# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=guix
pkgver=1.4.0
pkgrel=7
pkgdesc="Functional package manager based on Guile Scheme"
url="https://guix.gnu.org"
# s390x loongarch64 not supported upstream
arch="all !s390x !loongarch64"
license="GPL-3.0-or-later"
depends="
	guile
	guile-gcrypt
	guile-git
	guile-gnutls
	guile-json
	guile-lzlib
	guile-sqlite3
	guile-zlib
	guile-zstd"
makedepends="
	argp-standalone
	bzip2-dev
	gettext-dev
	guile-dev
	libgcrypt-dev
	po4a
	sqlite-dev
	help2man
	texinfo"
install="guix.pre-install"
subpackages="
	$pkgname-doc
	$pkgname-lang
	$pkgname-openrc
	$pkgname-zsh-completion
	$pkgname-fish-completion
	$pkgname-bash-completion"
options="!strip" # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907061
source="https://ftp.gnu.org/gnu/guix/guix-$pkgver.tar.gz
	guix-daemon.confd
	guix-daemon.initd
	guix.sh

	0001-daemon-Fix-build-with-GCC13.patch
	0002-syscalls-Consistently-use-existing-linux-definition.patch
	0003-syscalls-Add-support-for-musl-libc.patch
	0004-daemon-Protect-against-FD-escape-when-building-fixed.patch
	0005-daemon-Address-shortcoming-in-previous-security-fix-.patch
	0006-syscalls-Support-musl-libc-in-openpty-and-login-tty.patch
	0007-daemon-Sanitize-failed-build-outputs-prior-to-exposi.patch
	0008-daemon-Sanitize-successful-build-outputs-prior-to-ex.patch"

# secfixes:
#   1.4.0-r5:
#     - CVE-2024-27297

build() {
	local guix_system="$CARCH-linux"
	case $CARCH in
	arm*)    guix_system="armhf-linux"       ;;
	x86)     guix_system="i686-linux"        ;;
	ppc64le) guix_system="powerpc64le-linux" ;;
	esac

	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var \
		--with-system="$guix_system" \
		--with-bash-completion-dir=/usr/share/bash-completion/completions \
		--with-fish-completion-dir=/usr/share/fish/vendor_completions.d \
		--disable-rpath
	make LIBS="-lintl -largp"
}

package() {
	make DESTDIR="$pkgdir" install
	install -Dm755 "$srcdir"/guix.sh \
		"$pkgdir"/etc/profile.d/guix.sh

	# Remove other files that we don't use.
	rm -r "$pkgdir"/usr/lib/upstart \
		"$pkgdir"/etc/init.d \
		"$pkgdir"/etc/openrc \
		"$pkgdir"/usr/lib/systemd \
		"$pkgdir"/usr/share/selinux

	# Install a custom OpenRC service.
	install -Dm755 "$srcdir"/guix-daemon.initd "$pkgdir"/etc/init.d/guix-daemon
	install -Dm644 "$srcdir"/guix-daemon.confd "$pkgdir"/etc/conf.d/guix-daemon

	# Add /etc/guix/acl with the default substitute servers.
	# Taken from: https://salsa.debian.org/debian/guix/-/blob/2d44a707ccaacbee73410b770aa1a395eff1caa6/debian/rules#L57
	mkdir -p "$pkgdir"/etc/guix
	{
		printf '(acl\n (entry\n'
		sed -e 's,^,  ,g' -e 's, $$,,g' etc/substitutes/ci.guix.gnu.org.pub
		printf '  (tag\n   (guix import)\n   )\n  )\n (entry\n'
		sed -e 's,^,  ,g' -e 's, $$,,g' etc/substitutes/bordeaux.guix.gnu.org.pub
		printf '  (tag\n   (guix import)\n   )\n  )\n )\n'
	} > "$pkgdir"/etc/guix/acl
}

sha512sums="
b15a66d89fa9a6cae1a2f4bc8260876b82657e39cd1f961c50580d7ab05c6024107161d8cda2378c8e258826f85a24da1f95e76ce3818ec87a73cbc52214e430  guix-1.4.0.tar.gz
1ee5ec0f43de14e88c64297bd8c57296780cb916154cbcf91f9568ee394164647a3566a540d8e51816f6085318887224b256c90782673043a56dfa01a4d3c2a1  guix-daemon.confd
8cf1c156baffe87ce1c1a3cabf085ecaf3af5b4aca2e9687f0fc0773e120993653e2d46441de9a9d860d7f13e343a31adca69c6c14aba1e2479c83fd5151d5bb  guix-daemon.initd
2f4058819ac6c744f137cfae7ff036b17ac427aafed749060488ae056e1eeb4a0e1cdeddf7af40bc59b21dbcb9932434071edb8ff78da0089df83f2ded22aefe  guix.sh
17f4ee6189d753b8d818d7be1086dfc0bb68751ef796b4eff4c49766ab3a78272275cf5710d9cec20aca299c9e2091607a77e104145ed20abefa3c46069933c8  0001-daemon-Fix-build-with-GCC13.patch
5148cef2f6e20cfddbf76eb406cb78fb04fa1fcd8dee11550281c132d038e6b0e98a3946f6fda7df3e448bebf43e58dfe7d9f3b0132854b4001a2f4ef46fdc9e  0002-syscalls-Consistently-use-existing-linux-definition.patch
b0050780560b45678fe93cd80e526d99684b4219f042870e64b15ff48f88e24482175d8549bbd1f45bad45e9ac50a68dce7cfa86325d6618251a7419030d1b54  0003-syscalls-Add-support-for-musl-libc.patch
defe3f028a5528dec20e5fbd547ca54968c4514c2e7dc2bf1ef76cea1b4c51323420cc665ee33cbec5867adb25c1b1086f3c846d216e0cd8fad10730a8b5b32d  0004-daemon-Protect-against-FD-escape-when-building-fixed.patch
fd78daa854be53265ec61809401f7d59655fcbd46b20d078986591792bf830eb3340a735686dc7412960528646b1db5a83e1e78ac467e260645f73e55b36aa02  0005-daemon-Address-shortcoming-in-previous-security-fix-.patch
73fc82ff5925af788a103f0159a661f4498dad52ef5ac4cbf7f3dd1af42dd7d18b550fc519f830f1428768f8185d2ec24677324be6fa5d4bc1c07106de764380  0006-syscalls-Support-musl-libc-in-openpty-and-login-tty.patch
bc5ae910d0a7c2d1fe6d932ee6e7b1b7dd69f3cad686d7c5296185ae19a314dcc0aae934f7ef788d4587bb48e8784813d3db64f5c72f202ca1a33061a5b2f595  0007-daemon-Sanitize-failed-build-outputs-prior-to-exposi.patch
506115db1ce47407e832f5de463f20985857798f9650c8c38b8a545520d3430620201cae607f384f49104d8bc9a750c5506268bec6e68cf6ea85784a1a98e38d  0008-daemon-Sanitize-successful-build-outputs-prior-to-ex.patch
"
