##
##  certbot.spec -- OpenPKG RPM Package Specification
##  Copyright (c) 2000-2022 OpenPKG Project <http://openpkg.org/>
##
##  Permission to use, copy, modify, and distribute this software for
##  any purpose with or without fee is hereby granted, provided that
##  the above copyright notice and this permission notice appear in all
##  copies.
##
##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
##  SUCH DAMAGE.
##

#   package version
%define       V_opkg   1.21.0
%define       V_dist   20211107
%define       V_python 3.10

#   package information
Name:         certbot
Summary:      Let's Encrypt Client
URL:          https://certbot.eff.org/
Vendor:       EFF
Packager:     OpenPKG Project
Distribution: OpenPKG Community
Class:        EVAL
Group:        Cryptography
License:      Apache
Version:      %{V_opkg}
Release:      20211107

#   list of sources
Source0:      http://download.openpkg.org/components/versioned/certbot/certbot-%{V_dist}.tar.xz
Source1:      certbot-issue.sh
Source2:      certbot-issue.cf
Source3:      certbot.c
Source4:      certbot-apache.conf
Source5:      certbot-nginx.conf
Source6:      certbot-hook-pre-std.sh
Source7:      certbot-hook-post-std.sh
Source8:      rc.certbot

#   build information
BuildPreReq:  OpenPKG, openpkg >= 20160101, python
PreReq:       OpenPKG, openpkg >= 20160101, python
BuildPreReq:  python-setup, python-crypto
PreReq:       python-setup, python-crypto

%description
    Certbot, Let's Encrypt official client, is a fully-featured,
    extensible client for the Let's Encrypt CA (or any other CA that
    speaks the ACME protocol) that can automate the tasks of obtaining
    certificates and configuring webservers to use them.

%track
    prog certbot = {
        version   = %{V_dist}
        url       = https://github.com/certbot/certbot/releases
        regex     = v(\d+\.\d+\.\d+)\.tar\.gz
    }

%prep
    %setup -q -n certbot

%build
    #   build the setuid wrapper
    cp %{SOURCE certbot.c} .
    %{l_shtool} subst %{l_value -s -a} certbot.c
    %{l_cc} %{l_cflags} %{l_ldflags} -o certbot.exe certbot.c

%install
    #   install package
    export HOME=`pwd`
    %{l_prefix}/bin/python -m pip \
        install \
        --root=$RPM_BUILD_ROOT \
        --prefix=%{l_prefix} \
        --isolated \
        --ignore-installed \
        --no-warn-script-location \
        *.whl *.tar.gz

    #   post-adjust installation
    (   cd $RPM_BUILD_ROOT%{l_prefix}

        #   remove problematic files
        rm -f lib/python*/site-packages/setuptools/script\ \(dev\).tmpl
        rm -f lib/python*/site-packages/setuptools/command/launcher\ manifest.xml
        rm -rf lib/python*/site-packages/cryptography

        #   relocate scripts
        mkdir -p lib/certbot
        mv lib/python*/site-packages/* lib/certbot/
        rm -rf lib/python*

        #   configure default paths
        %{l_shtool} subst \
            -e 's;/etc/letsencrypt;%{l_prefix}/etc/letsencrypt;g' \
            -e 's;/var/lib/letsencrypt;%{l_prefix}/var/letsencrypt/data;g' \
            -e 's;/var/log/letsencrypt;%{l_prefix}/var/letsencrypt/log;g' \
            lib/certbot/certbot/compat/misc.py

        #   relocate binaries
        mkdir -p libexec/certbot
        mv bin/* libexec/certbot/
        for exe in `cd libexec/certbot && ls *`; do
            (   echo "#!/bin/sh"
                echo "PYTHONPATH=\"%{l_prefix}/lib/certbot:%{l_prefix}/lib/python/site-packages\""
                echo "export PYTHONPATH"
                echo "exec %{l_prefix}/libexec/certbot/$exe \${1+\"\$@\"}"
            ) >bin/$exe
            chmod a+x bin/$exe
        done
    ) || exit $?

