# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=7

MY_P="${P/_}"
PKCS11_IUSE="+softhsm opensc external-hsm"

inherit autotools

DESCRIPTION="An open-source turn-key solution for DNSSEC"
HOMEPAGE="https://www.opendnssec.org/"
SRC_URI="https://www.${PN}.org/files/source/${MY_P}.tar.gz"
S="${WORKDIR}/${MY_P}"

LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="debug doc +mysql readline +signer sqlite test ${PKCS11_IUSE}"
RESTRICT="!test? ( test )"

RDEPEND="
	acct-group/opendnssec
	acct-user/opendnssec
	dev-lang/perl
	dev-libs/libxml2
	dev-libs/libxslt
	net-libs/ldns[ed25519(+),ed448(+)]
	mysql? (
		dev-db/mysql-connector-c:0=
		dev-perl/DBD-mysql
	)
	opensc? ( dev-libs/opensc )
	readline? ( sys-libs/readline:0 )
	softhsm? ( dev-libs/softhsm:* )
	sqlite? (
		dev-db/sqlite:3
		dev-perl/DBD-SQLite
	)
"

DEPEND="${RDEPEND}"

BDEPEND="
	doc? ( app-doc/doxygen )
	test? (
		app-text/trang
		dev-libs/softhsm:*
		dev-util/cunit
	)
"

REQUIRED_USE="
	^^ ( mysql sqlite )
	^^ ( softhsm opensc external-hsm )
"

PATCHES=(
	"${FILESDIR}/${PN}-fix-run-dir-2.1.x.patch"
	"${FILESDIR}/${PN}-use-system-trang.patch"
)

DOCS=( MIGRATION NEWS )

check_pkcs11_setup() {
	# PKCS#11 HSM's are often only available with proprietary drivers not
	# available in portage tree.

	if use softhsm; then
		PKCS11_LIB=softhsm
		PKCS11_PATH=/usr/$(get_libdir)/softhsm/libsofthsm2.so
		elog "Building with SoftHSM PKCS#11 library support."
	fi
	if use opensc; then
		PKCS11_LIB=opensc
		PKCS11_PATH=/usr/$(get_libdir)/opensc-pkcs11.so
		elog "Building with OpenSC PKCS#11 library support."
	fi
	if use external-hsm; then
		if [[ -n ${PKCS11_SCA6000} ]]; then
			PKCS11_LIB=sca6000
			PKCS11_PATH=${PKCS11_SCA6000}
		elif [[ -n ${PKCS11_ETOKEN} ]]; then
			PKCS11_LIB=etoken
			PKCS11_PATH=${PKCS11_ETOKEN}
		elif [[ -n ${PKCS11_NCIPHER} ]]; then
			PKCS11_LIB=ncipher
			PKCS11_PATH=${PKCS11_NCIPHER}
		elif [[ -n ${PKCS11_AEPKEYPER} ]]; then
			PKCS11_LIB=aepkeyper
			PKCS11_PATH=${PKCS11_AEPKEYPER}
		else
			ewarn "You enabled USE flag 'external-hsm' but did not specify a path to a PKCS#11"
			ewarn "library. To set a path, set one of the following environment variables:"
			ewarn "  for Sun Crypto Accelerator 6000, set: PKCS11_SCA6000=<path>"
			ewarn "  for Aladdin eToken, set: PKCS11_ETOKEN=<path>"
			ewarn "  for Thales/nCipher netHSM, set: PKCS11_NCIPHER=<path>"
			ewarn "  for AEP Keyper, set: PKCS11_AEPKEYPER=<path>"
			ewarn "Example:"
			ewarn "  PKCS11_ETOKEN=\"/opt/etoken/lib/libeTPkcs11.so\" emerge -pv opendnssec"
			ewarn "or store the variable into /etc/portage/make.conf"
			die "USE flag 'external-hsm' set but no PKCS#11 library path specified."
		fi
		elog "Building with external PKCS#11 library support ($PKCS11_LIB): ${PKCS11_PATH}"
	fi
}

pkg_pretend() {
	if has_version "<net-dns/opendnssec-1.4.10"; then
		################################################################################
		eerror "You are already using OpenDNSSEC."
		eerror "In order to migrate to version >=2.0.0 you need to upgrade to"
		eerror "version >=1.4.10 first:"
		eerror ""
		eerror "   emerge \"<net-dns/opendnssec-2\""
		eerror ""
		eerror "See /usr/share/doc/opendnssec-2.1.10/MIGRATION* for details."
		eerror ""
		die "Please upgrade to version >=1.4.10 first for proper db migraion"
	fi

