# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: ungleich <alpinelinux@ungleich.ch>
# Maintainer:
pkgname=bind
pkgver=9.14.8
_ver=${pkgver%_p*}
_p=${pkgver#*_p}
_major=${pkgver%%.*}
[ "$_p" != "$pkgver" ] && _ver="${_ver}-P$_p"
pkgrel=5
pkgdesc="The ISC DNS server"
url="https://www.isc.org"
arch="all"
license="MPL-2.0"
pkgusers="named"
pkggroups="named"
depends="dns-root-hints bind-tools"
depends_dev="$pkgname $pkgname-plugins $pkgname-tools"
depends_libs=""
depends_plugins="$pkgname"
_root_keys_upstream="dnssec-root"
depends_root_keys="$_root_keys_upstream"
depends_tools=""
_py3deps="py3-ply python3"
makedepends="
	bash
	bsd-compat-headers
	fstrm-dev
	json-c-dev
	krb5-dev
	libcap-dev
	libxml2-dev
	linux-headers
	openldap-dev
	openssl-dev
	perl
	protobuf-c-dev
	$_py3deps
	python3-dev
	"
install="$pkgname.pre-install $pkgname.post-install"
subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-openrc
	${pkgname}-${_root_keys_upstream}:root_keys:noarch
	py3-$pkgname:_py3 $pkgname-dnssec-tools:_dnssec_tools
	$pkgname-plugins $pkgname-tools
	"
source="
	https://downloads.isc.org/isc/${pkgname}${_major}/$_ver/$pkgname-$_ver.tar.gz
	bind.plugindir.patch
	bind.so_bsdcompat.patch
	named.initd
	named.confd
	named.conf.authoritative
	named.conf.recursive
	127.zone
	localhost.zone
	"
builddir="$srcdir/$pkgname-$_ver"

# secfixes:
#   9.14.8-r0:
#     - CVE-2019-6477
#   9.14.7-r0:
#     - CVE-2019-6475
#     - CVE-2019-6476
#   9.14.4-r0:
#     - CVE-2019-6471
#   9.14.1-r0:
#     - CVE-2019-6467
#     - CVE-2018-5743
#   9.12.3_p4-r0:
#     - CVE-2019-6465
#     - CVE-2018-5745
#     - CVE-2018-5744
#   9.12.2_p1-r0:
#     - CVE-2018-5740
#     - CVE-2018-5738
#   9.12.1_p2-r0:
#     - CVE-2018-5737
#     - CVE-2018-5736
#   9.11.2_p1-r0:
#     - CVE-2017-3145
#   9.11.0_p5-r0:
#     - CVE-2017-3136
#     - CVE-2017-3137
#     - CVE-2017-3138
#   9.10.4_p5-r0:
#     - CVE-2016-9131
#     - CVE-2016-9147
#     - CVE-2016-9444

prepare() {
	default_prepare
	cd "$builddir"

	# Adjusting PATHs in manpages
	for i in bin/named/named.8 bin/check/named-checkconf.8 bin/rndc/rndc.8; do
		sed -i \
			-e 's:/etc/named.conf:/etc/bind/named.conf:g' \
			-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
			-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
			"${i}"
	done
}

build() {
	cd "$builddir"

	### http://bugs.gentoo.org/show_bug.cgi?id=227333
	export CFLAGS="$CFLAGS -D_GNU_SOURCE"

	./configure \
		--build="$CBUILD" \
		--host="$CHOST" \
		--prefix=/usr \
		--sysconfdir=/etc/bind \
		--localstatedir=/var \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--with-dlopen=yes \
		--with-dlz-filesystem=yes \
		--with-dlz-ldap=yes \
		--with-dlz-stub=yes \
		--with-gssapi=/usr \
		--with-libjson \
		--with-libtool \
		--with-libxml2 \
		--with-openssl=/usr \
		--with-python=python3 \
		--enable-dnstap \
		--enable-largefile \
		--enable-linux-caps \
		--enable-shared \
		--enable-static \
		--disable-isc-spnego
	make
}

check() {
	cd "$builddir"

	./bin/named/named -V
}

package() {
	cd "$builddir"
	install -d -m0770 -g named -o root "$pkgdir"/var/bind \
		"$pkgdir"/var/bind/sec \
		"$pkgdir"/var/bind/dyn \
		"$pkgdir"/var/run/named

	install -d -m0750 -g named -o root "$pkgdir"/etc/bind \
		"$pkgdir"/var/bind/pri

	make -j1 DESTDIR="$pkgdir" install

	install -Dm755 "$srcdir"/named.initd \
		"$pkgdir"/etc/init.d/named
	install -Dm644 "$srcdir"/named.confd \
		"$pkgdir"/etc/conf.d/named
	install -Dm644 "$srcdir"/named.conf.authoritative \
		"$pkgdir"/etc/bind/named.conf.authoritative
	install -Dm644 "$srcdir"/named.conf.recursive \
		"$pkgdir"/etc/bind/named.conf.recursive
	install -Dm644 "$srcdir"/127.zone \
		"$pkgdir"/var/bind/pri/127.zone
	install -Dm644 "$srcdir"/localhost.zone \
		"$pkgdir"/var/bind/pri/localhost.zone

	cd "$pkgdir"/var/bind
	ln -s ../../usr/share/dns-root-hints/named.root named.ca
	ln -s named.ca root.cache
}

dev() {
	default_dev

	mkdir -p "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/isc-config.sh "$subpkgdir"/usr/bin/
}

