# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0

name                igtf-ca-bundle
version             1.106
categories          security net
platforms           any
supported_archs     noarch
maintainers         {petr @petrrr} openmaintainer

license             {CCBY-3 Permissive} MPL-1.1+

description         The IGTF trusted certificates and metadata

long_description    \
    The International Grid Trust Federation (IGTF) maintains a list of trust \
    anchors, root certificates and related meta-information for all the \
    accredited authorities, i.e., those that meet or exceed the criteria \
    mentioned in the Authentication Profiles accepted by the IGTF. \
    For a list of those profiles, please refer to the website.

homepage            https://www.igtf.net

master_sites        https://dist.eugridpma.info/distribution/igtf/${version}

distname            igtf-policy-installation-bundle-${version}

checksums           rmd160  1d6657d2e65b8845071b2759f9cd346b92c4fcf5 \
                    sha256  b92bef32d9963f0dfe397780bbf9c48307a2102b7770a3dafeb0149ee71cc26a \
                    size    173857

depends_run         port:fetch-crl

# target directory for certificates
set certdir ${prefix}/etc/grid-security/certificates

configure.pre_args \
    --prefix=${destroot}${certdir}
configure.args-append \
    --with-profile=classic \
    --with-profile=slcs \
    --with-profile=mics

build {}

post-destroot {
    ln -s ${certdir} ${destroot}${prefix}/share/certificates

    set dest_doc ${destroot}${prefix}/share/doc/${name}
    xinstall -d ${dest_doc}
    xinstall -m 644 -W ${worksrcpath} \
        CHANGES	\
        LICENSE	\
        README.txt \
            ${dest_doc}
    # These are added to comply with MPL licensing
    xinstall -m 644 -W ${filespath} \
        LICENSE-CC-BY-3_0 \
        LICENSE-MPL-1_1 \
            ${dest_doc}
}

post-activate {
    ui_msg "Fetching CRLs ..."    
    catch {system "${prefix}/sbin/fetch-crl -v"}
}
post-deactivate {
    ui_msg "Purging CRLs ..."
    system "${prefix}/sbin/clean-crl -v -l ${certdir}"

    # cleanup leftover directories only if empty
    catch {file delete ${certdir}}
    catch {file delete ${prefix}/etc/grid-security}
}

livecheck.type      regex
livecheck.url       https://dist.eugridpma.info/distribution/igtf
livecheck.regex     ">(\\d+\\.\\d{2})/<"