# Contributor: Vladyslav Frolov <frolvlad@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=freeradius
pkgver=3.0.20
pkgrel=8
pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
url="https://freeradius.org/"
arch="all"
license="GPL-2.0-or-later"
makedepends="
	autoconf
	automake
	bash
	curl-dev
	gdbm-dev
	hiredis-dev
	json-c-dev
	krb5-dev
	libpcap-dev
	libtool
	linux-headers
	linux-pam-dev
	mariadb-connector-c-dev
	net-snmp-tools
	openldap-dev
	openssl-dev
	perl-dev
	postgresql-dev
	python3-dev
	readline-dev
	sqlite-dev
	talloc-dev
	unixodbc-dev
	"
pkggroups="radius"
pkgusers="radius"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
subpackages="
	$pkgname-dbg
	$pkgname-doc
	$pkgname-static
	$pkgname-dev
	$pkgname-eap
	$pkgname-ldap
	$pkgname-dhcp
	$pkgname-lib
	$pkgname-mssql
	$pkgname-mysql
	$pkgname-sql
	$pkgname-perl
	$pkgname-postgresql
	$pkgname-python3
	$pkgname-radclient
	$pkgname-sqlite
	$pkgname-unixodbc
	$pkgname-pam
	$pkgname-krb5
	$pkgname-rest
	$pkgname-redis
	$pkgname-checkrad
	$pkgname-utils
	"
provides="freeradius3=$pkgver-r$pkgrel"
source="ftp://ftp.freeradius.org/pub/freeradius/$pkgname-server-$pkgver.tar.gz
	$pkgname.logrotated
	radiusd.confd
	radiusd.initd
	setup-freeradius.in
	print-var.mk

	musl-fix-headers.patch
	fix-scopeid.patch
	default-config.patch
	remove-eap-from-default-mods.patch
	readme-setup-script.patch
	Fix-permissions-of-certs-in-bootstrap-fallback.patch
	fix-request_running-segfault.patch
	"
builddir="$srcdir/$pkgname-server-$pkgver"

# secfixes:
#   3.0.19-r3:
#     - CVE-2019-10143
#   3.0.19-r0:
#     - CVE-2019-11234
#     - CVE-2019-11235

_radconfdir="/etc/raddb"
_radmodsdir="$_radconfdir/mods-available"
_radlibdir="/usr/lib/freeradius"
_radmodsconfdir="$_radconfdir/mods-config"
ldpath="$_radlibdir"

prepare() {
	default_prepare
	update_config_sub

	local default_mods
	default_mods=$(make -f "$srcdir"/print-var.mk -f raddb/all.mk \
		print-DEFAULT_MODULES 2>/dev/null)
	sed "s|@@DEFAULT_MODULES@@|$default_mods|" \
		"$srcdir"/setup-freeradius.in > setup-freeradius
}

build() {
	# freeradius requries json.h to be in a dir called 'json'. We fool
	# the configure script with a symlink pointing to proper location.
	ln -s /usr/include/json-c json

	./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--localstatedir=/var \
		--datarootdir=/usr/share \
		--libdir="$_radlibdir" \
		--with-logdir=/var/log/radius \
		--with-radacctdir=/var/log/radius/radacct \
		--with-system-libtool \
		--with-system-libltdl \
		--with-shared-libs \
		--with-udpfromto \
		--with-rlm_sql_sqlite \
		--with-rlm_sql_postgresql \
		--with-rlm_sql_mysql \
		--with-rlm_krb5 \
		--with-rlm_rest \
		--with-rlm_redis \
		--with-rlm_rediswho \
		--with-modules="rlm_python3" \
		--without-rlm_eap_tnc \
		--without-rlm_eap_ikev2 \
		--without-rlm_sql_iodbc \
		--without-rlm_sql_oracle \
		--without-rlm_yubikey \
		--without-rlm_ykclient \
		--with-jsonc-include-dir="$PWD"

	make -j1 LDFLAGS="$LDFLAGS -lssl"
}

package() {
	install -d -m0750 -o root -g radius \
		"$pkgdir"$_radconfdir

	install -d -m0750 -o radius -g radius \
		"$pkgdir"/var/cache/radiusd \
		"$pkgdir"/var/lib/radiusd \
		"$pkgdir"/var/log/radius \
		"$pkgdir"/var/log/radius/radacct

