Ticket #70446: Portfile.quictls3.3.1

# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0
PortGroup           compiler_blacklist_versions 1.0
PortGroup           muniversal 1.0
PortGroup           legacysupport 1.1
PortGroup           github 1.0

# Availability.h
legacysupport.newest_darwin_requires_legacy 8

set major_v         3
# For former rollback to 3.1.x release where needed. Must now stay.
epoch               1
version             ${major_v}.3.1
revision            0

github.setup        quictls openssl ${version} 
github.master_sites {https://github.com/quictls/openssl/archive/refs/tags/}

# Please revbump these ports when updating the openssl3 version/revision
#  - freeradius (#43461)
#  - openssh (#54990)
#  - p5-net-ssleay (#67321, for minor version bumps)
#  - openssl (to rebuild the shim links).

categories          devel security
license             Apache-2
maintainers         {larryv @larryv} {cal @neverpanic} openmaintainer

description         QUICTLS SSL/TLS cryptography library
long_description    This is a fork of OpenSSL to enable QUIC.

depends_lib         port:zlib

distname            openssl-${version}


checksums           rmd160  225ffc5ac15fc718aa5a437e3953c98ebb907c02 \
                    sha256  133bf39b8d1635ac94a8483042cc448251b770a0d12c7af0c05ea895ddd98f1d \
                    size    18236011

# Old obsolete subport for overriding version holdback
# Make it explicitly obsolete for now
#
if {${os.platform} eq "darwin" && ${os.major} < 18} {

    subport ${name}-devel {
        PortGroup           obsolete 1.0

        replaced_by         ${name}
    }
}

# Use timegm() in crypto/asn1/a_time.c
# Fixes build on 10.4, and is generally preferable, anyway
#
# Since v3.2.0, crypto/asin1/a_time.c has included timezone compensation
# which uses timegm() in some cases, or localtime() adjusted for the
# timezone in others.  Since timegm() is considered nonstandard, it uses
# it in an opt-in basis, which currently includes only FreeBSD and
# WebAssembly.  On the Mac (at least) the 'timezone' variable which it
# otherwise relies on is a variable when __DARWIN_UNIX03 is set, and is
# a function when not, which is incompatible with this use.  By
# default, __DARWIN_UNIX03 is set on 10.5+ but not on 10.4, leading to a
# build failure on 10.4.  Meanwhile, timegm() is available on all Mac
# versions, and is preferable when available.  This fix adds __APPLE__ to
# the conditions for using timegm(), thereby building successfully on all
# OS versions with slightly less code.
#
patchfiles-append   patch-use-timegm.diff

if {${os.platform} eq "darwin" && ${os.major} < 11} {
    # Having the stdlib set to libc++ on 10.6 causes a dependency on a
    # macports-clang compiler to be added, which would be a dep cycle.
    configure.cxx_stdlib
}

set my_name         openssl-${major_v}
set my_prefix       ${prefix}/libexec/${name}

configure.ccache    no
configure.perl      /usr/bin/perl
configure.cmd       ./Configure
configure.pre_args  --prefix=${my_prefix}
configure.args      -L${prefix}/lib \
                    --openssldir=${my_prefix}/etc/openssl \
                    shared \
                    zlib

# Use SDK if necessary.
if {${configure.sdkroot} ne ""} {
    configure.args-append   '-isysroot ${configure.sdkroot}' \
                            -Wl,-syslibroot,${configure.sdkroot}
}

set merger_arch_compiler no
array set merger_configure_args {
    ppc     darwin-ppc-cc
    i386    darwin-i386-cc
    ppc64   darwin64-ppc-cc
    x86_64  darwin64-x86_64-cc
    arm64   darwin64-arm64-cc
}
platform darwin {
    # Don't use i386 assembly on Tiger (#38015, #43303).
    if {${os.major} <= 8} {
        append merger_configure_args(i386) { no-asm}
        # https://trac.macports.org/ticket/58992
        configure.args-append no-async
    }
    # Don't use x86-64 assembly on Tiger or Leopard.
    if {${os.major} <= 9} {
        append merger_configure_args(x86_64) { no-asm}
        # OpenSSL requires Perl 5.10.0, while Leopard ships Perl 5.8.8
        depends_build-append    port:perl5
        configure.perl          ${prefix}/bin/perl5
    }
}
# Don't pass --host to configure.
array set merger_host {ppc {} i386 {} ppc64 {} x86_64 {} arm64 {}}

