# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# $Id$

PortSystem              1.0

name                    curl-ca-bundle
# keep the version in sync with the curl port
version                 7.24.0
set curl_name           curl
categories              net
license                 {MPL-1.1 LGPL-2.1+ GPL-2+}
maintainers             ryandesign
homepage                http://curl.haxx.se/
platforms               darwin freebsd
use_bzip2               yes
use_parallel_build      no
use_configure           no
supported_archs         noarch
installs_libs           no
distname                ${curl_name}-${version}
dist_subdir             ${curl_name}
set curl_source         ${distname}${extract.suffix}
set certdata_file       certdata.txt
set certdata_version    1.81
set certdata_date       2012-01-17
set certdata_distfile   certdata-${certdata_version}.txt
set certdata_path       security/nss/lib/ckfw/builtins/${certdata_file}
build.target            ca-bundle
extract.only            ${curl_source}
extract.post_args-append ${worksrcdir}/Makefile ${worksrcdir}/lib/mk-ca-bundle.pl

description \
    CA certificate bundle for curl

long_description \
    Installs a bundle of certification authority certificates (CA certs) \
    which curl (when linked with OpenSSL) uses to verify the authenticity \
    of secure web and FTP servers.

# keep the master_sites in sync with the curl port
master_sites \
    http://curl.haxx.se/download/ \
    ftp://ftp.sunet.se/pub/www/utilities/curl/ \
    http://www.execve.net/curl/

# Avoid most of the checksum errors that inevitably occur whenever upstream
# updates certdata.txt by only using the upstream site if it's within a few
# days of the latest update. After that time, use only our mirrors, which
# should have copied the file by then. The success of this strategy relies
# on me noticing new versions within that time and updating the port, and
# on upstream not updating the file again within that time.
set days_since_update [expr {[expr {[clock seconds] - [clock format [clock scan ${certdata_date}] -format %s]}] / 86400}]
if {${days_since_update} > 3} {
    master_sites-append http://distfiles.macports.org/curl/:certdata
} else {
    master_sites-append http://mxr.mozilla.org/mozilla/source/${certdata_path}?raw=1&dummy=:certdata
}

distfiles \
    ${curl_source} \
    ${certdata_distfile}:certdata

checksums                   ${curl_source} \
                            rmd160  b2b3116318813478b4683ae479cb889c4fc05cea \
                            sha256  ebdb111088ff8b0e05b1d1b075e9f1608285e8105cc51e21caacf33d01812c16 \
                            ${certdata_distfile} \
                            rmd160  621f297487026817d56e2685c9494470ea4c8808 \
                            sha256  92a98d43ad4f2f98747de5f195cc2790c710458d629524f2b46174d65c96d17f

depends_build \
    path:bin/perl:perl5

patchfiles \
    patch-no-autodownload.diff

post-extract {
    xinstall ${distpath}/${certdata_distfile} ${worksrcpath}/${certdata_file}
}

destroot {
    set ca_bundle_dir ${destroot}${prefix}/share/curl
    xinstall -d ${ca_bundle_dir}
    xinstall -m 644 ${worksrcpath}/lib/ca-bundle.crt ${ca_bundle_dir}/curl-ca-bundle.crt
}

livecheck.type          regex
livecheck.url           http://bonsai.mozilla.org/cvsquery.cgi?file=mozilla/${certdata_path}&date=explicit&mindate=${certdata_date}
livecheck.version       ${certdata_version}
livecheck.regex         '${certdata_file}','(\[0-9.\]+)'