# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem                      1.0
PortGroup                       clang_dependency 1.0

# Increase the revision of p5-www-curl whenever the version of curl gets updated.

name                            curl
version                         8.12.0
checksums                       rmd160  a5c5819cb487c809e43c4708d3bbc5d80d0aa170 \
                                sha256  9a4628c764be6b1a9909567c13e8e771041609df43b2158fcac4e05ea7097e5d \
                                size    2777552

categories                      net www
platforms                       darwin freebsd
maintainers                     {ryandesign @ryandesign}
license                         Curl

description                     Tool for transferring files with URL syntax

long_description                curl is a client to get documents/files from servers, \
                                using any of the supported protocols. The command is \
                                designed to work without user interaction or any kind \
                                of interactivity.

homepage                        https://curl.se
master_sites                    ${homepage}/download/:curl \
                                https://curl.askapache.com/:curl

use_xz                          yes
set curl_distfile               ${distfiles}
distfiles                       ${curl_distfile}:curl
checksums-prepend               ${curl_distfile}

if {${name} eq ${subport}} {
    PortGroup                   muniversal 1.0

    revision                    1

    depends_build               path:bin/pkg-config:pkgconfig

    depends_lib                 port:zlib

    patchfiles-append           ssl-crash.patch

    configure.args              --disable-silent-rules \
                                --enable-ipv6 \
                                --without-brotli \
                                --without-gnutls \
                                --without-gssapi \
                                --without-libgsasl \
                                --without-libidn2 \
                                --without-libpsl \
                                --without-librtmp \
                                --without-libssh2 \
                                --without-mbedtls \
                                --without-nghttp2 \
                                --without-nghttp3 \
                                --without-ngtcp2 \
                                --without-openssl \
                                --without-ssl \
                                --without-secure-transport \
                                --without-wolfssl \
                                --without-zstd \
                                --disable-ares \
                                --disable-ldap \
                                --disable-ldaps \
                                --with-zlib=${prefix} \
                                ac_cv_prog_AWK=/usr/bin/awk

    configure.cflags-append     -mmacosx-version-min=${macosx_deployment_target}

    configure.checks.implicit_function_declaration.whitelist-append strchr

    if {${os.platform} eq "darwin" && ${os.major} < 10} {
        depends_build-append    port:cctools
        configure.env-append    NM=${prefix}/bin/nm
        configure.args-append   lt_cv_path_NM=${prefix}/bin/nm
    }

    post-configure {
        if {[variant_exists universal] && [variant_isset universal]} {
            set dirs {}
            foreach arch ${universal_archs_to_use} {
                lappend dirs ${worksrcpath}-${arch}
            }
        } else {
            set dirs ${worksrcpath}
        }
        foreach dir ${dirs} {
            reinplace -E {s|-arch [a-z0-9_]+||g} ${dir}/curl-config
            # These flags only ends up in curl-config in some cases, such as
            # when "cross compiling" a universal binary.
            # See https://trac.macports.org/ticket/24001
            reinplace -E -q {s/ '(host_alias|--host)=[^']+'//g} ${dir}/curl-config
        }
    }

    test.run                    yes
    test.target                 test-full
    test.args                   -j${build.jobs} TFLAGS=-j${build.jobs}

    global merger_dont_diff
    set merger_dont_diff "${prefix}/include/curl/curlbuild.h"

    post-destroot {
        set docdir ${prefix}/share/doc/${name}
        xinstall -d ${destroot}${docdir}/html/libcurl ${destroot}${docdir}/pdf/libcurl \
            ${destroot}${prefix}/share/aclocal
        xinstall -m 0644 -W ${worksrcpath} \
            CHANGES.md \
            COPYING \
            README \
            RELEASE-NOTES \
            ${destroot}${docdir}
        xinstall -m 0644 -W ${worksrcpath}/docs \
            BINDINGS.md \
            BUGS.md \
            CIPHERS.md \
            CODE_OF_CONDUCT.md \
            CONTRIBUTE.md \
            CURL-DISABLE.md \
            DEPRECATE.md \
            FAQ \
            FEATURES.md \
            GOVERNANCE.md \
            HELP-US.md \
            HISTORY.md \
            HTTP-COOKIES.md \
            INTERNALS.md \
            KNOWN_BUGS \
            MAIL-ETIQUETTE.md \
            ROADMAP.md \
            SECURITY-ADVISORY.md \
            SSL-PROBLEMS.md \
            SSLCERTS.md \
            THANKS \
            TODO \
            TheArtOfHttpScripting.md \
            URL-SYNTAX.md \
            VERSIONS.md \
            VULN-DISCLOSURE-POLICY.md \
            ${destroot}${docdir}
        if {[variant_isset http3]} {
            xinstall -m 0644 -W ${worksrcpath}/docs \
                HTTP3.md \
                ${destroot}${docdir}
        }
        xinstall -m 0644 ${worksrcpath}/docs/libcurl/libcurl.m4 \
            ${destroot}${prefix}/share/aclocal/
    }

    variant ares description {Support resolving names asynchronously} {
        depends_lib-append      port:c-ares
        configure.args-replace  --disable-ares --enable-ares
    }

    variant brotli description {Support brotli compression} {
        depends_lib-append      port:brotli
        configure.args-replace  --without-brotli --with-brotli
    }

    variant darwinssl conflicts gnutls mbedtls ssl wolfssl description {Allow secure connections using Apple OS native TLS} {
        configure.args-delete   --without-ssl
        configure.args-replace  --without-secure-transport --with-secure-transport
        configure.args-append   --without-ca-bundle
    }

    variant gnutls conflicts darwinssl mbedtls ssl wolfssl description {Allow secure connections using GNU TLS} {
        depends_lib-append      path:lib/pkgconfig/gnutls.pc:gnutls \
                                path:share/curl/curl-ca-bundle.crt:curl-ca-bundle
        configure.args-delete   --without-ssl
        configure.args-replace  --without-gnutls --with-gnutls
        configure.args-append   --with-ca-bundle=${prefix}/share/curl/curl-ca-bundle.crt
    }

    variant mbedtls conflicts darwinssl gnutls ssl wolfssl description {Allow secure connections using mbed TLS (formerly PolarSSL)} {
        depends_lib-append      port:mbedtls \
                                path:share/curl/curl-ca-bundle.crt:curl-ca-bundle
        configure.args-delete   --without-ssl
        configure.args-replace  --without-mbedtls --with-mbedtls
        configure.args-append   --with-ca-bundle=${prefix}/share/curl/curl-ca-bundle.crt
    }

    variant wolfssl conflicts darwinssl mbedtls gnutls ssl description {Allow secure connections using wolfSSL (formerly CyaSSL)} {
        depends_lib-append      port:wolfssl \
                                path:share/curl/curl-ca-bundle.crt:curl-ca-bundle
        configure.args-delete   --without-ssl
        configure.args-replace  --without-wolfssl --with-wolfssl
        configure.args-append   --with-ca-bundle=${prefix}/share/curl/curl-ca-bundle.crt
    }

    variant gsasl description {Support SCRAM-SHA-1 and SCRAM-SHA-256 with libgsasl} {
        depends_lib-append      port:libgsasl
        configure.args-replace  --without-libgsasl --with-libgsasl
    }

    variant gss description {Support the Generic Security Service API} {
        # This needs to use the system's Kerberos, not MacPorts' gss or kerberos5.
        conflicts-append        gss kerberos5
        configure.args-replace  --without-gssapi --with-gssapi
    }

    variant http2 description {Support HTTP/2} {
        depends_lib-append      port:nghttp2
        configure.args-replace  --without-nghttp2 --with-nghttp2=${prefix}
    }

    variant http3 requires gnutls description {Support HTTP/3 with nghttp3 and ngtcp2} {
        depends_lib-append      port:nghttp3 \
                                port:ngtcp2
        configure.args-replace  --without-nghttp3 --with-nghttp3=${prefix} \
                                --without-ngtcp2 --with-ngtcp2=${prefix}
    }

    variant idn description {Support internationalized domain names} {
        depends_lib-append      port:libidn2
        configure.args-replace  --without-libidn2 --with-libidn2=${prefix}
    }

    variant openldap description {Support performing Lightweight Directory Access Protocol queries with OpenLDAP} {
        depends_lib-append      path:lib/libldap.dylib:openldap
        configure.args-replace  --disable-ldap --enable-ldap
        configure.args-replace  --disable-ldaps --enable-ldaps
    }

    # Curl's psl support does not require its idn support but the libpsl port
    # depends on the libidn2 port so we might as well enable curl's idn support.
    variant psl requires idn description {Use the public suffix list to avoid privacy-leaking "supercookies"} {
        depends_lib-append      port:libpsl
        configure.args-replace  --without-libpsl --with-libpsl
    }

    variant rtmp description {Support RTMP media streams} {
        depends_lib-append      port:rtmpdump
        configure.args-replace  --without-librtmp --with-librtmp
    }

    variant sftp_scp description {Support SFTP/SCP connections via libssh2} {
        depends_lib-append      port:libssh2
        configure.args-replace  --without-libssh2 --with-libssh2
    }

    variant ssl conflicts darwinssl gnutls mbedtls wolfssl description {Allow secure connections using OpenSSL} {
        depends_lib-append      path:lib/libssl.dylib:openssl \
                                path:share/curl/curl-ca-bundle.crt:curl-ca-bundle
        configure.args-delete   --without-ssl
        configure.args-replace  --without-openssl --with-openssl
        configure.args-append   --with-ca-bundle=${prefix}/share/curl/curl-ca-bundle.crt
    }

    variant zstd description {Support zstd compression} {
        depends_lib-append      port:zstd
        configure.args-replace  --without-zstd --with-zstd
    }

    default_variants +brotli +http2 +idn +psl +zstd

    if {![variant_isset darwinssl] && ![variant_isset gnutls] && ![variant_isset mbedtls] && ![variant_isset wolfssl]} {
        default_variants-append +ssl
    }

    if {[variant_isset darwinssl] || [variant_isset mbedtls]} {
        notes-append {
            The selected TLS library does not support TLS 1.3; you may want to\
            use one that does by choosing the +ssl, +gnutls, or +wolfssl variant.
        }
    }

    livecheck.type              regex
    livecheck.url               [join [lrange [split [lindex ${master_sites} 0] {:}] 0 end-1] {:}]
    livecheck.regex             ${name}-(\[0-9.\]+)[quotemeta ${extract.suffix}]
} else {
    livecheck.type              none
}

subport curl-ca-bundle {
    # Also increase the revision of privoxy-pki-bundle whenever curl-ca-bundle contents change.
    revision                    0
    categories                  net
    license                     {MPL-2 LGPL-2.1+}
    supported_archs             noarch
    platforms                   any
    installs_libs               no
    conflicts                   certsync

    description                 CA certificate bundle for curl

    long_description            Installs a bundle of certification authority certificates \
                                (CA certs) which curl (when linked with OpenSSL) uses to \
                                verify the authenticity of secure web and FTP servers.

    depends_extract-append      bin:unzip:unzip

    if {${os.platform} eq "darwin" && ${os.major} <= 10} {
        # Day too big - 24854 > 24853
        # Cannot handle date (59, 59, 23, 18, 0, 2038) at /System/Library/Perl/5.10.0/darwin-thread-multi-2level/Time/Piece.pm line 315
        depends_build-append    port:perl5
    } else {
        depends_build-append    bin:perl:perl5
    }

    # The approximate time (in seconds since the epoch) when the port maintainer
    # updated the certdata.txt file in this port. (The output of "date +%s".)
    set certdata_updated        1734045673
    # The upstream commit in which certdata.txt was last updated.
    set certdata_commit         fc857d1685f9cd017a2cf656a52d871b02a4cc89
    # The date (in YYYYMMDD format) that commit was pushed.
    set certdata_date           20241119
    set certdata_file           certdata.txt
    # Using tar.bz2 would be preferable because it's smaller but upstream has
    # disabled the creation of all but zip archives:
    # https://bugzilla.mozilla.org/show_bug.cgi?id=1596135
    set certdata_extract_suffix .zip
    set certdata_distfile       certdata-${certdata_date}-${certdata_commit}${certdata_extract_suffix}
    set certdata_path           security/nss/lib/ckfw/builtins/${certdata_file}

    # Only try to fetch from upstream shortly after the port is updated,
    # to reduce load on their server:
    # https://bugzilla.mozilla.org/show_bug.cgi?id=1596135
    if {[clock seconds] - ${certdata_updated} < 86400} {
        master_sites-append     https://hg.mozilla.org/mozilla-central/archive/${certdata_commit}${certdata_extract_suffix}/${certdata_path}?dummy=:certdata
    } else {
        master_sites-append     macports_distfiles::certdata
    }

    distfiles-append            ${certdata_distfile}:certdata

    checksums-append            ${certdata_distfile} \
                                rmd160  84fe81fcee192f13de1a21fb44b9a529515db8f9 \
                                sha256  3112344e7742a3372e756f8c080765cc98dc7b2807b813cdef5b9d5421ec0784 \
                                size    291100

    extract.only                ${curl_distfile}
    extract.post_args-append    ${worksrcdir}/scripts/mk-ca-bundle.pl

    post-extract {
        system -W ${workpath} "unzip -q -a [shellescape ${distpath}/${certdata_distfile}]"
        move ${workpath}/mozilla-central-${certdata_commit}/${certdata_path} ${worksrcpath}/${certdata_file}
        file mkdir ${worksrcpath}/lib
    }

    use_configure               no

    build.cmd                   scripts/mk-ca-bundle.pl
    build.args                  -n lib/ca-bundle.crt
    build.target

    destroot {
        set ca_bundle_dir ${prefix}/share/curl
        set openssl_dir ${prefix}/etc/openssl
        xinstall -d ${destroot}${ca_bundle_dir} ${destroot}${openssl_dir}
        xinstall -m 644 ${worksrcpath}/lib/ca-bundle.crt ${destroot}${ca_bundle_dir}/curl-ca-bundle.crt
        ln -s ${ca_bundle_dir}/curl-ca-bundle.crt ${destroot}${openssl_dir}/cert.pem
    }

    livecheck.type              regexm
    livecheck.url               https://hg.mozilla.org/mozilla-central/log/default/${certdata_path}
    livecheck.version           [regsub {(....)(..)(..)} ${certdata_date} {\1-\2-\3}]
    livecheck.regex             {[0-9a-f]+<br/>created <i>[^<]+</i>\n<br/>pushed <i>([0-9-]+)}
}
