# Contributor: Vladyslav Frolov <frolvlad@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=freeradius
pkgver=3.0.26
pkgrel=4
pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
url="https://freeradius.org/"
arch="all"
license="GPL-2.0-or-later"
makedepends="
	autoconf
	automake
	bash
	curl-dev
	gdbm-dev
	hiredis-dev
	json-c-dev
	krb5-dev
	libpcap-dev
	libpq-dev
	libtool
	linux-headers
	linux-pam-dev
	mariadb-connector-c-dev
	net-snmp-tools
	openldap-dev
	openssl-dev>3
	perl-dev
	python3-dev
	readline-dev
	sqlite-dev
	talloc-dev
	unixodbc-dev
	"
pkggroups="radius"
pkgusers="radius"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
subpackages="
	$pkgname-dbg
	$pkgname-doc
	$pkgname-static
	$pkgname-dev
	$pkgname-eap
	$pkgname-ldap
	$pkgname-dhcp
	$pkgname-lib
	$pkgname-mssql
	$pkgname-mysql
	$pkgname-sql
	$pkgname-perl
	$pkgname-postgresql
	$pkgname-python3
	$pkgname-sqlite
	$pkgname-unixodbc
	$pkgname-pam
	$pkgname-krb5
	$pkgname-rest
	$pkgname-redis
	$pkgname-checkrad
	$pkgname-utils
	"
provides="freeradius3=$pkgver-r$pkgrel"
source="https://github.com/FreeRADIUS/freeradius-server/releases/download/release_${pkgver//./_}/freeradius-server-$pkgver.tar.gz
	$pkgname.logrotated
	radiusd.confd
	radiusd.initd
	setup-freeradius.in
	print-var.mk
	radacct-rotate
	radacct-rotate.conf
	radacct-rotate.crond

	musl-fix-headers.patch
	fix-scopeid.patch
	default-config.patch
	remove-eap-from-default-mods.patch
	readme-setup-script.patch
	dont-install-test-tools.patch
	"
builddir="$srcdir/$pkgname-server-$pkgver"

# secfixes:
#   3.0.19-r3:
#     - CVE-2019-10143
#   3.0.19-r0:
#     - CVE-2019-11234
#     - CVE-2019-11235

_radconfdir="etc/raddb"
_radmodsdir="$_radconfdir/mods-available"
_radlibdir="usr/lib/freeradius"
_radmodsconfdir="$_radconfdir/mods-config"
ldpath="$_radlibdir"

prepare() {
	default_prepare
	update_config_sub

	local default_mods
	default_mods=$(make -f "$srcdir"/print-var.mk -f raddb/all.mk \
		print-DEFAULT_MODULES 2>/dev/null)
	sed "s|@@DEFAULT_MODULES@@|$default_mods|" \
		"$srcdir"/setup-freeradius.in > setup-freeradius
}

build() {
	# freeradius requries json.h to be in a dir called 'json'. We fool
	# the configure script with a symlink pointing to proper location.
	ln -s /usr/include/json-c json

	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--localstatedir=/var \
		--datarootdir=/usr/share \
		--libdir="/$_radlibdir" \
		--with-logdir=/var/log/radius \
		--with-radacctdir=/var/log/radius/radacct \
		--with-system-libtool \
		--with-system-libltdl \
		--with-shared-libs \
		--with-udpfromto \
		--with-rlm_sql_sqlite \
		--with-rlm_sql_postgresql \
		--with-rlm_sql_mysql \
		--with-rlm_krb5 \
		--with-rlm_rest \
		--with-rlm_redis \
		--with-rlm_rediswho \
		--with-modules="rlm_python3" \
		--without-rlm_eap_tnc \
		--without-rlm_eap_ikev2 \
		--without-rlm_sql_iodbc \
		--without-rlm_sql_oracle \
		--without-rlm_yubikey \
		--without-rlm_ykclient \
		--with-jsonc-include-dir="$PWD"

	make -j1 LDFLAGS="$LDFLAGS -lssl"
}

package() {
	install -d -m0750 -o root -g radius \
		"$pkgdir"/$_radconfdir

	install -d -m0750 -o radius -g radius \
		"$pkgdir"/var/cache/radiusd \
		"$pkgdir"/var/lib/radiusd \
		"$pkgdir"/var/log/radius \
		"$pkgdir"/var/log/radius/radacct

