#! /usr/bin/make -f

# Include pkg-info to make use of DEB_VERSION
include /usr/share/dpkg/pkg-info.mk

# enable all hardening options (see #763372)
export DEB_BUILD_MAINT_OPTIONS = hardening=+all

DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)

CONFIGURE_ARGS = -- --disable-dependency-tracking		\
	--disable-symbol-hiding --enable-versioned-symbols	\
	--enable-threaded-resolver --with-lber-lib=lber		\
	--with-gssapi=/usr --with-nghttp2	\
	--includedir=/usr/include/$(DEB_HOST_MULTIARCH)		\
	--with-zsh-functions-dir=/usr/share/zsh/vendor-completions \
	--with-fish-functions-dir=/usr/share/fish/vendor_completions.d \
	--with-ca-path=/etc/ssl/certs \
	--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt \
	--without-libssh --with-libssh2

ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
  NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
  MAKEFLAGS += -j$(NUMJOBS)
endif

export DEB_CFLAGS_MAINT_APPEND = -D_DEB_HOST_ARCH=\"$(DEB_HOST_MULTIARCH)\" -DCURL_PATCHSTAMP=\"$(DEB_VERSION)\"
export DEB_CXXFLAGS_MAINT_APPEND = -D_DEB_HOST_ARCH=\"$(DEB_HOST_MULTIARCH)\" -DCURL_PATCHSTAMP=\"$(DEB_VERSION)\"
export DEB_LDFLAGS_MAINT_APPEND = -Wl,--no-undefined

ifneq ($(filter pkg.curl.openssl-only,$(DEB_BUILD_PROFILES)),)
	DEB_BUILD_PROFILES += pkg.curl.no-gnutls
endif
ifneq ($(filter pkg.curl.gnutls-only,$(DEB_BUILD_PROFILES)),)
	DEB_BUILD_PROFILES += pkg.curl.no-openssl
endif

# Enable debug support when the debug profile is active.
ifneq ($(filter pkg.curl.debug,$(DEB_BUILD_PROFILES)),)
    CONFIGURE_ARGS += --enable-debug
    TESTS_GENERAL_PARAMETERS += feat:debug
endif

%:
	dh $@

override_dh_auto_configure:
ifeq ($(filter pkg.curl.no-openssl,$(DEB_BUILD_PROFILES)),)
	mkdir -p debian/build
	tar -cf - --exclude=debian/build* --exclude=.pc . \
		| tar -xf - -C debian/build
	cd debian/build && \
	autoreconf -fi && \
	cp ../../ltmain.sh . && \
	dh_auto_configure ${CONFIGURE_ARGS} --with-openssl \
		--with-openssl-quic \
		--with-nghttp3
endif
ifeq ($(filter pkg.curl.no-gnutls,$(DEB_BUILD_PROFILES)),)
	mkdir -p debian/build-gnutls
	tar -cf - --exclude=debian/build* --exclude=.pc . \
		| tar -xf - -C debian/build-gnutls
	cd debian/build-gnutls && \
	autoreconf -fi && \
	cp ../../ltmain.sh . && \
	dh_auto_configure ${CONFIGURE_ARGS} --with-gnutls \
		--with-ngtcp2 \
		--with-nghttp3
endif

override_dh_auto_build:
ifeq ($(filter pkg.curl.no-openssl,$(DEB_BUILD_PROFILES)),)
	cd debian/build && dh_auto_build
endif
ifeq ($(filter pkg.curl.no-gnutls,$(DEB_BUILD_PROFILES)),)
	cd debian/build-gnutls && dh_auto_build
endif

# Test parameters that are passed to runtests.pl.
# -n disables valgrind usage
TESTS_GENERAL_PARAMETERS += -n

# -j parallel tests: https://daniel.haxx.se/blog/2023/06/08/parallel-curl-tests/
ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
  NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
  TESTS_GENERAL_PARAMETERS += -j$(shell echo $$(( $(NUMJOBS) * 4 )))
endif

# These tests fail if a IPv6-only builder is used:
# https://bugs.debian.org/1032343
# https://github.com/curl/curl/issues/10682
TESTS_FAILS_ON_IPV6_ONLY_MACHINES ?= $(addprefix ~, 300 301 303 304 306 309 310 325 364 400 401 403 406 407 408 409 410 414 417 560 678 987 988 989 1112 1272 1470 1561 1562 1630 1631 1632 2034 2037 2041 3000 3001 3102)

