# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnupg
# Upgrade to LTS versions only.
pkgver=2.4.7
_ver=${pkgver/_beta/-beta}
pkgrel=0
pkgdesc="GNU Privacy Guard 2 - meta package for full GnuPG suite"
url="https://www.gnupg.org/"
arch="all"
license="GPL-3.0-or-later"
depends="gpg=$pkgver-r$pkgrel
	gpg-agent=$pkgver-r$pkgrel
	gpg-wks-server=$pkgver-r$pkgrel
	gpgsm=$pkgver-r$pkgrel
	gpgv=$pkgver-r$pkgrel
	$pkgname-dirmngr=$pkgver-r$pkgrel
	$pkgname-utils=$pkgver-r$pkgrel
	$pkgname-wks-client=$pkgver-r$pkgrel
	"
makedepends="
	autoconf
	automake
	bzip2-dev
	gettext-dev
	gnutls-dev
	libassuan-dev
	libgcrypt-dev
	libgpg-error-dev
	libksba-dev
	libtool
	libusb-dev
	npth-dev
	openldap-dev
	pinentry
	sqlite-dev
	texinfo
	xz
	zlib-dev
	"
install="$pkgname-scdaemon.pre-install"
subpackages="
	$pkgname-doc
	$pkgname-lang::noarch
	$pkgname-dirmngr
	$pkgname-gpgconf
	$pkgname-scdaemon
	$pkgname-keyboxd
	$pkgname-wks-client:_wks_client
	gpg
	gpg-agent:_agent
	gpg-wks-server:_wks_server
	gpgsm
	gpgv
	$pkgname-utils
	"
source="https://gnupg.org/ftp/gcrypt/gnupg/gnupg-$_ver.tar.bz2
	0001-include-unistd.patch
	0010-avoid-beta-warning.patch
	0020-avoid-regenerating-defsincdate-use-shipped-file.patch
	0110-avoid-simple-memory-dumps-via-ptrace.patch
	0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch
	0230-dirmngr-avoid-automatically-checking-upstream-swdb.patch
	0330-gpg-default-to-sha512-for-all-signature-types-on-rsa-keys.patch
	0340-gpg-prefer-sha512-and-sha384-in-personal-digest.patch
	0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch
	fix-i18n.patch
	HACK-revert-rfc4880bis-default.patch
	60-scdaemon.rules
	"

# secfixes:
#   2.2.35-r4:
#     - CVE-2022-34903
#   2.2.23-r0:
#     - CVE-2020-25125
#   2.2.18-r0:
#     - CVE-2019-14855
#   2.2.8-r0:
#     - CVE-2018-12020

prepare() {
	default_prepare

	# tries to mkdir -p setup.scm/tests but this is a file?
	rm tests/gpgme/setup.scm

	autoreconf -vif
}

build() {
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--localstatedir=/var \
		--disable-nls \
		--enable-bzip2 \
		--enable-tofu \
		--enable-scdaemon \
		--enable-ccid-driver
	make
}

check() {
	make check
}

package() {
	make DESTDIR="$pkgdir" install

	install -Dm644 -t "$pkgdir"/usr/lib/udev/rules.d/ "$srcdir"/60-scdaemon.rules

	cd "$pkgdir"

	# install compat symlink
	ln -s gpg  usr/bin/gpg2
	ln -s gpgv usr/bin/gpgv2

	# Remove docs for systemd-user
	rm -rf usr/share/doc/gnupg/examples/systemd-user

	# Remove gpg scheme interpreter - an internal tool used in gpg tests
	rm -rf usr/bin/gpgscm
}

_agent() {
	pkgdesc="GNU Privacy Guard 2 - cryptographic agent"
	depends="$pkgname-gpgconf=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/bin/gpg-agent
	amove usr/libexec/gpg-check-pattern
	amove usr/libexec/gpg-preset-passphrase
	amove usr/libexec/gpg-protect-tool
	amove usr/share/gnupg/help.txt
}

dirmngr() {
	pkgdesc="GNU Privacy Guard 2 - network certificate management service"
	depends="$pkgname-gpgconf=$pkgver-r$pkgrel"
	provides="dirmngr=$pkgver-r$pkgrel"  # alternative package name
	replaces="$pkgname"  # for backward compatibility

	amove usr/bin/dirmngr*
	amove usr/libexec/dirmngr_ldap
	amove usr/share/gnupg/sks-keyservers.netCA.pem
}

gpg() {
	pkgdesc="GNU Privacy Guard 2 - public key operations only"
	depends="
		$pkgname-dirmngr=$pkgver-r$pkgrel
		$pkgname-gpgconf=$pkgver-r$pkgrel
		$pkgname-keyboxd=$pkgver-r$pkgrel
		"
	replaces="$pkgname"  # for backward compatibility
	provider_priority=100  # highest (other provider of cmd:gpg is gnupg1)

	amove usr/bin/gpg
	amove usr/bin/gpg2
}

gpgconf() {
	pkgdesc="GNU Privacy Guard 2 - core configuration utilities"
	depends="pinentry"
	replaces="$pkgname"  # for backward compatibility
	provides="gpgconf=$pkgver-r$pkgrel"  # alternative package name

	amove usr/bin/gpg-connect-agent
	amove usr/bin/gpgconf
	amove usr/share/gnupg/distsigkey.gpg
}