	PACKAGE=yes make -j1 R="$pkgdir" install

	chown -R root:radius "$pkgdir"/etc/raddb/*

	# Ensure that files generated by Makefile or bootstrap scripts are
	# readable by the radiusd daemin.
	chmod 2750 "$pkgdir"/etc/raddb/certs

	install -m755 -D "$srcdir"/radiusd.initd "$pkgdir"/etc/init.d/radiusd
	install -m644 -D "$srcdir"/radiusd.confd "$pkgdir"/etc/conf.d/radiusd
	install -m644 -D "$srcdir"/$pkgname.logrotated "$pkgdir"/etc/logrotate.d/$pkgname
	install -m755 -D setup-freeradius "$pkgdir"/usr/sbin/setup-freeradius

	install -m755 -D "$srcdir"/radacct-rotate -t "$pkgdir"/usr/bin/
	install -m644 -D "$srcdir"/radacct-rotate.conf -t "$pkgdir"/etc/raddb/
	install -m755 -D "$srcdir"/radacct-rotate.crond "$pkgdir"/etc/periodic/daily/radacct-rotate

	# Install misses to create this
	mkdir -p "$pkgdir"/$_radmodsconfdir/sql/ippool-dhcp/postgresql

	# Default modules are enabled by post-install script.
	# The reason for this is that when we include these symlinks
	# in the package, the user basically cannot permanently disable any
	# default module by removing the symlink because apk will install them
	# back on every upgrade of the package.
	rm -f "$pkgdir"/$_radconfdir/mods-enabled/*

	# Remove unneeded and unused stuff (e.g. for disabled modules).

	rm -f "$pkgdir"/usr/sbin/rc.radiusd
	rm -f "$pkgdir"/$_radlibdir/rlm_test.so
	rm -f "$pkgdir"/$_radconfdir/experimental.conf

	# https://github.com/FreeRADIUS/freeradius-server/issues/1734#issuecomment-247848277
	rm -f "$pkgdir"/usr/bin/dhcpclient
	rm -f "$pkgdir"/usr/share/man/man1/dhcpclient.1*

	cd "$pkgdir"/$_radmodsdir
	rm -f couchbase python unbound yubikey

	cd "$pkgdir"/$_radmodsconfdir
	rm -rf sql/*/mongo
	rm -rf sql/*/oracle
	rm -rf unbound

	cd "$pkgdir"/$_radconfdir/sites-available
	rm -f *.orig
}

eap() {
	pkgdesc="EAP module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-eap=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_eap*.so $_radlibdir/libfreeradius-eap.so
	amove usr/bin/radeapclient

	amove $_radmodsdir/eap $_radmodsdir/inner-eap
	amove $_radconfdir/sites-available/check-eap-tls
	_enable_mod eap
}

ldap() {
	pkgdesc="LDAP module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-ldap=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_ldap*
	amove $_radmodsdir/ldap
	_enable_mod ldap
}

krb5() {
	pkgdesc="Kerberos module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-krb5=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_krb5*
	amove $_radmodsdir/krb5
	_enable_mod krb5
}

dhcp() {
	pkgdesc="DHCP module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"

	amove $_radlibdir/*_dhcp.so $_radlibdir/libfreeradius-dhcp.so
	amove $_radmodsdir/dhcp
	amove $_radconfdir/sites-available/dhcp
	_enable_mod dhcp
}

lib() {
	pkgdesc="Freeradius shared libraries"
	depends=""

	amove $_radlibdir/libfreeradius-*.so
	amove usr/share/freeradius/*
}

sql() {
	pkgdesc="SQL module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-sql=$pkgver-r$pkgrel"

	local lib; for lib in sql sqlippool sql_null sqlcounter; do
		amove $_radlibdir/rlm_$lib.so
	done

	amove $_radconfdir/sites-available/buffered-sql
	amove $_radmodsdir/*sql*
	_enable_mod sql
}

mysql() {
	pkgdesc="MySQL module for FreeRADIUS server"
	depends="freeradius-sql=$pkgver-r$pkgrel"
	provides="freeradius3-mysql=$pkgver-r$pkgrel"

	_mvdb mysql
	amove $_radmodsconfdir/sql/*/ndb
}

mssql() {
	pkgdesc="MSSQL module for FreeRADIUS server"
	depends="freeradius-sql=$pkgver-r$pkgrel"
	provides="freeradius3-mssql=$pkgver-r$pkgrel"

	amove $_radmodsconfdir/sql/main/mssql
}

perl() {
	pkgdesc="Perl module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel perl"
	provides="freeradius3-perl=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_perl*
	amove $_radconfdir/mods-available/perl
	amove $_radmodsconfdir/perl
	_enable_mod perl
}

checkrad() {
	pkgdesc="Check if a user is (still) logged in on a certain port"
	depends="perl perl-net-telnet perl-snmp-session net-snmp-tools"

	amove usr/sbin/checkrad
}

postgresql() {
	pkgdesc="PostgreSQL module for FreeRADIUS server"
	depends="freeradius-sql=$pkgver-r$pkgrel"
	provides="freeradius3-postgresql=$pkgver-r$pkgrel"