	PACKAGE=yes make -j1 R="$pkgdir" install

	chown -R root:radius "$pkgdir"/etc/raddb/*

	# Ensure that files generated by Makefile or bootstrap scripts are
	# readable by the radiusd daemin.
	chmod 2750 "$pkgdir"/etc/raddb/certs

	install -m755 -D "$srcdir"/radiusd.initd "$pkgdir"/etc/init.d/radiusd
	install -m644 -D "$srcdir"/radiusd.confd "$pkgdir"/etc/conf.d/radiusd
	install -m644 -D "$srcdir"/$pkgname.logrotated "$pkgdir"/etc/logrotate.d/$pkgname
	install -m755 -D setup-freeradius "$pkgdir"/usr/sbin/setup-freeradius

	# Install misses to create this
	mkdir -p "$pkgdir"$_radmodsconfdir/sql/ippool-dhcp/postgresql

	# Default modules are enabled by post-install script.
	# The reason for this is that when we include these symlinks
	# in the package, the user basically cannot permanently disable any
	# default module by removing the symlink because apk will install them
	# back on every upgrade of the package.
	rm -f "$pkgdir"$_radconfdir/mods-enabled/*

	# Remove unneeded and unused stuff (e.g. for disabled modules).

	rm -f "$pkgdir"/usr/sbin/rc.radiusd
	rm -f "$pkgdir"$_radlibdir/rlm_test.so
	rm -f "$pkgdir"$_radconfdir/experimental.conf

	# https://github.com/FreeRADIUS/freeradius-server/issues/1734#issuecomment-247848277
	rm -f "$pkgdir"/usr/bin/dhcpclient
	rm -f "$pkgdir"/usr/share/man/man1/dhcpclient.1*

	cd "$pkgdir"$_radmodsdir
	rm -f couchbase python unbound yubikey

	cd "$pkgdir"$_radmodsconfdir
	rm -rf sql/*/mongo
	rm -rf sql/*/oracle
	rm -rf unbound

	cd "$pkgdir"$_radconfdir/sites-available
	rm -f abfab* *.orig

	cd "$pkgdir"$_radconfdir/policy.d
	rm -f abfab*
}

eap() {
	pkgdesc="EAP module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-eap=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_eap*.so $_radlibdir/libfreeradius-eap.so
	amove usr/bin/radeapclient

	amove $_radmodsdir/eap $_radmodsdir/inner-eap
	amove $_radconfdir/sites-available/check-eap-tls
	_enable_mod eap
}

ldap() {
	pkgdesc="LDAP module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-ldap=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_ldap*
	amove $_radmodsdir/ldap
	_enable_mod ldap
}

krb5() {
	pkgdesc="Kerberos module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-krb5=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_krb5*
	amove $_radmodsdir/krb5
	_enable_mod krb5
}

dhcp() {
	pkgdesc="DHCP module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"

	amove $_radlibdir/*_dhcp.so $_radlibdir/libfreeradius-dhcp.so
	amove $_radmodsdir/dhcp
	amove $_radconfdir/sites-available/dhcp
	_enable_mod dhcp
}

lib() {
	pkgdesc="Freeradius shared libraries"
	depends=""

	amove $_radlibdir/libfreeradius-*.so
	amove usr/share/freeradius/*
}

sql() {
	pkgdesc="SQL module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-sql=$pkgver-r$pkgrel"

	local lib; for lib in sql sqlippool sql_null sqlcounter; do
		amove $_radlibdir/rlm_$lib.so
	done

	amove $_radconfdir/sites-available/buffered-sql
	amove $_radmodsdir/*sql*
	_enable_mod sql
}

mysql() {
	pkgdesc="MySQL module for FreeRADIUS server"
	depends="freeradius-sql=$pkgver-r$pkgrel"
	provides="freeradius3-mysql=$pkgver-r$pkgrel"

	_mvdb mysql
	amove $_radmodsconfdir/sql/*/ndb
}

mssql() {
	pkgdesc="MSSQL module for FreeRADIUS server"
	depends="freeradius-sql=$pkgver-r$pkgrel"
	provides="freeradius3-mssql=$pkgver-r$pkgrel"

	amove $_radmodsconfdir/sql/main/mssql
}

perl() {
	pkgdesc="Perl module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel perl"
	provides="freeradius3-perl=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_perl*
	amove $_radconfdir/mods-available/perl
	amove $_radmodsconfdir/perl
	_enable_mod perl
}

checkrad() {
	pkgdesc="Check if a user is (still) logged in on a certain port"
	depends="perl perl-net-telnet perl-snmp-session net-snmp-tools"

	amove usr/sbin/checkrad
}

postgresql() {
	pkgdesc="PostgreSQL module for FreeRADIUS server"
	depends="freeradius-sql=$pkgver-r$pkgrel"
	provides="freeradius3-postgresql=$pkgver-r$pkgrel"