TESTS_GENERAL_PARAMETERS += $(TESTS_FAILS_ON_IPV6_ONLY_MACHINES)

override_dh_auto_test:
ifeq ($(filter nocheck,$(DEB_BUILD_PROFILES)),)
ifeq ($(filter pkg.curl.no-openssl,$(DEB_BUILD_PROFILES)),)
# OpenSSL tests.
	cd debian/build && VERBOSE=1 \
		TFLAGS="$(TESTS_GENERAL_PARAMETERS)" \
		$(MAKE) $(MAKE_EXTRA_FLAGS) test-nonflaky
endif
ifeq ($(filter pkg.curl.no-gnutls,$(DEB_BUILD_PROFILES)),)
# GnuTLS tests.
	cd debian/build-gnutls && VERBOSE=1 \
		TFLAGS="$(TESTS_GENERAL_PARAMETERS)" \
		$(MAKE) $(MAKE_EXTRA_FLAGS) test-nonflaky
endif
endif

override_dh_install:
ifeq ($(filter pkg.curl.no-openssl,$(DEB_BUILD_PROFILES)),)
	${MAKE} -C debian/build					\
		DESTDIR=$(shell pwd)/debian/tmp install
endif
ifeq ($(filter pkg.curl.no-gnutls,$(DEB_BUILD_PROFILES)),)
	${MAKE} -C debian/build-gnutls				\
		DESTDIR=$(shell pwd)/debian/tmp-gnutls install
endif
	find debian/tmp* -name '*.la' -delete
ifeq ($(filter pkg.curl.no-openssl,$(DEB_BUILD_PROFILES)),)
	dh_install -plibcurl4t64 -plibcurl4-openssl-dev -plibcurl4-doc \
		--sourcedir=debian/tmp
endif
ifeq ($(filter pkg.curl.no-gnutls,$(DEB_BUILD_PROFILES)),)
	dh_install -pcurl -plibcurl3t64-gnutls -plibcurl4-gnutls-dev	\
		--sourcedir=debian/tmp-gnutls
endif
# Modify curl-config to make it architecture-independent:
# 1. In --static-libs output, replace the output of krb5-config (which
#    currently includes architecture-specific paths) with a call at
#    runtime to krb5-config.  Of course, this will only work correctly
#    if the installed libkrb5-dev matches the architecture of the
#    program you're linking, or if libkrb5-dev is made
#    multiarch-compatible at some point in the future.  For dynamic
#    linking this has no impact.
# 2. In --configure output, replace the architecture-specific paths
#    used for --libdir and --libexecdir with a literal backquoted call
#    to dpkg-architecture.  This is functionally equivalent to the way
#    debhelper actually invokes configure, and indicates to the user
#    (who runs curl-config --configure in order to learn about how the
#    library was compiled) that they are in fact using a multi-arch
#    package.
# 3. Likewise, replace the architecture name used for --build (and
#    build_alias) with a literal backquoted call to dpkg-architecture.
# 4. In --configure output, remove
#    -fdebug-prefix-map=/buildd/specific/random/path=. and
#    -ffile-prefix-map=/buildd/specific/random/path=.
# 5. Remove -D_DEB_HOST_ARCH from CFLAGS.  This is a (hopefully
#    temporary) hack needed to properly build curl with NSS PEM
#    support in Debian.
# 6. CFLAGS also contain some arch specific hardening flags so we
#    replace it with dpkg-buildflags call.
# 7. After t64 transition, CPPFLAGS also differ on 32bits t64 arches, so we
#    replace it with dpkg-buildflags
	sed -e "/-lcurl /s|`krb5-config --libs gssapi`|\`krb5-config --libs gssapi\`|" \
	    -e "/--prefix/s|/$(DEB_HOST_MULTIARCH)'|/\\\`dpkg-architecture -qDEB_HOST_MULTIARCH\\\`'|g" \
	    -e "/--prefix/s|=$(DEB_BUILD_GNU_TYPE)'|=\\\`dpkg-architecture -qDEB_BUILD_GNU_TYPE\\\`'|g" \
	    -e "/-fdebug-prefix-map=/s|\(-fdebug-prefix-map=\)/[^ ]*=.||" \
	    -e "/CFLAGS/s|CFLAGS=.\+\(-DCURL_PATCHSTAMP\)|CFLAGS=\\\`dpkg-buildflags --get CFLAGS \| sed -e \"/-ffile-prefix-map=/s\|\\\\(-ffile-prefix-map=\\\\)/[^ ]*=.\|\|\"\\\` \1|" \
	    -e "/-D_DEB_HOST_ARCH=/s|-D_DEB_HOST_ARCH=\\\\\"[^ ']*\\\\\"||" \
	    -e "/CPPFLAGS/s|CPPFLAGS=.\+\'|CPPFLAGS=\\\`dpkg-buildflags --get CPPFLAGS\\\`'\"|" \
	    -i `find . -name curl-config`
# When we get here, everything has been properly installed.  Because
# of debhelper-compat 13, we have to remove some files that are
# otherwise flagged as not installed and will cause the build to fail.
	rm -rfv debian/tmp/usr/share/aclocal/*

override_dh_installchangelogs:
	dh_installchangelogs CHANGES.md

override_dh_compress:
	dh_compress -X.pdf

override_dh_auto_clean:
	$(RM) -r debian/build* debian/tmp*
	dh_auto_clean
