# Maintainer: David Runge <dvzrv@archlinux.org>
# Maintainer: Bruno Pagani <archange@archlinux.org>
# Maintainer: T.J. Townsend <blakkheim@archlinux.org>
# Contributor: Gaetan Bisson <bisson@archlinux.org>
# Contributor: Hisato Tatekura <hisato_tatekura@excentrics.net>
# Contributor: Massimiliano Torromeo <massimiliano DOT torromeo AT google mail service>

# ALARM: Kevin Mihelich <kevin@archlinuxarm.org>
#  - disable LTO (--disable-flto)

pkgname=unbound
pkgver=1.22.0
pkgrel=3
pkgdesc="Validating, recursive, and caching DNS resolver"
arch=(x86_64)
url="https://unbound.net/"
license=(BSD-3-Clause)
depends=(
  dnssec-anchors
  fstrm
  glibc
  hiredis
  ldns
  libnghttp2
  libsodium
)
makedepends=(
  expat
  git
  libevent
  openssl
  protobuf-c
  python
  swig
  systemd
)
optdepends=(
  'expat: for unbound-anchor'
  'sh: for unbound-control-setup'
  'python: for python-bindings'
)
provides=(libunbound.so)
backup=(etc/$pkgname/$pkgname.conf)
source=(
  git+https://github.com/NLnetLabs/unbound.git#tag=release-${pkgver}?signed
  $pkgname-1.14.0-trust_anchor_file.patch
  $pkgname-sysusers.conf
  $pkgname-tmpfiles.conf
  $pkgname-trusted-key.hook
)
sha512sums=('96b16195121dcacd5eddf0acea1249f8278bc8974779a3cfea6c17614ebda688f3c6efa6976fdd6e6e90ec2fe775e24bc6bcaa18bf48d6b1886775c4f7096bc9'
            '9590d3d459d96f99cbc7482fae0f5318dd22a034e45cff18079e4f3c9f9c3c1d7af90cdd5353fb469eac08c535555fd164097b496286b807b2117e8a3a6cd304'
            '1f81ed1b42cf9cc0b38c8f9ccc70ab8e55c39015ed3d2d344ec86233180a84b38596941cb4686c18478400843b9ba119674a79d6add91cc0277751bfc83af88e'
            '6b1849ae9d7cf427f6fa6cd0590e8f8c3f06210d2d6795e543b0f325a9e866db0f5db2275a29fa90f688783c0dd16f19c8a49a9817d5f5444e13f8f2df3ff712'
            '613826cdf5ab6e77f2805fa2aa65272508dcd11090add1961b3df6dfac3b67db016bc9f45fbcf0ef0de82b2d602c153d5263a488027a6cf13a72680b581b266d')
b2sums=('0e2df0d71a4a5aa56e698c1b7dadc83c66d736779b727f04054e5738573fdbd576fc4c03bc308a39bf64e3e4362edb12cd68a3910ac1ba9a746fdd0cd7ed0bc8'
        '0978ab5c0474ed29de9c0904a46d114413e094dafeadaac4f10cdbc19e4152fcc064d7cdb8c331da7c2531075aa699326b84e21da1a8218a6f00a10f0e107b3d'
        'd49be0b8338a23446604be7ea566a661ac87198894ae0327d4d4ea6ed57717ec5bd3ba5b10e0074ccef788284ed02efdeae06c7883dd2e7ba100fa910a8730ec'
        'd3951006b43068be904c6b91a9e0563d56228225854e12b40abbdd4ba9b47338e97265837297a6de879acbc8051bb749163f9457683f5e12fc29ac2e7b687fd3'
        'd28785390eb6c125bd26ca11f097fe8864b080482157deeb7c70e9bee47ff2844abaed574db59a7c152ed3ec0acba05cfee4c3751f7a9f553320b064578f86c7')
# https://nlnetlabs.nl/people
validpgpkeys=('EDFAA3F2CA4E6EB05681AF8E9F6F1C2D7E045F8D' # W.C.A. Wijngaards <wouter@nlnetlabs.nl>
              '948EB42322C5D00B79340F5DCFF3344D9087A490' # Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>'
)

prepare() {
  # enable trusted-anchor-file and set it to an unbound specific location
  patch -p1 -d $pkgname -i ../$pkgname-1.14.0-trust_anchor_file.patch
  cd $pkgname
  autoreconf -fiv
}

build() {
  local configure_options=(
    --prefix=/usr
    --sysconfdir=/etc
    --localstatedir=/var
    --sbindir=/usr/bin
    --disable-rpath
    --disable-flto
    --enable-dnscrypt
    --enable-dnstap
    --enable-pie
    --enable-relro-now
    --enable-subnet
    --enable-systemd
    --enable-tfo-client
    --enable-tfo-server
    --enable-cachedb
    --with-libhiredis
    --with-conf-file=/etc/unbound/unbound.conf
    --with-pidfile=/run/unbound.pid
    --with-rootkey-file=/etc/trusted-key.key
    --with-libevent
    --with-libnghttp2
    --with-pyunbound
  )

  cd $pkgname
  ./configure "${configure_options[@]}"
  # prevent excessive overlinking due to libtool
  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
  make
}

check() {
  make -k check -C $pkgname
}

package() {
  depends+=(
    libevent libevent-2.1.so
    openssl libcrypto.so libssl.so
    protobuf-c libprotobuf-c.so
    systemd-libs libsystemd.so
  )

  make DESTDIR="$pkgdir" install -C $pkgname
  install -vDm 644 $pkgname/contrib/$pkgname.service -t "$pkgdir/usr/lib/systemd/system/"
  install -vDm 644 $pkgname/LICENSE -t "$pkgdir/usr/share/licenses/$pkgname/"
  install -vDm 644 $pkgname-sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
  install -vDm 644 $pkgname-tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
  # libalpm hook to copy the dnssec-anchors provided key to /etc/unbound
  install -vDm 644 unbound-trusted-key.hook -t "$pkgdir/usr/share/libalpm/hooks/"
}