	check_pkcs11_setup
}

pkg_setup() {
	# pretend does not preserve variables so we need to run this once more
	check_pkcs11_setup
}

src_prepare() {
	default
	eautoreconf
}

src_configure() {
#		--localstatedir="${EPREFIX}/var/lib" \
	econf \
		--enable-installation-user=opendnssec \
		--enable-installation-group=opendnssec \
		--without-cunit \
		--disable-static \
		--with-enforcer-database=$(use mysql && echo "mysql")$(use sqlite && echo "sqlite3") \
		--with-pkcs11-${PKCS11_LIB}=${PKCS11_PATH} \
		$(use_with readline) \
		$(use_enable signer)
}

src_compile() {
	default
	use doc && emake docs
}

src_install() {
	default

	# remove useless .la files
	find "${ED}" -name '*.la' -delete

	# Remove subversion tags from config files to avoid useless config updates
	sed -i \
		-e '/<!-- \$Id:/ d' \
		"${ED}"/etc/opendnssec/* || die

	# install db update/migration stuff
	insinto /usr/share/opendnssec/db
	if use sqlite; then
		doins enforcer/utils/convert_mysql_to_sqlite
	fi
	if use mysql; then
		doins enforcer/utils/convert_sqlite_to_mysql
	fi

	insinto /usr/share/opendnssec/db/sql
	if use sqlite; then
		doins enforcer/src/db/schema.sqlite
	fi
	if use mysql; then
		doins enforcer/src/db/schema.mysql
	fi

	insinto /usr/share/opendnssec/db/1.4-2.0_db_convert
	doins enforcer/utils/1.4-2.0_db_convert/find_problematic_zones.sql
	doins enforcer/utils/1.4-2.0_db_convert/README.md
	if use sqlite; then
		doins enforcer/utils/1.4-2.0_db_convert/sqlite_convert.sql
		doins enforcer/utils/1.4-2.0_db_convert/convert_sqlite
	fi
	if use mysql; then
		doins enforcer/utils/1.4-2.0_db_convert/convert_mysql
		doins enforcer/utils/1.4-2.0_db_convert/mysql_convert.sql
	fi

	# patch scripts to find schema files
	sed -i \
		-e 's,^SCHEMA=../src/db/,SCHEMA=/usr/share/opendnssec/db/sql/,' \
		-e 's,^SCHEMA=../../src/db/,SCHEMA=/usr/share/opendnssec/db/sql/,' \
		"${ED}"/usr/share/opendnssec/db/convert_* \
		"${ED}"/usr/share/opendnssec/db/1.4-2.0_db_convert/convert_* || die

	# create directories
	keepdir /var/lib/opendnssec/{,enforcer,signconf,signed,signer,unsigned}

	# fix permissions
	fowners root:opendnssec /etc/opendnssec
	fowners root:opendnssec /etc/opendnssec/{addns,conf,kasp,zonelist}.xml
	fowners opendnssec:opendnssec /var/lib/opendnssec/{,enforcer,signconf,signed,signer,unsigned}

	# install conf/init script
	newinitd "${FILESDIR}"/opendnssec.initd opendnssec
	newconfd "${FILESDIR}"/opendnssec.confd opendnssec
}

pkg_postinst() {
	local v
	if use softhsm; then
		elog "Please make sure that you create your softhsm database in a location writeable"
		elog "by the opendnssec user. You can set its location in /etc/softhsm.conf."
		elog "Suggested configuration is:"
		elog "    echo \"0:/var/lib/opendnssec/softhsm_slot0.db\" >> /etc/softhsm.conf"
		elog "    softhsm --init-token --slot 0 --label OpenDNSSEC"
		elog "    chown opendnssec:opendnssec /var/lib/opendnssec/softhsm_slot0.db"
	fi
	for v in $REPLACING_VERSIONS; do
		case $v in
			1.4.*)
				ewarn ""
				ewarn "You are upgrading from version 1.4."
				ewarn ""
				ewarn "A migration is needed from 1.4 to 2.x."
				ewarn "For details see /usr/share/doc/${P}/MIGRATION*"
				ewarn ""
				ewarn "For your convenience the mentioned migration scripts and README"
				ewarn "have been installed to /usr/share/${PN}/db/1.4-2.0_db_convert"
				ewarn ""
			;;
		esac
	done
}