# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
pkgver=5.3.2
_pkgver=${pkgver//_rc/rc}
pkgrel=0
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
pkgusers="ipsec"
pkggroups="ipsec"
license="GPL-2 RSA-MD5 RSA-PKCS11 DES"
depends="iproute2 openssl"
depends_dev="sqlite-dev openssl-dev curl-dev gmp-dev libcap-dev"
makedepends="$depends_dev linux-headers"
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg"
source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
	0001-charon-add-optional-source-and-remote-overrides-for-.patch
	0002-vici-send-certificates-for-ike-sa-events.patch
	0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
	0004-vici-support-asynchronous-initiation.patch

	strongswan.initd
	charon.initd"

_builddir="$srcdir/$pkgname-$_pkgver"
prepare() {
	local i
	cd "$srcdir/$pkgname-$_pkgver"
	for i in $source; do
		case $i in
		*.patch) msg $i; patch -Np1 -i "$srcdir"/$i || return 1;;
		esac
	done
	# the headers they ship conflicts with the real thing.
	rm -r src/include/linux
}

build() {
	cd "$_builddir"

	# notes about configuration:
	# - try to keep options in ./configure --help order
	# - apk depends on openssl, so we use that
	# - openssl provides ciphers, randomness, etc
	#   -> disable all redundant in-tree copies

	./configure --prefix=/usr \
		--sysconfdir=/etc \
		--libexecdir=/usr/lib \
		--with-ipsecdir=/usr/lib/strongswan \
		--with-capabilities=libcap \
		--with-user=ipsec \
		--with-group=ipsec \
		--enable-curl \
		--disable-ldap \
		--disable-aes \
		--disable-des \
		--disable-rc2 \
		--disable-md5 \
		--disable-sha1 \
		--disable-sha2 \
		--enable-gmp \
		--disable-hmac \
		--disable-mysql \
		--enable-sqlite \
		--enable-eap-sim \
		--enable-eap-sim-file \
		--enable-eap-aka \
		--enable-eap-aka-3gpp2 \
		--enable-eap-simaka-pseudonym \
		--enable-eap-simaka-reauth \
		--enable-eap-identity \
		--enable-eap-md5 \
		--enable-eap-tls \
		--disable-eap-gtc \
		--enable-eap-mschapv2 \
		--enable-eap-radius \
		--enable-xauth-eap \
		--enable-farp \
		--enable-vici \
		--enable-attr-sql \
		--enable-dhcp \
		--enable-openssl \
		--enable-unity \
		--enable-ha \
		--enable-cmd \
		--enable-swanctl \
		--enable-shared \
		--disable-static \
		|| return 1
	make || return 1
}

package() {
	cd "$_builddir"
	make DESTDIR="$pkgdir" install || return 1
	install -m755 -D "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname" || return 1
	install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon" || return 1
	rm "$pkgdir"/usr/lib/ipsec/plugins/*.la || return 1
	rm "$pkgdir"/usr/lib/ipsec/*.la || return 1
}

md5sums="fab014be1477ef4ebf9a765e10f8802c  strongswan-5.3.2.tar.bz2
e553c5e9a895a2d95b1cbc33407d64a0  0001-charon-add-optional-source-and-remote-overrides-for-.patch
8bea05feac6f4e90c4973b2459864437  0002-vici-send-certificates-for-ike-sa-events.patch
125c4e648f73b0dbdaa741ac13ed6d87  0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
f65811bd1ae6e7f98cf9d76928a0aa03  0004-vici-support-asynchronous-initiation.patch
85ebc1b6c6b9c0c6640d8136e97da8e1  strongswan.initd
7962a720ebef6892d80a3cbdab72c204  charon.initd"
sha256sums="a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225  strongswan-5.3.2.tar.bz2
a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f  0001-charon-add-optional-source-and-remote-overrides-for-.patch
c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb  0002-vici-send-certificates-for-ike-sa-events.patch
4e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e  0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
42171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c  0004-vici-support-asynchronous-initiation.patch
ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f  strongswan.initd
97b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73  charon.initd"
sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b9eb89466539c2528756344c2fa969f25ea1cd8856d56c5d55aa78e632e68  strongswan-5.3.2.tar.bz2
682c768e82c6b8e48680ab73db49eb3a462b90ee317c943a42a82812d171a19da27ff4139bff0fc9af7b228cdcef44a75b86979f4b1b3af0bbc9698e4329fb4a  0001-charon-add-optional-source-and-remote-overrides-for-.patch
ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c  0002-vici-send-certificates-for-ike-sa-events.patch
2e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a  0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
39e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116  0004-vici-support-asynchronous-initiation.patch
b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64  strongswan.initd
6f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79  charon.initd"