#!/usr/bin/env beesh

# BEE_VERSION openssl1-1.1.1za-0

#SRCURL[0]="https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-1.1.1w.tar.gz"
SRCURL[0]="https://beehive.molgen.mpg.de/3f76825f195e52d4b10c70040681a275/openssl-1.1.1w.tar.gz"

# The patches and the message below are from Slackware
# Patches themselves are under the Apache License v2.0. After patching the package
# identifies itself as version 'za'
#
# Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that
# were only available to subscribers to OpenSSL's premium extended support.
# These patches were prepared by backporting commits from the OpenSSL-3.0 repo.
# Thanks to Ken Zalewski!

PATCHURL+=("https://beehive.molgen.mpg.de/61daee1e6724b5b2d9dcd8e7a0c45553/0001-openssl-1.1.1x_CVE-2023-5678_CVE-2024-0727.patch")
PATCHURL+=("https://beehive.molgen.mpg.de/23347a1a7cc77d1b5e8b3832d36bbf71/0002-openssl-1.1.1y_CVE-2024-2511_CVE-2024-4741.patch")
PATCHURL+=("https://beehive.molgen.mpg.de/ee9011230a6b4317644b04b9e9a7ff57/0003-openssl-1.1.1za_CVE-2024-5535.patch")

# build_in_sourcedir

# sourcesubdir_append src

#mee_extract() {
#    bee_extract "${@}"
#}

mee_patch() {
    bee_patch "${@}"
    # no html
    sed -e '/^install_docs:/ s/install_html_docs//' -i Configurations/unix-Makefile.tmpl
    # no func() docs
    sed -e 's/podpath=man1:man3:man5:man7/podpath=man1:man5:man7/;s/\[ 1, 3, 5, 7 \]/[ 1, 5, 7 ]/;' -i util/process_docs.pl
}

mee_configure() {
    start_cmd ${S}/config \
        --prefix=${PREFIX} \
        --openssldir=${SYSCONFDIR}/ssl \
        --libdir=lib/openssl-1.1 \
        shared \
        zlib-dynamic
}

mee_build() {
    start_cmd make depend
    start_cmd make ${BEE_MAKEFLAGS}
    start_cmd make -j1 test
}

mee_install() {
    start_cmd make DESTDIR=${D} MANDIR=${MANDIR} MANSUFFIX=ssl install
}

mee_install_post() {
    rm -f ${D}/usr/lib/openssl-1.1/*.a # hmmm, see 'shared' above ...

    # now provide the libraries as 'compat-package', and rearrange
    # everything in a way, that
    #      PKG_CONFIG_PATH=/usr/lib/openssl-1.1/pkgconfig
    # allows to build 'legacy' packages.
    ( cd ${D}/usr/lib/openssl-1.1
        for file in lib*.so.?.* ; do
            mv $file ../../lib
            ln -sf ../../lib/$file .
        done
    )
    mkdir -p ${D}/usr/include/openssl-1.1
    mv ${D}/usr/include/openssl ${D}/usr/include/openssl-1.1/openssl
    sed -e "s|/include$|/include/openssl-1.1|" -i ${D}/usr/lib/openssl-1.1/pkgconfig/*.pc
    mv ${D}/usr/bin/openssl ${D}/usr/bin/openssl-1.1
    rm -rf ${D}/etc ${D}/usr/bin/c_rehash ${D}/usr/share
}