# Maintainer: Alexey Pavlov <alexpux@gmail.com>
# Contributor: Renato Silva <br.renatosilva@gmail.com>

_realname=nss
pkgbase=mingw-w64-${_realname}
pkgname="${MINGW_PACKAGE_PREFIX}-${_realname}"
pkgver=3.100
pkgrel=1
pkgdesc="Mozilla Network Security Services (mingw-w64)"
arch=('any')
mingw_arch=('mingw32' 'mingw64' 'ucrt64' 'clang64' 'clang32' 'clangarm64')
msys2_references=(
  'archlinux: nss'
  "cpe: cpe:/a:mozilla:network_security_services"
  "cpe: cpe:/a:mozilla:nss"
  "cpe: cpe:/a:mozilla:nss_esr"
)
msys2_repository_url='https://hg.mozilla.org/projects/nss/'
msys2_changelog_url='https://firefox-source-docs.mozilla.org/security/nss/releases/index.html'
url='https://firefox-source-docs.mozilla.org/security/nss/index.html'
license=('spdx:MPL-2.0')
depends=("${MINGW_PACKAGE_PREFIX}-nspr"
         "${MINGW_PACKAGE_PREFIX}-sqlite3"
         "${MINGW_PACKAGE_PREFIX}-zlib")
makedepends=("${MINGW_PACKAGE_PREFIX}-cc"
             "${MINGW_PACKAGE_PREFIX}-pkgconf"
             "zip" "perl" "nsinstall")
source=(https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${_realname}-${pkgver}.tar.gz
        nss-build.patch
        blank-cert8.db
        blank-key3.db
        blank-secmod.db
        nss-3.20.1-headers.patch
        nss-3.81-aarch64.patch)
sha256sums=('1e35373ce9cb5b776f678bb341b0625c437520d09ebd91d1abd622e072e38d88'
            '39e45367f5bf114ea007b2e8364950e1f77a13b5d0556af61cddf1928f2d34bc'
            'e45105a21696a26c834cfaa3f664c42426c99546094e22fbe3a5e1dd3fbc1f33'
            '6115cab6d646a05dd6b63e21c488da6bc36975f6e5ad8d6371c30a166c41cddc'
            '3790a5404f6b7edb652544eb75bfaa8f1c515f41ef14369248151d7c52cd249e'
            'ed0a0a234b443113bff5fe6bea70dbf7fe7f1206acd1129eeed5cff78e3c0503'
            '8cf06a963f158ef2c9b09407ea1cdf778a825d242f54657cf939c573b96ae556')

_apply_patch_with_msg() {
  for _patch in "$@"
  do
    msg2 "Applying ${_patch}"
    patch -p1 -i "${srcdir}/${_patch}"
  done
}

prepare() {
  cd ${srcdir}/${_realname}-${pkgver}

  _apply_patch_with_msg \
    nss-build.patch \
    nss-3.20.1-headers.patch \
    nss-3.81-aarch64.patch
}

build() {
  cp -r "${_realname}-${pkgver}" "build-${MSYSTEM}" && cd "build-${MSYSTEM}"

  export BUILD_OPT=1
  export NSS_NO_SSL2_NO_EXPORT=1
  export NSS_USE_SYSTEM_SQLITE=1
  export IMPORT_LIB_SUFFIX=.dll.a
  export NSS_DISABLE_GTESTS=1
  export NSS_ENABLE_ECC=1
  export NSS_DISABLE_DBM=1
  export NSPR_INCLUDE_DIR="`nspr-config --includedir`"
  export NSPR_LIB_DIR="`nspr-config --libdir`"
  export SQLITE_LIB_DIR="${MINGW_PREFIX}/lib"
  export EXTRA_SHARED_LIBS="-lplc4 -lplds4 -lnspr4 -lz -lcrypt32 -lws2_32"
  [[ ${MINGW_PACKAGE_PREFIX} == *-clang-* ]] && {
    export CC_IS_CLANG=1
  } 
  local conf64=
  [[ "$CARCH" = "x86_64" ]] && {
    conf64="USE_64=1"
  }

