# $Id: Portfile 117895 2014-03-16 16:53:32Z landonf@macports.org $

PortSystem		1.0

name			certsync
version			1.0.7
categories		security
conflicts		curl-ca-bundle
maintainers		landonf openmaintainer
description		Export x509 CAs from the Mac OS X Keychain.
long_description	The package implements exporting of x509 CAs from \
			the Mac OS X keychain, for use by OpenSSL and gnutls.
homepage		http://www.macports.org
license			MIT
platforms		darwin

installs_libs		no

distfiles

extract.mkdir		yes
post-extract {
	xinstall -m 644 -W ${filespath} certsync.m compat.h certsync.plist update-ca-certificates ${worksrcpath}
}

post-patch {
	reinplace "s|@PREFIX@|${prefix}|g" \
		${worksrcpath}/update-ca-certificates \
		${worksrcpath}/certsync.plist

	reinplace "s|@LABEL@|${startupitem.uniquename}|g" ${worksrcpath}/certsync.plist
}

use_configure		no

variant universal {}

# We inject our own launchd plist to allow the use of WatchPaths
startupitem.create	no
startupitem.autostart	yes

build {
	system -W ${worksrcpath} "${configure.objc} \
		${configure.objcflags} \
		-mmacosx-version-min=10.4 \
		-Wall \
		certsync.m -o certsync \
		${configure.ldflags} \
		[get_canonical_archflags ld] \
		-framework Foundation -framework Security -framework CoreServices"
}

destroot {
	# Install the binaries
	xinstall -m 755 -W ${worksrcpath} certsync ${destroot}${prefix}/libexec
	xinstall -m 755 -W ${worksrcpath} update-ca-certificates ${destroot}${prefix}/bin

	# Install our custom plist
	set launchd_dir "${prefix}/etc/${startupitem.location}/${startupitem.uniquename}"
	xinstall -m 755 -d ${destroot}/${launchd_dir}
	xinstall -m 644 -W ${worksrcpath} certsync.plist  ${destroot}/${launchd_dir}/${startupitem.plist}

	if {[getuid] == 0 && ${startupitem.install} != "no"} {
		file mkdir "${destroot}/Library/${startupitem.location}"
		ln -sf "${launchd_dir}/${startupitem.plist}" "${destroot}/Library/${startupitem.location}"
	}

	# Provide backwards compatibility with curl-ca-bundle
	xinstall -d "${destroot}${prefix}/share/curl"
	ln -s ${prefix}/etc/openssl/cert.pem ${destroot}${prefix}/share/curl/curl-ca-bundle.crt
}

post-activate {
	system "${prefix}/bin/update-ca-certificates"
}

pre-deactivate {
	delete "${prefix}/etc/openssl/cert.pem"
}
