# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   2.6.2-r0:
#     - CVE-2022-29155
#   2.4.57-r1:
#     - CVE-2021-27212
#   2.4.57-r0:
#     - CVE-2020-36221
#     - CVE-2020-36222
#     - CVE-2020-36223
#     - CVE-2020-36224
#     - CVE-2020-36225
#     - CVE-2020-36226
#     - CVE-2020-36227
#     - CVE-2020-36228
#     - CVE-2020-36229
#     - CVE-2020-36230
#   2.4.56-r0:
#     - CVE-2020-25709
#     - CVE-2020-25710
#   2.4.50-r0:
#     - CVE-2020-12243
#   2.4.48-r0:
#     - CVE-2019-13565
#     - CVE-2019-13057
#   2.4.46-r0:
#     - CVE-2017-14159
#     - CVE-2017-17740
#   2.4.44-r5:
#     - CVE-2017-9287
#
pkgname=openldap
pkgver=2.6.3
pkgrel=4
pkgdesc="LDAP Server"
url="https://www.openldap.org/"
arch="all"
license="OLDAP-2.8"
pkgusers="ldap"
pkggroups="ldap"
depends_dev="
	cyrus-sasl-dev
	libevent-dev
	libsodium-dev
	util-linux-dev
	"
makedepends="
	$depends_dev
	autoconf
	automake
	db-dev
	groff
	libtool
	mosquitto-dev
	openssl-dev
	unixodbc-dev
	"
provides="$pkgname-back-monitor=$pkgver-r$pkgrel"  # for backward compatibility (Alpine <3.15)
subpackages="
	$pkgname-dev
	$pkgname-doc
	libldap
	$pkgname-lloadd
	$pkgname-lloadd-openrc:lloadd_openrc
	$pkgname-clients
	$pkgname-passwd-argon2:passwd_argon2
	$pkgname-passwd-pbkdf2:passwd_pbkdf2
	$pkgname-passwd-sha2:passwd_sha2
	$pkgname-backend-all:_backend_all:noarch
	$pkgname-overlay-all:_overlay_all:noarch
	$pkgname-openrc
	"
install="
	$pkgname.pre-install
	$pkgname.post-install
	$pkgname.pre-upgrade
	$pkgname.post-upgrade
	$pkgname-lloadd.pre-install
	"
source="https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-$pkgver.tgz
	0001-Fix-build-issue-in-clients-tools-common.c.patch
	0002-Add-UNIX_LINK_LIBS-to-slapi-Makefile.patch
	0003-Add-mqtt-overlay.patch
	0004-Fix-manpages.patch
	0005-Correct-command-line-syntax-in-lloadd-tests.patch
	0006-Fix-build-on-mips-inconsistent-cacheflush-prototype.patch
	0007-Use-correct-extension-for-slapd-modules-in-slapd.con.patch
	0008-Remove-pidfile-and-argsfile.patch
	slapd.ldif.patch

	lloadd.conf
	slapd.initd
	slapd.confd
	lloadd.initd
	lloadd.confd
	"

# SLAPD backends
_backends="
	asyncmeta
	dnssrv
	ldap
	lload
	mdb
	meta
	null
	passwd
	relay
	sock
	sql
	"
for _name in $_backends; do
	subpackages="$subpackages $pkgname-back-$_name:_backend"
	_backend_pkgs="$_backend_pkgs $pkgname-back-$_name"
done

# SLAPD overlays
_overlays="
	accesslog
	auditlog
	autoca
	collect
	constraint
	dds
	deref
	dyngroup
	dynlist
	homedir
	lastbind
	memberof
	mqtt
	otp
	ppolicy
	proxycache
	refint
	remoteauth
	retcode
	rwm
	seqmod
	sssvlv
	syncprov
	translucent
	unique
	valsort
	"
_overlay_pkgs=""
for _name in $_overlays; do
	subpackages="$subpackages $pkgname-overlay-$_name:_overlay"
	_overlay_pkgs="$_overlay_pkgs $pkgname-overlay-$_name"
done

# Extra modules from contrib/slapd-modules to build and install.
_extra_modules="
	mqtt
	passwd/pbkdf2
	passwd/sha2
	lastbind
	"