  [[ "$CARCH" = "aarch64" ]] && {
    conf64="USE_64=1 USE_ARM64=1"
  }

  make -j1 -C nss OS_TARGET=WINNT OS_RELEASE=5.0 XP_WIN=1 \
    NS_USE_GCC=1 ${conf64} \
    NSS_USE_SYSTEM_SQLITE=1 USE_SYSTEM_ZLIB=1 ZLIB_LIBS=${MINGW_PREFIX}/lib/libz.dll.a
}

package() {
  cd "${srcdir}"/build-${MSYSTEM}
  install -d "${pkgdir}${MINGW_PREFIX}"/{bin,include/nss3,lib/{nss,pkgconfig}}

  local _nsprver="$(pkgconf --modversion nspr)"

  sed nss/pkg/pkg-config/nss.pc.in \
    -e "s,%libdir%,${MINGW_PREFIX}/lib,g" \
    -e "s,%prefix%,${MINGW_PREFIX},g" \
    -e "s,%exec_prefix%,${MINGW_PREFIX}/bin,g" \
    -e "s,%includedir%,${MINGW_PREFIX}/include/nss3,g" \
    -e "s,%NSPR_VERSION%,${_nsprver},g" \
    -e "s,%NSS_VERSION%,${pkgver},g" \
    > "${pkgdir}${MINGW_PREFIX}/lib/pkgconfig/nss.pc"
  cp -f ${pkgdir}${MINGW_PREFIX}/lib/pkgconfig/nss.pc ${pkgdir}${MINGW_PREFIX}/lib/pkgconfig/mozilla-nss.pc

  local vmajor vminor vpatch
  { read vmajor; read vminor; read vpatch; } \
    < <(awk '/#define.*NSS_V(MAJOR|MINOR|PATCH)/ {print $3}' nss/lib/nss/nss.h)

  sed nss/pkg/pkg-config/nss-config.in \
    -e "s,@libdir@,${MINGW_PREFIX}/lib,g" \
    -e "s,@prefix@,${MINGW_PREFIX}/bin,g" \
    -e "s,@exec_prefix@,${MINGW_PREFIX}/bin,g" \
    -e "s,@includedir@,${MINGW_PREFIX}/include/nss3,g" \
    -e "s,@MOD_MAJOR_VERSION@,${vmajor},g" \
    -e "s,@MOD_MINOR_VERSION@,${vminor},g" \
    -e "s,@MOD_PATCH_VERSION@,${vpatch},g" \
    > "${pkgdir}${MINGW_PREFIX}/bin/nss-config"
  chmod 755 ${pkgdir}${MINGW_PREFIX}/bin/nss-config

  # Copy the binary libraries we want
  for file in softokn nss nssutil ssl smime  #nssdbm
  do
    install -m 755 dist/*.OBJ/lib/${file}3.dll ${pkgdir}${MINGW_PREFIX}/bin/
    install -m 644 dist/*.OBJ/lib/lib${file}3.dll.a ${pkgdir}${MINGW_PREFIX}/lib/lib${file}3.dll.a
  done

  install -m 755 dist/*.OBJ/lib/nssckbi.dll ${pkgdir}${MINGW_PREFIX}/bin/
  install -m 755 dist/*.OBJ/lib/freebl3.dll ${pkgdir}${MINGW_PREFIX}/bin/

  # Install the empty NSS db files
  mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/nssdb
  install -m 644 ${srcdir}/blank-cert8.db ${pkgdir}${MINGW_PREFIX}/etc/pki/nssdb/cert8.db
  install -m 644 ${srcdir}/blank-key3.db ${pkgdir}${MINGW_PREFIX}/etc/pki/nssdb/key3.db
  install -m 644 ${srcdir}/blank-secmod.db ${pkgdir}${MINGW_PREFIX}/etc/pki/nssdb/secmod.db

  # Copy the development libraries we want
  for file in libcrmf.dll.a libnssb.dll.a libnssckfw.dll.a libfreebl.dll.a libcryptohi.dll.a libcerthi.dll.a libcertdb.dll.a libsoftokn.dll.a libpkixutil.dll.a
  do
    install -m 644 dist/*.OBJ/lib/${file} ${pkgdir}${MINGW_PREFIX}/lib/
  done

  # Copy the binaries we want
  for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
  do
    install -m 755 dist/*.OBJ/bin/${file}.exe ${pkgdir}${MINGW_PREFIX}/bin/
  done

  # Copy the binaries we ship as unsupported
  for file in atob btoa derdump ocspclnt pp selfserv shlibsign strsclnt symkeyutil \
   tstclnt vfyserv vfychain
  do
    install -m 755 dist/*.OBJ/bin/${file}.exe ${pkgdir}${MINGW_PREFIX}/lib/nss/
  done

  # Copy the include files we want
  for file in dist/public/nss/*.h
  do
    install -m 644 ${file} ${pkgdir}${MINGW_PREFIX}/include/nss3
  done

  # License
  install -Dm644 nss/COPYING ${pkgdir}${MINGW_PREFIX}/share/licenses/${_realname}/COPYING
}