if {(!${universal_possible} || ![variant_isset universal])
        && [info exists merger_configure_args(${configure.build_arch})]} {
    configure.args-append $merger_configure_args(${configure.build_arch})
}
configure.universal_args-delete --disable-dependency-tracking

# https://github.com/openssl/openssl/issues/16551
# Fixes "Undefined symbols for architecture i386: ___atomic_is_lock_free"
if {(${configure.build_arch} eq "i386") || (${universal_possible} && [variant_isset universal] && "i386" in ${configure.universal_archs})} {
    configure.args-append   -DBROKEN_CLANG_ATOMICS
}

test.run            yes
test.target-append  HARNESS_JOBS=${build.jobs}

pre-destroot {
    if {[variant_exists universal] && [variant_isset universal]} {
        global merger_dont_diff
        if {[llength ${universal_archs_to_use}] > 2} {
            lappend merger_dont_diff ${my_prefix}/include/openssl/configuration.h
            # Previous version/revisions got this wrong, but this situation
            # is too obscure to justify revbumping the dependents.
            notes-append "Universal dependents may need to be rebuilt."
        }
    }
}

post-destroot {
    # Create some links to main prefix
    xinstall -d ${destroot}${prefix}/include/${my_name}
    xinstall -d ${destroot}${prefix}/lib/${my_name}
    ln -s ${my_prefix}/include/openssl ${destroot}/${prefix}/include/${my_name}/
    foreach l [glob -tails -directory ${destroot}${my_prefix}/lib *] {
        ln -s ${my_prefix}/lib/${l} ${destroot}/${prefix}/lib/${my_name}/${l}
    }
    foreach b [glob -tails -directory ${destroot}${my_prefix}/bin *] {
        ln -s ${my_prefix}/bin/${b} ${destroot}/${prefix}/bin/${b}-${major_v}
    }
    # shared/man dir seems to still end up in ${prefix} and not libexec...
    move ${destroot}${prefix}/share/man ${destroot}/${my_prefix}/share/
    # Create link to certs from curl-ca-bundle in install prefix
    ln -s ${prefix}/share/curl/curl-ca-bundle.crt ${destroot}${my_prefix}/etc/openssl/cert.pem
}

destroot.args       MANDIR=${prefix}/share/man MANSUFFIX=ssl

variant rfc3779 description {enable RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers} {
    configure.args-append   enable-rfc3779
}

variant fips description {enable FIPS} {
    configure.args-append   enable-fips
}

variant legacy description {enable legacy providers by default} {
    # See https://trac.macports.org/ticket/63857 for context
    post-destroot {
        set     cnf [open ${destroot}${my_prefix}/etc/openssl/openssl.cnf a]
        puts  ${cnf} ""
        puts  ${cnf} "# MacPorts additions to enable legacy providers by default"
        puts  ${cnf} "\[openssl_init\]"
        puts  ${cnf} "providers = provider_sect"
        puts  ${cnf} "\[provider_sect\]"
        puts  ${cnf} "default = default_sect"
        puts  ${cnf} "legacy = legacy_sect"
        puts  ${cnf} "\[default_sect\]"
        puts  ${cnf} "activate = 1"
        puts  ${cnf} "\[legacy_sect\]"
        puts  ${cnf} "activate = 1"
        close ${cnf}
    }
}

livecheck.type      regex
livecheck.url       [lindex ${master_sites} 0]
livecheck.regex     openssl-(${major_v}.\[0-9.\]+\[a-z\]?)\\.tar\\.gz