# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ca-certificates
pkgver=20161130
_pkgver="$pkgver+nmu1+deb9u1"
pkgrel=3
pkgdesc="Common CA certificates PEM files"
url="https://packages.debian.org/sid/ca-certificates"
arch="all"
license="MPL 2.0 GPL2+"
depends=""
makedepends="python2 libressl-dev"
subpackages="$pkgname-doc"
# c_rehash is either in libcrypto1.0 or openssl depending on package, grr.  replace both of them
replaces="libcrypto1.0 openssl"
options="!fhs"
triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
install="$pkgname.post-deinstall"
source="https://deb.debian.org/debian/pool/main/c/$pkgname/${pkgname}_${_pkgver}.tar.xz
	fix-manpage.patch
	update-ca.c
	c_rehash.c
	"
builddir="$srcdir/$pkgname-$_pkgver"

build () {
	cd "$builddir"
	make || return 1

	${CC:-gcc} ${CFLAGS} -o update-ca-certificates "$srcdir"/update-ca.c \
		${LDFLAGS} || return 1
	${CC:-gcc} ${CFLAGS} -o c_rehash "$srcdir"/c_rehash.c -lcrypto \
		${LDFLAGS} || return 1
}

package() {
	cd "$builddir"

	install -d -m755 "$pkgdir"/etc/ca-certificates/update.d \
		"$pkgdir"/usr/bin \
		"$pkgdir"/usr/sbin \
		"$pkgdir"/usr/share/ca-certificates \
		"$pkgdir"/usr/local/share/ca-certificates \
		"$pkgdir"/etc/ssl/certs \
		|| return 1

	make DESTDIR="$pkgdir" install || return 1
	install -D -m644 sbin/update-ca-certificates.8 \
		"$pkgdir"/usr/share/man/man8/update-ca-certificates.8 \
		|| return 1

	(
		echo "# Automatically generated by ${pkgname}-${pkgver}-${pkgrel}"
		echo "# $(date -u)"
		echo "# Do not edit."
		cd "$pkgdir"/usr/share/ca-certificates
		find . -name '*.crt' | sort | cut -b3-
	) > "$pkgdir"/etc/ca-certificates.conf

	# http://bugs.alpinelinux.org/issues/2715
	# http://bugs.alpinelinux.org/issues/2846
	install -m755 update-ca-certificates "$pkgdir"/usr/sbin \
		|| return 1

	install -m755 c_rehash "$pkgdir"/usr/bin \
		|| return 1

	mkdir -p "$pkgdir"/etc/apk/protected_paths.d
	cat > "$pkgdir"/etc/apk/protected_paths.d/ca-certificates.list <<-EOF
		-etc/ssl/certs/ca-certificates.crt
		-etc/ssl/certs/ca-cert-*.pem
		-etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]*
	EOF

	cat > "$pkgdir"/etc/ca-certificates/update.d/certhash <<-EOF
		#!/bin/sh
		exec /usr/bin/c_rehash /etc/ssl/certs
	EOF
	chmod +x "$pkgdir"/etc/ca-certificates/update.d/certhash || return 1
}

sha512sums="c9242e4cd779389aab66fe6d4962631a8bcf69d427df57e87cb4de17d14e6da3230f150e5149213ef3c03d2599957210b53bf66b8cc0cf979b59bbdf5cfbc363  ca-certificates_20161130+nmu1+deb9u1.tar.xz
690d6bb434fb3ccce931d7ee6a167124f9c2d2e7e7a016d85f7b72a5f7f7c34db8c6133f3575e962a91981a32a88f8961776fe5fd907e57f59c03a32f2fcced3  fix-manpage.patch
b3122866eabaccab248142a3a0131c763757da0f851941a28741bf2f9b377e3bcea08efa91865d6bec5b3525398a662054b291dd00cf80ad52ab69c3be30f361  update-ca.c
ce32e104f995818f237c21ec09c4252c3c0e7421a6eabaab9a7a82e6abf66814d412db43d16ff51dee119b824e7418334f6919f621afa75e03a23c31dccacfcc  c_rehash.c"