package nspr {
	description = "nspr source tree"
	anitya = 7953
	exclude

	version := "4.39"
	output = remoteTar {
		url = "https://ftp.mozilla.org/pub/nspr/releases/v${version}/src/nspr-${version}.tar.gz"
		checksum = "lgIlqiItMBCRTuz8griNqxtJzNBAoZU1020EVR94X2IiZpJ-NgLXouF7m1knNlDs"
		compress = gzip
	}
}

package nss {
	description = "Network Security Services"
	website = "https://firefox-source-docs.mozilla.org/security/nss/index.html"
	anitya = 2503

	version := "3.124"
	source = remoteGitHub {
		suffix = "nss-dev/nss"
		tag = "NSS_"+join(split(version, ".", 3), "_")+"_RTM"
		checksum = "p_TFOmKxMVV-ZHRY0QwzEReUOxSRjEExpWIuoA3Bzxj50uNCS8EgqfzcpaiGAkr6"
	}
	extra = [ nspr ]

	enterSource
	writable
	chmod
	early = "ln -s extra/nspr/nspr /usr/src/nspr"

	exec = make {
		omitDefaults
		skipConfigure
		inPlace

		make = [
			"CCC=clang++"
			"NSDISTMODE=copy"
			"BUILD_OPT=1"
			"USE_64=1"
			"nss_build_all"
		]
		skipCheck
		install = r`cp -r \
		           /usr/src/dist/. \
		           lib/ckfw/builtins/certdata.txt \
		           /work/`
	}

	inputs = [
		perl
		python
		gawk
		coreutils

		zlib
		kernel-headers
	]

	runtime = [ zlib ]
}

package nss-cacert {
	description = "bundle of X.509 certificates of public Certificate Authorities"
	website = "https://curl.se/docs/caextract.html"
	version = unversioned

	source = nss

	enterSource
	exec = generic {
		inPlace
		build = r`mkdir -p /work/system/etc/ssl/{certs/unbundled,certs/hashed,trust-source}
		         buildcatrust \
		            --certdata_input certdata.txt \
		            --ca_bundle_output /work/system/etc/ssl/certs/ca-bundle.crt \
		            --ca_standard_bundle_output /work/system/etc/ssl/certs/ca-no-trust-rules-bundle.crt \
		            --ca_unpacked_output /work/system/etc/ssl/certs/unbundled \
		            --ca_hashed_unpacked_output /work/system/etc/ssl/certs/hashed \
		            --p11kit_output /work/system/etc/ssl/trust-source/ca-bundle.trust.p11-kit`
	}

	inputs = [
		bash

		buildcatrust
	]
}