# Maintainer: Luke R. <g4jc@openmailbox.org> GPG: rsa4096/3EAE8697
# Contributor: Marti Raudsepp <marti@juffo.org>
# Contributor: mutantmonkey <aur@mutantmonkey.in>

pkgname=tcpcrypt
pkgver=0.3
pkgrel=1
pkgdesc="Transparent user space implementation for the tcpcrypt TCP extensions"
arch=(i686 x86_64)
url="http://tcpcrypt.org/"
license=('BSD')
depends=('libnetfilter_queue' 'openssl' 'iptables')
makedepends=('git' 'sed')
provides=('tcpcrypt')
conflicts=('tcpcrypt')
source=('https://github.com/scslab/tcpcrypt/archive/v0.3-rc1.tar.gz'
'PKGBUILD.sig'
'PKGBUILD'
'tcpcrypt.service')
validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key
sha512sums=('53fcbe63bd0cd65d50341312972f393620058269cf027d283ca033392d6582cf7c0a4478ec21e37f5dd24b62381aa33915179e235e204c3be9243428a0744fa7'
'SKIP'
'SKIP'
'eb13ebcbe5cf30d7f28cedf1c3f911904860f30eba589ef58400634b3622c0de0e1209d4dd82f903e3f165dd2fb48751f0bbdc0473ff57ed88fbdba7d82ef039')

pkgver() {
tar -ztvf $pkgname-$pkgver.tar.gz | head -n1 | awk '{print $6}' | sed "s/tcpcrypt-//" | sed "s/\///" # get latest version number
}

prepare() {
  cd $_gitname
## TO-DO Reinsert patch for systemd here.
}

build() {
  gpg --verify PKGBUILD.sig PKGBUILD
  echo "Note: If the GPG verification fails, import the PKGBUILD maintainer's GPG key. See: https://wiki.parabola.nu/GnuPG#Import_key"
  whirlpoolsum=('e2573f8f1d5568c9c8f863975f3c02159821aa5c6c3a35d45398eaa84e229e7c24135c0466cfb71ee3bd7132097e29f8afcb43cb60bfb0d7f2a01237c33d5320')
  [[ "$(openssl dgst -r -whirlpool $pkgname-$pkgver-rc1.tar.gz | awk '{print $1}')" = ${whirlpoolsum} ]] && echo "Whirlpool checksum passed." || { echo "Whirlpool checksum failed!!" ;  exit 1; } # This is an added security layer. If SHA512 for some unlikely reason fails, whirlpool will check and abort if it too fails to match.
  cd $pkgname-$pkgver
  ./configure --prefix=/usr
  make
}

package() {
  cd $srcdir/$pkgname-$pkgver-rc1
  sed -i 's.TCPCRYPTD=`dirname $0`/src/tcpcryptd.TCPCRYPTD=/usr/local/bin/tcpcryptd\ -f\ -C\ aes.g' launch_tcpcryptd.sh   # Makes it so we can use the test launcher script in /usr/bin as well as skip the built-in test and use AES.
  sed -i 's.OMIT_PORTS="22.OMIT_PORTS= # "22.g' launch_tcpcryptd.sh # Make it run on ALL ports
  cd $srcdir/$pkgname-$pkgver
  make DESTDIR=$pkgdir install

  install -Dm644 $srcdir/$pkgname-$pkgver-rc1/LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
  install -Dm644 $srcdir/$pkgname-$pkgver-rc1/launch_tcpcryptd.sh $pkgdir/usr/bin/launch_tcpcryptd.sh
  install -Dm644 "$srcdir"/tcpcrypt.service "$pkgdir"/usr/lib/systemd/system
}