    #   create run-time directories
    %{l_shtool} mkdir -f -p -m 755 \
        $RPM_BUILD_ROOT%{l_prefix}/etc/apache/apache.d \
        $RPM_BUILD_ROOT%{l_prefix}/etc/nginx/nginx.d \
        $RPM_BUILD_ROOT%{l_prefix}/etc/certbot/renewal-hooks/pre \
        $RPM_BUILD_ROOT%{l_prefix}/etc/certbot/renewal-hooks/post \
        $RPM_BUILD_ROOT%{l_prefix}/var/certbot/root \
        $RPM_BUILD_ROOT%{l_prefix}/var/certbot/data \
        $RPM_BUILD_ROOT%{l_prefix}/var/certbot/log \
        $RPM_BUILD_ROOT%{l_prefix}/var/certbot/run

    #   install wrapper binary
    mv  $RPM_BUILD_ROOT%{l_prefix}/bin/certbot \
        $RPM_BUILD_ROOT%{l_prefix}/libexec/certbot/certbot.sh
    %{l_shtool} install -c -s -m 755 \
        certbot.exe $RPM_BUILD_ROOT%{l_prefix}/bin/certbot

    #   install pre/post hook scripts
    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        %{SOURCE certbot-hook-pre-std.sh} \
        $RPM_BUILD_ROOT%{l_prefix}/etc/certbot/renewal-hooks/pre/std.sh
    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        %{SOURCE certbot-hook-post-std.sh} \
        $RPM_BUILD_ROOT%{l_prefix}/etc/certbot/renewal-hooks/post/std.sh

    #   install helper script
    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        %{SOURCE certbot-issue.sh} \
        $RPM_BUILD_ROOT%{l_prefix}/bin/certbot-issue
    %{l_shtool} install -c -m 644 %{l_value -s -a} \
        %{SOURCE certbot-issue.cf} \
        $RPM_BUILD_ROOT%{l_prefix}/etc/certbot/certbot-issue.cf

    #   install Apache config
    %{l_shtool} install -c -m 644 %{l_value -s -a} \
        %{SOURCE certbot-apache.conf} \
        $RPM_BUILD_ROOT%{l_prefix}/etc/apache/apache.d/certbot.conf

    #   install NGINX config
    %{l_shtool} install -c -m 644 %{l_value -s -a} \
        %{SOURCE certbot-nginx.conf} \
        $RPM_BUILD_ROOT%{l_prefix}/etc/nginx/nginx.d/certbot.conf

    #   install run-command script
    %{l_shtool} install -c -m 755 %{l_value -s -a} \
        %{SOURCE rc.certbot} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/

    #   determine installation paths
    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
        %{l_files_std} \
        '%config %{l_prefix}/etc/certbot/*' \
        '%attr(4755,%{l_rusr},%{l_rgrp}) %{l_prefix}/bin/certbot' \
        '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/certbot/*'

%files -f files

%clean

%post
    if [ $1 -eq 1 ]; then
        #   after install, show hint
        ( echo "First configure the certbot-issue(8) configuration file:"
          echo "  \$ vi $RPM_INSTALL_PREFIX/etc/certbot/certbot-issue.cf"
          echo "Then perform the initial setup with it:"
          echo "  \$ $RPM_INSTALL_PREFIX/bin/certbot-issue"
          echo "The resulting certificate/private-key you can find under:"
          echo "  $RPM_INSTALL_PREFIX/var/certbot/data/live/example.com/cert"
          echo "  $RPM_INSTALL_PREFIX/var/certbot/data/live/example.com/chain"
          echo "  $RPM_INSTALL_PREFIX/var/certbot/data/live/example.com/privkey"
        ) | %{l_rpmtool} msg -b -t notice
    fi
    exit 0

%preun
    #   before erase, stop service and remove log files
    if [ $1 -eq 0 ]; then
        rm -rf $RPM_INSTALL_PREFIX/var/certbot/root/* >/dev/null 2>&1 || true
        rm -rf $RPM_INSTALL_PREFIX/var/certbot/data/* >/dev/null 2>&1 || true
        rm -rf $RPM_INSTALL_PREFIX/var/certbot/run/*  >/dev/null 2>&1 || true
        rm -rf $RPM_INSTALL_PREFIX/var/certbot/log/*  >/dev/null 2>&1 || true
    fi
    exit 0