gpgsm() {
	pkgdesc="GNU Privacy Guard 2 - S/MIME version"
	depends="$pkgname-gpgconf=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/bin/gpgsm
}

gpgv() {
	pkgdesc="GNU Privacy Guard 2 - signature verification only"
	depends=""
	replaces="$pkgname"  # for backward compatibility
	provider_priority=100  # highest (other provider of cmd:gpgv is gnupg1)

	amove usr/bin/gpgv
	amove usr/bin/gpgv2
}

lang() {
	pkgdesc="Languages for package gnupg"
	depends=""
	install_if="$pkgname=$pkgver-r$pkgrel lang"
	replaces="$pkgname"  # for backward compatibility

	amove usr/share/gnupg/help.*.txt
}

scdaemon() {
	pkgdesc="GNU Privacy Guard 2 - smart card support daemon"
	depends="gpg-agent=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/libexec/scdaemon
	amove usr/lib/udev/rules.d
}

_wks_client() {
	pkgdesc="GNU Privacy Guard 2 - Web Key Service client"
	depends="gpg=$pkgver-r$pkgrel gpg-agent=$pkgver-r$pkgrel $pkgname-dirmngr=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/bin/gpg-wks-client
	amove usr/libexec/gpg-wks-client
}

_wks_server() {
	pkgdesc="GNU Privacy Guard 2 - Web Key Service server"
	depends="gpg=$pkgver-r$pkgrel gpg-agent=$pkgver-r$pkgrel"
	replaces="$pkgname"  # for backward compatibility

	amove usr/bin/gpg-wks-server
}

keyboxd() {
	pkgdesc="GNU Privacy Guard 2 - keyboxd manager"
	depends=""

	amove usr/libexec/keyboxd
}

# Must be the last!
utils() {
	pkgdesc="GNU Privacy Guard 2 - utility programs"
	depends=""
	replaces="$pkgname"  # for backward compatibility
	provider_priority=100  # highest (other provider of cmd:gpgsplit is gnupg1)

	amove usr/*
}

sha512sums="
3e84f1679904bf0efb789df6466e468bd2be9149d52561f35e2380038133479bebf1c61ee7adf6d3564b370915f32111098c052be6e6acaf3083a807f9f36019  gnupg-2.4.7.tar.bz2
d932e688ec81c1d98ba4a23bfbaea41cc91a49b43a6d31845af0a26c5170400f9f24599d4fa746d4e88673d940d52702947986c56c4458ae5b30173cafa40602  0001-include-unistd.patch
0e2aef4ae5c43c43efe2c914534d73f8f7068b49b5826b1f999296c30395497c4af121e4e99152ff7b43dcf56d1792cd46aea5158ca48597d6e0fca6d7358711  0010-avoid-beta-warning.patch
18004e52925b1f03e67a29a3d43b39e8119cf3426cdad4136824b932ad906ac499b4ceb3d7573177a9f16410d3b80c8f0e4bcdc54dd284f3f803a2cef609ad01  0020-avoid-regenerating-defsincdate-use-shipped-file.patch
d77a230e099ac26cf70acf4bf5c4a8446460f677857818027c16fd029292c249a24f31f7073e0388757cf567656e416b7f91af3bba62a85a2ffbdcf985c5050c  0110-avoid-simple-memory-dumps-via-ptrace.patch
54d6b805ad89b384df140e1dc7c4ecd6703bf317fb97834026458fab92f3f0f4f426f0da86c0fbfe102bb1304a489d15ea2e728d5f97d4f0c9bf14cc30cb8c23  0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch
1c38b039950fa9733e9584ac61d52e12aad56489d7f3aec396b2528d0bf41729971d3fe9b4d04d50595a2a954181892ed1ec93f1b7ade24e4da26744d78598fc  0230-dirmngr-avoid-automatically-checking-upstream-swdb.patch
1afea38e6fe3206be1cc2b2bc1410753aba9bc1e1370da76e711f7107924fc169008e1fba15117e0c5b244d71146e86c49ce0d816ce49a50b2452159144e1893  0330-gpg-default-to-sha512-for-all-signature-types-on-rsa-keys.patch
462af7b1e530e00d3870062666ef427d6df57ee8358b043c06fb8b7b54e50891fc8a49beeaabe45d1822d222ffc47da624798ceb8889a02e38ce85612453bb8b  0340-gpg-prefer-sha512-and-sha384-in-personal-digest.patch
0c1c44932e47ded65d412c48f859f1615a896ae1dd0a9e0e46fd491f3a25adc80e29fe12e329c3f541a60729cdf82330e81ab7bb7cacf1ddc6a9701a38bbbfaf  0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch
28cba87121c66b1bbc90bb0f3ca8c69ff19376243854577a4d24afa4a3d4a4b8a952a3a7bbecc200058b6f722cfcd4fc72d5630c822f78ef3fc819f972798e34  fix-i18n.patch
eeeab08c22844ee364a64d7b772f0e42e5404428aaf37ef2504f043d7a69d1d3b32a34c680c413756ffb419733f23cea16172a6a611986c70bbffc801d071de8  HACK-revert-rfc4880bis-default.patch
4bfb9742279c2d1c872d63cd4bcb01f6a2a13d94618eff954d3a37451fa870a9bb29687330854ee47e8876d6e60dc81cb2569c3931beaefacda33db23c464402  60-scdaemon.rules
"