# Some tests hang on aarch64
case "$CARCH" in
s390x|aarch64|arm*|x86)
	options="!check"
	;;
esac

prepare() {
	default_prepare

	sed -i '/^STRIP/s,-s,,g' build/top.mk
	AUTOMAKE=/bin/true autoreconf -fi
}

build() {
	_configure \
		--enable-slapd \
		--enable-modules \
		--enable-dnssrv=mod \
		--enable-ldap=mod \
		--enable-mdb=mod \
		--enable-meta=mod \
		--enable-asyncmeta=mod \
		--enable-null=mod \
		--enable-passwd=mod \
		--enable-relay=mod \
		--enable-sock=mod \
		--enable-sql=mod \
		--enable-overlays=mod \
		--enable-balancer=mod \
		--enable-argon2
	make

	local dir; for dir in $_extra_modules; do
		msg "Building module $dir"
		make -C contrib/slapd-modules/$dir prefix=/usr libexecdir=/usr/lib
	done

	cp -ar "$builddir" "$builddir-lloadd"
	cd "$builddir-lloadd"

	msg "Building standalone lloadd"
	make -C servers clean
	_configure \
		--enable-balancer=yes
	make
}

_configure() {
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--libexecdir=/usr/lib \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--localstatedir=/var/lib/openldap \
		--enable-dynamic \
		--enable-crypt \
		--enable-spasswd \
		--with-tls=openssl \
		--with-systemd=no \
		--with-cyrus-sasl \
		"$@"
}

check() {
	# FIXME: Failing network tests on some platforms.
	rm -f tests/scripts/test063-delta-multiprovider
	rm -f tests/scripts/test079-proxy-timeout

	make test
}

package() {
	make DESTDIR="$pkgdir" install

	local dir; for dir in $_extra_modules; do
		make -C contrib/slapd-modules/$dir \
			DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib install
	done

	make -C "$builddir-lloadd"/servers/lloadd DESTDIR="$pkgdir" install

	cd "$pkgdir"

	rmdir var/lib/openldap/run

	# Fix tools symlinks to slapd.
	find usr/sbin/ -type l -exec ln -sf slapd {} \;

	# Move executables from lib to sbin.
	mv usr/lib/slapd usr/lib/lloadd usr/sbin/

	# Move *.default configs to docs.
	mkdir -p usr/share/doc/$pkgname
	mv etc/openldap/*.default usr/share/doc/$pkgname/

	chgrp ldap etc/openldap/slapd.*
	chmod g+r etc/openldap/slapd.*

	install -D -m 640 -g ldap "$srcdir"/lloadd.conf -t etc/openldap/

	install -d -m 700 -o ldap -g ldap \
		run/openldap \
		var/lib/openldap \
		var/lib/openldap/openldap-data \
		var/lib/openldap/openldap-lloadd

	install -D -m 755 "$srcdir"/slapd.initd etc/init.d/slapd
	install -D -m 644 "$srcdir"/slapd.confd etc/conf.d/slapd

	install -D -m 755 "$srcdir"/lloadd.initd etc/init.d/lloadd
	install -D -m 644 "$srcdir"/lloadd.confd etc/conf.d/lloadd
}

libldap() {
	pkgdesc="OpenLDAP libraries"
	depends=""
	provides=""

	amove usr/lib/*.so*
	amove etc/openldap/ldap.conf
}

lloadd() {
	pkgdesc="Standalone LDAP Load Balancer Daemon"
	provides=""

	amove etc/openldap/lloadd.conf
	amove usr/sbin/lloadd
	amove var/lib/openldap/openldap-lloadd
}

lloadd_openrc() {
	pkgdesc="Standalone LDAP Load Balancer Daemon (OpenRC init scripts)"
	depends="$depends_openrc"
	provides=""
	install_if="openrc $pkgname-lloadd=$pkgver-r$pkgrel"

	amove etc/init.d/lloadd
	amove etc/conf.d/lloadd
}

clients() {
	pkgdesc="LDAP client utilities"
	provides=""

	amove usr/bin
}

passwd_argon2() {
	pkgdesc="Argon2 OpenLDAP support"
	depends="$pkgname"
	provides=""

	amove usr/lib/openldap/argon2.*
}

passwd_pbkdf2() {
	pkgdesc="PBKDF2 OpenLDAP support"
	depends="$pkgname"
	provides=""

	amove usr/lib/openldap/pw-pbkdf2.*
}

passwd_sha2() {
	pkgdesc="SHA2 OpenLDAP support"
	depends="$pkgname"
	provides=""

	amove usr/lib/openldap/pw-sha2.*
}

_backend_all() {
	pkgdesc="Virtual package that installs all OpenLDAP backends"
	depends="$_backend_pkgs"
	provides=""

	mkdir -p "$subpkgdir"
}

_overlay_all() {
	pkgdesc="Virtual package that installs all OpenLDAP overlays"
	depends="$_overlay_pkgs"
	provides=""

