e81e06e9 \
                size    6406420

subport ${name} {
    conflicts   ${name}-devel

    patchfiles  patch-lib-system-certs.c.old.diff
}

subport ${name}-devel {
    conflicts   ${name}

    version     3.8.10
    revision    0

    checksums   rmd160  66f298fa46ffa86cb01aa1701c5683a141aa4cd2 \
                sha256  db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7 \
                size    6909856

   depends_lib-append \
                port:brotli \
                port:zstd

    patchfiles  patch-lib-system-certs.c.diff
}

if {${build_arch} ne "ppc" || ${build_arch} ne "ppc64"} {
    # see: https://gitlab.com/gnutls/gnutls/-/issues/1370
    # and https://github.com/macports/macports-ports/pull/14613
    configure.args-append   --disable-hardware-acceleration
}

set branch      [join [lrange [split ${version} .] 0 1] .]
set major       [join [lrange [split ${version} .] 0 2] .]

master_sites    https://www.gnupg.org/ftp/gcrypt/gnutls/v${branch}/ \
                https://mirrors.dotsrc.org/gcrypt/gnutls/v${branch}/

use_xz          yes

# deal with minor updates that extract to major version number
worksrcdir      ${name}-${major}

# see: https://trac.macports.org/ticket/57893
# and https://github.com/macports/macports-ports/pull/3379 for autogen
conflicts_build autogen

depends_build-append \
                port:gettext \
                port:pkgconfig

depends_lib-append \
                port:gettext-runtime \
                port:gmp \
                port:libidn2 \
                port:libtasn1 \
                port:libunistring \
                port:p11-kit \
                port:nettle \
                port:zlib

patchfiles-append \
                implicit.patch

post-patch {
    # Remove comments which confuse at least Leopard's assembler.
    reinplace {/^#/d} {*}[glob ${worksrcpath}/lib/accelerated/x86/macosx/*.s]
}

configure.args-append \
                --disable-dependency-tracking \
                --disable-doc \
                --disable-heartbeat-support \
                --disable-libdane \
                --disable-silent-rules \
                --disable-static \
                --enable-manpages \
                --enable-openssl-compatibility \
                --with-p11-kit \
                --with-system-priority-file="${prefix}/etc/gnutls/default-priorities" \
                --with-default-trust-store-pkcs11=pkcs11: \
                ac_cv_prog_AWK=/usr/bin/awk

subport ${name} {
    # Note: configure script detects zstd, but flags it as missing anyway
    # the guile variant is only available for gnutls
    configure.args-append \
                --without-brotli \
                --disable-guile \
                --without-zstd \

    variant brotli description {Build brotli support} {
        depends_lib-append \
                port:brotli

        configure.args-delete \
                --without-brotli
    }

    variant guile description {Build guile-2.2 bindings} {
    # there currently is a build issue with the guile variant
    # the workaround is to first install guile w/o guile and then with +guile
        depends_lib-append      port:guile-2.2
        configure.args-replace  --disable-guile --enable-guile
        # It should not be this hard :/
        configure.env-append    guile_snarf=${prefix}/bin/guile-snarf-2.2
        configure.env-append    GUILD=${prefix}/bin/guild-2.2
        configure.env-append    GUILE=${prefix}/bin/guile-2.2
        configure.env-append    GUILE_CONFIG=${prefix}/bin/guile-config-2.2
        configure.env-append    GUILE_TOOLS=${prefix}/bin/guile-tools-2.2
        configure.env-append    GUILE_EFFECTIVE_VERSION=2.2
    }
}

# https://trac.macports.org/wiki/WimplicitFunctionDeclaration#strchr
configure.checks.implicit_function_declaration.whitelist-append strchr

compiler.thread_local_storage yes

# Undefined symbols for architecture x86_64: "___get_cpuid_count"
compiler.blacklist-append {clang < 1000} {macports-clang-3.[0-9]} {macports-clang-[4-6].0}

if {${os.platform} eq "darwin" && ${os.major} < 10 && [string match *clang* ${configure.compiler}] } {
    depends_build-append    port:cctools
    configure.env-append    NM=${prefix}/bin/nm
    configure.args-append   lt_cv_path_NM=${prefix}/bin/nm
}

platform darwin 8 {
    depends_build-append    port:texinfo
    configure.cppflags-append -D__WORDSIZE=32
}

variant dane description {Build libdane using unbound libraries} {
    depends_lib-append      port:unbound
    configure.args-append   --with-unbound-root-key-file="${prefix}/var/run/unbound/root.key"
    configure.args-delete   --disable-libdane
}

variant docs description {Install supplemental developer documentation} {
    depends_build-append \
                port:gtk-doc

    configure.args-delete \
                --disable-doc
}

# as of r120660 (#43881) unbound installs its root key file at ${prefix}/var/run/unbound/root.key
# the following may be superfluous

if {[variant_isset dane] && ![file exists ${prefix}/var/run/unbound/root.key]} {
    notes "
***
*** WARNING:
***
*** The DNSSEC root key file in ${prefix}/var/run/unbound/root.key was not found.
*** This file is needed for the verification of DNSSEC responses.
*** Use the command: sudo unbound-anchor -a \"${prefix}/var/run/unbound/root.key\"
*** to generate or update it.
***
"
}

if {${universal_possible} && [variant_isset universal]} {
    set merger_host(x86_64) x86_64-apple-${os.platform}${os.major}
    set merger_host(i386) i686-apple-${os.platform}${os.major}
    set merger_configure_args(x86_64) --build=x86_64-apple-${os.platform}${os.major}
    set merger_configure_args(i386) --build=i686-apple-${os.platform}${os.major}
    set merger_host(ppc) powerpc-apple-${os.platform}${os.major}
    set merger_host(ppc64) powerpc64-apple-${os.platform}${os.major}
    set merger_configure_args(ppc) --build=powerpc-apple-${os.platform}${os.major}
    set merger_configure_args(ppc64) --build=powerpc64-apple-${os.platform}${os.major}
} elseif {${build_arch} eq "i386"} {
    configure.args-append \
        --host=i686-apple-${os.platform}${os.major} \
        --build=i686-apple-${os.platform}${os.major}
} elseif {${build_arch} eq "ppc"} {
    configure.args-append \
        --host=powerpc-apple-${os.platform}${os.major} \
        --build=powerpc-apple-${os.platform}${os.major}
} elseif {${build_arch} eq "ppc64"} {
    configure.args-append \
        --host=powerpc64-apple-${os.platform}${os.major} \
        --build=powerpc64-apple-${os.platform}${os.major}
} else {
    configure.args-append \
        --host=${build_arch}-apple-${os.platform}${os.major} \
        --build=${build_arch}-apple-${os.platform}${os.major}
}

test.run        yes
test.target     check

post-destroot {
    move ${destroot}${prefix}/bin/certtool ${destroot}${prefix}/bin/gnutls-certtool
    move ${destroot}${prefix}/share/man/man1/certtool.1 ${destroot}${prefix}/share/man/man1/gnutls-certtool.1
}

livecheck.type  regex
livecheck.url   [lindex ${master_sites} 0]
livecheck.regex "${name}-(\\d+(?:\\.\\d+)*)${extract.suffix}"
