package rosa

import (
	"strings"

	"hakurei.app/internal/pkg"
)

func (t Toolchain) newNSS() (pkg.Artifact, string) {
	const (
		version  = "3.121"
		checksum = "MTS4Eg-1vBN3T7gdUAdNO0y_e9x9BE3f_k_DHdM_BIovc7y57vhsZTfB5f6BeQfi"

		version0  = "4_38_2"
		checksum0 = "25x2uJeQnOHIiq_zj17b4sYqKgeoU8-IsySUptoPcdHZ52PohFZfGuIisBreWzx0"
	)
	return t.NewPackage("nss", version, pkg.NewHTTPGetTar(
		nil, "https://github.com/nss-dev/nss/archive/refs/tags/"+
			"NSS_"+strings.Join(strings.SplitN(version, ".", 2), "_")+"_RTM.tar.gz",
		mustDecode(checksum),
		pkg.TarGzip,
	), &PackageAttr{
		Paths: []pkg.ExecPath{
			pkg.Path(AbsUsrSrc.Append("nspr.zip"), false, pkg.NewHTTPGet(
				nil, "https://hg-edge.mozilla.org/projects/nspr/archive/"+
					"NSPR_"+version0+"_RTM.zip",
				mustDecode(checksum0),
			)),
		},

		// uses source tree as scratch space
		Writable: true,
		Chmod:    true,

		ScriptEarly: `
unzip /usr/src/nspr.zip -d /usr/src
mv '/usr/src/nspr-NSPR_` + version0 + `_RTM' /usr/src/nspr
`,
	}, &MakeHelper{
		OmitDefaults:  true,
		SkipConfigure: true,
		InPlace:       true,

		SkipCheck: true,
		Make: []string{
			"CCC=clang++",
			"NSDISTMODE=copy",
			"BUILD_OPT=1",
			"USE_64=1",
			"nss_build_all",
		},
		Install: `
mkdir -p /work/system/nss
cp -r \
	/usr/src/dist/. \
	lib/ckfw/builtins/certdata.txt \
	/work/system/nss
`,
	},
		Perl,
		Python,
		Unzip,
		Gawk,
		Coreutils,

		Zlib,
		KernelHeaders,
	), version
}
func init() {
	artifactsM[NSS] = Metadata{
		f: Toolchain.newNSS,

		Name:        "nss",
		Description: "Network Security Services",
		Website:     "https://firefox-source-docs.mozilla.org/security/nss/index.html",

		ID: 2503,
	}
}

func init() {
	const version = "0.4.0"
	artifactsM[buildcatrust] = newViaPip(
		"buildcatrust",
		"transform certificate stores between formats",
		version, "none", "any",
		"k_FGzkRCLjbTWBkuBLzQJ1S8FPAz19neJZlMHm0t10F2Y0hElmvVwdSBRc03Rjo1",
		"https://github.com/nix-community/buildcatrust/"+
			"releases/download/v"+version+"/",
	)
}

func (t Toolchain) newNSSCACert() (pkg.Artifact, string) {
	return t.New("nss-cacert", 0, []pkg.Artifact{
		t.Load(Bash),
		t.Load(Python),

		t.Load(NSS),
		t.Load(buildcatrust),
	}, nil, nil, `
mkdir -p /work/system/etc/ssl/{certs/unbundled,certs/hashed,trust-source}
buildcatrust \
	--certdata_input /system/nss/certdata.txt \
	--ca_bundle_output /work/system/etc/ssl/certs/ca-bundle.crt \
	--ca_standard_bundle_output /work/system/etc/ssl/certs/ca-no-trust-rules-bundle.crt \
	--ca_unpacked_output /work/system/etc/ssl/certs/unbundled \
	--ca_hashed_unpacked_output /work/system/etc/ssl/certs/hashed \
	--p11kit_output /work/system/etc/ssl/trust-source/ca-bundle.trust.p11-kit
`), Unversioned
}
func init() {
	artifactsM[NSSCACert] = Metadata{
		f: Toolchain.newNSSCACert,

		Name:        "nss-cacert",
		Description: "bundle of X.509 certificates of public Certificate Authorities",
		Website:     "https://curl.se/docs/caextract.html",
	}
}