# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=wolfssl
pkgver=5.6.2
_pkgver=$pkgver-stable
pkgrel=0
pkgdesc="Embedded TLS Library (built without OpenSSL compatibility layer)"
url="https://www.wolfssl.com/"
arch="all"
license="GPL-2.0-only"
depends_dev="$pkgname=$pkgver-r$pkgrel"
makedepends="
	autoconf
	automake
	libtool
	util-linux-misc
	"
subpackages="$pkgname-dev $pkgname-fast"
source="https://github.com/wolfSSL/wolfssl/archive/v$_pkgver/wolfssl-$_pkgver.tar.gz"
builddir="$srcdir/$pkgname-$_pkgver"
options="!check"  # there are actually no tests! >_<

# secfixes:
#   5.6.2-r0:
#     - CVE-2023-3724
#   5.5.3-r0:
#     - CVE-2022-42905
#   5.5.1-r0:
#     - CVE-2022-39173
#   5.5.0-r0:
#     - CVE-2022-38152
#   5.4.0-r0:
#     - CVE-2022-34293

prepare() {
	default_prepare

	./autogen.sh

	cp -ar "$builddir" "$builddir~fast"
}

build() {
	local extra_opts=
	case "$CARCH" in
		x86_64) extra_opts="--enable-aesni";;
	esac

	_build

	cd "$builddir~fast"

	# TODO: Can we add --enable-sp, --enable-sp-asm - will it be ABI
	#  compatible with the variant without them?
	case "$CARCH" in
		 x86_64) extra_opts="$extra_opts --enable-intelasm";;
		 aarch64) extra_opts="$extra_opts --enable-armasm";;
	esac
	CFLAGS="${CFLAGS/-Os/} -O3" _build \
		--enable-bigcache \
		$extra_opts
}

_build() {
	# Note: Primary development uses automake, the support for CMake is
	# still under development.

	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var \
		--enable-shared \
		--enable-static \
		--enable-reproducible-build \
		--disable-opensslall \
		--disable-opensslextra \
		--enable-opensslcoexist \
		--enable-aescbc-length-checks \
		--enable-curve25519 \
		--enable-ed25519 \
		--enable-ed25519-stream \
		--disable-oldtls \
		--enable-base64encode \
		--enable-tlsx \
		--enable-scrypt \
		--disable-examples \
		"$@"
	make
}

package() {
	provider_priority=100  # highest (other provider is $pkgname-fast)

	make DESTDIR="$pkgdir" install

	# No useful stuff here.
	rm -rf "$pkgdir"/usr/share/doc
}

# XXX: I'm not entirely sure if it's ABI compatible with the default variant...
fast() {
	pkgdesc="$pkgdesc - optimized for performance"
	provider_priority=10  # lowest (other provider is $pkgname)
	options="!tracedeps"

	mkdir -p "$subpkgdir"/usr/lib
	cp -P "$builddir~fast"/src/.libs/libwolfssl.so.* "$subpkgdir"/usr/lib/
}

# XXX: Override this function from abuild to avoid unwanted dependency on
# wolfssl-fast in wolfssl-dev.
prepare_symlinks() {
	true
}

sha512sums="
67074f551c45b53f681730a263d1c2d57fb66eded66f20eb5e3e9160027434ccc459213753150f77e31a182097dd634c6ce0e55ca5c68dac987958435ed8d989  wolfssl-5.6.2-stable.tar.gz
"