## Contributor: nikicat <develniks at gmail dot com>
# Contributor: danilo <gezuru at gmail dot com>
# Contributor: Jason Begley <jayray at digitalgoat dot com>
# Contributor: Ray Kohler <ataraxia937 at gmail dot com>
# Contributor: Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com>
# Contributor: 458italia <svenskaparadox [at] gmail dot com>
# Contributor: Thermi <noel [at] familie-kuntze dot com>
# Former maintainer: dkorzhevin <dkorzhevin at gmail dot com>
# Maintainer: Thermi <noel [at] familie-kuntze dot com>

pkgname=strongswan
pkgver=5.2.2
pkgrel=2
pkgdesc="IPsec-based VPN Solution"
url='http://www.strongswan.org'
license=("GPL")
arch=('i686' 'x86_64' 'mips64el')
depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite')
makedepends=('ldns' 'unbound' 'networkmanager' 'libnm-glib')
optdepends=('unbound: dns resolver plugin'
            'networkmanager: nm backend')
conflicts=('openswan')
options=(!libtool)
backup=(etc/ipsec.conf etc/strongswan.conf)
validpgpkeys=('948F158A4E76A27BF3D07532DF42C170B34DBA77')

source=(
	http://download.strongswan.org/strongswan-${pkgver}.tar.bz2{,.sig}
	# needed because of #814
	configure.patch::https://wiki.strongswan.org/attachments/download/586/configure.patch
	# needed because of #819
	invalid-proto-id.patch::https://wiki.strongswan.org/attachments/download/578/0001-ikev1-Set-protocol-ID-and-SPIs-in-INITIAL-CONTACT-no.patch
  # needed for charon-systemd.user and charon-systemd.group support (see #887)    
	charon-systemd.patch::https://wiki.strongswan.org/projects/strongswan/repository/revisions/f3c8332220f5be450199b909d4823cc1627bf47d/diff?format=diff
	charon-systemd-load.patch::'http://git.strongswan.org/?p=strongswan.git;a=patch;h=d2f4345b0361d57e54e7cdd3ae2abfba20429f1f'
	missing-semicolon.patch::https://wiki.strongswan.org/projects/strongswan/repository/revisions/9c3c41f29bf5772626abde71f52c57c05e59fa94/diff/src/charon-systemd/charon-systemd.c?format=diff
)
sha256sums=('cf2fbfdf200a5eced796f00dc11fea67ce477d38c54d5f073ac6c51618b172f4'
            'SKIP'
            '75f372ee1ed650100aad3e42871485710d00a764725849b1cd4b4d46946ad7bf'
            '50fc25bd151ecc9d617f699e5b7436c5aef57fdc92dc5bf2728b3d36173e8b27'
            '2e147333056bb0e22e18f3b3e59b8b923d06855f23d8f6c9125391069e164c6d'
            '36c5382ea1e8c24f9ef3aeddd7b9a2bae7daed4f67df76ce7f60064decdd7c3e'
            '5d4f3b4f6525a36159d983c428c647656ca34f49fa9a8433792a3ae3c1a221d7')

# We don't build libipsec because it would get loaded before kernel-netlink and netkey, which
# would case processing to be handled in user space. Also, the plugin is experimental. If you need it,
# add --enable-libipsec and --enable-kernel-libipsec
prepare() {
  cd ${srcdir}/strongswan-${pkgver}
  patch -p1 < ${srcdir}/invalid-proto-id.patch
  patch -p1 < ${srcdir}/charon-systemd.patch
  patch -p1 < ${srcdir}/charon-systemd-load.patch
  patch -p1 < ${srcdir}/missing-semicolon.patch
  patch -p0 < ${srcdir}/configure.patch
}

build() {
  cd ${srcdir}/${pkgname}-${pkgver}

  ./configure --prefix=/usr \
        --sbindir=/usr/bin \
        --sysconfdir=/etc \
        --libexecdir=/usr/lib \
        --disable-static \
        --with-ipsecdir=/usr/lib/strongswan \
        --with-systemdsystemunitdir=/usr/lib/systemd/system \
        --enable-sqlite \
        --enable-openssl --enable-curl \
        --enable-sql --enable-attr-sql \
        --enable-farp --enable-dhcp \
        --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym \
        --enable-eap-simaka-reauth --enable-eap-identity --enable-eap-md5 \
        --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \
        --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \
        --enable-ha --enable-vici --enable-swanctl --enable-systemd --enable-ext-auth \
        --disable-mysql --disable-ldap -enable-cmd --enable-nm
  make
}

package() {
  cd "${srcdir}/${pkgname}-${pkgver}"
  make DESTDIR=${pkgdir} install
}