# $Id: Portfile 106085 2013-05-14 16:26:09Z landonf@macports.org $

PortSystem 1.0
name			certsync
version			1.0.3
categories		security
conflicts		curl-ca-bundle
maintainers		landonf openmaintainer
description		Export x509 CAs from the Mac OS X Keychain.
long_description	The package implements exporting of x509 CAs from \
			the Mac OS X keychain, for use by OpenSSL and gnutls.
homepage		http://www.macports.org
platforms		darwin

distfiles

use_configure no

variant universal {}

# TODO: Ideally this would be run by default, rather than
# requiring 'port load'. It doesn't run any network services, but rather,
# simply ensures that the certificate store is always up-to-date.
startupitem.create yes
startupitem.start "${prefix}/bin/certsync -s -o '${prefix}/etc/openssl/cert.pem'"

build {
	file mkdir "${worksrcpath}"
	system "${configure.objc} \
		${configure.objcflags} \
		-mmacosx-version-min=10.6 \
		-Wall \
		${filespath}/certsync.m -o ${worksrcpath}/certsync \
		${configure.ldflags} \
		[get_canonical_archflags ld] \
		-framework Foundation -framework Security -framework CoreServices"
	file copy "${filespath}/update-ca-certificates" "${worksrcpath}/update-ca-certificates"
	reinplace "s|@PREFIX@|${prefix}|g" "${worksrcpath}/update-ca-certificates"
}

destroot {
	xinstall -d "${destroot}${prefix}/bin"
	xinstall -m 755 "${worksrcpath}/certsync" "${destroot}${prefix}/bin/certsync"
	xinstall -m 755 "${worksrcpath}/update-ca-certificates" "${destroot}${prefix}/bin/update-ca-certificates"

	# Provide backwards compatibility with curl-ca-bundle
	xinstall -d "${destroot}${prefix}/share/curl"
	ln -s ${prefix}/etc/openssl/cert.pem ${destroot}${prefix}/share/curl/curl-ca-bundle.crt
}

post-activate {
	system "${prefix}/bin/update-ca-certificates"
}

pre-deactivate {
	delete "${prefix}/etc/openssl/cert.pem"
}
