package rosa

import (
	"hakurei.app/internal/pkg"
)

func (t Toolchain) newNSS() pkg.Artifact {
	const (
		version  = "3_120"
		checksum = "9M0SNMrj9BJp6RH2rQnMm6bZWtP0Kgj64D5JNPHF7Cxr2_8kfy3msubIcvEPwC35"

		version0  = "4_38_2"
		checksum0 = "25x2uJeQnOHIiq_zj17b4sYqKgeoU8-IsySUptoPcdHZ52PohFZfGuIisBreWzx0"
	)
	return t.New("nss-"+version, 0, []pkg.Artifact{
		t.Load(Make),
		t.Load(Perl),
		t.Load(Python),

		t.Load(Zlib),
		t.Load(KernelHeaders),
	}, nil, nil, `
unzip /usr/src/nspr.zip -d /usr/src
mv '/usr/src/nspr-NSPR_`+version0+`_RTM' /usr/src/nspr

chmod -R +w /usr/src/nss
cd /usr/src/nss

make \
	"-j$(nproc)" \
	CCC="clang++" \
	NSDISTMODE=copy \
	BUILD_OPT=1 \
	USE_64=1 \
	nss_build_all
mkdir -p /work/system/nss
cp -r \
	/usr/src/dist/. \
	lib/ckfw/builtins/certdata.txt \
	/work/system/nss
`, pkg.Path(AbsUsrSrc.Append("nss"), true, pkg.NewHTTPGetTar(
		nil, "https://github.com/nss-dev/nss/archive/refs/tags/"+
			"NSS_"+version+"_RTM.tar.gz",
		mustDecode(checksum),
		pkg.TarGzip,
	)), pkg.Path(AbsUsrSrc.Append("nspr.zip"), false, pkg.NewHTTPGet(
		nil, "https://hg-edge.mozilla.org/projects/nspr/archive/"+
			"NSPR_"+version0+"_RTM.zip",
		mustDecode(checksum0),
	)))
}
func init() { artifactsF[NSS] = Toolchain.newNSS }

func (t Toolchain) newBuildCATrust() pkg.Artifact {
	const version = "0.4.0"
	return t.newViaPip("buildcatrust", version, "none", "any",
		"k_FGzkRCLjbTWBkuBLzQJ1S8FPAz19neJZlMHm0t10F2Y0hElmvVwdSBRc03Rjo1",
		"https://github.com/nix-community/buildcatrust/"+
			"releases/download/v"+version+"/")
}
func init() { artifactsF[buildcatrust] = Toolchain.newBuildCATrust }

func (t Toolchain) newNSSCACert() pkg.Artifact {
	return t.New("nss-cacert", 0, []pkg.Artifact{
		t.Load(Python),

		t.Load(NSS),
		t.Load(buildcatrust),
	}, nil, nil, `
mkdir -p /work/etc/ssl/{certs/unbundled,certs/hashed,trust-source}
buildcatrust \
	--certdata_input /system/nss/certdata.txt \
	--ca_bundle_output /work/etc/ssl/certs/ca-bundle.crt \
	--ca_standard_bundle_output /work/etc/ssl/certs/ca-no-trust-rules-bundle.crt \
	--ca_unpacked_output /work/etc/ssl/certs/unbundled \
	--ca_hashed_unpacked_output /work/etc/ssl/certs/hashed \
	--p11kit_output /work/etc/ssl/trust-source/ca-bundle.trust.p11-kit
`)
}
func init() { artifactsF[NSSCACert] = Toolchain.newNSSCACert }