# Maintainer: Aqua-sama <aqua@iserlohn-fortress.net>

pkgname=smolbote-git
pkgdesc='Yet another no-frills browser'

pkgver=r0
pkgrel=1

url="https://neueland.iserlohn-fortress.net/smolbote"
install="smolbote.install"

arch=('x86_64')
license=('GPL3')

depends=('qt5-webengine>=5.11.0' 'boost-libs>=1.66.0')
optdepends=('firejail: launch a sandboxed instance')
makedepends=('git' 'meson' 'boost' 'python-kconfiglib' 'openssl')

# this is the central repository
source=("git+https://neueland.iserlohn-fortress.net/gitea/aeon/smolbote.git"
        "git+https://github.com/itay-grudev/SingleApplication.git")

sha512sums=('SKIP'
            'SKIP')

#validgpgkeys=(# Aqua-sama <aqua@iserlohn-fortress.net>
#              BB1C090188E3E32B375C13FD095DE26BC16D2E98)

## Build Options

# Run menuconfig
#_menuconfig=

# Enable plugin signing:
# - generate a 4096-bit RSA key and embed the public key into the binary
# - apply the plugin signing patch to the config, enabling PluginLoader::verify
# - sign the plugins with the private key, and install the signatures
# Because this embeds the public key into the executable, enabling this option will break reproducible builds.
_signPlugins=

prepare() {
    cd $srcdir/smolbote

    git submodule init
    git config submodule.3rd-party/SingleApplication/SingleApplication.git.url $srcdir/SingleApplication
    git submodule update 3rd-party/SingleApplication/SingleApplication.git

    if [ -n $_signPlugins ]; then
        msg "Creating OpenSSL signing key"
        mkdir $srcdir/signing
        cd $srcdir/signing
        # generate rsa keypair
        openssl genrsa -out privateKey.pem 4096
        msg2 "Keypair written to $srcdir/signing/privateKey.pem."

        openssl rsa -in privateKey.pem -pubout -out publicKey.pem
        python3 $srcdir/smolbote/tools/hexdump.py --name='publicKey_pem' publicKey.pem --output=$srcdir/smolbote/src/plugin/publicKey.h
        msg2 "Public key exported to $srcdir/signing/publicKey.pem."
    fi
}

pkgver() {
    cd smolbote
    # Without version tag
    echo r$(git rev-list --count HEAD)-$(git rev-parse --short HEAD) | sed 's/\([^-]*-g\)/r\1/;s/-/./g'

    # With version tag
    #git describe --long | sed 's/\([^-]*-g\)/r\1/;s/-/./g'
}

build() {
    if [ ! -d $srcdir/build ]; then
        mkdir $srcdir/build
    fi
    cd $srcdir/smolbote

    # For a list of configureable options, check smolbote/meson_options.txt, or
    # run `meson configure` in $srcdir/build

    # --wrap-mode=nodownload - disable meson from downloading dependency wraps. This will cause it to fail if makedepends are not found by pkg-config or cmake.
    # --buildtype=plain - meson won't add any flags to the command line
    # --prefix=... - install prefix
    # --auto-features=disabled - features should be explicitly enabled
    # b_pie: Build executables as position independent
    # b_lto: Use link time optimization
    meson --buildtype=plain --prefix=/usr/local --auto-features=disabled \
        -Db_pie=true -Db_lto=true -Dcpp_link_args="-fuse-ld=gold" \
        $srcdir/build

    # Run menuconfig
    #KCONFIG_CONFIG=linux/.config menuconfig

    # Build
    cd $srcdir/build
    ninja
}

package() {
    # Install
    cd $srcdir/build
    DESTDIR="$pkgdir" ninja install

    if [ -n $_signPlugins ]; then
    msg "Signing plugins"
    for so in $pkgdir/usr/local/lib/smolbote/plugins/*.so; do
        openssl dgst -sha256 -sign $srcdir/signing/privateKey.pem -out $so.sig $so
        # If the sigs were in another location, use
        #install -m644 -t $pkgdir/usr/local/lib/smolbote/plugins $so.sig
    done
    fi # _signPlugins
}