	_mvdb postgresql
}

python3() {
	depends="freeradius=$pkgver-r$pkgrel"
	pkgdesc="Python 3 module for FreeRADIUS server"

	amove $_radlibdir/rlm_python*
	amove $_radmodsdir/python3
	amove $_radmodsconfdir/python3
	_enable_mod python3
}

sqlite() {
	pkgdesc="SQLite module for FreeRADIUS server"
	depends="freeradius-sql=$pkgver-r$pkgrel"
	provides="freeradius3-sqlite=$pkgver-r$pkgrel"

	_mvdb sqlite
}

unixodbc() {
	pkgdesc="ODBC module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-unixodbc=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_sql_unixodbc.so
}

pam() {
	pkgdesc="PAM module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-pam=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_pam*
	amove $_radmodsdir/pam
	_enable_mod pam
}

rest() {
	pkgdesc="REST module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_rest*
	amove $_radmodsdir/rest
	_enable_mod rest
}

redis() {
	pkgdesc="Redis modules for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_redis*
	amove $_radmodsdir/redis*
	_enable_mod redis
}

utils() {
	pkgdesc="FreeRADIUS utilities"
	# provides/replaces for backward compatibility
	provides="freeradius-radclient=$pkgver-r$pkgrel
		freeradius3-radclient=$pkgver-r$pkgrel"
	replaces="freeradius-radclient"

	amove usr/bin/*

	mkdir -p "$pkgdir"/usr/bin
	mv "$subpkgdir"/usr/bin/radacct-rotate "$pkgdir"/usr/bin/
}

_mvdb() {
	amove $_radmodsconfdir/sql/*/$1
	amove $_radlibdir/rlm_sql_$1.so
}

_enable_mod() {
	mkdir -p "$subpkgdir"/$_radconfdir/mods-enabled
	ln -s ../mods-available/$1 "$subpkgdir"/$_radconfdir/mods-enabled/$1
}

sha512sums="
5ffc7389ed76c40eb249f4588b8b1199f21537fe2718585d6886eefe16871055e4602c841e278c557879766df45d5f3ac351e36037dfbbdfed3c2381ad748855  freeradius-server-3.0.26.tar.gz
52ecccd479bb22c80d5cc298d9d1c12bd2d1a9d80e1265ba032201f3942370910fa78f3bb429031d91bc89712fa2127f16cd68814489cbc99d174fbf5789875f  freeradius.logrotated
bb3df1fa2c9ed95514ae090e0f6619c4e3280f424c4351bc79f5254bf1a327fa7d27e5fe3add5ab8d9e5ba3792c9553bd9a0481fe9c5bc34945ce46627ef2638  radiusd.confd
5a8579f06e905117c67f87f0833d0760e81e64f97de7672ecee45775733fae05763edb91c472e313bf58523c713f86815e47cc39c841f4c141aa59a5930113c6  radiusd.initd
9f6a4f76fd06e81cfcfe4536f1f8be494634b07e548a6f7e651e5501aded24b030ed7d57dbdc867ae0eb39ee4a090234c4122a89bed84c13733c77de36b9c2cf  setup-freeradius.in
5f940e200aa39b2fbbfaf5b24f2ad99869fa75bb7e2008876940ea96cb9dbc7f2b27dd1672aa56cdb5243faabdcbc38875594dd8792af965987183c0aa2aefd1  print-var.mk
4fbd774618d41a28a5874fd5bd96ccf6ab5ea38e4a97b1671bd51f6d07476985629dabc0a7300b3287bd223c62496c930bc555bb617739d6383afd5d55c97501  radacct-rotate
2cecaae9bf9dd88f7c4344f2b08977c46d4831e733b82adcf6cf9553c1a77363dac9f1784f9eb9cf93d46c3da10a10d548a1071cdb0cd49e1319a62b7d5a357b  radacct-rotate.conf
52c477b4d13009bc3776ed889feeb4b1ea8d85bb97b0031b1d2d4c04e6466fcb4e9a16e556e861e7ec56acb54624bea39d73d44802535aa39d3dc84580d95775  radacct-rotate.crond
c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d  musl-fix-headers.patch
41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234  fix-scopeid.patch
caf85ffb96e08ad8314fe72aac052948b2461f94bb21e20ea34925534ee1ef682284457318d50df813ba167a8cb4b520c5a0f38d86de21cd56e8391f299a5dd6  default-config.patch
5fba0394073cd32a0cd80dea0c27e4474cd44c7d52fdf4e1dafb98025ffa3439bbab6112e091ca5e548713d071c026b280b1f205e8e51e57e4fda4bb6336b020  remove-eap-from-default-mods.patch
55e179d5e6b31d289c2da7f907e494a6a6f5900483fdff8d3bb25ee15a583b8705942eca1f0d5390e91376966e66e457dce9b2cf1a1f61c8eac6d8fb825404dd  readme-setup-script.patch
908c4408ab6538ddd96577e47d5e509b19e227e144655eaa0fd7569ddadbe5b2298e6599b8370847b3bcb5e788067b163b0cb66e1b3afa4d83dc3f724e058674  dont-install-test-tools.patch
"