# Contributor: Leo <thinkabit.ukim@gmail.com>
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mbedtls2
pkgver=2.28.10 # long-time support branch
pkgrel=0
pkgdesc="Light-weight cryptographic and SSL/TLS library"
url="https://www.trustedfirmware.org/projects/mbed-tls/"
arch="all"
license="Apache-2.0 OR GPL-2.0-or-later"
makedepends="cmake perl python3 samurai"
subpackages="$pkgname-static $pkgname-dev $pkgname-utils"
source="mbedtls-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/v$pkgver.tar.gz"
builddir="$srcdir/mbedtls-$pkgver"

# Track security issues
# https://tls.mbed.org/security

# secfixes:
#   2.28.10-r0:
#     - CVE-2024-45157
#     - CVE-2025-27809
#     - CVE-2025-27810
#   2.28.8-r0:
#     - CVE-2024-28960
#   2.28.7-r0:
#     - CVE-2024-23170
#     - CVE-2024-23775
#   2.28.5-r0:
#     - CVE-2023-43615
#   2.28.1-r0:
#     - CVE-2022-35409
#   2.16.12-r0:
#     - CVE-2021-44732
#   2.16.8-r0:
#     - CVE-2020-16150
#   2.16.6-r0:
#     - CVE-2020-10932
#   2.16.4-r0:
#     - CVE-2019-18222
#   2.16.3-r0:
#     - CVE-2019-16910
#   2.14.1-r0:
#     - CVE-2018-19608
#   2.12.0-r0:
#     - CVE-2018-0498
#     - CVE-2018-0497
#   2.7.0-r0:
#     - CVE-2018-0488
#     - CVE-2018-0487
#     - CVE-2017-18187
#   2.6.0-r0:
#     - CVE-2017-14032
#   2.4.2-r0:
#     - CVE-2017-2784

prepare() {
	default_prepare

	# Enable flags for non-embedded systems.
	python3 scripts/config.py set MBEDTLS_THREADING_C
	python3 scripts/config.py set MBEDTLS_THREADING_PTHREAD
}

build() {
	cmake -B build -G Ninja \
		-DCMAKE_BUILD_TYPE=MinSizeRel \
		-DCMAKE_INSTALL_PREFIX=/usr \
		-DUSE_SHARED_MBEDTLS_LIBRARY=ON
	cmake --build build
}

check() {
	# tests break in parallel
	ctest -j1 --test-dir build
}

package() {
	DESTDIR="$pkgdir" cmake --install build
}

utils() {
	pkgdesc="Utilities for mbedtls (including gen_key / cert_write)"
	replaces="mbedtls-utils"
	provides="mbedtls-utils=$pkgver-r$pkgrel"


	amove usr/bin
}

static() {
	pkgdesc="Static files for mbedtls"

	amove usr/lib/*.a
	chmod -x "$subpkgdir"/usr/lib/*.a
}

sha512sums="
4d25f09bda60afa0a657e247ed939ad30e82f790f901f73590ea8007047e3c081e97c4bbc9f483584ef92c75d45e356a3aab333be9a8c18be980197c706101f5  mbedtls-2.28.10.tar.gz
"