# Maintainer: Jan Alexander Steffens (heftig) <heftig@archlinux.org>
# Contributor: Jan de Groot <jgc@archlinux.org>

# ALARM: Kevin Mihelich <kevin@archlinuxarm.org>
#  - remove --target x64 from build.sh line
#  - add -Ddisable_arm32_neon=1 -Ddisable_arm_hw_aes=1 -Ddisable_arm_hw_sha1=1 -Ddisable_arm_hw_sha2=1 to build.sh
#  - remove -march=armv8-a in AArch64 CFLAGS to not conflict with -march=armv8-a+crypto being added

pkgbase=nss
pkgname=(nss ca-certificates-mozilla)
pkgver=3.77
pkgrel=1
pkgdesc="Network Security Services"
url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
arch=(x86_64)
license=(MPL GPL)
depends=(nspr sqlite zlib sh 'p11-kit>=0.23.19')
makedepends=(perl python gyp mercurial)
options=(debug)
_revision=270cfaea32850b30e16a720207a43168d6b64863
source=("hg+https://hg.mozilla.org/projects/nss#revision=$_revision"
        certdata2pem.py bundle.sh
        0001-Don-t-USE_ARM_GCM.patch
        0002-fix-armv8_c_lib-dependency.patch)
sha256sums=('SKIP'
            'd2a1579dae05fd16175fac27ef08b54731ecefdf414085c610179afcf62b096c'
            '3bfadf722da6773bdabdd25bdf78158648043d1b7e57615574f189a88ca865dd'
            '4587713da0a82ac2a994f71c08f6b73a8fbba95e4373f39402f22f813fc4259e'
            '1799db595ce8d8f7672731b4ccad2bf5e10d014e9b0032432e9cf0483c252c0a')

pkgver() {
  cd nss
  hg id -t -r. | sed 's/^NSS_//;s/_RTM$//;s/_/./g'
}

prepare() {
  mkdir -p certs
  ln -srft certs nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h}

  cd nss
  patch -p1 -i "${srcdir}"/0001-Don-t-USE_ARM_GCM.patch
  patch -p1 -i "${srcdir}"/0002-fix-armv8_c_lib-dependency.patch
}

build() {
  [[ $CARCH == "aarch64" ]] && CFLAGS=`echo $CFLAGS | sed -e 's/-march=armv8-a//'` && CXXFLAGS="$CFLAGS"

  cd certs
  ../certdata2pem.py

  cd ..
  ./bundle.sh

  cd nss
  ./build.sh \
    --opt \
    --system-sqlite \
    --system-nspr \
    --enable-libpkix \
    --disable-tests \
    -Ddisable_arm32_neon=1 \
    -Ddisable_arm_hw_aes=1 \
    -Ddisable_arm_hw_sha1=1 \
    -Ddisable_arm_hw_sha2=1
}

package_nss() {
  local nsprver="$(pkg-config --modversion nspr)"
  local libdir=/usr/lib

  sed nss/pkg/pkg-config/nss.pc.in \
    -e "s,%libdir%,$libdir,g" \
    -e "s,%prefix%,/usr,g" \
    -e "s,%exec_prefix%,/usr/bin,g" \
    -e "s,%includedir%,/usr/include/nss,g" \
    -e "s,%NSPR_VERSION%,$nsprver,g" \
    -e "s,%NSS_VERSION%,$pkgver,g" |
    install -Dm644 /dev/stdin "$pkgdir$libdir/pkgconfig/nss.pc"

  ln -s nss.pc "$pkgdir$libdir/pkgconfig/mozilla-nss.pc"

  install -Dt "$pkgdir$libdir" dist/Release/lib/*.so

  local vmajor vminor vpatch
  { read vmajor; read vminor; read vpatch; } \
    < <(awk '/#define.*NSS_V(MAJOR|MINOR|PATCH)/ {print $3}' nss/lib/nss/nss.h)

  sed nss/pkg/pkg-config/nss-config.in \
    -e "s,@libdir@,$libdir,g" \
    -e "s,@prefix@,/usr/bin,g" \
    -e "s,@exec_prefix@,/usr/bin,g" \
    -e "s,@includedir@,/usr/include/nss,g" \
    -e "s,@MOD_MAJOR_VERSION@,$vmajor,g" \
    -e "s,@MOD_MINOR_VERSION@,$vminor,g" \
    -e "s,@MOD_PATCH_VERSION@,$vpatch,g" |
    install -D /dev/stdin "$pkgdir/usr/bin/nss-config"

  install -Dt "$pkgdir/usr/bin" \
    dist/Release/bin/{*util,shlibsign,signtool,signver,ssltap}

  install -Dt "$pkgdir/usr/include/nss" -m644 dist/public/nss/*.h

  install -Dt "$pkgdir/usr/share/man/man1" -m644 \
    nss/doc/nroff/{*util,signtool,signver,ssltap}.1

  # Replace built-in trust with p11-kit connection
  ln -s pkcs11/p11-kit-trust.so "$pkgdir$libdir/p11-kit-trust.so"
  ln -sf p11-kit-trust.so "$pkgdir$libdir/libnssckbi.so"
}

package_ca-certificates-mozilla() {
  pkgdesc="Mozilla's set of trusted CA certificates"
  depends=('ca-certificates-utils>=20181109-3')

  install -Dm644 ca-bundle.trust.p11-kit \
    "$pkgdir/usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit"
}

# vim:set sw=2 et: