# Maintainer: David Runge <dvzrv@archlinux.org>

pkgname=ipxe
pkgver=1.21.1
pkgrel=5
pkgdesc="Network bootloader"
arch=(x86_64)
url="https://ipxe.org"
license=(GPL2 custom:UBDL)
makedepends=(cdrtools)
optdepends=(
  'bash: for run_ipxe'
  'qemu-desktop: for run_ipxe'
  'edk2-ovmf: for run_ipxe'
)
# the TLS chain of trust is described at the upstream letsencrypt website:
# https://letsencrypt.org/certificates/
# the code signing setup is described in Arch Linux's releng repository:
# https://gitlab.archlinux.org/archlinux/releng/-/blob/master/README.rst#code-signing
source=(
  $pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/refs/tags/v$pkgver.tar.gz
  $pkgname-1.21.1-fragmented_handshake.patch::https://github.com/ipxe/ipxe/pull/116/commits/ca9f5fc5645c60c00c3ca232d2a492aa1eb29c58.patch
  arch.ipxe
  isrgrootx1.pem
  lets-encrypt-r3.pem
  codesigning_pierre_archlinux.pem
  remote.ipxe
  general.h
  run_$pkgname
)
sha512sums=('47400975110ed4ab95835aa1b7c8d5a6917c19c5713c6ab88bc0741a3adcd62245a9c4251d1f46fffc45289c6b18bf893f86dbc3b67d3189c41b7f198367ecaa'
            '7b021b5720ddf71d3162d2d326a05e4d883562d91effce92a8c90368e69424ccf581d2d3bf6c5e1517e3b6cc5e4ab5edfdcd41c36368488b6d357d2fd00f63b0'
            'ec41e20333ce91b555d4f6a64f211323315a183466d8437404dc548287b96cc8aa4d2953bb5a496677f77e73b7b99752dc973688ade0ccab842fabb8f6127f47'
            'b819e7965412dbeecc6417b1e57356d9b10e8e2feb0db1165947e7e1b7d882de226afb8457475f5107393a981d902c7f405500cadb6f61bd2acbca5d8c7cc1f4'
            '7ff2a6b6501b30806e19446d569db0348c0457c15a9c86f186d957607278ee3cbeedd8307e1ff6dc5c0740545192eada7c0f84cdeb8ff39e6b85bd3fc400a914'
            'e3a8c74dcf95cb4b77ed379d2185ef56b6ab2f4c7bdaf5a68876d21aca4d7961b0d8090da7132c6f1797bdca24014dfea032129ee207282797b91e31b6dc4d48'
            '9162f528cd0080b9231785795f08d3229c52ce3c18ca5a6efcfbea5028e103a294ddef79a0f28ab64b8d0cdcb9e6cdd7fee797766ad2c3d1dbc3891ddeb4b553'
            '080b5b7f1a02d6e3a4691e0e65f12a554ede2a783284357f4ef940eb506fec7ec477dc3060c67cf31999af99eba26b0bfa1495cb2a5baa5af4c133bdca2152af'
            '4f026baf7d30ef33b660530001b3bcf8189a7d1a11603ccb126957d07070283907c8207dad912ff4c735b8a0376c8a5383fef2235ac3b71ef519d7201c079b93')
b2sums=('03871b5f89c6228a9082bb89c7b102d85e5f3afcd5fe0d93762e220fe162c9c3037a9918f30251fd103835d949335f99109a12559f560a5b686e65a7c24c6501'
        '2c1ef1e1ffd1716e29e046ae4bc69e8b98f9116c1cb3d6e2e10a9119256194ea4fd510a9d4bf79b96504fb95f6bef0b2edce9b257d8d360224dfe1ce6029025c'
        '13f73fbd49867a087cbb036562f067ee30e3a3718402363fd6c6d318bb819dde5728510c1459d7bb5906bec37469b2046a2ad148175b6ea4fb58ce68ee614d91'
        '6d02d871afa45caaa2b22ea2ed48217012aeeb61c50b28e82cc0750344719bdb9ef4b0100abc524b12ec6cb2b1c0084f4d24ce480af87b52aa39d4d3714467ca'
        '44fc45af926d8c0a563b81640764a4ced266f857c72113839dcd5d441c030bb6f78576b04fcbd8b17f645ed4e2701a4634e55755f13210fa880f442ad6fbb5b1'
        'a61f76a2ecbf344bb26e064146e4c6821ee195c7b7579cbf8c61d60ded3c3946d53329a8c2e795435ef5498bec97042472f186c13b4e0dc274da34d047f8f326'
        'f38eec3584967f9a8d4f9f2cc39803de9fa21fd1406efe802c3422f6de30c79e4cd679e775a886f778a40aacb81b9c4120d7205178284cacf69fa7d43557a906'
        'a69a2dabf23b931aa062d20936510eda6bc9d6a61cded4b5e5960958b2a06642d527bb788b3fae9961dbf5d2ac18c63a6df69db52668cf904b75bd7366117b9b'
        '9c7a8eb0f9aafdc336d7eac984b6f1fcbb875d1589fb4b67f45393054f66e916c1157e1bb4e8d02af68e6438dff68a812e57bbf685a0b477634891e49c1c3284')

prepare() {
  # fix issues with fragmented handshakes (e.g. fullchain.pem when using a letsencrypt certificate):
  # https://github.com/ipxe/ipxe/issues/407
  patch -Np1 -d $pkgname-$pkgver -i ../$pkgname-1.21.1-fragmented_handshake.patch
  # symlink header with custom configuration into place
  ln -sv ../../../../general.h $pkgname-$pkgver/src/config/local/
}

build() {
  local _file _certs=""
  local _options=(
    NO_WERROR=1
    bin/ipxe.lkrn
    bin/ipxe.pxe
    bin-i386-efi/ipxe.efi
    bin-x86_64-efi/ipxe.efi
    -C src
  )

  # add certs
  for _file in "${source[@]}"; do
    if [[ "$_file" == *.pem ]]; then
      _certs+="$srcdir/$_file,"
    fi
  done

  cd $pkgname-$pkgver
  # build arch specific images
  # TODO: adapt arch.ipxe as soon as we can fix https://bugs.archlinux.org/task/70767
  # NOTE: to debug issues with TLS or codesigning, add "DEBUG=open,tls,x509:3,certstore,privkey"
  make EMBED="$srcdir/arch.ipxe" CERT="$_certs" TRUST="$_certs" "${_options[@]}"

  # move binaries out of the way
  mv -v src/bin/ipxe{,-arch}.lkrn
  mv -v src/bin/ipxe{,-arch}.pxe
  mv -v src/bin-i386-efi/ipxe{,-arch}.efi
  mv -v src/bin-x86_64-efi/ipxe{,-arch}.efi

  # build remote images
  make EMBED="$srcdir/remote.ipxe" "${_options[@]}"

  # move binaries out of the way
  mv -v src/bin/ipxe{,-remote}.lkrn
  mv -v src/bin/ipxe{,-remote}.pxe
  mv -v src/bin-i386-efi/ipxe{,-remote}.efi
  mv -v src/bin-x86_64-efi/ipxe{,-remote}.efi

  # build default images
  make "${_options[@]}"

}

package() {
  local _arch

  cd $pkgname-$pkgver
  install -vDm 644 src/bin/ipxe{,-arch,-remote}.{lkrn,pxe} -t "$pkgdir/usr/share/$pkgname/"
  for _arch in i386 x86_64; do
    install -vDm 644 src/bin-$_arch-efi/ipxe{,-arch,-remote}.efi -t "$pkgdir/usr/share/$pkgname/$_arch/"
  done
  install -vDm 644 COPYING.UBDL -t "$pkgdir/usr/share/licenses/$pkgname/"

  install -vDm 755 ../run_$pkgname -t "$pkgdir/usr/bin/"
}
