# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
pkgver=5.5.1
_pkgver=${pkgver//_rc/rc}
pkgrel=1
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
pkgusers="ipsec"
pkggroups="ipsec"
license="GPL2 RSA-MD5 RSA-PKCS11 DES"
depends="iproute2"
depends_dev=""
makedepends="$depends_dev linux-headers python2 sqlite-dev libressl-dev curl-dev
	gmp-dev libcap-dev"
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg"
source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
	0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
	1001-charon-add-optional-source-and-remote-overrides-for-.patch
	1002-vici-send-certificates-for-ike-sa-events.patch
	1003-vici-add-support-for-individual-sa-state-changes.patch
	2001-support-gre-key-in-ikev1.patch
	libressl.patch

	strongswan.initd
	charon.initd"

_builddir="$srcdir/$pkgname-$_pkgver"
prepare() {
	local i
	cd "$srcdir/$pkgname-$_pkgver"
	for i in $source; do
		case $i in
		*.patch) msg $i; patch -Np1 -i "$srcdir"/$i || _err="$_err $i" ;;
		esac
	done

	if [ -n "$_err" ]; then
		error "The following patches failed:"
		for i in $_err; do
			echo "  $i"
		done
		return 1
	fi

	# the headers they ship conflicts with the real thing.
	#rm -r src/include/linux
}

build() {
	cd "$_builddir"

	# notes about configuration:
	# - try to keep options in ./configure --help order
	# - apk depends on openssl, so we use that
	# - openssl provides ciphers, randomness, etc
	#   -> disable all redundant in-tree copies

	./configure --prefix=/usr \
		--sysconfdir=/etc \
		--libexecdir=/usr/lib \
		--with-ipsecdir=/usr/lib/strongswan \
		--with-capabilities=libcap \
		--with-user=ipsec \
		--with-group=ipsec \
		--enable-curl \
		--disable-ldap \
		--disable-aes \
		--disable-des \
		--disable-rc2 \
		--disable-md5 \
		--disable-sha1 \
		--disable-sha2 \
		--enable-gmp \
		--disable-hmac \
		--disable-mysql \
		--enable-sqlite \
		--enable-eap-sim \
		--enable-eap-sim-file \
		--enable-eap-aka \
		--enable-eap-aka-3gpp2 \
		--enable-eap-simaka-pseudonym \
		--enable-eap-simaka-reauth \
		--enable-eap-identity \
		--enable-eap-md5 \
		--enable-eap-tls \
		--disable-eap-gtc \
		--enable-eap-mschapv2 \
		--enable-eap-radius \
		--enable-xauth-eap \
		--enable-farp \
		--enable-vici \
		--enable-attr-sql \
		--enable-dhcp \
		--enable-openssl \
		--enable-unity \
		--enable-ha \
		--enable-cmd \
		--enable-swanctl \
		--enable-shared \
		--disable-static \
		|| return 1
	make || return 1
}

package() {
	cd "$_builddir"
	make DESTDIR="$pkgdir" install || return 1
	install -m755 -D "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname" || return 1
	install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon" || return 1
}

md5sums="4eba9474f7dc6c8c8d7037261358e68d  strongswan-5.5.1.tar.bz2
0a82059a9bd45d7a189864843560afe9  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
dc38d5a2e8bf98e3137cc5608d4d1392  1001-charon-add-optional-source-and-remote-overrides-for-.patch
1d174dd2c9fcfdc9e2260a249395ab8d  1002-vici-send-certificates-for-ike-sa-events.patch
167c525d4945d4e9a36fe75aabbbb895  1003-vici-add-support-for-individual-sa-state-changes.patch
97bb0e061ba1576bab0e053afc2a4a72  2001-support-gre-key-in-ikev1.patch
360c16bcd6c03505b4f3ca308dd4932d  libressl.patch
72a956819c451931d3d31a528a0d1b9c  strongswan.initd
a7993f28e4eacc61f51722044645587e  charon.initd"
sha256sums="720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7  strongswan-5.5.1.tar.bz2
89934062b4d400019752bb8140a60dacd832e4be7e86e7f573397bc56f87109e  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
0e4ecbcefc9c8a1c2739bbdf9d05d49581d86dc5c013949aab68f27d0620cd43  1001-charon-add-optional-source-and-remote-overrides-for-.patch
e2de070bdb5fd9e19d02d18829ad9684e3a9fa64f0bc45015249c7f1f738f7be  1002-vici-send-certificates-for-ike-sa-events.patch
c92a8641093e343f1f652213fb4469622a82f9f3c759e065b2b553ef3cf8cfec  1003-vici-add-support-for-individual-sa-state-changes.patch
f038cadddde9f0ea2f36df03f81445b2f6a6d6b09cf4a21bfcdb61c62706a66b  2001-support-gre-key-in-ikev1.patch
c2e94e169bd5923fe90f4cfdd2568b0bc6accd8fb9c1a32a07e795dd8a3fe7f9  libressl.patch
fdb781fa59700ca83b9fd2f2ff0b9c45467448ebd82da96286b3e2aa477ef7f4  strongswan.initd
7bcc57e4a778f87645c6b9d76ba2c04e1c11c326bc9a4968561788711c7fe58a  charon.initd"
sha512sums="051352a941a02ae227f3a7d4ee9d6d5651daa0fb4d01b7086c3bb18815ea94f63b5f94f29e6ef46ef3360666f7c95936cbfde9393d6a0c677de64850056519b9  strongswan-5.5.1.tar.bz2
768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
e97382673d807dc09a64c617af4ec4879386cfab9ebcc843ee517388c5cedca6fc37f3df2649dd5bea366381ee2c1d41adb4c08cf3c1675b633ecb633a951b1d  1001-charon-add-optional-source-and-remote-overrides-for-.patch
f1aa4eed2258527dcc787ef41af7fdb9d6eb83e18d1ac2d8eebace47d0f41d5b719f80508691f271e67f2fac2f041b57a02cfea4a289eb38b3619c3ae2e18b9a  1002-vici-send-certificates-for-ike-sa-events.patch
9c94dd2063265581aff60960f795e7e5a7f8992dfb875d2bceff8028ae1c45afd6ec48a0729a0da14e86245b5017c85cdd33b1baa5b7faff4edc1783b5ffedcc  1003-vici-add-support-for-individual-sa-state-changes.patch
1544a409ad08f46a5dffbe3b4e8cf0e973c58140bf225f7c4e9b29be7fe6178f63d73730d1b2f7a755ed0d5dc09ee9fa0a08ac35761b01c5914d9bde1044ce7a  2001-support-gre-key-in-ikev1.patch
8cc4e28a07c4f206d7838a20cd1fdab7cd82bc19a3916ed65f1c5acf6acecd7ea54f582f7b2f164aded96e49fdc2db5ace70f426a93fcc08f29d658c79069ad4  libressl.patch
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9  strongswan.initd
1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1  charon.initd"