_py3() {
	pkgdesc="A module allowing rndc commands to be sent from Python programs"
	depends="$_py3deps"
	mkdir -p "$subpkgdir"/usr/lib
	mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/
}

_dnssec_tools() {
	pkgdesc="Utilities for DNSSEC keys and DNS zone files management"
	depends="py3-$pkgname=$pkgver-r$pkgrel"
	mkdir -p "$subpkgdir"/usr/sbin
	mv  \
		"$pkgdir"/usr/sbin/nsec3hash \
		"$pkgdir"/usr/sbin/dnssec* \
		"$subpkgdir"/usr/sbin/
}


plugins() {
	pkgdesc="The ISC DNS server plugins"
	depends="$depends_plugins"

	mkdir -p "$subpkgdir"/usr/lib
	mv "$pkgdir"/usr/lib/bind "$subpkgdir"/usr/lib/
}

tools() {
	pkgdesc="The ISC DNS tools"
	depends="$depends_tools"

	mkdir -p "$subpkgdir"/usr
	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/

	mkdir -p "$subpkgdir"/usr/sbin
	for i in "$pkgdir"/usr/sbin/*; do
		file "$i" | grep 'Python script' >/dev/null 2>&1 && continue || :
		case "${i##*/}" in
			named|named-checkconf|rndc) ;;
			*) mv "$i" "$subpkgdir"/usr/sbin ;;
		esac
	done
}

root_keys() {
	pkgdesc="ISC BIND DNSSEC Root Keys"
	depends="$depends_root_keys"

	local _dir _file _link
	_dir="usr/share/${_root_keys_upstream}"
	_file="${pkgname}-${_root_keys_upstream}.keys"
	_link="${pkgdir}/etc/bind/bind.keys"

	mkdir -p "${subpkgdir}/${_dir}"
	cd "${subpkgdir}/${_dir}"

	mv "$_link" "$_file"
	ln -s "$_file" bind.keys

	ln -s "../../${_dir}/${_file}" "$_link"
}

# TODO: remove when abuild is sufficiently upgraded
libs() {
	depends="$depends_libs"
	default_libs
}


gpg_signature_extensions="sha512.asc"
gpgfingerprints="
	good:AE3F AC79 6711 EC59 FC00  7AA4 74BB 6B9A 4CBB 3D38
	BE0E 9748 B718 253A 28BB  89FF F1B1 1BF0 5CF0 2E57
	"

sha512sums="eb52760982ebd246e6e1945684771193fc7364324a6d6a95a0cae33afa0a4fa24ffe8313b5f9094420c7c2ec932b1b1a9fb19f6e673ff3c5583ab5e3ff04eb6a  bind-9.14.8.tar.gz
2b32d1e7f62cd1e01bb4fdd92d15460bc14761b933d5acc463a91f5ecd4773d7477c757c5dd2738e8e433693592cf3f623ffc142241861c91848f01aa84640d6  bind.plugindir.patch
7167dccdb2833643dfdb92994373d2cc087e52ba23b51bd68bd322ff9aca6744f01fa9d8a4b9cd8c4ce471755a85c03ec956ec0d8a1d4fae02124ddbed6841f6  bind.so_bsdcompat.patch
53db80f7ee4902f42fb1d0bc959242bcb6f20d95256bda99ce2c206af8b4703c7f72bb26d026c633f70451b84a37c3946b210951e34dd5d6620b181cd0183de4  named.initd
127bdcc0b5079961f0951344bc3fad547450c81aee2149eac8c41a8c0c973ea0ffe3f956684c6fcb735a29c43d2ff48c153b6a71a0f15757819a72c492488ddf  named.confd
d2f61d02d7829af51faf14fbe2bafe8bc90087e6b6697c6275a269ebbddcaa14a234fff5c41da793e945e8ff1de3de0858a40334e0d24289eab98df4bb721ac5  named.conf.authoritative
3aba9763cfaf0880a89fd01202f41406b465547296ce91373eb999ea7719040bc1ac4e47b0de025a8060f693d3d88774a20d09a43fa7ac6aa43989b58b5ee8fe  named.conf.recursive
eed9886717539399518e011ae5eae6335aed4fae019e1def088c5be26bdc896c99c07adf84ee61babafa31d31ff3b028263d1c88d2eee17ecf4c95a9d77d524c  127.zone
340e86472a2c2746fe585c0aa5f079d3a9b46e828c1f53d48026533a169b7f77ded7d0a13d291d6962607bb9481456e6fa69df1834603e7555332615fb998f0b  localhost.zone"