	_mvdb postgresql
}

python3() {
	depends="freeradius=$pkgver-r$pkgrel"
	pkgdesc="Python 3 module for FreeRADIUS server"

	amove $_radlibdir/rlm_python*
	amove $_radmodsdir/python3
	amove $_radmodsconfdir/python3
	_enable_mod python3
}

radclient() {
	pkgdesc="Client for FreeRADIUS server"
	depends=""
	provides="freeradius3-radclient=$pkgver-r$pkgrel"

	amove usr/bin/radclient
}

sqlite() {
	pkgdesc="SQLite module for FreeRADIUS server"
	depends="freeradius-sql=$pkgver-r$pkgrel"
	provides="freeradius3-sqlite=$pkgver-r$pkgrel"

	_mvdb sqlite
}

unixodbc() {
	pkgdesc="ODBC module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-unixodbc=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_sql_unixodbc.so
}

pam() {
	pkgdesc="PAM module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"
	provides="freeradius3-pam=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_pam*
	amove $_radmodsdir/pam
	_enable_mod pam
}

rest() {
	pkgdesc="REST module for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_rest*
	amove $_radmodsdir/rest
	_enable_mod rest
}

redis() {
	pkgdesc="Redis modules for FreeRADIUS server"
	depends="freeradius=$pkgver-r$pkgrel"

	amove $_radlibdir/rlm_redis*
	amove $_radmodsdir/redis*
	_enable_mod redis
}

utils() {
	pkgdesc="FreeRADIUS utilities"
	depends="freeradius=$pkgver-r$pkgrel"

	amove usr/bin/*
}

_mvdb() {
	amove $_radmodsconfdir/sql/*/$1
	amove $_radlibdir/rlm_sql_$1.so
}

_enable_mod() {
	mkdir -p "$subpkgdir"$_radconfdir/mods-enabled
	ln -s ../mods-available/$1 "$subpkgdir"$_radconfdir/mods-enabled/$1
}

sha512sums="513ed0a5d9e6b9a8d89a9b02c86ff528a9ff14d928f4c1040ca44702465abd711588fe6afa35554cb2c8e8bd7f19dd5be3dbc78445c62c7b00bf5cbc4c621312  freeradius-server-3.0.20.tar.gz
c3ae1ee6bd7743f883310612ba2c20c6ff7f288fedc308735df05b097ecb2f7fa4d1679b844e262757808978c7bb2d7630b99e4b87ce6d6ba7f84013f9c49f1d  freeradius.logrotated
bb3df1fa2c9ed95514ae090e0f6619c4e3280f424c4351bc79f5254bf1a327fa7d27e5fe3add5ab8d9e5ba3792c9553bd9a0481fe9c5bc34945ce46627ef2638  radiusd.confd
a66ab5d3f1c86450e9c50aa8be10a40fb4118467670048773ad8c80b5f3fb958dd3addc6ef245289d93ce2b184ce2c9882a8a2585d4a134d55c2326c9559f558  radiusd.initd
9f6a4f76fd06e81cfcfe4536f1f8be494634b07e548a6f7e651e5501aded24b030ed7d57dbdc867ae0eb39ee4a090234c4122a89bed84c13733c77de36b9c2cf  setup-freeradius.in
5f940e200aa39b2fbbfaf5b24f2ad99869fa75bb7e2008876940ea96cb9dbc7f2b27dd1672aa56cdb5243faabdcbc38875594dd8792af965987183c0aa2aefd1  print-var.mk
c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d  musl-fix-headers.patch
41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234  fix-scopeid.patch
c266718d830076423c19a31c608a925ec664156ef2da87c97166d376b16f4582e7f8adebd9c8e3ef51b24da0ca3252f00b557ed9ee9dd8325d8a6a317f4e3ed1  default-config.patch
f96b7b2e0fc614cb8b70bd500933538e98e05b58718af931a62bc7ba2307600cf8c2a8a99de856ad2e18101dd5bfe95c50ee34de20eef21ba0ad795577a6619b  remove-eap-from-default-mods.patch
55e179d5e6b31d289c2da7f907e494a6a6f5900483fdff8d3bb25ee15a583b8705942eca1f0d5390e91376966e66e457dce9b2cf1a1f61c8eac6d8fb825404dd  readme-setup-script.patch
f88cb4ae335d67211c8563b6df88e20ee3729e57aa56423f99b518f83b190479b38bb189a0ab53c70ef9709a6229ccaa506ea6b79844cbfd4f2a7f0c7c292045  Fix-permissions-of-certs-in-bootstrap-fallback.patch
7ddf75901f635216b0d972c14631334a8138e0dbb021685bb6b3a996f38d232b84146c621dae541b00f6149fa401e835d1579bbacd27fad72a80bacd4391b404  fix-request_running-segfault.patch"