	mkdir -p "$subpkgdir"
}

_backend() {
	backend_name="${subpkgname#openldap-back-}"
	pkgdesc="OpenLDAP $backend_name backend"
	provides=""

	case "$backend_name" in
		lload) pkgdesc="OpenLDAP load balancer backend (module)";;
		*) backend_name="back_$backend_name";;
	esac

	amove usr/lib/openldap/$backend_name*
}

_overlay() {
	overlay_name="${subpkgname#openldap-overlay-}"
	pkgdesc="OpenLDAP $overlay_name overlay"
	provides=""

	case "$overlay_name" in
		proxycache)
			overlay_name=pcache
		;;
		mqtt)
			# For backward compatibility (Alpine <3.15).
			provides="$pkgname-mqtt=$pkgver-r$pkgrel"
			replaces="$pkgname-mqtt"
		;;
	esac
	amove usr/lib/openldap/$overlay_name*
}

sha512sums="
56efbbfc68779ad635d2c25228eb9c4f1553b107b96e8a438029b1c5d2f2647cf4d437770554392b436718ea44a4813e17f5195049f67fc09d063a981096cd85  openldap-2.6.3.tgz
8fa57c43c2d51cd2d1d297b4dd4edd9a15b549b6d5beb8038f66f65cb1d7c93b8fda326c33b4f9356ea99e63703c553662deefc87222f23a1e5517fbf2fabdeb  0001-Fix-build-issue-in-clients-tools-common.c.patch
55a6a429fc8486ed8dcf8dc2da7c240be9971d49dd9aea4b746738f92046610711896d914ba8a71a09b405b271125a613074275045cf963a3f058eb85058a00b  0002-Add-UNIX_LINK_LIBS-to-slapi-Makefile.patch
81a9b769bc5b6b599c17381a9f6515f2c479d82f4d728627c83a746403fc3401529dc47146390a4b66a3a4e074cd09c850d3fabe1a097d92066ce16c4443a0fb  0003-Add-mqtt-overlay.patch
0552438d010a3cf225aa90b8c7744a8dbf853885f34a42f6dfc92e08a8b5b86c0082b1548498c6bc55522ca4ac8e3699cfba63be2279d9dcbbffa2690901f632  0004-Fix-manpages.patch
f88de2f92a31f1b906e850daa1b518fc90822e668c9ca99c33934304d260237a1406cb845c2f4985bcc1c1c49355784287cb8e27f724ab6833a8e90912decf73  0005-Correct-command-line-syntax-in-lloadd-tests.patch
12e32308c9a2072adc22a2859d85d7228c9d61cab0088e5b34bbbe98b400768a254eddc7fc420821363ed9139190eb7dd511c409219324e4eb892ba4dbf080fb  0006-Fix-build-on-mips-inconsistent-cacheflush-prototype.patch
ed07adc49f48831cdf62b4b0dfb9fad4632a64b0b90557bdee8e5560e420d05354511069a0fba24312012971bf792a179958d3c9e04615546ec97f800e22caeb  0007-Use-correct-extension-for-slapd-modules-in-slapd.con.patch
c6b8fb6aee86d574d49b06778d16fef59dc02dffb2e8da52ee9f5e1c612fa4cf6770331e343c9a69820fe75b911960ee0f35b0764a3c362131da477985150c20  0008-Remove-pidfile-and-argsfile.patch
26c98a803be6b64003b16680b5e6a6c0c341e143c14ce415e55aa5f77246652c4d6eac1866cfce003e94094afd43ab4f43b94d3de83728715bc46aa6f788645c  slapd.ldif.patch
c47a415a2a9cd98bb448820b981f40df82b4825e0ebcc8a5fb3c604d15e8f57ea1578afca6b3aa90351fd13e7ddba7dc7452bdb669df4a402f02990ca154e34e  lloadd.conf
0b7bba9d64ba92f23ee5627803f1c531b206ea96f6a9f7068b0870ad0a80001c321c15a2d306e0060bd6fbf749cb0f2e4e897694832d53a1b7e40b4852bc0ead  slapd.initd
64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a  slapd.confd
3e21241cee5db25331380d1302ccdb2854c3eb0ebcd41224bc4be59a2ef15e4ad585f161d0033a57ef906ee23e25d0e2769feb30ecf13fb34abf4fe42eb01c3e  lloadd.initd
fdc32900b5eb1618890e75e370108b4e6be38afbb8741806dc94ff79d14e723e297a62e4ed7b93a9a2777f58445cf28e9d54be13b814678e9ab5208bc6d38495  lloadd.confd
"