#!/bin/bash

# Slackware build script for ca-certificates

# Copyright 2009,2011  Robby Workman  Northport, AL, USA
# Copyright 2012, 2013, 2015, 2016, 2018  Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

cd $(dirname $0) ; CWD=$(pwd)

PKGNAM=ca-certificates
VERSION=${VERSION:-$(echo certdata-*.txt.xz | cut -f 2 -d - | cut -f 1 -d .)}
ARCH=noarch
BUILD=${BUILD:-1}

# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
  exit 0
fi

TARVERSION=${VERSION}

TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM

rm -rf $PKG
mkdir -p $TMP $PKG/usr/share/ca-certificates $PKG/usr/sbin
cd $TMP

rm -rf $PKGNAM

# Extract the tarball:
tar xvf $CWD/${PKGNAM}.tar.?z || exit 1

cd $PKGNAM || exit 1

chown -R root:root .
find . \
 \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
 -exec chmod 755 {} \+ -o \
 \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
 -exec chmod 644 {} \+

# Remove incompatible command operators used to call 'run-parts':
zcat $CWD/fixup_update-ca-certificates.diff.gz | patch -p1 || exit 1

# Use "c_rehash" rather than "openssl rehash". They act mostly the same, but
# the openssl builtin is not available on older versions of Slackware, while
# c_rehash will always be there.
zcat $CWD/update-ca-certificates.c_rehash.diff.gz | patch -p1 || exit 1

# Update to certdata.txt from $CWD:
xzcat $CWD/certdata-${VERSION}.txt.xz > mozilla/certdata.txt

make || exit 1
make install DESTDIR=$PKG || exit 1

# Remove expired certificate:
if [ -r $PKG//usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt ]; then
  rm -f $PKG//usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
fi

mkdir -p $PKG/etc/ca-certificates/update.d
printf "# Automatically generated by $PKGNAM-$VERSION \n#\n" \
  > $PKG/etc/ca-certificates.conf
( cd $PKG/usr/share/ca-certificates
  find . -name '*.crt' | sort | cut -b3-
) >> $PKG/etc/ca-certificates.conf

mkdir -p $PKG/usr/man/man8
gzip -9c sbin/update-ca-certificates.8 > \
  $PKG/usr/man/man8/update-ca-certificates.8.gz

mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a docs/* $PKG/usr/doc/$PKGNAM-$VERSION

mkdir -p $PKG/var/log/setup
cat $CWD/setup.11.cacerts > $PKG/var/log/setup/setup.11.cacerts
chmod 755 $PKG/var/log/setup/setup.11.cacerts

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh

cd $PKG
/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz